Initial commit

.github/workflows/documentation.yaml

@@ -0,0 +1,53 @@
+name: generate-terraform-docs
+# This workflow will generate terraform docs into README.md in the root, examples, and modules folders.
+# Source: https://github.com/equinix-labs/terraform-equinix-kubernetes-addons/blob/main/.github/workflows/documentation.yaml
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*.tpl'
+      - '**/*.tf'
+
+jobs:
+  tf-docs:
+    name: TF docs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        id: actions-checkout
+        with:
+          ref: main
+
+      - name: Render terraform docs inside the main and the modules README.md files and push changes back to PR branch
+        id: terraform-docs
+        uses: terraform-docs/[email protected]
+        with:
+          find-dir: .
+          args: --sort-by required
+          indention: 2
+          git-push: "false"
+
+      # terraform-docs/[email protected] modifies .git files with owner root:root, and the following steps fail with
+      # insufficient permission for adding an object to repository database .git/objects
+      # since the expected user is runner:docker. See https://github.com/terraform-docs/gh-actions/issues/90
+      - name: Fix .git owner
+        run: sudo chown runner:docker -R .git
+
+      - name: Create Pull Request
+        if: steps.terraform-docs.outputs.num_changed != '0'
+        uses: peter-evans/create-pull-request@v5
+        with:
+          commit-message: 'generate-terraform-docs: automated action'
+          committer: GitHub <[email protected]>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          title: 'generate-terraform-docs: automated action'
+          body: |
+            Update terraform docs
+          branch-suffix: timestamp
+          base: main
+          signoff: true
+          delete-branch: true
+
+      # TODO(ocobleseqx): https://github.com/peter-evans/enable-pull-request-automerge

.github/workflows/pre-commit.yaml

@@ -0,0 +1,72 @@
+name: 'run-pre-commit-hooks'
+# This workflow runs the pre-commit hooks defined in .pre-commit-config.yaml
+
+on:
+  pull_request:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pre-commit:
+    runs-on: ${{ matrix.os }}
+    env:
+      TF_VERSION: ${{ matrix.tf }}
+      TFLINT_VERSION: ${{ matrix.tflint }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        tf: [1.3.0]
+        tflint: [v0.44.1]
+    permissions:
+      pull-requests: write
+      id-token: write
+      contents: read
+    steps:
+    - name: Checkout from Github
+      uses: actions/checkout@v4
+
+    - name: Install Python3
+      uses: actions/setup-python@v5
+
+    - name: Install tflint
+      uses: terraform-linters/setup-tflint@v4
+      with:
+        tflint_version: ${{ env.TFLINT_VERSION }}
+
+    - name: Cache tflint plugin dir
+      uses: actions/cache@v4
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - name: Install Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: ${{ env.TF_VERSION }}
+
+    - name: Config Terraform plugin cache
+      run: |
+        echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
+        mkdir --parents ~/.terraform.d/plugin-cache
+
+    - name: Cache Terraform
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.terraform.d/plugin-cache
+        key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
+        restore-keys: |
+          ${{ runner.os }}-terraform-
+
+    - name: Install tfsec
+      uses: jaxxstorm/[email protected]
+      with:
+        repo: aquasecurity/tfsec
+        platform: linux
+        arch: x86-64
+
+    - uses: pre-commit/[email protected]

.github/workflows/release.yaml

@@ -0,0 +1,28 @@
+name: generate-release
+# This workflow will generate changelog and release notes.
+# Source: https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/.github/workflows/release.yml
+
+on:
+  workflow_dispatch:
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Release
+        uses: cycjimmy/semantic-release-action@v3
+        with:
+          semantic_version: 19.0.5
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/[email protected]
+            [email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,52 @@
+# OSX leaves these everywhere on SMB shares
+._*
+
+# OSX trash
+**/.DS_Store
+*.pyc*
+
+# Emacs save files
+*~
+\#*\#
+.\#*
+
+# Vim-related files
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+
+# Local .terraform directories
+**/.terraform/*
+**/*/.terraform/*
+.terraform*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+.terraform.lock.hcl
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+**/terraform.tfvars
+util/keys
+
+*-kubeconfig

.mdl_style.rb

@@ -0,0 +1,7 @@
+all
+
+exclude_rule 'MD013'
+rule 'MD029', style: ['ordered']
+exclude_rule 'MD033'
+exclude_rule 'MD041'
+exclude_rule 'MD047'

.mdlrc

@@ -0,0 +1 @@
+style '.mdl_style.rb'

.pre-commit-config.yaml

@@ -0,0 +1,87 @@
+---
+fail_fast: false
+repos:
+
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.77.1
+  hooks:
+    - id: terraform_fmt
+      args:
+        - "--args=-recursive"
+    - id: terraform_validate
+      exclude: "^[^/]+$"
+    - id: terraform_tflint
+      args:
+        - "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"
+    - id: terraform_tfsec
+      args:
+        - "--args=--soft-fail"
+
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+      args: ['--branch', 'master']
+
+    # Common errors
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args:
+        - "--markdown-linebreak-ext=md"
+      exclude: CHANGELOG.md
+    - id: check-yaml
+      args:
+        - "--allow-multiple-documents"
+      exclude: |
+            (?x)^(
+                examples/|
+                \.*?.yaml$"
+            )$
+    - id: check-json
+    - id: check-symlinks
+    - id: check-executables-have-shebangs
+
+    # Cross platform
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args:
+        - "--fix=lf"
+
+    # Security
+    - id: detect-private-key
+
+# Shell Script Formatter and Markdown Linter
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: 3.0.0
+  hooks:
+    - id: shfmt
+      exclude: |
+            (?x)^(
+                helpers/helper-script.sh|
+                scripts/template-script.sh
+            )$
+    - id: shellcheck
+      args:
+        - "--severity=warning"
+        - "--source-path=SCRIPTDIR scripts/* helpers/*"
+        - "--shell=bash"
+      exclude: |
+            (?x)^(
+                helpers/helper-script.sh|
+                scripts/template-script.sh
+            )$
+    - id: markdownlint
+      exclude: "CHANGELOG.md"
+
+# JSON5 and Yaml Prettyfier
+- repo: https://github.com/pre-commit/mirrors-prettier
+  rev: v3.0.0-alpha.4
+  hooks:
+  - id: prettier
+    types: [json5, yaml]
+    exclude: "^examples/"

.releaserc.json

@@ -0,0 +1,44 @@
+{
+    "branches": [
+      "main"
+    ],
+    "ci": false,
+    "plugins": [
+      [
+        "@semantic-release/commit-analyzer",
+        {
+          "preset": "conventionalcommits"
+        }
+      ],
+      [
+        "@semantic-release/release-notes-generator",
+        {
+          "preset": "conventionalcommits"
+        }
+      ],
+      [
+        "@semantic-release/github",
+        {
+          "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+          "labels": false,
+          "releasedLabels": false
+        }
+      ],
+      [
+        "@semantic-release/changelog",
+        {
+          "changelogFile": "CHANGELOG.md",
+          "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+        }
+      ],
+      [
+        "@semantic-release/git",
+        {
+          "assets": [
+            "CHANGELOG.md"
+          ],
+          "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+        }
+      ]
+    ]
+  }

.tflint.hcl

@@ -0,0 +1,5 @@
+plugin "terraform" {
+  enabled = true
+  version = "0.5.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+}

CODEOWNERS

@@ -0,0 +1,3 @@
+# TEMPLATE: add your username after terraform
+# TEMPLATE: * equinix-labs/terraform myusername
+* @equinix-labs/terraform