diff --git a/.github/ISSUE_TEMPLATE/1-bug-report.yml b/.github/ISSUE_TEMPLATE/1-bug-report.yml new file mode 100644 index 0000000..dfe9670 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1-bug-report.yml @@ -0,0 +1,67 @@ +name: 🐞 Bug +description: Something isn't working as expected 💔 +title: "[Bug] " +labels: ["bug"] +assignees: + - paliwalvimal +body: +- type: checkboxes + attributes: + label: Prerequisites + description: Please answer the following questions for yourself before submitting an issue + options: + - label: I am running the latest version + required: true + - label: I read the documentation properly and found no answer + required: true + - label: I have checked to make sure that this issue has not already been filed + required: true +- type: textarea + attributes: + label: Expected Behavior + description: A concise description of what you expected to happen + validations: + required: true +- type: textarea + attributes: + label: Current Behavior + description: A concise description of what you're experiencing + validations: + required: true +- type: textarea + attributes: + label: Steps To Reproduce + description: Steps to reproduce the behavior + placeholder: | + 1. In this environment... + 2. With this config... + 3. Run '...' + 4. See error... + validations: + required: false +- type: textarea + attributes: + label: Environment + description: | + Example: + - **Operating System**: Ubuntu 20.04 + - **Terraform Version**: 1.4.0 + - **Provider version**: v2.16.0 (AWS Provider Version) + - **Module Version**: v1.0.0 + value: | + - Operating System: + - Terraform Version: + - Provider version: + - Module Version: + render: markdown + validations: + required: false +- type: textarea + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the issue you are encountering + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/2-feature-request.yml b/.github/ISSUE_TEMPLATE/2-feature-request.yml new file mode 100644 index 0000000..aa68eae --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2-feature-request.yml @@ -0,0 +1,39 @@ +name: 💡 Feature request +description: I have a suggestion (and may want to implement it 🙂)! +title: "[Feature] <title>" +labels: ["feature", "enhancement"] +body: +- type: checkboxes + attributes: + label: Prerequisites + description: Please answer the following questions for yourself before submitting an issue + options: + - label: I have checked to make sure that this issue has not already been filed + required: true +- type: textarea + attributes: + label: Is your feature request related to a problem? Please describe the problem + description: A clear and concise description of what the problem is + validations: + required: false +- type: textarea + attributes: + label: Describe the solution you'd like + description: | + A clear and concise description of what you want to happen + validations: + required: true +- type: textarea + attributes: + label: Describe any alternatives you've considered + description: | + A clear and concise description of any alternative solutions or features you've considered + validations: + required: false +- type: textarea + attributes: + label: Additional context + description: | + Add any other context or screenshots about the feature request here + validations: + required: false diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..413cbb7 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,25 @@ +<!-- Thank you for submitting a pull request to our repo --> + +## Prerequisites +- [ ] There is an open issue for the PR that you are making. If not, please open an issue to discuss the change or find an existing issue. + +## What kind of change does this PR introduce? (check one) +- [ ] Bug fix +- [ ] Feature Request + +## Does this PR introduce a breaking change? (check one) +- [ ] Yes +- [ ] No + +## Description +<!-- Please include a summary of the change and/or which issue is fixed --> + + +--- + +## Additional context +<!-- Add any other context or screenshots about the pull request here --> + +--- + +Fixes #{ISSUE_NUMBER} diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml new file mode 100644 index 0000000..33fc0b5 --- /dev/null +++ b/.github/workflows/checkov.yml @@ -0,0 +1,26 @@ +name: checkov +on: + push: + branches: + - main + pull_request: +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Python 3.9 + uses: actions/setup-python@v4 + with: + python-version: 3.9 + - name: Scan with Checkov + id: checkov + uses: bridgecrewio/checkov-action@v12 + with: + directory: . + framework: terraform + quiet: true + download_external_modules: false + output_format: cli,sarif + output_file_path: console,results.sarif + skip_path: examples diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..7e7348e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,46 @@ +name: release +on: + push: + tags: + - v* +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Terraform + uses: hashicorp/setup-terraform@v2 + - name: Terraform Init + id: init + run: terraform init + - name: Terraform Validate + id: validate + run: terraform validate + checkov: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Python 3.9 + uses: actions/setup-python@v4 + with: + python-version: 3.9 + - name: Scan with Checkov + id: checkov + uses: bridgecrewio/checkov-action@v12 + with: + directory: . + framework: terraform + quiet: true + download_external_modules: false + output_format: cli,sarif + output_file_path: console,results.sarif + skip_path: examples + release: + runs-on: ubuntu-latest + needs: [test, checkov] + steps: + - uses: actions/checkout@v3 + - uses: "marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0" # v1.2.1 + with: + repo_token: "${{ secrets.GITHUB_TOKEN }}" + prerelease: false diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..3488f5e --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,19 @@ +name: tests +on: + push: + branches: + - main + pull_request: +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Terraform + uses: hashicorp/setup-terraform@v2 + - name: Terraform Init + id: init + run: terraform init + - name: Terraform Validate + id: validate + run: terraform validate diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3c40055 --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +# Lock file +*.lock.hcl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..41361c5 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,35 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-json + - id: check-symlinks + - id: detect-private-key + - id: no-commit-to-branch +- repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks +- repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.81.0 + hooks: + - id: terraform_fmt + - id: terraform_validate + exclude: examples/ + - id: terraform_tflint + exclude: examples/ + args: + - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl --fix +- repo: https://github.com/bridgecrewio/checkov.git + rev: "2.3.314" + hooks: + - id: checkov + args: ["--quiet", "--compact", "--framework", "terraform", "--download-external-modules", "false", "--skip-path", "examples"] +- repo: https://github.com/terraform-docs/terraform-docs + rev: v0.16.0 + hooks: + - id: terraform-docs-go + args: ["."] diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..66b41fb --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,63 @@ +formatter: "markdown table" # this is required + +header-from: .tf-header.md +footer-from: .tf-footer.md + +recursive: + enabled: false + path: modules + +sections: + hide: + - resources + - data-sources + - modules + - providers + +content: |- + {{ .Header }} + + # Usage Instructions + ## Example + ```hcl + {{ include "examples/default.tf" }} + ``` + + {{ .Requirements }} + + {{ .Inputs }} + + {{ .Outputs }} + + {{ .Footer }} + +output: + file: README.md + mode: inject + template: |- + <!-- BEGIN_TF_DOCS --> + {{ .Content }} + <!-- END_TF_DOCS --> + +output-values: + enabled: false + from: "" + +sort: + enabled: true + by: name + +settings: + anchor: false + color: true + default: true + description: false + escape: false + hide-empty: false + html: false + indent: 2 + lockfile: false # because .terraform.lock.hcl is not checked in the repository + read-comments: true + required: true + sensitive: false + type: true diff --git a/.tf-footer.md b/.tf-footer.md new file mode 100644 index 0000000..e69de29 diff --git a/.tf-header.md b/.tf-header.md new file mode 100644 index 0000000..2f55ff4 --- /dev/null +++ b/.tf-header.md @@ -0,0 +1,5 @@ +# Title + +![License](https://img.shields.io/github/license/terrablocks/REPO_NAME?style=for-the-badge) ![Tests](https://img.shields.io/github/actions/workflow/status/terrablocks/REPO_NAME/tests.yml?branch=main&label=Test&style=for-the-badge) ![Checkov](https://img.shields.io/github/actions/workflow/status/terrablocks/REPO_NAME/checkov.yml?branch=main&label=Checkov&style=for-the-badge) ![Commit](https://img.shields.io/github/last-commit/terrablocks/REPO_NAME?style=for-the-badge) ![Release](https://img.shields.io/github/v/release/terrablocks/REPO_NAME?style=for-the-badge) + +This terraform module will deploy the following services: diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..a2066b4 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,10 @@ +plugin "aws" { + enabled = true + version = "0.24.3" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +plugin "terraform" { + enabled = true + preset = "all" +} diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ea0682e --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 terrablocks (by SkildOps) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..0a99a78 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# terraform-base-template + +This is a template repository that will serve as a starting point for all the new terraform modules + +## Important changes: +- Replace `REPO_NAME` with the actual repository name in examples and .tf-header.md +- Update module name in the examples +- Add title in the .tf-header.tf file diff --git a/examples/default.tf b/examples/default.tf new file mode 100644 index 0000000..9f6d837 --- /dev/null +++ b/examples/default.tf @@ -0,0 +1,3 @@ +module "name" { + source = "github.com/terrablocks/REPO_NAME.git" # Always use `ref` to point module to a specific version or hash +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/requirements.tf b/requirements.tf new file mode 100644 index 0000000..c62a830 --- /dev/null +++ b/requirements.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.0.0" + } + } +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..e69de29