Skip to content

Commit

Permalink
Migrate component from cloudposse/terraform-aws-components
Browse files Browse the repository at this point in the history
  • Loading branch information
goruha committed Nov 27, 2024
1 parent dd7951b commit bab72c5
Show file tree
Hide file tree
Showing 23 changed files with 929 additions and 24 deletions.
3 changes: 3 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Note, this can be removed later. Currently keeps PR's easier to review
**/*.md linguist-documentation=true
**/README.md linguist-generated=true
7 changes: 7 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Use this file to define individuals or teams that are responsible for code in a repository.
# Read more: <https://help.github.com/articles/about-codeowners/>
#
# Order is important: the last matching pattern has the highest precedence

# These owners will be the default owners for everything
* @cloudposse-terraform-components/engineering @cloudposse-terraform-components/admins
Binary file added .github/banner.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
53 changes: 53 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: gomod
directory: /
labels:
- dependencies
- go
- no-release
schedule:
interval: weekly
day: sunday
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-major"]

- package-ecosystem: github-actions
open-pull-requests-limit: 3
directory: /
labels:
- dependencies
- github-actions
- no-release
groups:
cicd:
patterns:
- "*"
schedule:
interval: weekly
day: sunday
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-major"]

- package-ecosystem: npm
open-pull-requests-limit: 3
directory: /website
labels:
- dependencies
- javascript
- no-release
groups:
website:
patterns:
- "*"
schedule:
interval: weekly
day: sunday
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-major"]
16 changes: 16 additions & 0 deletions .github/labeler.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
docs:
- docs/**
- README.*

automation:
- .gitattributes
- .github/**
- .gitignore
- .pre-commit-config.yaml
- .tflint.hcl
- Makefile
- _typos.toml

configuration:
- src/**
- test/**
1 change: 1 addition & 0 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
extends: .github
6 changes: 6 additions & 0 deletions .github/renovate.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"prConcurrentLimit": 5,
"extends": [
"config:base"
]
}
7 changes: 7 additions & 0 deletions .github/settings.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Upstream changes from _extends are only recognized when modifications are made to this file in the default branch.
_extends: .github
repository:
name: aws-identity-center
description: This component is responsible for creating AWS SSO Permission Sets and creating AWS SSO Account Assignments, that is, assigning IdP (Okta) groups and/or users to AWS SSO permission sets in specific AWS Accounts
homepage: https://cloudposse.com/accelerate
topics: terraform, terraform-component
25 changes: 25 additions & 0 deletions .github/workflows/branch.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
name: Branch
on:
pull_request:
branches:
- main
- release/**
types: [opened, synchronize, reopened, labeled, unlabeled]
push:
branches:
- main
- release/v*
paths-ignore:
- '.github/**'
- 'test/**'

permissions:
contents: write
id-token: write
pull-requests: write

jobs:
component:
uses: cloudposse-terraform-components/.github/.github/workflows/shared-terraform-component.yml@main
secrets: inherit
17 changes: 17 additions & 0 deletions .github/workflows/chatops.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
name: chatops
on:
issue_comment:
types: [created]

permissions:
pull-requests: write
id-token: write
contents: write
statuses: write

jobs:
test:
uses: cloudposse-terraform-components/.github/.github/workflows/shared-terraform-chatops.yml@main
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/terratest') }}
secrets: inherit
16 changes: 16 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
name: release
on:
release:
types:
- published

permissions:
id-token: write
contents: write
pull-requests: write

jobs:
component:
uses: cloudposse-terraform-components/.github/.github/workflows/shared-release-branches.yml@main
secrets: inherit
16 changes: 16 additions & 0 deletions .github/workflows/scheduled.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
name: scheduled
on:
workflow_dispatch: { } # Allows manually trigger this workflow
schedule:
- cron: "0 3 * * *"

permissions:
pull-requests: write
id-token: write
contents: write

jobs:
scheduled:
uses: cloudposse-terraform-components/.github/.github/workflows/shared-terraform-scheduled.yml@main
secrets: inherit
76 changes: 76 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# Below here should also be in .dockerignore
.build-harness
build-harness/
aws-assumed-role/
.idea/
.vscode/
*.iml
.direnv
.envrc

# Compiled and auto-generated files
# Note that the leading "**/" appears necessary for Docker even if not for Git

# backend.tfvars.json may be autogenerated or not.
# If not autogenerated, then it should not be here
**/backend.tf.json
**/*.backup
**/nohup.out
**/*.tfstate
**/*.tfstate.*
**/planfile
**/*.planfile
**/*.kubeconfig
**/.terraform.lock.hcl
**/terraform.tfvars.json
**/terraform.auto.tfvars.json
**/*.terraform.tfvars.json
**/*.terraform.auto.tfvars.json
**/*.helmfile.vars.yaml
**/crash.log
**/secrets/

# Module directory
# Note that the leading "**/" appears necessary for Docker even if not for Git
**/.terraform*/
**/.module/
**/.helmfile/


# Draft or auto-saved version
# Note that the leading "**/" appears necessary for Docker even if not for Git
**/*.draft.*
**/*.draft
**/*.orig
**/*.bak
**/*~

# Editor-specific files
*.sw*
*~

# macOS special files and folders
**/.DS_Store
**/.CFUserTextEncoding
**/.Trash/
**/$RECYCLE.BIN/

# deps
Brewfile.lock.json

# docs targets
docs/terraform.md
docs/targets.md

# Github actions temporary files
docker.env
error.txt
github/

# custom direnv and .env
.env*

# Secrets
*.ovpn

*.zip
34 changes: 34 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
# Git style
- id: check-added-large-files # prevents giant files from being committed.
- id: forbid-new-submodules # prevents addition of new git submodules.
- id: no-commit-to-branch # don't commit to branch

# Common errors
- id: trailing-whitespace # trims trailing whitespace.
args: [--markdown-linebreak-ext=md]
- id: end-of-file-fixer # ensures that a file is either empty, or ends with one newline.
- id: check-merge-conflict # checks for files that contain merge conflict strings.
- id: check-executables-have-shebangs # ensures that (non-binary) executables have a shebang.

# Cross platform
- id: check-case-conflict # checks for files that would conflict in case-insensitive filesystems.
- id: mixed-line-ending # replaces or checks mixed line ending.
args: [--fix=lf]

# YAML
- id: check-yaml # checks yaml files for parseable syntax.

- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.81.0
hooks:
- id: terraform_fmt
- id: terraform_docs
args: ["--args=--lockfile=false"]
- id: terraform_tflint
args:
- --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
exclude: "context.tf$"
86 changes: 86 additions & 0 deletions .tflint.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# Required `tflint --init`
plugin "aws" {
enabled = true
version = "0.23.1"
source = "github.com/terraform-linters/tflint-ruleset-aws"
# Used only in Spacelift: .spacelift/config.yml
deep_check = false
assume_role { role_arn = "" }

}

#
# https://github.com/terraform-linters/tflint/tree/master/docs/rules
#

rule "terraform_comment_syntax" {
# Disallow `//` comments in favor of `#`
enabled = true
}
rule "terraform_deprecated_index" {
# Disallow legacy dot index syntax
enabled = true
}
rule "terraform_deprecated_interpolation" {
# Disallow deprecated (0.11-style) interpolation
# Enabled by default
enabled = true
}
rule "terraform_documented_outputs" {
# Disallow output declarations without description
enabled = true
}
rule "terraform_documented_variables" {
# Disallow variable declarations without description
enabled = true
}
rule "terraform_module_pinned_source" {
# Disallow specifying a git or mercurial repository as a module source without pinning to a version
# Enabled by default
enabled = true
}
rule "terraform_module_version" {
# Checks that Terraform modules sourced from a registry specify a version
# Enabled by default
enabled = true
}
rule "terraform_naming_convention" {
# Enforces naming conventions for resources, data sources, etc
enabled = true
}
rule "terraform_required_providers" {
# Require that all providers have version constraints through required_providers
enabled = true
}
rule "terraform_required_version" {
# Disallow terraform declarations without require_version
enabled = true
}
rule "terraform_standard_module_structure" {
# Ensure that a module complies with the Terraform Standard Module Structure
enabled = false # TODO p4: enable and fix
}
rule "terraform_typed_variables" {
# Disallow variable declarations without type
enabled = true
}
rule "terraform_unused_declarations" {
# Disallow variables, data sources, and locals that are declared but never used
enabled = true
}
rule "terraform_unused_required_providers" {
# Check that all required_providers are used in the module
enabled = true
}
rule "terraform_workspace_remote" {
# terraform.workspace should not be used with a "remote" backend with remote execution.
# Enabled by default
enabled = true
}
rule "aws_db_instance_invalid_parameter_group" {
# TODO: Figure out requirements to turn this back on; not sure it's providing value even as is due to AWS multi-account arch.
enabled = false
}
config {
variables = ["namespace=fake-namespace", "stage=fake-stage", "name=fake-name"]
}
File renamed without changes.
8 changes: 8 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-include $(shell curl -sSL -o .build-harness "https://cloudposse.tools/build-harness"; echo .build-harness)

all: init readme

test::
@echo "🚀 Starting tests..."
./test/run.sh
@echo "✅ All tests passed."
Loading

0 comments on commit bab72c5

Please sign in to comment.