Merge pull request #1 from datafold/gerard-cx-2440-switch-to-versioned-terraform-aws

feat: Release first version of terraform-aws-datafold

Author: gtoonstra

.envrc

@@ -0,0 +1,5 @@
+export TFENV_AUTO_INSTALL=true
+
+tfenv install
+
+terraform --version

.github/CODEOWNERS

@@ -0,0 +1 @@
+*  @datafold/datafold-engineering

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,22 @@
+## What type of PR is this? (check all applicable)
+
+Specify one of the following as the first element in the title:
+
+- build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
+- ci: Changes to our CI configuration files and scripts (examples: CircleCi, SauceLabs)
+- docs: Documentation only changes
+- feat: A new feature
+- fix: A bug fix
+- perf: A code change that improves performance
+- refactor: A code change that neither fixes a bug nor adds a feature
+- test: Adding missing tests or correcting existing tests
+
+The NOTABLE CHANGES that will create a new entry in CHANGELOG.md and 
+create a new tag are these types:
+
+- feat
+- fix
+
+## Description
+
+<Add your description here>

.github/workflows/pr-title.yaml

@@ -0,0 +1,47 @@
+name: "Validate PR Title"
+
+on:
+  pull_request_target:
+    types: [opened, edited, synchronize]
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # Allowed types: https://github.com/commitizen/conventional-commit-types
+          # build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
+          # ci: Changes to our CI configuration files and scripts (examples: CircleCi, SauceLabs)
+          # docs: Documentation only changes
+          # feat: NOTABLE CHANGE: A new feature
+          # fix: NOTABLE CHANGE: A bug fix
+          # perf: A code change that improves performance
+          # refactor: A code change that neither fixes a bug nor adds a feature
+          # test: Adding missing tests or correcting existing tests
+          types: |
+            fix
+            feat
+            docs
+            style
+            refactor
+            perf
+            test
+            build
+            ci
+            chore
+            revert
+          requireScope: false
+          subjectPattern: ^[A-Z].+$
+          subjectPatternError: |
+            The subject "{subject}" found in the pull request title "{title}"
+            didn't match the configured pattern. Please ensure that the subject
+            starts with an uppercase character. See .github/workflows/pr-title.yaml
+
+            These conventional commits can then be used to automatically generate the CHANGELOG.md
+          wip: true
+          validateSingleCommit: true
+          validateSingleCommitMatchesPrTitle: true

.github/workflows/release.yaml

@@ -0,0 +1,34 @@
+name: Build and release
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '*.tf'
+      - '**/*.tf'
+      - '.github/workflows/release.yaml'
+
+jobs:
+  build:
+    name: Release
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'datafold'
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.DATAFOLD_RELEASE_TOKEN }}
+          persist-credentials: false
+
+      - name: Release
+        uses: cycjimmy/semantic-release-action@v4
+        with:
+          semantic_version: 19.0.2
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/[email protected]
+            [email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.DATAFOLD_RELEASE_TOKEN }}
+

.github/workflows/tfsec-pr-commenter.yaml

@@ -0,0 +1,22 @@
+name: tfsec-pr-commenter
+on:
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec PR commenter
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'datafold'
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v3
+
+      - name: tfsec
+        uses: aquasecurity/[email protected]
+        with:
+          github_token: ${{ github.token }}

.github/workflows/validate_terraform.yaml

@@ -0,0 +1,17 @@
+name: Validate Terraform
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, labeled, unlabeled]
+  workflow_dispatch:
+
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Validate Terraform modules
+      uses: devops-infra/[email protected]
+      with:
+        dir_filter: modules

.gitignore

@@ -0,0 +1,49 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# VSCode workspace dir
+**/.vscode/*
+**/.idea/*
+*.DS_Store
+**/.lh
+.history
+
+*.key
+*.key.pub
+.env
+
+# virtual environments
+.venv
+venv

.pre-commit-config.yaml

@@ -0,0 +1,7 @@
+repos:
+  - repo: https://github.com/terraform-docs/terraform-docs
+    rev: "v0.17.0"
+    hooks:
+      - id: terraform-docs-go
+        args: ["markdown", "table", "--output-file", "README.md", "./"]
+

.releaserc.json

@@ -0,0 +1,33 @@
+{
+  "branches": ["main"],
+  "ci": false,
+  "plugins": [
+    ["@semantic-release/commit-analyzer", { "preset": "conventionalcommits" }],
+    [
+      "@semantic-release/release-notes-generator",
+      { "preset": "conventionalcommits" }
+    ],
+    [
+      "@semantic-release/github",
+      {
+        "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+        "labels": false,
+        "releasedLabels": false
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md",
+        "changelogTitle": "# Changelog\n\nSee this file for notable changes between versions."
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": ["CHANGELOG.md"],
+        "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ]
+  ]
+}