Initial commit

equinix-labs · Mar 29, 2023 · 7ee8c27 · 7ee8c27
commit 7ee8c27
Show file tree

Hide file tree

Showing 34 changed files with 1,182 additions and 0 deletions.
diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
@@ -0,0 +1,53 @@
+name: generate-terraform-docs
+# This workflow will generate terraform docs into README.md in the root, examples, and modules folders.
+# Source: https://github.com/equinix-labs/terraform-equinix-kubernetes-addons/blob/main/.github/workflows/documentation.yaml
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*.tpl'
+      - '**/*.tf'
+
+jobs:
+  tf-docs:
+    name: TF docs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        id: actions-checkout
+        with:
+          ref: main
+
+      - name: Render terraform docs inside the main and the modules README.md files and push changes back to PR branch
+        id: terraform-docs
+        uses: terraform-docs/[email protected]
+        with:
+          find-dir: .
+          args: --sort-by required
+          indention: 2
+          git-push: "false"
+
+      # terraform-docs/[email protected] modifies .git files with owner root:root, and the following steps fail with
+      # insufficient permission for adding an object to repository database .git/objects
+      # since the expected user is runner:docker. See https://github.com/terraform-docs/gh-actions/issues/90
+      - name: Fix .git owner
+        run: sudo chown runner:docker -R .git
+
+      - name: Create Pull Request
+        if: steps.terraform-docs.outputs.num_changed != '0'
+        uses: peter-evans/create-pull-request@v4
+        with:
+          commit-message: 'generate-terraform-docs: automated action'
+          committer: GitHub <[email protected]>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          title: 'generate-terraform-docs: automated action'
+          body: |
+            Update terraform docs
+          branch-suffix: timestamp
+          base: main
+          signoff: true
+          delete-branch: true
+
+      # TODO(ocobleseqx): https://github.com/peter-evans/enable-pull-request-automerge
diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml
@@ -0,0 +1,54 @@
+name: validate-pr-title
+# This workflow will validate the title of PR's
+# Source: https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/.github/workflows/pr-title.yml
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      # Please look up the latest version from
+      # https://github.com/amannn/action-semantic-pull-request/releases
+      - uses: amannn/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # Configure which types are allowed.
+          # Default: https://github.com/commitizen/conventional-commit-types
+          types: |
+            fix
+            feat
+            docs
+            ci
+            chore
+          # Configure that a scope must always be provided.
+          requireScope: false
+          # Configure additional validation for the subject based on a regex.
+          # This example ensures the subject starts with an uppercase character.
+          subjectPattern: ^[A-Z].+$
+          # If `subjectPattern` is configured, you can use this property to override
+          # the default error message that is shown when the pattern doesn't match.
+          # The variables `subject` and `title` can be used within the message.
+          subjectPatternError: |
+            The subject "{subject}" found in the pull request title "{title}"
+            didn't match the configured pattern. Please ensure that the subject
+            starts with an uppercase character.
+          # For work-in-progress PRs you can typically use draft pull requests
+          # from Github. However, private repositories on the free plan don't have
+          # this option and therefore this action allows you to opt-in to using the
+          # special "[WIP]" prefix to indicate this state. This will avoid the
+          # validation of the PR title and the pull request checks remain pending.
+          # Note that a second check will be reported if this is enabled.
+          wip: true
+          # When using "Squash and merge" on a PR with only one commit, GitHub
+          # will suggest using that commit message instead of the PR title for the
+          # merge commit, and it's easy to commit this by mistake. Enable this option
+          # to also validate the commit message for one commit PRs.
+          validateSingleCommit: false
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,72 @@
+name: 'run-pre-commit-hooks'
+# This workflow runs the pre-commit hooks defined in .pre-commit-config.yaml
+
+on:
+  pull_request:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pre-commit:
+    runs-on: ${{ matrix.os }}
+    env:
+      TF_VERSION: ${{ matrix.tf }}
+      TFLINT_VERSION: ${{ matrix.tflint }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        tf: [1.3.0]
+        tflint: [v0.44.1]
+    permissions:
+      pull-requests: write
+      id-token: write
+      contents: read
+    steps:
+    - name: Checkout from Github
+      uses: actions/checkout@v3
+
+    - name: Install Python3
+      uses: actions/setup-python@v4
+
+    - name: Install tflint
+      uses: terraform-linters/setup-tflint@v3
+      with:
+        tflint_version: ${{ env.TFLINT_VERSION }}
+
+    - name: Cache tflint plugin dir
+      uses: actions/cache@v3
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - name: Install Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: ${{ env.TF_VERSION }}
+
+    - name: Config Terraform plugin cache
+      run: |
+        echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
+        mkdir --parents ~/.terraform.d/plugin-cache
+
+    - name: Cache Terraform
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.terraform.d/plugin-cache
+        key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
+        restore-keys: |
+          ${{ runner.os }}-terraform-
+
+    - name: Install tfsec
+      uses: jaxxstorm/[email protected]
+      with:
+        repo: aquasecurity/tfsec
+        platform: linux
+        arch: x86-64
+
+    - uses: pre-commit/[email protected]
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,37 @@
+name: generate-release
+# This workflow will generate changelog and release notes.
+# Source: https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/.github/workflows/release.yml
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*.tpl'
+      - '**/*.tf'
+      - '.github/workflows/release.yml'
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    # Skip running release workflow on forks
+    #if: github.repository_owner == 'terraform-equinix-template'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Release
+        uses: cycjimmy/semantic-release-action@v3
+        with:
+          semantic_version: 19.0.5
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/[email protected]
+            [email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,56 @@
+# OSX leaves these everywhere on SMB shares
+._*
+
+# OSX trash
+**/.DS_Store
+*.pyc*
+
+# Emacs save files
+*~
+\#*\#
+.\#*
+
+# Vim-related files
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+
+# Local .terraform directories
+**/.terraform/*
+**/*/.terraform/*
+.terraform*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+!.terraform.lock.hcl
+**/*/.terraform.lock.hcl
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+**/terraform.tfvars
+util/keys
+
+*-kubeconfig
diff --git a/.mdl_style.rb b/.mdl_style.rb
@@ -0,0 +1,7 @@
+all
+
+exclude_rule 'MD013'
+rule 'MD029', style: ['ordered']
+exclude_rule 'MD033'
+exclude_rule 'MD041'
+exclude_rule 'MD047'
diff --git a/.mdlrc b/.mdlrc
@@ -0,0 +1 @@
+style '.mdl_style.rb'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,87 @@
+---
+fail_fast: false
+repos:
+
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.77.1
+  hooks:
+    - id: terraform_fmt
+      args:
+        - "--args=-recursive"
+    - id: terraform_validate
+      exclude: "^[^/]+$"
+    - id: terraform_tflint
+      args:
+        - "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"
+    - id: terraform_tfsec
+      args:
+        - "--args=--soft-fail"
+
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+      args: ['--branch', 'master']
+
+    # Common errors
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args:
+        - "--markdown-linebreak-ext=md"
+      exclude: CHANGELOG.md
+    - id: check-yaml
+      args:
+        - "--allow-multiple-documents"
+      exclude: |
+            (?x)^(
+                examples/|
+                \.*?.yaml$"
+            )$
+    - id: check-json
+    - id: check-symlinks
+    - id: check-executables-have-shebangs
+
+    # Cross platform
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args:
+        - "--fix=lf"
+
+    # Security
+    - id: detect-private-key
+
+# Shell Script Formatter and Markdown Linter
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: 3.0.0
+  hooks:
+    - id: shfmt
+      exclude: |
+            (?x)^(
+                helpers/helper-script.sh|
+                scripts/template-script.sh
+            )$
+    - id: shellcheck
+      args:
+        - "--severity=warning"
+        - "--source-path=SCRIPTDIR scripts/* helpers/*"
+        - "--shell=bash"
+      exclude: |
+            (?x)^(
+                helpers/helper-script.sh|
+                scripts/template-script.sh
+            )$
+    - id: markdownlint
+      exclude: "CHANGELOG.md"
+
+# JSON5 and Yaml Prettyfier
+- repo: https://github.com/pre-commit/mirrors-prettier
+  rev: v3.0.0-alpha.4
+  hooks:
+  - id: prettier
+    types: [json5, yaml]
+    exclude: "^examples/"