feat: initial prototype (#1)

Author: GiamPy5

.github/workflows/conventional-commit.yaml

@@ -0,0 +1,15 @@
+name: PR Conventional Commit Validation
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+jobs:
+  validate-pr-title:
+    runs-on: ubuntu-latest
+    steps:
+      - name: PR Conventional Commit Validation
+        uses: ytanikin/[email protected]
+        with:
+          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
+          custom_labels: '{"feat": "feature", "fix": "fix", "docs": "documentation", "test": "test", "ci": "CI/CD", "refactor": "refactor", "perf": "performance", "chore": "chore", "revert": "revert", "wip": "WIP"}'

.github/workflows/coverage.yaml

@@ -0,0 +1,28 @@
+name: Coverage
+on:
+  pull_request:
+    branches:
+      - master
+      - main
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+  
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Get Coverage
+        run: pytest --cov=src/ --cov-report=xml:coverage.xml --disable-warnings -q
+
+      - name: Get Cover
+        uses: orgoro/[email protected]
+        with:
+          coverageFile: coverage.xml
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/documentation.yaml

@@ -0,0 +1,20 @@
+name: Generate terraform docs
+
+on:
+  pull_request:
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render terraform docs and push changes back to PR
+        uses: terraform-docs/gh-actions@main
+        with:
+          working-dir: .,./examples/complete,./examples/shared-table
+          output-file: README.md
+          output-method: inject
+          git-push: "true"

.github/workflows/release.yaml

@@ -0,0 +1,37 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - '**/*.tpl'
+      - '**/*.py'
+      - '**/*.tf'
+      - '.github/workflows/release.yml'
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    # Skip running release workflow on forks
+    if: github.repository_owner == 'GiamPy5'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Release
+        uses: cycjimmy/semantic-release-action@v4
+        with:
+          semantic_version: 23.0.2
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/[email protected]
+            [email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.SEMANTIC_VERSIONING_ACCESS_TOKEN }}

.github/workflows/test.yaml

@@ -0,0 +1,22 @@
+name: Test
+on:
+  pull_request:
+    branches:
+      - master
+      - main
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+        
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Run tests
+        run: pytest -q --maxfail=1 --disable-warnings -ras

.gitignore

@@ -1,5 +1,6 @@
 # Local .terraform directories
 .terraform/
+examples/**/builds
 
 # .tfstate files
 *.tfstate
@@ -26,6 +27,9 @@ override.tf.json
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
 
+# Terraform state locks
+.terraform.lock.hcl
+
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 
@@ -39,5 +43,6 @@ terraform.rc
 **/__pycache__/
 **.egg-info/
 .coverage
+coverage.xml
 .pytest_cache/
 .DS_Store

.terraform-docs.yaml

@@ -0,0 +1,48 @@
+formatter: "" # this is required
+
+version: ""
+
+header-from: main.tf
+footer-from: ""
+
+recursive:
+  enabled: false
+  path: modules
+  include-main: true
+
+sections:
+  hide: []
+  show: []
+
+content: ""
+
+output:
+  file: ""
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: true
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true

.terraform-version

@@ -0,0 +1 @@
+1.13.4

CODEOWNERS

@@ -0,0 +1 @@
+* @GiamPy5

Makefile

@@ -1,9 +1,28 @@
-.PHONY: test coverage
+PWD=$(shell pwd)
+USERID=$(shell id -u)
+
+.PHONY: test coverage all
+
+all: lint docs tfsec test
 
 test: ## Run pytest locally
 	@echo "🧪 Running pytest locally..."
 	@pyenv exec pytest -q --maxfail=1 --disable-warnings -ras
 
 coverage: ## Run tests with coverage report
 	@echo "📊 Running tests with coverage..."
-	@pyenv exec pytest --cov=src/ --cov-report=term-missing --disable-warnings -q
+	@pyenv exec pytest --cov=src/ --cov-report=xml:coverage.xml --disable-warnings -q
+
+docs:
+	@echo "Running terraform docs..."
+	@docker run --rm --volume "${PWD}:/terraform-docs" -u ${USERID} quay.io/terraform-docs/terraform-docs:0.20.0 markdown --output-file README.md --output-mode inject /terraform-docs
+	@docker run --rm --volume "${PWD}/examples/complete:/terraform-docs" -u ${USERID} quay.io/terraform-docs/terraform-docs:0.20.0 markdown --output-file README.md --output-mode inject /terraform-docs
+	@docker run --rm --volume "${PWD}/examples/shared-table:/terraform-docs" -u ${USERID} quay.io/terraform-docs/terraform-docs:0.20.0 markdown --output-file README.md --output-mode inject /terraform-docs
+
+lint:
+	@echo "Running terraform fmt..."
+	@terraform fmt --recursive
+
+tfsec:
+	@echo "Running tfsec..."
+	@docker run --rm -it -v "${PWD}/examples/complete:/src" aquasec/tfsec /src