update scaffolding support envs

.github/workflows/close_stale_prs.yml

@@ -0,0 +1,22 @@
+name : Close inactive pull requests
+on:
+  schedule:
+    - cron: "0 3 * * *" # everyday at 3:00 AM
+  workflow_dispatch:
+
+jobs:
+  close-pull-requests:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to delete branches
+      issues: read
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: -1
+          days-before-close: -1
+          days-before-pr-stale: 7
+          days-before-pr-close: 0 # close immediately after marking as stale
+          delete-branch: true

.github/workflows/terraform.yml

@@ -6,6 +6,15 @@ on:
   pull_request:
     branches: [ "main" ]
 
+env:
+  # We don't want to create any real cloud resources from this
+  # repo. It is just for demonstrating guardrails evaluation on TF
+  # plans. So use dummy credentials that would fail if we ever tried
+  # to run `tf apply.
+  AWS_ACCESS_KEY: "asdf"
+  AWS_SECRET_KEY: "asdf"
+  GOOGLE_OAUTH_ACCESS_TOKEN: "asdf"
+
 jobs:
   terraform:
     name: 'Terraform'
@@ -16,6 +25,10 @@ jobs:
       run:
         shell: bash
 
+    strategy:
+      matrix:
+        env: ["dev", "prod"]
+
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -27,7 +40,7 @@ jobs:
         run: terraform init
 
       - name: Terraform Plan
-        run: terraform plan -out=plan.raw
+        run: terraform plan -state=${{ matrix.env }}.tfstate -var-file=${{ matrix.env }}.tfvars -refresh=false -out=plan.raw
 
       - name: Convert the plan to JSON
         id: planToJson
@@ -37,32 +50,56 @@ jobs:
         uses: fishcharlie/[email protected]
         with:
           data: ${{ steps.planToJson.outputs.stdout }}
-          output: plan.json
+          output: plan-${{ matrix.env }}.json
 
       - name: Upload Terraform Plan Output
         uses: actions/upload-artifact@v2
         with:
-          name: plan-file
-          path: plan.json
+          name: plan-file-${{ matrix.env }}
+          path: plan-${{ matrix.env }}.json
 
       - name: Terraform Apply
         if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-        run: terraform apply -auto-approve -input=false
+        run: terraform apply -auto-approve -state=${{ matrix.env }}.tfstate -var-file=dev.tfvars -input=false
 
   resourcely-ci:
     needs: terraform
     if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
       - name: Download Terraform Plan Output
         uses: actions/download-artifact@v2
         with:
-          name: plan-file
+          name: plan-file-dev
+          path: tf-plan-files/
+
+      - name: Download Terraform Plan Output
+        uses: actions/download-artifact@v2
+        with:
+          name: plan-file-prod
           path: tf-plan-files/
 
+      - name: Save JSON to a file
+        uses: fishcharlie/[email protected]
+        with:
+          data: |
+            {
+              "plans": [{
+                "plan_file": "plan-dev.json",
+                "config_root_path": ".",
+                "environment": "dev"
+              },{
+                "plan_file": "plan-prod.json",
+                "config_root_path": ".",
+                "environment": "prod"
+              }]
+            }
+          output: tf-plan-files/manifest.json
+
       - name: Resourcely CI
         uses: Resourcely-Inc/resourcely-action@v1
         with:

.resourcely.yaml

@@ -1,79 +1,25 @@
 version: "2"
 
+#  Terraform config roots that Resourcely should care about.
 terraform_config_roots:
+  - name: Project Resourcely
 
-  - name: Example project
+    # Path to the Terraform working directory (relative to the current file location)
+    path: .
 
-    description: "Scaffolding project that demonstrates how to
-    integrate Resourcely with a Github Actions-based Terraform
-    workflow."
+    # The default file for Resourcely to put new resources in.
+    default_file: main.tf
 
-    # Type of config root. Each type has its own set of configuration options.
-    #
-    # Allowed Values:
-    # simple        - the config root is a Terraform root module itself.
-    #
-    # Environments:
-    # It is common to apply a Terraform config to multiple environments, each
-    # with its own Terraform state file.
-    #
-    # `simple` config roots use Terraform variables and per-env *.tfvars files
-    # for environment-specific values. The config contains references to
-    # Terraform variables. The per-env *.tfvars files define the values of
-    # those variables in each env.
-    type: simple
+    # Whether this a root-module or a shared-module.
+    type: "simple"
 
-    # Path to the config root, the directory containing the *.tf
-    # files.
-    #
-    # Relative to the location of this .resourcely.yaml file
-    #
-    # If the config root is the same directory, specify
-    #     path: .
-    path: .
+    # The default file for Resourcely to put new variables in.
+    var_file: vars.tf
 
-    # Name of the file in the `path` directory in which to place
-    # new resources by default.
-    #
-    # Developers may pick a different file, but will be defaulted to this one.
-    default_file: main.tf
+    # Environment configuration for this config root
+    environments:
+      - name: dev
+        tfvars_file: dev.tfvars
 
-# Uncomment to enabled environment-specific values
-#    # (optional)
-#    #
-#    # Name of the file in the `path` directory in which to place new
-#    # variable declarations for new environment-specific values.
-#    #
-#    var_file: variables.tf
-#
-#    # (optional)
-#    #
-#    # List of the environments that this config root supports.
-#    #
-#    # If this list is missing or empty, developers will not be allowed
-#    # to use environment-specific values.
-#    #
-#    # If non-empty, a developers will be allowed to use environment-specific
-#    # values. For any environment variable, they will have to supply a value
-#    # for each environment in this list.
-#    #
-#    environments:
-#       -
-#         # Name of the environment.
-#         #
-#         # This name is used for two purposes.
-#         # 1. It is shown in the UI to the developers.
-#         # 2. It is used as the value for `context.environment` in guardrails
-#         #    and blueprints.
-#         name: dev
-#
-#         # Name of the file in which to place the variables definitions
-#         # for this environment.
-#         #
-#         # Relative to the config root `path` directory.
-#         #
-#        tfvars_file: envs/dev.tfvars
-#
-#       -
-#         name: prod
-#         tfvars_file: envs/prod.tfvars
+      - name: prod
+        tfvars_file: prod.tfvars

dev.tfvars

@@ -0,0 +1 @@
+project = "demo-dev"

main.tf

@@ -1,5 +1,7 @@
 # main.tf
 
 resource "null_resource" "foo" {
-  triggers = { "foo" : "bar" }
+  triggers = {
+    foo = var.project
+  }
 }

prod.tfvars

@@ -0,0 +1 @@
+project = "demo-prod"

provider.tf

@@ -1,18 +1,16 @@
-// Configure the provider(s) for your cloud platform(s).
-//
-// See https://registry.terraform.io/browse/providers for a full list
-// of supported providers and configuration instructions.
-//
-// provider "<foo>" {
-//    ...
-// }
+provider "aws" {
+  region = "us-east-1"
 
-// # Example:
-// provider "aws" {
-//   region = "us-east-1"
-// 
-// }
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+  access_key = "mock_access_key"
+  secret_key = "mock_secret_key"
+}
 
-// provider "github" {}
+provider "github" {}
 
-// provider "google" {}
+provider "google" {
+  project = "demo"
+  region  = "us-central1"
+}

terraform.tf

@@ -1,11 +1,20 @@
 terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.34.0"
+    }
+
+    github = {
+      source  = "integrations/github"
+      version = "5.45.0"
+    }
 
-  # Configure a Terraform backend here.
-  #
-  # backend "..." {
-  # }
+    google = {
+      source  = "hashicorp/google"
+      version = "5.14.0"
+    }
 
-  required_providers {
     null = {
       version = "~> 3.0"
     }

vars.tf

@@ -0,0 +1,5 @@
+variable "project" {
+  type = string
+
+  description = "Name for this project"
+}