Initial commit

Author: shashimal

.github/CODEOWNERS

@@ -0,0 +1,37 @@
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+#* @SPHTech/devops
+
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# modifies JS files, only @js-owner and not the global
+# owner(s) will be requested for a review.
+#*.js    @js-owner
+
+# You can also use email addresses if you prefer. They'll be
+# used to look up users just like we do for commit author
+# emails.
+#*.go [email protected]
+
+# In this example, @doctocat owns any files in the build/logs
+# directory at the root of the repository and any of its
+# subdirectories.
+#/build/logs/ @doctocat
+
+# The `docs/*` pattern will match files like
+# `docs/getting-started.md` but not further nested files like
+# `docs/build-app/troubleshooting.md`.
+#docs/*  [email protected]
+
+# In this example, @octocat owns any file in an apps directory
+# anywhere in your repository.
+#apps/ @octocat
+
+# In this example, @doctocat owns any file in the `/docs`
+# directory in the root of your repository.
+#/docs/ @doctocat

.github/workflows/ci.yml

@@ -0,0 +1,14 @@
+name: terraform-ci
+on:
+  pull_request:
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  pull-requests: write
+  security-events: write
+jobs:
+  ci:
+    uses: SPHTech-Platform/reusable-workflows/.github/workflows/terraform.yaml@v2
+    with:
+      upload_sarif: false

.github/workflows/precommit-autoupdate.yml

@@ -0,0 +1,37 @@
+name: Pre-commit auto-update
+
+on:
+  # every sunday at midnight
+  schedule:
+    - cron: "0 0 * * 0"
+  # on demand
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  checks: read
+  contents: write #require this to write to repo
+  pull-requests: write #require this to create PR
+
+jobs:
+  auto-update:
+    runs-on:
+      - self-hosted
+      - platform-eng-ent
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-python@v2
+
+      - name: Install pre-commit and run autoupdate
+        run: |
+          pip install pre-commit
+          pre-commit autoupdate
+
+      - uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: update/pre-commit-hooks
+          title: Update pre-commit hooks
+          commit-message: "chore: update pre-commit hooks"
+          body: Update versions of pre-commit hooks to latest version.

.gitignore

@@ -0,0 +1,39 @@
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# Terraform lockfile
+.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+*.tfplan
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

.pre-commit-config.yaml

@@ -0,0 +1,53 @@
+repos:
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: v0.1.22
+    hooks:
+      - id: shellcheck
+
+  - repo: https://github.com/tcort/markdown-link-check
+    rev: v3.11.2
+    hooks:
+      - id: markdown-link-check
+        args:
+          - "--config=mlc_config.json"
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.81.2
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_providers_lock
+        args:
+          - --args=-platform=linux_amd64
+      - id: terraform_validate
+      - id: terraform_tflint
+        args:
+          - --args=--module
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
+      - id: terraform_docs
+        args:
+          - --hook-config=--path-to-file=README.md
+          - --hook-config=--add-to-existing-file=true
+          - --hook-config=--recursive=true
+      - id: terraform_tfsec
+        args:
+          - --args=--exclude-downloaded-modules
+      - id: terraform_checkov
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      # Git style
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-merge-conflict
+      - id: no-commit-to-branch
+
+      # Common errors
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-yaml
+
+      # Security
+      - id: detect-aws-credentials
+        args: ['--allow-missing-credentials']
+      - id: detect-private-key

.tflint.hcl

@@ -0,0 +1,49 @@
+plugin "aws" {
+  enabled = true
+  version = "0.24.3"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = false
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = false
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_unused_required_providers" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}

README.md

@@ -0,0 +1 @@
+# Terraform Modules Template