From 4689aa5cb635129682f99cc45293588aac5a4df6 Mon Sep 17 00:00:00 2001
From: Stretch <chris@dxw.com>
Date: Wed, 24 Apr 2024 02:16:49 +0100
Subject: [PATCH] Add Terraform deployment

* Creates a directory which consumes the module
* This will be used to test and deploy the module through GitHub
  workflows
---
 ...ntegration-terraform-module-deployment.yml | 87 +++++++++++++++++++
 ...s-integration-tflint-module-deployment.yml | 23 +++++
 ...ous-integration-tfsec-module-deplyment.yml | 21 +++++
 .gitignore                                    |  1 +
 module-deployment/.terraform-docs.yml         | 26 ++++++
 module-deployment/.terraform-version          |  1 +
 module-deployment/README.md                   | 33 +++++++
 module-deployment/backend.tf.aws-s3.example   |  8 ++
 module-deployment/locals.tf                   |  2 +
 module-deployment/tfl-notice-board.tf         |  3 +
 module-deployment/tfvars.example              |  0
 module-deployment/versions.tf                 |  5 ++
 12 files changed, 210 insertions(+)
 create mode 100644 .github/workflows/continuous-integration-terraform-module-deployment.yml
 create mode 100644 .github/workflows/continuous-integration-tflint-module-deployment.yml
 create mode 100644 .github/workflows/continuous-integration-tfsec-module-deplyment.yml
 create mode 100644 module-deployment/.terraform-docs.yml
 create mode 100644 module-deployment/.terraform-version
 create mode 100644 module-deployment/README.md
 create mode 100644 module-deployment/backend.tf.aws-s3.example
 create mode 100644 module-deployment/locals.tf
 create mode 100644 module-deployment/tfl-notice-board.tf
 create mode 100644 module-deployment/tfvars.example
 create mode 100644 module-deployment/versions.tf

diff --git a/.github/workflows/continuous-integration-terraform-module-deployment.yml b/.github/workflows/continuous-integration-terraform-module-deployment.yml
new file mode 100644
index 0000000..fa90ec1
--- /dev/null
+++ b/.github/workflows/continuous-integration-terraform-module-deployment.yml
@@ -0,0 +1,87 @@
+name: Continuous integration Module Deplyment
+
+on:
+  push:
+    branches: main
+  pull_request:
+
+env:
+  GITHUB_PR_BRANCH: ""
+  MODULE_DEPLOYMENT_DIR: "module-deployment"
+
+jobs:
+  terraform-validate:
+    name: Terraform Validate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Get terraform version
+        id: get-terraform-version
+        run: |
+          DOTFILE_VERSION=$(cat ${{ env.MODULE_DEPLOYMENT_DIR }}/.terraform-version)
+          echo "version=$DOTFILE_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3.0.0
+        with:
+          terraform_version: ${{ steps.get-terraform-version.outputs.version }}
+
+      - name: Run a Terraform init
+        run: |
+          terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
+          init
+
+      - name: Run a Terraform validate
+        run: |
+          terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
+          validate
+
+      - name: Run a Terraform format check
+        run: |
+          terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
+          fmt -check=true -diff=true
+
+  terraform-docs-validation:
+    name: Terraform Docs validation
+    needs: terraform-validate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.TERRAFORM_DOCS_RENOVATE_WORKFLOW_GITHUB_TOKEN }}
+
+      - name: Get PR base branch
+        id: pr-base-branch-name
+        if: github.event_name == 'pull_request'
+        run: |
+          echo "GITHUB_PR_BRANCH=${{ github.head_ref }}" >> $GITHUB_ENV
+
+      - name: Get commit message
+        run: |
+          echo "GIT_COMMIT_MESSAGE=$(git show -s --format=%s)" >> $GITHUB_ENV
+
+      - name: Generate Terraform docs
+        uses: terraform-docs/gh-actions@v1.1.0
+        if: "!startsWith(env.GITHUB_PR_BRANCH, 'renovate/')"
+        with:
+          working-dir: ${{ env.MODULE_DEPLOYMENT_DIR }}
+          config-file: .terraform-docs.yml
+          output-file: README.md
+          output-method: inject
+          fail-on-diff: true
+
+      - name: Generate Terraform docs for Renovate
+        uses: terraform-docs/gh-actions@v1.1.0
+        if: "startsWith(env.GITHUB_PR_BRANCH, 'renovate/')"
+        with:
+          working-dir: ${{ env.MODULE_DEPLOYMENT_DIR }}
+          config-file: .terraform-docs.yml
+          output-file: README.md
+          output-method: inject
+          git-push: true
+          ref: ${{ github.event.pull_request.head.ref }}
+          git-commit-message: "${{ env.GIT_COMMIT_MESSAGE }} - Terraform Docs Module Deployment"
diff --git a/.github/workflows/continuous-integration-tflint-module-deployment.yml b/.github/workflows/continuous-integration-tflint-module-deployment.yml
new file mode 100644
index 0000000..f2b8666
--- /dev/null
+++ b/.github/workflows/continuous-integration-tflint-module-deployment.yml
@@ -0,0 +1,23 @@
+name: Continuous integration Module Deployment
+
+on:
+  pull_request:
+
+env:
+  MODULE_DEPLOYMENT_DIR: "module-deployment"
+
+jobs:
+  tflint:
+    name: tflint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v4
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: v0.44.1
+
+      - name: Run TFLint
+        run: tflint --chdir=${{ env.MODULE_DEPLOYMENT_DIR }} -f compact
diff --git a/.github/workflows/continuous-integration-tfsec-module-deplyment.yml b/.github/workflows/continuous-integration-tfsec-module-deplyment.yml
new file mode 100644
index 0000000..b9681b0
--- /dev/null
+++ b/.github/workflows/continuous-integration-tfsec-module-deplyment.yml
@@ -0,0 +1,21 @@
+name: Continuous integration
+
+on:
+  pull_request:
+
+env:
+  MODULE_DEPLOYMENT_DIR: "module-deployment"
+
+jobs:
+  tfsec-pr-commenter:
+    name: tfsec PR commenter
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v4
+
+      - name: tfsec
+        uses: aquasecurity/tfsec-pr-commenter-action@v1.3.1
+        with:
+          github_token: ${{ github.token }}
+          working_directory: ${{ env.MODULE_DEPLOYMENT_DIR }}
diff --git a/.gitignore b/.gitignore
index 7ea5f03..1ed0500 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
+backend.tf
 
 # Angular
 node_modules/
diff --git a/module-deployment/.terraform-docs.yml b/module-deployment/.terraform-docs.yml
new file mode 100644
index 0000000..a691780
--- /dev/null
+++ b/module-deployment/.terraform-docs.yml
@@ -0,0 +1,26 @@
+---
+formatter: "markdown table"
+version: "~> 0.16"
+settings:
+  anchor: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: true
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true
+sort:
+  enabled: true
+  by: name
+output:
+  file: README.md
+  mode: inject
+  template: |-
+        <!-- BEGIN_TF_DOCS -->
+        {{ .Content }}
+        <!-- END_TF_DOCS -->
diff --git a/module-deployment/.terraform-version b/module-deployment/.terraform-version
new file mode 100644
index 0000000..a8fdfda
--- /dev/null
+++ b/module-deployment/.terraform-version
@@ -0,0 +1 @@
+1.8.1
diff --git a/module-deployment/README.md b/module-deployment/README.md
new file mode 100644
index 0000000..fa36dd9
--- /dev/null
+++ b/module-deployment/README.md
@@ -0,0 +1,33 @@
+# chris-qa-org/terraform-aws-tfl-notice-board Deployment
+
+This project consumes the chris-qa-org/terraform-aws-tfl-notice-board module for testing and deployment
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.8.1 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_tfl_notice_board"></a> [tfl\_notice\_board](#module\_tfl\_notice\_board) | github.com/chris-qa-org/terraform-aws-tfl-notice-board | v0.1.0 |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/module-deployment/backend.tf.aws-s3.example b/module-deployment/backend.tf.aws-s3.example
new file mode 100644
index 0000000..87467a7
--- /dev/null
+++ b/module-deployment/backend.tf.aws-s3.example
@@ -0,0 +1,8 @@
+terraform {
+  backend "s3" {
+    bucket  = "<bucket-name>"
+    key     = "terraform.tfstate"
+    region  = "<region>"
+    encrypt = "true"
+  }
+}
diff --git a/module-deployment/locals.tf b/module-deployment/locals.tf
new file mode 100644
index 0000000..54a975c
--- /dev/null
+++ b/module-deployment/locals.tf
@@ -0,0 +1,2 @@
+locals {
+}
diff --git a/module-deployment/tfl-notice-board.tf b/module-deployment/tfl-notice-board.tf
new file mode 100644
index 0000000..89967d7
--- /dev/null
+++ b/module-deployment/tfl-notice-board.tf
@@ -0,0 +1,3 @@
+module "tfl_notice_board" {
+  source = "github.com/chris-qa-org/terraform-aws-tfl-notice-board?ref=v0.1.0"
+}
diff --git a/module-deployment/tfvars.example b/module-deployment/tfvars.example
new file mode 100644
index 0000000..e69de29
diff --git a/module-deployment/versions.tf b/module-deployment/versions.tf
new file mode 100644
index 0000000..c8cabcb
--- /dev/null
+++ b/module-deployment/versions.tf
@@ -0,0 +1,5 @@
+terraform {
+  required_version = ">= 1.8.1"
+  required_providers {
+  }
+}