Merge pull request #5 from BrownUniversity/feature/first-release

Feature/first release

.github/pr-labeler.yml

@@ -0,0 +1,3 @@
+feature: feat*
+fix: fix*
+chore: ['chore*', 'docs*', 'ci*']

.github/release-drafter.yml

@@ -0,0 +1,33 @@
+name-template: 'v$RESOLVED_VERSION 🌈'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+      - 'feat'
+      - 'enhancement'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🧰 Maintenance'
+    label: 'chore'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch
+  exclude-labels:
+    - 'skip-changelog'
+template: |
+  ## Changes
+
+  $CHANGES

.github/workflows/kitchen-tests.yml

@@ -4,6 +4,7 @@ on: [push, workflow_dispatch]
 
 jobs:
   all:
+    if: "!contains(github.event.commits[0].message, '[skip ci]')"
     runs-on: ubuntu-latest
     container: brownccv/kitchen-terraform:latest
 

.github/workflows/pr-labeler.yml

@@ -0,0 +1,14 @@
+name: PR Labeler
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  pr-labeler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: TimonVS/pr-labeler-action@v3
+        with:
+          configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-drafter.yml

@@ -0,0 +1,20 @@
+name: Release Drafter
+
+on:
+  push:
+    # branches to consider in the event; optional, defaults to all
+    branches:
+      - master
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    steps:
+      # Drafts your next Release notes as Pull Requests are merged into "master"
+      - uses: release-drafter/release-drafter@v5
+        with:
+          # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
+          # config-name: my-config.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.pre-commit-config.yaml

@@ -0,0 +1,8 @@
+repos:
+- repo: git://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.31.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs
+    - id: terraform_tfsec
+    - id: terraform_tflint

README.md

@@ -1,11 +1,24 @@
 # terraform-gcp-project
 
+![kitchen-tests](https://github.com/BrownUniversity/terraform-gcp-project/workflows/kitchen-tests/badge.svg)
+
 [Terraform](https://www.terraform.io/) module for creating a project in GCP. The requiered and default input variables are consistent with oranizational needs at Brown University. Basic features:
 
 - Based in Google's project factory
 - Requires project to reside inside a folder
 - Enables monitoring and logging
 
+# Contents:
+
+- [Getting Started](#getting-started)
+- [How to use this module](#how-to-use-this-module)
+- [Requirements](#requirements)
+- [Providers](#providers)
+- [Inputs](#inputs)
+- [Testing](#testing)
+- [Development](#development)
+
+
 ## Getting Started
 
 This module depends on you having GCP credentials of some kind. The module looks for a credential file in JSON format. You should export the following:
@@ -14,34 +27,57 @@ This module depends on you having GCP credentials of some kind. The module looks
 GOOGLE_APPLICATION_CREDENTIALS=/path/to/file.json
 ```
 
-## How do you use this module?
+## How to use this module
 
 This folder defines a [Terraform module](https://www.terraform.io/docs/modules/usage.html), which you can use in your
-code by adding a `module` configuration and setting its `source` parameter to URL of this folder. For instance the main code for jupyterhub invokes this module as follows
-
-```hcl
-locals {
- project_name = "test-dev"
- active_apis = [
-    "compute.googleapis.com",
-    "container.googleapis.com",
-    "containerregistry.googleapis.com"
-    ]
-}
-
-module "sample_project" {
-  source                     = "./modules/project"
-
-  project_name               = local.project_name
-  billing_account            = var.billing_account
-  activate_apis              = local.activate_apis
-  folder_id                  = var.folder_id
-}
-```
+code by adding a `module` configuration and setting its `source` parameter to URL of this folder. See the [examples](/examples) folder for guidance
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12 |
+| google | >= 3.0, <4.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| google | >= 3.0, <4.0.0 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| activate\_apis | The APIs to activate on the project | `list(string)` | n/a | yes |
+| auto\_create\_network | Auto create default network. | `bool` | `false` | no |
+| billing\_account | The billing account to use | `string` | n/a | yes |
+| default\_service\_account | Project default service account setting: can be one of delete, depriviledge, or keep. | `string` | `"delete"` | no |
+| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
+| folder\_id | The existing folder to use for the project | `string` | n/a | yes |
+| labels | Map of labels for project. | `map(string)` | <pre>{<br>  "environment": "automation",<br>  "managed_by": "terraform"<br>}</pre> | no |
+| org\_id | Organization id. | `string` | `"brown.edu"` | no |
+| project\_name | The human readable name for the project factory | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| activate\_apis | Active Google APIS |
+| folder\_id | Folder ID |
+| org\_id | Organization ID |
+| project\_id | Project ID |
+| project\_name | Project Name |
+| service\_account\_display\_name | Name of service account |
+| service\_account\_email | Email for service account |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 
 ## Testing
 
-This repository uses Kitchen-Terraform to test the terraform modules. In the `examples` directory you can find examples of how each module can be used. Those examples are fed to [Test Kitchen][https://kitchen.ci/]. To install test kitchen, first make sure you have Ruby and bundler installed.
+This repository uses Kitchen-Terraform to test the terraform modules. In the [examples](/examples)directory you can find examples of how each module can be used. Those examples are fed to [Test Kitchen][https://kitchen.ci/]. To install test kitchen, first make sure you have Ruby and bundler installed.
 
 ```
 brew install ruby
@@ -54,12 +90,34 @@ Then install the prerequisites for test kitchen.
 bundle install
 ```
 
-You'll need to add some common credentials. Copy the `examples/shared/terraform.tfvars.example` to `examples/shared/terraform.tfvars` and run the commands in the file to find the billing account id and the organization id.
+You'll need to add some common credentials and secret variables
+
+And now you're ready to run test kitchen. Test kitchen has a couple main commands:
+
+- `bundle exec kitchen create` initializes terraform.
+- `bundle exec kitchen converge` runs our terraform examples.
+- `bundle exec kitchen verify` runs our inspec scripts against a converged kitchen.
+- `bundle exec kitchen test` does all the above.
+
+
+## Development
+
+### Merging Policy
+Use [GitLab Flow](https://docs.gitlab.com/ee/topics/gitlab_flow.html#production-branch-with-gitlab-flow).
+
+* Create feature branches for features and fixes from default branch
+* Merge only from PR with review
+* After merging to default branch a release is drafted using a github action. Check the draft and publish if you and tests are happy
+
+### Pre-commit hooks
+Install and configure terraform [pre-commit hooks](https://github.com/antonbabenko/pre-commit-terraform)
+To run them: `pre-commit run -a`
 
-And now you're ready to run test kitchen. Test kitchen has a couple main commands. `bundle exec kitchen create` initializes terraform. `bundle exec kitchen converge` runs our terraform examples. `bundle exec kitchen verify` runs our inspec scripts against a converged kitchen. `bundle exec kitchen test` does all the above.
+### CI
+This project has three workflows enabled:
 
-### Developer note:
+1. PR labeler: When openning a PR to defaukt branch, a label is given assigned automatically accourding to the name of your feature branch. The labeler follows the follows rules in [pr-labeler.yml](.github/pr-labeler.yml)
 
-For generating the Inspec profile, you can install Inspec and then run
+2. Realease Drafter: When merging to master, a release is drafted using the [Release-Drafter Action](https://github.com/marketplace/actions/release-drafter)
 
-`inspec init profile --platform gcp tests`
+3. `Kitchen test` is run on every commit unless `[skip ci]` is added to commit message.

outputs.tf

@@ -1,31 +1,34 @@
 output "project_name" {
-  value = module.project.project_name
+  description = "Project Name"
+  value       = module.project.project_name
 }
 
 output "project_id" {
-  value = module.project.project_id
-}
-
-output "project_number" {
-  value = module.project.project_number
+  description = "Project ID"
+  value       = module.project.project_id
 }
 
 output "service_account_display_name" {
-  value = module.project.service_account_display_name
+  description = "Name of service account"
+  value       = module.project.service_account_display_name
 }
 
 output "service_account_email" {
-  value = module.project.service_account_email
+  description = "Email for service account"
+  value       = module.project.service_account_email
 }
 
 output "activate_apis" {
-  value = var.activate_apis
+  description = "Active Google APIS"
+  value       = var.activate_apis
 }
 
 output "org_id" {
-  value = var.org_id
+  description = "Organization ID"
+  value       = var.org_id
 }
 
 output "folder_id" {
-  value = var.folder_id
+  description = "Folder ID"
+  value       = var.folder_id
 }

variables.tf

@@ -52,6 +52,7 @@ variable "disable_dependent_services" {
 }
 
 variable "labels" {
+  type        = map(string)
   description = "Map of labels for project."
   default = {
     "environment" = "automation"