From a5b6c4e8eeef8fe0f096bc612879694d9c3b5a95 Mon Sep 17 00:00:00 2001
From: Claus Riegg <claus.riegg@makandra.de>
Date: Fri, 9 Dec 2022 10:13:34 +0100
Subject: [PATCH] feat: add docs and template files

---
 .github/workflows/checkov.yml              | 11 ++++++
 .github/workflows/conventional-commits.yml | 12 +++++++
 .github/workflows/precommit.yml            | 10 ++++++
 .github/workflows/semantic-release.yml     | 18 ++++++++++
 .github/workflows/tflint.yml               | 16 +++++++++
 .pre-commit-config.yaml                    | 29 +++++++++++++++
 README.md                                  | 42 ++++++++++++++++++++++
 package.json                               | 23 ++++++++++++
 8 files changed, 161 insertions(+)
 create mode 100644 .github/workflows/checkov.yml
 create mode 100644 .github/workflows/conventional-commits.yml
 create mode 100644 .github/workflows/precommit.yml
 create mode 100644 .github/workflows/semantic-release.yml
 create mode 100644 .github/workflows/tflint.yml
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 README.md
 create mode 100644 package.json

diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml
new file mode 100644
index 0000000..500d41d
--- /dev/null
+++ b/.github/workflows/checkov.yml
@@ -0,0 +1,11 @@
+name: Checkov
+on:
+  pull_request:
+
+jobs:
+  checkov:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: makandra/github-actions/checkov-terraform@main
+        with:
+          path: .
diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml
new file mode 100644
index 0000000..5685258
--- /dev/null
+++ b/.github/workflows/conventional-commits.yml
@@ -0,0 +1,12 @@
+name: Conventional Commits
+
+on:
+  pull_request:
+
+jobs:
+  conventional-commits:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: webiny/action-conventional-commits@v1.1.0
diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml
new file mode 100644
index 0000000..e46615f
--- /dev/null
+++ b/.github/workflows/precommit.yml
@@ -0,0 +1,10 @@
+name: pre-commit
+
+on:
+  pull_request:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: makandra/github-actions/precommit@main
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
new file mode 100644
index 0000000..4f677d0
--- /dev/null
+++ b/.github/workflows/semantic-release.yml
@@ -0,0 +1,18 @@
+name: "Semantic-Release"
+on:
+  push:
+    branches:
+      - master
+      - main
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
new file mode 100644
index 0000000..be25b97
--- /dev/null
+++ b/.github/workflows/tflint.yml
@@ -0,0 +1,16 @@
+name: Tflint
+on:
+  pull_request:
+
+
+jobs:
+  tflint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - .
+    steps:
+    - uses: makandra/github-actions/tflint@main
+      with:
+        path: ${{ matrix.path }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..7d4335d
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,29 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.2.0
+  hooks:
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-executables-have-shebangs
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args: [--fix=lf]
+    - id: detect-aws-credentials
+      args: ['--allow-missing-credentials']
+    - id: detect-private-key
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.74.1
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs
+      args:
+        - --hook-config=--path-to-file=README.md
+        - --hook-config=--add-to-existing-file=true
+        - --hook-config=--create-file-if-not-exist=true
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0ffe736
--- /dev/null
+++ b/README.md
@@ -0,0 +1,42 @@
+# Terraform module template
+
+This is a template for terraform modules. It contains the required CI congiguration and `.gitignore`.
+
+# Contents
+
+## package.json
+
+The `package.json` is required for the [semantic-release](https://semantic-release.gitbook.io/semantic-release/). This is controlled via a Github Actions workflow.
+
+## pre-commit-config.yaml
+
+We rely on [pre-commit](https://pre-commit.com/) hooks to ensure the good code quality. This is also checked by a CI pipeline but recommended to use locally. It's also responsible for creating [terraform-docs](https://terraform-docs.io/).
+
+## .github/workflows
+
+We have several default workflows prepared.
+
+### checkov
+
+[checkov](https://www.checkov.io/) scans the terraform manifests for common misconfigurations. By default the root of the respository is scanned but if you have a repo with submodules (like for e.g. [makandra/terraform-aws-modules](https://github.com/makandra/terraform-aws-modules) you may want to alter the path of the github action.
+
+### conventional-commits
+
+We want to enforce [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) to ensure our `semantic-release` works correctly.
+
+### precommit
+
+We want to ensure that all our rules in the `pre-commit` configuration are applied.
+
+### semantic-release
+
+Whenever new commits are merged into the `main` branch we want a new release to be created.
+
+### tflint
+
+Terraform linter for finding possible errors, old syntax, unused declarations etc. Also it enforces best practices. See [tflint](https://github.com/terraform-linters/tflint).
+By default the root of the respository is scanned but if you have a repo with submodules (like for e.g. [makandra/terraform-aws-modules](https://github.com/makandra/terraform-aws-modules) you should add every submodule to the workflow matrix.
+
+# Recommended Repo configuration
+
+We recommend protecting the `main` branch and to allow new code pushes only via Pull Requests. This way it's ensured that all tests pass before a new release is pushed.
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..2781e82
--- /dev/null
+++ b/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "releasetest",
+  "license": "MIT",
+  "devDependencies": {
+    "@semantic-release/github": "^8.0.7",
+    "git-cz": "^4.9.0",
+    "semantic-release": "^19.0.5"
+  },
+    "plugins": [
+        "@semantic-release/commit-analyzer",
+        "@semantic-release/release-notes-generator",
+        "@semantic-release/github",
+        "@semantic-release/npm", {
+            "npmPublish": false
+        }
+    ],
+  "private": true,
+  "release": {
+    "branches": [
+      "main", "master"
+    ]
+  }
+}