Merge pull request #13 from equinix-labs/ci-cd

feat: add ci/cd workflows from our terraform template project

.github/workflows/documentation.yaml

@@ -0,0 +1,53 @@
+name: generate-terraform-docs
+# This workflow will generate terraform docs into README.md in the root, examples, and modules folders.
+# Source: https://github.com/equinix-labs/terraform-equinix-kubernetes-addons/blob/main/.github/workflows/documentation.yaml
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "**/*.tpl"
+      - "**/*.tf"
+
+jobs:
+  tf-docs:
+    name: TF docs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        id: actions-checkout
+        with:
+          ref: main
+
+      - name: Render terraform docs inside the main and the modules README.md files and push changes back to PR branch
+        id: terraform-docs
+        uses: terraform-docs/gh-actions@v1
+        with:
+          find-dir: .
+          args: --sort-by required
+          indention: 2
+          git-push: "false"
+
+      # terraform-docs/[email protected] modifies .git files with owner root:root, and the following steps fail with
+      # insufficient permission for adding an object to repository database .git/objects
+      # since the expected user is runner:docker. See https://github.com/terraform-docs/gh-actions/issues/90
+      - name: Fix .git owner
+        run: sudo chown runner:docker -R .git
+
+      - name: Create Pull Request
+        if: steps.terraform-docs.outputs.num_changed != '0'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          commit-message: "generate-terraform-docs: automated action"
+          committer: GitHub <[email protected]>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          title: "generate-terraform-docs: automated action"
+          body: |
+            Update terraform docs
+          branch-suffix: timestamp
+          base: main
+          signoff: true
+          delete-branch: true
+
+      # TODO(ocobleseqx): https://github.com/peter-evans/enable-pull-request-automerge

.github/workflows/pre-commit.yaml

@@ -0,0 +1,85 @@
+name: "run-pre-commit-hooks"
+# This workflow runs the pre-commit hooks defined in .pre-commit-config.yaml
+
+on:
+  pull_request:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pre-commit:
+    runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        tf: [1.5.7]
+        tflint: [v0.50.3]
+        tfsec: [v1.28.5]
+        shfmt: [v3.8.0]
+        shellcheck: [v0.10.0]
+    permissions:
+      pull-requests: write
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout from Github
+        uses: actions/checkout@v4
+
+      - name: Install Python3
+        uses: actions/setup-python@v5
+
+      - name: Install tflint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: ${{ matrix.tflint }}
+
+      - name: Cache tflint plugin dir
+        uses: actions/cache@v4
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ matrix.tf }}
+
+      - name: Config Terraform plugin cache
+        run: |
+          echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
+          mkdir --parents ~/.terraform.d/plugin-cache
+
+      - name: Cache Terraform
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.terraform.d/plugin-cache
+          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
+          restore-keys: |
+            ${{ runner.os }}-terraform-
+
+      - name: Install tfsec
+        uses: jaxxstorm/[email protected]
+        with:
+          repo: aquasecurity/tfsec
+          platform: linux
+          arch: amd64
+          tag: ${{ matrix.tfsec }}
+
+      - name: Install shfmt
+        uses: jaxxstorm/[email protected]
+        with:
+          repo: mvdan/sh
+          platform: linux
+          arch: amd64
+          tag: ${{ matrix.shfmt }}
+          extension-matching: disable
+          rename-to: shfmt
+          chmod: 0755
+
+      - uses: pre-commit/[email protected]

.github/workflows/release.yaml

@@ -0,0 +1,27 @@
+name: generate-release
+# This workflow will generate changelog and release notes.
+# Source: https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/.github/workflows/release.yml
+
+on:
+  workflow_dispatch:
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Release
+        uses: cycjimmy/semantic-release-action@v4
+        with:
+          extra_plugins: |
+            @semantic-release/changelog@6
+            @semantic-release/git@10
+            conventional-changelog-conventionalcommits@8
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,3 +1,22 @@
+# OSX leaves these everywhere on SMB shares
+._*
+
+# OSX trash
+**/.DS_Store
+*.pyc*
+
+# Emacs save files
+*~
+\#*\#
+.\#*
+
+# Vim-related files
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+
 # Local .terraform directories
 **/.terraform/*
 
@@ -40,4 +59,4 @@ terraform.rc
 .terraform.lock.hcl
 
 # SSH Key files
-ssh-key-*
+ssh-key-*

.mdl_style.rb

@@ -0,0 +1,7 @@
+all
+
+exclude_rule 'MD013'
+rule 'MD029', style: ['ordered']
+exclude_rule 'MD033'
+exclude_rule 'MD041'
+exclude_rule 'MD047'

.mdlrc

@@ -0,0 +1 @@
+style '.mdl_style.rb'

.pre-commit-config.yaml

@@ -0,0 +1,88 @@
+---
+fail_fast: false
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.88.4
+    hooks:
+      - id: terraform_fmt
+        args:
+          - "--args=-recursive"
+      - id: terraform_validate
+        exclude: "^[^/]+$"
+        args:
+          - --hook-config=--parallelism-limit=1
+      - id: terraform_tflint
+        args:
+          - "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"
+      - id: terraform_tfsec
+        args:
+          - "--args=--soft-fail"
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      # Git style
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-vcs-permalinks
+      - id: forbid-new-submodules
+      - id: no-commit-to-branch
+        args: ["--branch", "master"]
+
+      # Common errors
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+        args:
+          - "--markdown-linebreak-ext=md"
+        exclude: CHANGELOG.md
+      - id: check-yaml
+        args:
+          - "--allow-multiple-documents"
+        exclude: |
+          (?x)^(
+              examples/|
+              \.*?.yaml$"
+          )$
+      - id: check-json
+      - id: check-symlinks
+      - id: check-executables-have-shebangs
+
+      # Cross platform
+      - id: check-case-conflict
+      - id: mixed-line-ending
+        args:
+          - "--fix=lf"
+
+      # Security
+      - id: detect-private-key
+
+  # Shell Script Formatter and Markdown Linter
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0
+    hooks:
+      - id: shfmt
+        exclude: |
+          (?x)^(
+              helpers/helper-script.sh|
+              scripts/template-script.sh
+          )$
+      - id: shellcheck
+        args:
+          - "--severity=warning"
+          - "--source-path=SCRIPTDIR scripts/* helpers/*"
+          - "--shell=bash"
+        exclude: |
+          (?x)^(
+              helpers/helper-script.sh|
+              scripts/template-script.sh
+          )$
+      - id: markdownlint
+        exclude: "CHANGELOG.md"
+
+  # JSON5 and Yaml Prettyfier
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v3.1.0
+    hooks:
+      - id: prettier
+        types: [json5, yaml]
+        exclude: "^examples/"

.releaserc.json

@@ -0,0 +1,44 @@
+{
+  "branches": [
+    "main"
+  ],
+  "ci": false,
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits"
+      }
+    ],
+    [
+      "@semantic-release/release-notes-generator",
+      {
+        "preset": "conventionalcommits"
+      }
+    ],
+    [
+      "@semantic-release/github",
+      {
+        "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+        "labels": false,
+        "releasedLabels": false
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md",
+        "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": [
+          "CHANGELOG.md"
+        ],
+        "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ]
+  ]
+}

.tflint.hcl

@@ -0,0 +1,5 @@
+plugin "terraform" {
+    enabled = true
+    version = "0.9.1"
+    source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+}