Add GitHub workflows and update Terraform and tf-docs version (#32)

thoughtbot · Dec 12, 2024 · 168e75f · 168e75f
1 parent a52fd43
commit 168e75f
Show file tree

Hide file tree

Showing 43 changed files with 479 additions and 68 deletions.
diff --git a/.github/workflows/dynamic-readme.yml b/.github/workflows/dynamic-readme.yml
@@ -0,0 +1,17 @@
+name: update-templates
+
+on: 
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  update-templates:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-readme.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/elasticache-redis-auth-token.yml b/.github/workflows/elasticache-redis-auth-token.yml
@@ -0,0 +1,23 @@
+name: elasticache-redis/auth-token
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - elasticache-redis/auth-token/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: elasticache-redis/auth-token
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/elasticache-redis-replication-group.yml b/.github/workflows/elasticache-redis-replication-group.yml
@@ -0,0 +1,23 @@
+name: elasticache-redis/replication-group
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - elasticache-redis/replication-group/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: elasticache-redis/replication-group
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/kafka.yml b/.github/workflows/kafka.yml
@@ -0,0 +1,23 @@
+name: kafka
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - kafka/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: kafka
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/rds-postgres-admin-login.yml b/.github/workflows/rds-postgres-admin-login.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/admin-login
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/admin-login/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/admin-login
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/rds-postgres-cloudwatch-alarms.yml b/.github/workflows/rds-postgres-cloudwatch-alarms.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/cloudwatch-alarms
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/cloudwatch-alarms/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/cloudwatch-alarms
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/rds-postgres-parameter-group.yml b/.github/workflows/rds-postgres-parameter-group.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/parameter-group
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/parameter-group/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/parameter-group
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/rds-postgres-primary-instance.yml b/.github/workflows/rds-postgres-primary-instance.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/primary-instance
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/primary-instance/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/primary-instance
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/rds-postgres-rds-postgres-login.yml b/.github/workflows/rds-postgres-rds-postgres-login.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/rds-postgres-login
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/rds-postgres-login/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/rds-postgres-login
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/rds-postgres-replica.yml b/.github/workflows/rds-postgres-replica.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/replica
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/replica/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/replica
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/security-group-ingress.yml b/.github/workflows/security-group-ingress.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/security-group-ingress
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/security-group-ingress/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/security-group-ingress
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/security-group.yml b/.github/workflows/security-group.yml
@@ -0,0 +1,23 @@
+name: rds-postgres/security-group
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - rds-postgres/security-group/**
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+jobs:
+  terraform:
+    uses: ./.github/workflows/terraform.yml
+    concurrency: ${{ github.workflow }}
+    with:
+      module: rds-postgres/security-group
+    permissions:
+      id-token: write
+      contents: write
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/terraform-missing.yml b/.github/workflows/terraform-missing.yml
@@ -0,0 +1,23 @@
+name: terraform-missing
+on:
+  pull_request:
+    branches:
+    - main
+    types:
+    - closed
+    - opened
+    - reopened
+    - synchronize
+jobs:
+  check-terraform-missing:
+    runs-on: [ubuntu-22.04]
+    defaults:
+      run:
+        shell: bash
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Find missing workflows
+      run: bin/find-missing-github-workflows
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -0,0 +1,86 @@
+name: Terraform
+on:
+  workflow_call:
+    inputs:
+      terraform_version:
+        default: 1.6.2
+        type: string
+      module:
+        type: string
+        required: true
+
+jobs:
+  validate:
+    name: Terraform
+    runs-on:
+      - ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{ inputs.module }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: ${{ inputs.terraform_version }}
+        terraform_wrapper: false
+
+    - name: Setup Node
+      uses: actions/setup-node@v2
+      with:
+        node-version: '14'
+
+    - name: Terraform Format
+      id: fmt
+      run: terraform fmt -check
+
+    - name: Cache tflint
+      uses: actions/cache@v3
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - name: Setup TFLint
+      uses: terraform-linters/setup-tflint@v1
+      with:
+        tflint_version: v0.45.0
+
+    - name: Init tflint
+      id: lintinit
+      run: tflint --init --config="$GITHUB_WORKSPACE/.tflint.hcl"
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+
+    - name: Run tflint
+      id: lint
+      run: tflint --config="$GITHUB_WORKSPACE/.tflint.hcl" --format=compact
+
+  docs:
+    name: tf-docs
+    runs-on:
+      - ubuntu-22.04
+    needs: validate
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{ inputs.module }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Update Docs
+      uses: terraform-docs/[email protected]
+      with:
+        working-dir: ${{ inputs.module }}
+        output-file: README.md
+        output-method: inject
+        git-push: "true"