diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml new file mode 100644 index 0000000..c6404eb --- /dev/null +++ b/.github/workflows/preview.yml @@ -0,0 +1,89 @@ +name: Preview + +on: + pull_request: + +concurrency: + group: terraform-google-artifact-registry-repository + cancel-in-progress: false + +jobs: + pre-commit: + runs-on: ubuntu-latest + name: Static Analysis + steps: + - name: Checkout + # actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + fetch-depth: 0 + + - name: Setup asdf + # asdf-vm/actions/plugins-add@v3.0.2 + uses: asdf-vm/actions/plugins-add@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + + - name: Install tools via asdf + run: asdf install + + - name: Set up Golang + # actions/setup-go@v5.0.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: 1.22.0 + + - name: Set up Terradoc + # for security reasons we pin commit ids and not tags. + # mineiros-io/terradoc@main -> af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a + run: go install github.com/mineiros-io/terradoc/cmd/terradoc@af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a + env: + GOPROXY: direct + + - name: Cache plugin dir + # for security reasons we pin commit ids and not tags. + # actions/cache@v4.0.0 -> 13aacd865c20de90d75de3b17ebe84f7a17d57d2 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 + with: + path: ~/.tflint.d/plugins + key: tflint-${{ hashFiles('.tflint.hcl') }} + + - name: Init TFLint + run: tflint --init + env: + # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting + GITHUB_TOKEN: ${{ github.token }} + + - name: Setup and run pre-commit + # for security reasons we pin commit ids and not tags. + # pre-commit/action@v3.0.1 -> 2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd + + unit-tests: + # needs: pre-commit + runs-on: ubuntu-latest + name: Unit Tests + steps: + - name: Checkout + # actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + fetch-depth: 0 + + - name: Setup asdf + # asdf-vm/actions/plugins-add@v3.0.2 + uses: asdf-vm/actions/plugins-add@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + + - name: Install tools via asdf + run: asdf install + + - name: Set up Golang + # actions/setup-go@v5.0.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: 1.22.0 + + - name: Run Unit Tests + run: make test/unit-tests + env: + GOOGLE_CREDENTIALS: ${{ secrets.MINEIROS_TESTING_GCP_SA_KEY_FILE }} + TEST_GCP_PROJECT: ${{ secrets.MINEIROS_TESTING_GCP_PROJECT }} + TEST_GCP_ORG_DOMAIN: ${{ secrets.MINEIROS_TESTING_GCP_ORG_DOMAIN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..7e6da8e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,116 @@ +name: Release + +on: + push: + branches: + - main + +concurrency: + group: terraform-google-artifact-registry-repository + cancel-in-progress: false + +jobs: + pre-commit: + runs-on: ubuntu-latest + name: Static Analysis + steps: + - name: Checkout + # actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + fetch-depth: 0 + + - name: Setup asdf + # asdf-vm/actions/plugins-add@v3.0.2 + uses: asdf-vm/actions/plugins-add@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + + - name: Install tools via asdf + run: asdf install + + - name: Set up Golang + # actions/setup-go@v5.0.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: 1.22.0 + + - name: Set up Terradoc + # for security reasons we pin commit ids and not tags. + # mineiros-io/terradoc@main -> af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a + run: go install github.com/mineiros-io/terradoc/cmd/terradoc@af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a + env: + GOPROXY: direct + + - name: Cache plugin dir + # for security reasons we pin commit ids and not tags. + # actions/cache@v4.0.0 -> 13aacd865c20de90d75de3b17ebe84f7a17d57d2 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 + with: + path: ~/.tflint.d/plugins + key: tflint-${{ hashFiles('.tflint.hcl') }} + + - name: Init TFLint + run: tflint --init + env: + # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting + GITHUB_TOKEN: ${{ github.token }} + + - name: Setup and run pre-commit + # for security reasons we pin commit ids and not tags. + # pre-commit/action@v3.0.1 -> 2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd + + unit-tests: + # needs: pre-commit + runs-on: ubuntu-latest + name: Unit Tests + steps: + - name: Checkout + # actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + fetch-depth: 0 + + - name: Setup asdf + # asdf-vm/actions/plugins-add@v3.0.2 + uses: asdf-vm/actions/plugins-add@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + + - name: Install tools via asdf + run: asdf install + + - name: Set up Golang + # actions/setup-go@v5.0.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: 1.22.0 + + - name: Run Unit Tests + run: make test/unit-tests + env: + GOOGLE_CREDENTIALS: ${{ secrets.MINEIROS_TESTING_GCP_SA_KEY_FILE }} + TEST_GCP_PROJECT: ${{ secrets.MINEIROS_TESTING_GCP_PROJECT }} + TEST_GCP_ORG_DOMAIN: ${{ secrets.MINEIROS_TESTING_GCP_ORG_DOMAIN }} + + release: + needs: + - pre-commit + - unit-tests + permissions: + contents: write + issues: write + runs-on: ubuntu-latest + steps: + - name: Checkout + # actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + fetch-depth: 0 + + - name: Semantic Release + # codfish/semantic-release-action@v3.1.0 + uses: codfish/semantic-release-action@07170c8b1613177f0f3aa4d2224e2e0933cd732c + id: semantic + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + plugins: | + ['@semantic-release/commit-analyzer', '@semantic-release/release-notes-generator', '@semantic-release/github'] diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index e64f479..0000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,133 +0,0 @@ -name: Tests - -on: - push: - branches: - - main - - master - pull_request: - -concurrency: - group: terraform-google-artifact-registry-repository - cancel-in-progress: false - -jobs: - pre-commit: - runs-on: ubuntu-latest - name: Static Analysis - steps: - - name: Checkout - # for security reasons we pin commit ids and not tags. - # actions/checkout@v3.0.2 -> 2541b1294d2704b0964813337f33b291d3f8596b - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - with: - fetch-depth: 0 - - # - name: Setup SSH to Private Modules - # # for security reasons we pin commit ids and not tags. - # # webfactory/ssh-agent@v5.0.4 -> fc49353b67b2b7c1e0e6a600572d01a69f2672dd - # uses: webfactory/ssh-agent@fc49353b67b2b7c1e0e6a600572d01a69f2672dd - # with: - # ssh-private-key: | - # ${{ secrets.DEPLOY_KEY__REPOSITORY_A }} - # ${{ secrets.DEPLOY_KEY__REPOSITORY_B }} - - - name: Set up Golang - # for security reasons we pin commit ids and not tags. - # actions/setup-go@v3.2.0 -> b22fbbc2921299758641fab08929b4ac52b32923 - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 - with: - go-version: 1.17.6 - - - name: Install terramate - uses: terramate-io/terramate-action@v1 - - - name: Set up Terradoc - # for security reasons we pin commit ids and not tags. - # mineiros-io/terradoc@main -> af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a - run: go install github.com/mineiros-io/terradoc/cmd/terradoc@af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a - env: - GOPROXY: direct - - - name: Set up Terraform - # for security reasons we pin commit ids and not tags. - # hashicorp/setup-terraform@v2.0.0 -> 17d4c9b8043b238f6f35641cdd8433da1e6f3867 - uses: hashicorp/setup-terraform@17d4c9b8043b238f6f35641cdd8433da1e6f3867 - with: - terraform_version: 1.3.0 - terraform_wrapper: false - - - name: Setup TFLint - # for security reasons we pin commit ids and not tags. - # terraform-linters/setup-tflint@v2.0.0 -> 9e653e0f7de0839150e03280e0981e0c25eaf10a - uses: terraform-linters/setup-tflint@9e653e0f7de0839150e03280e0981e0c25eaf10a - with: - tflint_version: v0.41.0 - - - name: Setup and run pre-commit - # for security reasons we pin commit ids and not tags. - # pre-commit/action@v2.0.3 -> 9b88afc9cd57fd75b655d5c71bd38146d07135fe - uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe - - unit-tests: - # needs: pre-commit - runs-on: ubuntu-latest - name: Unit Tests - steps: - - name: Checkout - # for security reasons we pin commit ids and not tags. - # actions/checkout@v3.0.2 -> 2541b1294d2704b0964813337f33b291d3f8596b - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - with: - fetch-depth: 0 - - # - name: Setup SSH to Private Modules - # # for security reasons we pin commit ids and not tags. - # # webfactory/ssh-agent@v5.0.4 -> fc49353b67b2b7c1e0e6a600572d01a69f2672dd - # uses: webfactory/ssh-agent@fc49353b67b2b7c1e0e6a600572d01a69f2672dd - # with: - # ssh-private-key: | - # ${{ secrets.DEPLOY_KEY__REPOSITORY_A }} - # ${{ secrets.DEPLOY_KEY__REPOSITORY_B }} - - - name: Check for Terraform file changes - # for security reasons we pin commit ids and not tags. - # getsentry/paths-filter@v2.10.2 -> b2feaf19c27470162a626bd6fa8438ae5b263721 - uses: getsentry/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 - id: changes - with: - filters: | - terraform: - - '*.tf' - - 'test/**/*.tf' - - 'test/**/*.go' - - 'test/go.mod' - - 'test/go.sum' - - - name: Set up Terraform - if: steps.changes.outputs.terraform == 'true' - # for security reasons we pin commit ids and not tags. - # hashicorp/setup-terraform@v2.0.0 -> 17d4c9b8043b238f6f35641cdd8433da1e6f3867 - uses: hashicorp/setup-terraform@17d4c9b8043b238f6f35641cdd8433da1e6f3867 - with: - terraform_version: 1.2.1 - terraform_wrapper: false - - - name: Set up Golang - if: steps.changes.outputs.terraform == 'true' - # for security reasons we pin commit ids and not tags. - # actions/setup-go@v3.2.0 -> b22fbbc2921299758641fab08929b4ac52b32923 - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 - with: - go-version: 1.17.6 - - - name: Run Unit Tests - if: steps.changes.outputs.terraform == 'true' - run: make test/unit-tests - env: - AWS_SECRET_ACCESS_KEY: ${{ secrets.MINEIROS_TESTING_AWS_SECRET_ACCESS_KEY }} - AWS_ACCESS_KEY_ID: ${{ secrets.MINEIROS_TESTING_AWS_ACCESS_KEY_ID }} - GOOGLE_CREDENTIALS: ${{ secrets.MINEIROS_TESTING_GCP_SA_KEY_FILE }} - TEST_GCP_PROJECT: ${{ secrets.MINEIROS_TESTING_GCP_PROJECT }} - TEST_GCP_ORG_DOMAIN: ${{ secrets.MINEIROS_TESTING_GCP_ORG_DOMAIN }} - TEST_GCP_BILLING_ACCOUNT: ${{ secrets.MINEIROS_TESTING_GCP_BILLING_ACCOUNT }} diff --git a/.gitignore b/.gitignore index c4fcb56..6aefa2f 100644 --- a/.gitignore +++ b/.gitignore @@ -51,4 +51,3 @@ vendor crash.log .terraform.lock.hcl -.tool-versions diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 01346f2..509b85c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,3 +11,8 @@ repos: - id: terraform-validate exclude: ^examples|.terraform/ - id: tflint + - repo: https://github.com/adrienverge/yamllint + rev: v1.29.0 + hooks: + - id: yamllint + args: ['-s'] diff --git a/.releaserc b/.releaserc new file mode 100644 index 0000000..fc76843 --- /dev/null +++ b/.releaserc @@ -0,0 +1,13 @@ +{ + "branches": [ + "main" + ], + "plugins": [ + ["@semantic-release/npm", { + "npmPublish": false + }], + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + "@semantic-release/github" + ] +} diff --git a/.tflint.hcl b/.tflint.hcl index a7e3d5d..b06d074 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -5,3 +5,14 @@ rule "terraform_unused_declarations" { rule "terraform_required_providers" { enabled = false } + +plugin "terraform" { + enabled = true + preset = "recommended" +} + +plugin "google" { + enabled = true + version = "0.26.0" + source = "github.com/terraform-linters/tflint-ruleset-google" +} diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..64eb57b --- /dev/null +++ b/.tool-versions @@ -0,0 +1,4 @@ +terraform 1.5.7 +terramate 0.4.5 +tflint 0.50.2 +pre-commit 3.6.1 diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..082b548 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,5 @@ +extends: default +rules: + line-length: disable + document-start: disable + truthy: disable