Merge branch 'main' into patrick.siewe/config-roots

.github/workflows/resourcely-cli.yml

@@ -0,0 +1,190 @@
+name: Test Resourcely-CLI
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Mock TF plan that will be fed to Resourcely-CLI
+  TF_PLAN: >
+    {
+      "resource_changes": [
+        {
+          "address": "aws_instance.ec2_instance",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "ami": "ami-051f8a213df8bc089",
+              "arn": "arn:aws:ec2:us-east-1:502240965697:instance/i-0189a83c43048101e",
+              "associate_public_ip_address": true,
+              "availability_zone": "us-east-1a",
+              "capacity_reservation_specification": [
+                {
+                  "capacity_reservation_preference": "open",
+                  "capacity_reservation_target": []
+                }
+              ],
+              "cpu_core_count": 1,
+              "cpu_options": [
+                {
+                  "amd_sev_snp": "",
+                  "core_count": 1,
+                  "threads_per_core": 1
+                }
+              ],
+              "cpu_threads_per_core": 1,
+              "credit_specification": [
+                {
+                  "cpu_credits": "standard"
+                }
+              ],
+              "disable_api_stop": false,
+              "disable_api_termination": false,
+              "ebs_block_device": [],
+              "ebs_optimized": false,
+              "enclave_options": [
+                {
+                  "enabled": false
+                }
+              ],
+              "ephemeral_block_device": [],
+              "get_password_data": false,
+              "hibernation": false,
+              "host_id": "",
+              "host_resource_group_arn": null,
+              "iam_instance_profile": "",
+              "id": "i-0189a83c43048101e",
+              "instance_initiated_shutdown_behavior": "stop",
+              "instance_lifecycle": "",
+              "instance_market_options": [],
+              "instance_state": "running",
+              "instance_type": "t2.micro",
+              "ipv6_address_count": 0,
+              "ipv6_addresses": [],
+              "key_name": "",
+              "launch_template": [],
+              "maintenance_options": [
+                {
+                  "auto_recovery": "default"
+                }
+              ],
+              "metadata_options": [
+                {
+                  "http_endpoint": "enabled",
+                  "http_protocol_ipv6": "disabled",
+                  "http_put_response_hop_limit": 2,
+                  "http_tokens": "required",
+                  "instance_metadata_tags": "disabled"
+                }
+              ],
+              "monitoring": false,
+              "network_interface": [],
+              "outpost_arn": "",
+              "password_data": "",
+              "placement_group": "",
+              "placement_partition_number": 0,
+              "primary_network_interface_id": "eni-0a8f56ec84e42b4de",
+              "private_dns": "ip-172-31-84-78.ec2.internal",
+              "private_dns_name_options": [
+                {
+                  "enable_resource_name_dns_a_record": false,
+                  "enable_resource_name_dns_aaaa_record": false,
+                  "hostname_type": "ip-name"
+                }
+              ],
+              "private_ip": "172.31.84.78",
+              "public_dns": "ec2-3-90-43-110.compute-1.amazonaws.com",
+              "public_ip": "3.90.43.110",
+              "root_block_device": [
+                {
+                  "delete_on_termination": true,
+                  "device_name": "/dev/xvda",
+                  "encrypted": false,
+                  "iops": 3000,
+                  "kms_key_id": "",
+                  "tags": {},
+                  "tags_all": {},
+                  "throughput": 125,
+                  "volume_id": "vol-0513133239cbffe57",
+                  "volume_size": 8,
+                  "volume_type": "gp3"
+                }
+              ],
+              "secondary_private_ips": [],
+              "security_groups": [
+                "default"
+              ],
+              "source_dest_check": true,
+              "spot_instance_request_id": "",
+              "subnet_id": "subnet-0b27901c38cb7b8ff",
+              "tags": null,
+              "tags_all": {},
+              "tenancy": "default",
+              "timeouts": null,
+              "user_data": null,
+              "user_data_base64": null,
+              "user_data_replace_on_change": false,
+              "volume_tags": null,
+              "vpc_security_group_ids": [
+                "sg-0b861685baed33704"
+              ]
+            },
+            "before": null
+          },
+          "mode": "managed",
+          "name": "ec2_instance",
+          "provider_name": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+          "type": "aws_instance"
+        }
+      ],
+      "version": 1.2
+    }
+
+
+jobs:
+  write-plan:
+    name: 'Write Plan File'
+    runs-on: ubuntu-latest
+    environment: production
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Save Plan JSON to a file
+        uses: fishcharlie/[email protected]
+        with:
+          data: ${{ env.TF_PLAN }}
+          output: plan.json
+
+      - name: Upload Terraform Plan Output
+        uses: actions/upload-artifact@v2
+        with:
+          name: plan-file
+          path: plan.json
+
+  resourcely-ci:
+    needs: write-plan
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download Terraform Plan Output
+        uses: actions/download-artifact@v2
+        with:
+          name: plan-file
+          path: tf-plan-files/
+
+      - name: Resourcely CI
+        uses: Resourcely-Inc/resourcely-action@main
+        with:
+          resourcely_api_token: ${{ secrets.RESOURCELY_API_TOKEN }}
+          resourcely_api_host: "https://funny-bunny.ngrok.dev"
+          tf_plan_directory: "tf-plan-files"

.gitignore

@@ -1 +1,42 @@
-.idea
+# IDE
+.idea/
+.vscode/
+.run-configurations/
+
+# Automatically generated
+.docker
+build/
+proto-gen/
+_protos
+coverage.out
+*.zip
+# Files named mock_*.go are automatically created and deleted by the mocks generator script in Makefile
+mock_*
+mocks/
+
+# macOS
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Certs
+*.key
+*.pem
+
+# Ignore local env files except for .env and sample.env
+env/*.env
+!env/.env
+!env/sample.env

README.md

@@ -1,48 +1,2 @@
 # Resourcely Github Actions Scaffolding
-
-This repository demonstrates how to integrate Resourcely into
-repository that used Github Actions as the Terraform runner.
-
-It contains a [workflow](.github/workflows/terraform.yml) that runs
-`terraform plan` and then uses the [Resourcely Github
-Action](https://github.com/Resourcely-Inc/resourcely-action) to
-evaluate guardrails on that plan.
-
-## Assumptions
-
-This repository uses Github Actions to run `terraform plan` and
-`terraform apply`.
-
-If you use a different runner, see the scaffolding repository for that
-runner:
-
-- Terraform Cloud - [scaffolding-github-terraform-cloud](https://github.com/Resourcely-Inc/scaffolding-github-terraform-cloud)
-
-## Usage
-
-This repository is a template. Some setup is required after cloning to use it.
-
-### 1. Configure Terraform Backend
-
-Running Terraform in Github Actions requires storing the Terraform
-state in a durable backend.  Terraform supports a variety of backends
-described
-[here](https://developer.hashicorp.com/terraform/language/settings/backends/configuration).
-
-Edit [terraform.tf](terraform.tf) to add and configured your chosen
-backend.
-
-### 2. Add Resourcely API Token to Github Secrets.
-
-The Resourcely Github Action requires an API token to authenticate to
-the Resourcely API.
-
-- Generate a new API token in the [Resourcely portal](https://portal.resourcely.io/settings/generate-api-token)
-- Create a new [Github repository secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository) named `RESOURCELY_API_TOKEN` containing this token.
-
-### 3. Update .resourcely.yaml
-
-`.resourcely.yaml` tells Resourcely where to find the Terraform
-configs within this repo.  If you move the config out of the
-repository root or add new configs in subdirectories, update the file
-to reflect these changes.
+Repo used to test Resourcely integration