diff --git a/.cz.yaml b/.cz.yaml new file mode 100644 index 0000000..b1981ec --- /dev/null +++ b/.cz.yaml @@ -0,0 +1,8 @@ +--- +commitizen: + major_version_zero: true + name: cz_gitmoji + tag_format: $version + update_changelog_on_bump: true + version_provider: scm + version_scheme: semver2 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..867570d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "terraform" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/.gitignore b/.gitignore index 03d66da..98d790c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Local .terraform directories **/.terraform/* +**/.terragrunt-cache/* # terraform lock file. **/.terraform.lock.hcl @@ -35,6 +36,3 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc - -# It's a module, shouldn't have a providers.tf -provider*.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..d6091dd --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,111 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + # Git style + - id: check-added-large-files + - id: check-merge-conflict + - id: check-vcs-permalinks + - id: forbid-new-submodules + - id: no-commit-to-branch + - id: check-byte-order-marker + - id: check-case-conflict + - id: check-json + - id: check-merge-conflict + - id: check-symlinks + - id: check-vcs-permalinks + - id: check-toml + - id: check-xml + - id: detect-private-key + - id: requirements-txt-fixer + - id: sort-simple-yaml + + # Common errors + - id: end-of-file-fixer + - id: trailing-whitespace + args: [--markdown-linebreak-ext=md] + exclude: CHANGELOG.md + - id: check-yaml + - id: check-merge-conflict + - id: check-executables-have-shebangs + + # Cross platform + - id: check-case-conflict + - id: mixed-line-ending + args: [--fix=lf] + + # Security + - id: detect-aws-credentials + args: ['--allow-missing-credentials'] + - id: detect-private-key + +# JSON5 Linter +- repo: https://github.com/pre-commit/mirrors-prettier + rev: v4.0.0-alpha.8 + hooks: + - id: prettier + # https://prettier.io/docs/en/options.html#parser + files: '.json5$' + +# Terraform Hooks +- repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.92.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases + hooks: + - id: terraform_fmt + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + - id: terraform_docs + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + - id: terraform_tflint + name: Terraform validate with tflint + description: Validates all Terraform configuration files with TFLint. + require_serial: true + entry: hooks/terraform_tflint.sh + language: script + files: (\.tf|\.tfvars)$ + exclude: \.(terraform/.*|terragrunt-cache)$ + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + - id: terragrunt_fmt + name: Terragrunt fmt + description: Rewrites all Terragrunt configuration files to a canonical format. + entry: hooks/terragrunt_fmt.sh + language: script + files: (\.hcl)$ + exclude: \.(terraform/.*|terragrunt-cache)$ + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + # Will require dependency mocks + # - id: terragrunt_validate + # name: Terragrunt validate + # description: Validates all Terragrunt configuration files. + # entry: hooks/terragrunt_validate.sh + # language: script + # files: (\.hcl)$ + # exclude: \.(terraform/.*|terragrunt-cache)$ + # args: + # - --hook-config=--parallelism-ci-cpu-cores=2 + # - id: terragrunt_validate_inputs + # name: Terragrunt validate inputs + # description: Validates Terragrunt unused and undefined inputs. + # entry: hooks/terragrunt_validate_inputs.sh + # language: script + # files: (\.hcl)$ + # exclude: \.(terraform/.*|terragrunt-cache)$ + # args: + # - --hook-config=--parallelism-ci-cpu-cores=2 + # - id: terragrunt_providers_lock + # name: Terragrunt providers lock + # description: Updates provider signatures in dependency lock files using terragrunt. + # entry: hooks/terragrunt_providers_lock.sh + # language: script + # files: (terragrunt|\.terraform\.lock)\.hcl$ + # exclude: \.(terraform/.*|terragrunt-cache)$ + # args: + # - --hook-config=--parallelism-ci-cpu-cores=2 + +- repo: https://github.com/ljnsn/cz-conventional-gitmoji + rev: v0.3.2 + hooks: + - id: conventional-gitmoji diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..266f0c7 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,170 @@ +#### THESE ARE NOT ENABLED, THEY ARE FOR REFERENCE +# - id: infracost_breakdown +# name: Infracost breakdown +# description: Check terraform infrastructure cost +# entry: hooks/infracost_breakdown.sh +# language: script +# require_serial: true +# files: \.(tf(vars)?|hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_fmt +# name: Terraform fmt +# description: Rewrites all Terraform configuration files to a canonical format. +# entry: hooks/terraform_fmt.sh +# language: script +# files: (\.tf|\.tfvars)$ +# exclude: \.terraform/.*$ + +# - id: terraform_docs +# name: Terraform docs +# description: Inserts input and output documentation into README.md (using terraform-docs). +# require_serial: true +# entry: hooks/terraform_docs.sh +# language: script +# files: (\.tf|\.terraform\.lock\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_docs_without_aggregate_type_defaults +# name: Terraform docs (without aggregate type defaults) +# description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. +# require_serial: true +# entry: hooks/terraform_docs.sh +# language: script +# files: (\.tf)$ +# exclude: \.terraform/.*$ + +# - id: terraform_docs_replace +# name: Terraform docs (overwrite README.md) +# description: Overwrite content of README.md with terraform-docs. +# require_serial: true +# entry: terraform_docs_replace +# language: python +# files: (\.tf)$ +# exclude: \.terraform/.*$ + +# - id: terraform_validate +# name: Terraform validate +# description: Validates all Terraform configuration files. +# require_serial: true +# entry: hooks/terraform_validate.sh +# language: script +# files: \.(tf(vars)?|terraform\.lock\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_providers_lock +# name: Lock terraform provider versions +# description: Updates provider signatures in dependency lock files. +# require_serial: true +# entry: hooks/terraform_providers_lock.sh +# language: script +# files: (\.terraform\.lock\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_tflint +# name: Terraform validate with tflint +# description: Validates all Terraform configuration files with TFLint. +# require_serial: true +# entry: hooks/terraform_tflint.sh +# language: script +# files: (\.tf|\.tfvars)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_fmt +# name: Terragrunt fmt +# description: Rewrites all Terragrunt configuration files to a canonical format. +# entry: hooks/terragrunt_fmt.sh +# language: script +# files: (\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_validate +# name: Terragrunt validate +# description: Validates all Terragrunt configuration files. +# entry: hooks/terragrunt_validate.sh +# language: script +# files: (\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_validate_inputs +# name: Terragrunt validate inputs +# description: Validates Terragrunt unused and undefined inputs. +# entry: hooks/terragrunt_validate_inputs.sh +# language: script +# files: (\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_providers_lock +# name: Terragrunt providers lock +# description: Updates provider signatures in dependency lock files using terragrunt. +# entry: hooks/terragrunt_providers_lock.sh +# language: script +# files: (terragrunt|\.terraform\.lock)\.hcl$ +# exclude: \.(terraform/.*|terragrunt-cache)$ + +# - id: terraform_tfsec +# name: Terraform validate with tfsec (deprecated, use "terraform_trivy") +# description: Static analysis of Terraform templates to spot potential security issues. +# require_serial: true +# entry: hooks/terraform_tfsec.sh +# files: \.tf(vars)?$ +# language: script + +# - id: terraform_trivy +# name: Terraform validate with trivy +# description: Static analysis of Terraform templates to spot potential security issues. +# require_serial: true +# entry: hooks/terraform_trivy.sh +# files: \.tf(vars)?$ +# language: script + +# - id: checkov +# name: checkov (deprecated, use "terraform_checkov") +# description: Runs checkov on Terraform templates. +# entry: checkov -d . +# language: python +# pass_filenames: false +# always_run: false +# files: \.tf$ +# exclude: \.terraform/.*$ +# require_serial: true + +# - id: terraform_checkov +# name: Checkov +# description: Runs checkov on Terraform templates. +# entry: hooks/terraform_checkov.sh +# language: script +# always_run: false +# files: \.tf$ +# exclude: \.terraform/.*$ +# require_serial: true + +# - id: terraform_wrapper_module_for_each +# name: Terraform wrapper with for_each in module +# description: Generate Terraform wrappers with for_each in module. +# entry: hooks/terraform_wrapper_module_for_each.sh +# language: script +# pass_filenames: false +# always_run: false +# require_serial: true +# files: \.tf$ +# exclude: \.terraform/.*$ + +# - id: terrascan +# name: terrascan +# description: Runs terrascan on Terraform templates. +# language: script +# entry: hooks/terrascan.sh +# files: \.tf$ +# exclude: \.terraform/.*$ +# require_serial: true + +# - id: tfupdate +# name: tfupdate +# description: Runs tfupdate on Terraform templates. +# language: script +# entry: hooks/tfupdate.sh +# args: +# - --args=terraform +# files: \.tf$ +# require_serial: true diff --git a/.releaserc.json b/.releaserc.json new file mode 100644 index 0000000..6e39031 --- /dev/null +++ b/.releaserc.json @@ -0,0 +1,36 @@ +{ + "branches": [ + "main", + "master" + ], + "ci": false, + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + [ + "@semantic-release/github", + { + "successComment": + "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:", + "labels": false, + "releasedLabels": false + } + ], + [ + "@semantic-release/changelog", + { + "changelogFile": "CHANGELOG.md", + "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file." + } + ], + [ + "@semantic-release/git", + { + "assets": [ + "CHANGELOG.md" + ], + "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + } + ] + ] +} diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..fabfb8d --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,44 @@ +formatter: markdown table + +header-from: main.tf +footer-from: "" + +sections: +## hide: [] + show: + - data-sources + - header + - footer + - inputs + - modules + - outputs + - providers + - requirements + - resources + +output: + file: README.md + mode: inject + template: |- + + {{ .Content }} + + +output-values: + enabled: false + from: "" + +sort: + enabled: true + by: name + +settings: + anchor: true + color: true + default: true + description: true + escape: true + indent: 2 + required: true + sensitive: true + type: true diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..684d807 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,21 @@ +config { + module = true + force = false + disabled_by_default = false +} + +rule "aws_instance_invalid_type" { + enabled = true +} + +plugin "aws" { + enabled = true + version = "0.32.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +plugin "terraform" { + enabled = true + version = "0.9.0" + source = "github.com/terraform-linters/tflint-ruleset-terraform" +}