Merge pull request #59 from mineiros-io/soerenmartius/github-as-code

Add GitHub as code section

Author: mariux

.github/workflows/main.yml

@@ -8,24 +8,44 @@ on:
     branches:
       - main
 
+concurrency:
+  group: terraform-github-team
+  cancel-in-progress: false
+
 jobs:
   pre-commit:
     runs-on: ubuntu-latest
     name: Static Analysis
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+
       - name: Run pre-commit
-        run: make test/pre-commit
+        run: make test/docker/pre-commit
 
   unit-tests:
+    needs: pre-commit
     runs-on: ubuntu-latest
     name: Unit Tests
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+
+      - name: Check for Terraform file changes
+        uses: getsentry/paths-filter@v2
+        id: changes
+        with:
+          token: ${{ github.token }}
+          filters: |
+            terraform:
+              - '**/*.tf'
+              - '**/*.go'
+              - 'go.mod'
+              - 'go.sum'
+
       - name: Run Unit Tests
-        run: make test/unit-tests
+        if: steps.changes.outputs.terraform == 'true'
+        run: make test/docker/unit-tests
         env:
           GITHUB_OWNER: ${{ secrets.TEST_GITHUB_ORGANIZATION }}
           GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }}

.pre-commit-config.yaml

@@ -1,13 +1,17 @@
 repos:
   - repo: https://github.com/mineiros-io/pre-commit-hooks
-    rev: v0.3.1
+    rev: v0.4.1
     hooks:
       - id: terraform-fmt
       - id: terraform-validate
         exclude: ^examples|.terraform/
       - id: tflint
-      - id: golangci-lint
       - id: phony-targets
+      - id: terradoc-validate
+      - id: golangci-lint
+      - id: terradoc-fmt
+      - id: terradoc-generate
+      # - id: terramate-generate
       - id: markdown-link-check
         args: ['-p']   # When adding the -p flag, markdown-link-check will always with an exit code 0, even if dead links are found
         verbose: true  # Forces the output of the hook to be printed even when the hook passes.

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Update build tools, GitHub Actions and pre-commit hooks from template
+
 ## [0.8.0]
 
 ### Added

Makefile

@@ -1,71 +1,145 @@
 # Set default shell to bash
 SHELL := /bin/bash -o pipefail
 
-BUILD_TOOLS_VERSION      ?= v0.12.0
+BUILD_TOOLS_VERSION      ?= v0.15.2
 BUILD_TOOLS_DOCKER_REPO  ?= mineiros/build-tools
 BUILD_TOOLS_DOCKER_IMAGE ?= ${BUILD_TOOLS_DOCKER_REPO}:${BUILD_TOOLS_VERSION}
 
-# If running in CI (e.g. GitHub Actions)
-# https://docs.github.com/en/actions/reference/environment-variables#default-environment-variables
+# Some CI providers such as GitHub Actions, CircleCI, and TravisCI are setting
+# the CI environment variable to a non-empty value by default to indicate that
+# the current workflow is running in a Continuous Integration environment.
 #
-# To disable TF_IN_AUTOMATION in CI set it to empty
+# If TF_IN_AUTOMATION is set to any non-empty value, Terraform adjusts its
+# output to avoid suggesting specific commands to run next.
 # https://www.terraform.io/docs/commands/environment-variables.html#tf_in_automation
 #
 # We are using GNU style quiet commands to disable set V to non-empty e.g. V=1
 # https://www.gnu.org/software/automake/manual/html_node/Debugging-Make-Rules.html
+#
 ifdef CI
-	TF_IN_AUTOMATION ?= 1
-	export TF_IN_AUTOMATION
+  TF_IN_AUTOMATION ?= yes
+  export TF_IN_AUTOMATION
 
-	V ?= 1
+  V ?= 1
 endif
 
 ifndef NOCOLOR
-	GREEN  := $(shell tput -Txterm setaf 2)
-	YELLOW := $(shell tput -Txterm setaf 3)
-	WHITE  := $(shell tput -Txterm setaf 7)
-	RESET  := $(shell tput -Txterm sgr0)
+  GREEN  := $(shell tput -Txterm setaf 2)
+  YELLOW := $(shell tput -Txterm setaf 3)
+  WHITE  := $(shell tput -Txterm setaf 7)
+  RESET  := $(shell tput -Txterm sgr0)
 endif
 
-# We are creating docker volumes for /go and /terraform that are unique per
-# repository to reuse dependencies between different docker run commands.
-VOLUME_PREFIX ?= mineiros_build_tools
-VOLUME_SUFFIX ?= $(notdir $(shell git rev-parse --show-toplevel || "build"))
-DOCKER_RUN_FLAGS += -v ${VOLUME_PREFIX}-terraform-${VOLUME_SUFFIX}:/terraform
-DOCKER_RUN_FLAGS += -v ${VOLUME_PREFIX}-go-${VOLUME_SUFFIX}:/go
-DOCKER_RUN_FLAGS += -v ${PWD}:/build
+GIT_TOPLEVEl = $(shell git rev-parse --show-toplevel)
+
+# Generic docker run flags
+DOCKER_RUN_FLAGS += -v ${GIT_TOPLEVEl}:/build
 DOCKER_RUN_FLAGS += --rm
 DOCKER_RUN_FLAGS += -e TF_IN_AUTOMATION
+# If TF_VERSION is defined, TFSwitch will switch to the desired version on
+# container startup. If TF_VERSION is omitted, the default version installed
+# inside the docker image will be used.
+DOCKER_RUN_FLAGS += -e TF_VERSION
 
-DOCKER_GITHUB_FLAGS += -e GITHUB_TOKEN
-DOCKER_GITHUB_FLAGS += -e GITHUB_OWNER
+# If SSH_AUTH_SOCK is set, we forward the SSH agent of the host system into
+# the docker container. This is useful when working with private repositories
+# and dependencies that might need to be cloned inside the container (e.g.
+# private Terraform modules).
+ifdef SSH_AUTH_SOCK
+  DOCKER_SSH_FLAGS += -e SSH_AUTH_SOCK=/ssh-agent
+  DOCKER_SSH_FLAGS += -v ${SSH_AUTH_SOCK}:/ssh-agent
+endif
 
-DOCKER_FLAGS   += ${DOCKER_RUN_FLAGS}
-DOCKER_RUN_CMD  = docker run ${DOCKER_FLAGS} ${BUILD_TOOLS_DOCKER_IMAGE}
+# If AWS_ACCESS_KEY_ID is defined, we are likely running inside an AWS provider
+# module. To enable AWS authentication inside the docker container, we inject
+# the relevant environment variables.
+ifdef AWS_ACCESS_KEY_ID
+  DOCKER_AWS_FLAGS += -e AWS_ACCESS_KEY_ID
+  DOCKER_AWS_FLAGS += -e AWS_SECRET_ACCESS_KEY
+  DOCKER_AWS_FLAGS += -e AWS_SESSION_TOKEN
+endif
+
+# If GOOGLE_CREDENTIALS is defined, we are likely running inside a GCP provider
+# module. To enable GCP authentication inside the docker container, we inject
+# the relevant environment variables (service-account key file).
+ifdef GOOGLE_CREDENTIALS
+	DOCKER_GCP_FLAGS += -e GOOGLE_CREDENTIALS
+	DOCKER_GCP_FLAGS += -e TEST_GCP_PROJECT
+	DOCKER_GCP_FLAGS += -e TEST_GCP_ORG_DOMAIN
+endif
+
+# If GITHUB_OWNER is defined, we are likely running inside a GitHub provider
+# module. To enable GitHub authentication inside the docker container,
+# we inject the relevant environment variables.
+ifdef GITHUB_OWNER
+  DOCKER_GITHUB_FLAGS += -e GITHUB_TOKEN
+  DOCKER_GITHUB_FLAGS += -e GITHUB_OWNER
+endif
 
 .PHONY: default
 default: help
 
-## Run pre-commit hooks in build-tools docker container.
+# Not exposed as a callable target by `make help`, since this is a one-time shot to simplify the development of this module.
+.PHONY: template/adjust
+template/adjust: FILTER = -path ./.git -prune -a -type f -o -type f -not -name Makefile
+template/adjust:
+	@find . $(FILTER) -exec sed -i -e "s,terraform-module-template,$${PWD##*/},g" {} \;
+
+## Run pre-commit hooks inside a build-tools docker container.
+.PHONY: test/docker/pre-commit
+test/docker/pre-commit: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
+test/docker/pre-commit: DOCKER_FLAGS += -e NOCOLOR=1
+test/docker/pre-commit:
+	$(call docker-run,make test/pre-commit)
+
+## Run all Go tests inside a build-tools docker container. This is complementary to running 'go test ./test/...'.
+.PHONY: test/docker/unit-tests
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_AWS_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_GCP_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += $(shell env | grep ^TF_VAR_ | cut -d = -f 1 | xargs -i printf ' -e {}')
+test/docker/unit-tests: DOCKER_FLAGS += -e TF_DATA_DIR=.terratest
+test/docker/unit-tests: DOCKER_FLAGS += -e NOCOLOR=1
+test/docker/unit-tests: TEST ?= "TestUnit"
+test/docker/unit-tests:
+	@echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}"
+	$(call docker-run,make test/unit-tests)
+
+## Run pre-commit hooks.
 .PHONY: test/pre-commit
-test/pre-commit: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS}
+test/pre-commit: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
 test/pre-commit:
-	$(call docker-run,pre-commit run -a)
+	$(call quiet-command,pre-commit run -a)
 
-## Run all Go tests inside a build-tools docker container. This is complementary to running 'go test ./test/...'.
-.PHONY: test/unit-tests
-test/unit-tests: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS}
+## Run all unit tests.
+.PHONY: test/docker/unit-tests
+test/unit-tests: TEST ?= "TestUnit"
 test/unit-tests:
-	@echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}"
-	$(call go-test,./test/...)
+	@echo "${YELLOW}[TEST] ${GREEN}Start Running unit tests.${RESET}"
+	$(call quiet-command,cd test ; go test -v -count 1 -timeout 45m -parallel 128 -run $(TEST))
+
+## Generate README.md with Terradoc
+.PHONY: terradoc
+terradoc:
+	$(call quiet-command,terradoc generate -o README.md README.tfdoc.hcl)
+
+## Generate shared configuration for tests
+.PHONY: terramate
+terramate:
+	$(call quiet-command,terramate generate)
 
 ## Clean up cache and temporary files
 .PHONY: clean
 clean:
 	$(call rm-command,.terraform)
+	$(call rm-command,.terratest)
+	$(call rm-command,.terraform.lock.hcl)
 	$(call rm-command,*.tfplan)
-	$(call rm-command,examples/*/.terraform)
-	$(call rm-command,examples/*/*.tfplan)
+	$(call rm-command,*/*/.terraform)
+	$(call rm-command,*/*/.terratest)
+	$(call rm-command,*/*/*.tfplan)
+	$(call rm-command,*/*/.terraform.lock.hcl)
 
 ## Display help for all targets
 .PHONY: help
@@ -80,13 +154,10 @@ help:
 	} \
 	{ lastLine = $$0 }' $(MAKEFILE_LIST)
 
-## Generate README.md with Terradoc
-.PHONY: terradoc
-terradoc:
-	$(call quiet-command,terradoc -o README.md README.tfdoc.hcl)
+# Define helper functions
+DOCKER_FLAGS   += ${DOCKER_RUN_FLAGS}
+DOCKER_RUN_CMD  = docker run ${DOCKER_FLAGS} ${BUILD_TOOLS_DOCKER_IMAGE}
 
-# define helper functions
 quiet-command = $(if ${V},${1},$(if ${2},@echo ${2} && ${1}, @${1}))
 docker-run    = $(call quiet-command,${DOCKER_RUN_CMD} ${1} | cat,"${YELLOW}[DOCKER RUN] ${GREEN}${1}${RESET}")
-go-test       = $(call quiet-command,${DOCKER_RUN_CMD} go test -v -count 1 -timeout 45m -parallel 128 ${1} | cat,"${YELLOW}[TEST] ${GREEN}${1}${RESET}")
 rm-command    = $(call quiet-command,rm -rf ${1},"${YELLOW}[CLEAN] ${GREEN}${1}${RESET}")

README.md

@@ -29,6 +29,7 @@ A [Terraform] module that offers a more convenient and tested way to provision a
 - [Module Versioning](#module-versioning)
   - [Backwards compatibility in `0.0.z` and `0.y.z` version](#backwards-compatibility-in-00z-and-0yz-version)
 - [About Mineiros](#about-mineiros)
+- [About Mineiros](#about-mineiros)
 - [Reporting Issues](#reporting-issues)
 - [Contributing](#contributing)
 - [Makefile Targets](#makefile-targets)
@@ -174,7 +175,7 @@ See [variables.tf] and [examples/] for details and use-cases.
 
 ### Module Configuration
 
-- [**`module_depends_on`**](#var-module_depends_on): *(Optional `list(any)`)*<a name="var-module_depends_on"></a>
+- [**`module_depends_on`**](#var-module_depends_on): *(Optional `list(object)`)*<a name="var-module_depends_on"></a>
 
   A list of dependencies. Any object can be _assigned_ to this list to define a hidden external dependency.
 
@@ -247,6 +248,18 @@ We offer commercial support for all of our modules and encourage you to reach ou
 if you have any questions or need help. Feel free to email us at [hello@mineiros.io] or join our
 [Community Slack channel][slack].
 
+## About Mineiros
+
+[Mineiros][homepage] is a remote-first company headquartered in Berlin, Germany
+that solves development, automation and security challenges in cloud infrastructure.
+
+Our vision is to massively reduce time and overhead for teams to manage and
+deploy production-grade and secure cloud infrastructure.
+
+We offer commercial support for all of our modules and encourage you to reach out
+if you have any questions or need help. Feel free to email us at [hello@mineiros.io] or join our
+[Community Slack channel][slack].
+
 ## Reporting Issues
 
 We use GitHub [Issues] to track community reported issues and missing features.
@@ -274,6 +287,7 @@ Copyright &copy; 2020-2022 [Mineiros GmbH][homepage]
 <!-- References -->
 
 [homepage]: https://mineiros.io/?ref=terraform-github-team
+[github-as-code]: https://mineiros.io/github-as-code?ref=terraform-github-repository
 [hello@mineiros.io]: mailto:hello@mineiros.io
 [badge-build]: https://github.com/mineiros-io/terraform-github-team/workflows/CI/CD%20Pipeline/badge.svg
 [badge-semver]: https://img.shields.io/github/v/tag/mineiros-io/terraform-github-team.svg?label=latest&sort=semver

README.tfdoc.hcl

@@ -345,6 +345,21 @@ section {
     END
   }
 
+  section {
+    title   = "About Mineiros"
+    content = <<-END
+      [Mineiros][homepage] is a remote-first company headquartered in Berlin, Germany
+      that solves development, automation and security challenges in cloud infrastructure.
+
+      Our vision is to massively reduce time and overhead for teams to manage and
+      deploy production-grade and secure cloud infrastructure.
+
+      We offer commercial support for all of our modules and encourage you to reach out
+      if you have any questions or need help. Feel free to email us at [hello@mineiros.io] or join our
+      [Community Slack channel][slack].
+    END
+  }
+
   section {
     title   = "Reporting Issues"
     content = <<-END
@@ -385,6 +400,9 @@ references {
   ref "homepage" {
     value = "https://mineiros.io/?ref=terraform-github-team"
   }
+  ref "github-as-code" {
+    value = "https://mineiros.io/github-as-code?ref=terraform-github-repository"
+  }
   ref "hello@mineiros.io" {
     value = "mailto:hello@mineiros.io"
   }