elastic-ipfs · blucas · Mar 9, 2022 · Apr 6, 2022 · Apr 6, 2022
diff --git a/.github/workflows/terraspace.yaml b/.github/workflows/terraspace.yaml
@@ -0,0 +1,238 @@
+name: Terraspace
+
+permissions:
+  contents: read
+  id-token: write
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - terraspace/infra-prj-a/**.tf
+      - terraspace/infra-prj-a/**.tfvars
+
+env:
+#  ROLE_ARN: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/managed-oidc-service-github-actions
+  ROLE_SESSION_NAME: github-actions-runner
+  AWS_REGION: us-west-2 # TODO this should be dynamic
+  TF_IN_AUTOMATION: 1
+
+jobs:
+  tflint:
+    runs-on: ubuntu-latest
+    name: TFLint
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }} # Makes sure we get the latest commit from the PR
+
+      - name: ASDF - Install
+        uses: asdf-vm/actions/setup@v1
+        with:
+          asdf_branch: v0.9.0
+
+      - name: ASDF - Cache Tools
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-asdf-tools
+        with:
+          # asdf cache files are stored in `~/.asdf` on Linux/macOS
+          path: |
+            ~/.asdf/installs
+            ~/.asdf/plugins
+            ~/.asdf/shims
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: TFLint - Cache Plugins
+        uses: actions/cache@v2
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ runner.os }}-tflint-${{ hashFiles('**/.tflint.hcl') }}
+
+      - name: ASDF - Install Tools
+        working-directory: terraspace/infra-prj-a
+        run: |
+          cut -d' ' -f1 .tool-versions | grep -v '#' | xargs -n1 asdf plugin add || true
+          asdf install
+          terraform --version
+          ruby --version
+
+      - name: Bundle - Install
+        working-directory: terraspace/infra-prj-a
+        run: bundle install
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+#      - name: Configure AWS credentials
+#        uses: aws-actions/configure-aws-credentials@v1
+#        with:
+#          role-to-assume: ${{ env.ROLE_ARN }}
+#          role-session-name: ${{ env.ROLE_SESSION_NAME }}
+#          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Terraspace - All Init
+        working-directory: terraspace/infra-prj-a
+        run: terraspace all init
+
+      - name: Terraspace - All Init Logs
+        working-directory: terraspace/infra-prj-a
+        run: terraspace logs init -a --no-timestamps
+
+      - name: TFLint - Init
+        working-directory: terraspace/infra-prj-a
+        run: tflint --init
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: TFLint - Scan
+        working-directory: terraspace/infra-prj-a
+        run: |
+          find .terraspace-cache -maxdepth 4 -mindepth 4 -type d | grep stacks | xargs -I '{}' -n1 sh -c 'echo "Scanning: {}" && tflint {}'
+
+
+
+  tf-sec:
+    runs-on: ubuntu-latest
+    name: TFSec
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }} # Makes sure we get the latest commit from the PR
+
+      - name: ASDF - Install
+        uses: asdf-vm/actions/setup@v1
+        with:
+          asdf_branch: v0.9.0
+
+      - name: ASDF - Cache Tools
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-asdf-tools
+        with:
+          # asdf cache files are stored in `~/.asdf` on Linux/macOS
+          path: |
+            ~/.asdf/installs
+            ~/.asdf/plugins
+            ~/.asdf/shims
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: ASDF - Install Tools
+        working-directory: terraspace/infra-prj-a
+        run: |
+          cut -d' ' -f1 .tool-versions | grep -v '#' | xargs -n1 asdf plugin add || true
+          asdf install
+          terraform --version
+          ruby --version
+
+      - name: Bundle - Install
+        working-directory: terraspace/infra-prj-a
+        run: bundle install
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+#      - name: Configure AWS credentials
+#        uses: aws-actions/configure-aws-credentials@v1
+#        with:
+#          role-to-assume: ${{ env.ROLE_ARN }}
+#          role-session-name: ${{ env.ROLE_SESSION_NAME }}
+#          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Terraspace - All Init
+        working-directory: terraspace/infra-prj-a
+        run: terraspace all init
+
+      - name: Terraspace - All Init Logs
+        working-directory: terraspace/infra-prj-a
+        run: terraspace logs init -a --no-timestamps
+
+      - name: TFSec
+        working-directory: terraspace/infra-prj-a/.terraspace-cache
+        run: tfsec .
+
+  plan:
+    runs-on: ubuntu-latest
+    name: Plan
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }} # Makes sure we get the latest commit from the PR
+
+      - name: ASDF - Install
+        uses: asdf-vm/actions/setup@v1
+        with:
+          asdf_branch: v0.9.0
+
+      - name: ASDF - Cache Tools
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-asdf-tools
+        with:
+          # asdf cache files are stored in `~/.asdf` on Linux/macOS
+          path: |
+            ~/.asdf/installs
+            ~/.asdf/plugins
+            ~/.asdf/shims
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: ASDF - Install Tools
+        working-directory: terraspace/infra-prj-a
+        run: |
+          cut -d' ' -f1 .tool-versions | grep -v '#' | xargs -n1 asdf plugin add || true
+          asdf install
+          terraform --version
+          ruby --version
+
+      - name: Bundle - Install
+        working-directory: terraspace/infra-prj-a
+        run: bundle install
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+#      - name: Configure AWS credentials
+#        uses: aws-actions/configure-aws-credentials@v1
+#        with:
+#          role-to-assume: ${{ env.ROLE_ARN }}
+#          role-session-name: ${{ env.ROLE_SESSION_NAME }}
+#          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Terraspace - All Plan
+        id: ts_all_plan
+        working-directory: terraspace/infra-prj-a
+        continue-on-error: true
+        run: terraspace all plan --out ":MOD_NAME.plan"
+
+      - name: Terraspace - All Plan Logs
+        if: steps.ts_all_plan.conclusion != 'skipped'
+        working-directory: terraspace/infra-prj-a
+        run: terraspace logs plan -a --no-timestamps
diff --git a/terraspace/infra-prj-a/.gitignore b/terraspace/infra-prj-a/.gitignore
@@ -0,0 +1,39 @@
+# Terraform files
+.terraform
+terraform.tfstate
+terraform.tfvars
+*.tfstate*
+
+.terraspace-cache
+*.plan
+
+# OS X files
+.history
+.DS_Store
+
+# Terraspace
+/vendor
+
+# Common ruby files
+*.gem
+*.rbc
+.env*
+.idea
+/.bundle
+/.config
+/.yardoc
+/_yardoc
+/coverage
+/doc/
+/Gemfile.lock
+/InstalledFiles
+/lib/bundler/man
+/log
+/output
+/pkg
+/rdoc
+/spec/fixtures/project/output
+/spec/reports
+/test/tmp
+/test/version_tmp
+/tmp
diff --git a/terraspace/infra-prj-a/.tflint.hcl b/terraspace/infra-prj-a/.tflint.hcl
@@ -0,0 +1,73 @@
+config {
+  module              = false
+  force               = false
+  disabled_by_default = false
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.13.2"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_module_version" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_unused_required_providers" {
+  # We share a common versions.tf file across our stacks so some
+  # stacks may end up declaring a provider which is not used
+  enabled = false
+}
+
+rule "terraform_workspace_remote" {
+  enabled = true
+}
diff --git a/terraspace/infra-prj-a/.tool-versions b/terraspace/infra-prj-a/.tool-versions
@@ -0,0 +1,4 @@
+ruby 3.1.1
+terraform 1.1.7
+tfsec 1.9.0
+tflint 0.35.0
diff --git a/terraspace/infra-prj-a/Gemfile b/terraspace/infra-prj-a/Gemfile
@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "terraspace", '~> 1.1.7'
+gem "rspec-terraspace"
+gem "terraspace_plugin_aws"
diff --git a/terraspace/infra-prj-a/README.md b/terraspace/infra-prj-a/README.md
@@ -0,0 +1,17 @@
+# Terraspace Project
+
+This is a Terraspace project. It contains code to provision Cloud infrastructure built with [Terraform](https://www.terraform.io/) and the [Terraspace Framework](https://terraspace.cloud/).
+
+## Deploy
+
+To deploy all the infrastructure stacks:
+
+    AWS_PROFILE=pl-account-x AWS_REGION=us-east-1 TS_ENV=prod terraspace all up
+
+To deploy individual stacks:
+
+    terraspace up demo # where demo is app/stacks/demo
+
+## Terrafile
+
+To use more modules, add them to the [Terrafile](https://terraspace.cloud/docs/terrafile/).
diff --git a/terraspace/infra-prj-a/Terrafile b/terraspace/infra-prj-a/Terrafile
@@ -0,0 +1,14 @@
+# Starter Terrafile
+# More info: https://terraspace.cloud/docs/terrafile/
+#
+# org "boltopspro" # set default github org
+#
+# Use modules from your org
+# mod "instance", source: "terraform-aws-instance", version: "v0.1.0"
+# mod "elb", source: "terraform-aws-elb"
+#
+# Use modules and specify org explicitly
+# mod "vpc", source: "boltops-tools/terraform-aws-vpc", version: "master"
+#
+# Use modules from the Terraform registry
+# mod "sqs", source: "terraform-aws-modules/sqs/aws"