From 9091ac75a819a0a1d5fac53b3571d97f865e36f5 Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Wed, 18 Jan 2023 13:18:26 -0500 Subject: [PATCH 1/7] CNCF naming for .github --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 37e746d..f070493 100644 --- a/variables.tf +++ b/variables.tf @@ -117,7 +117,7 @@ variable "special_repositories" { default = [{ name = ".github" - description = "Community Health files and assets." + description = "Community Health Files and Assets." homepage_url = "https://github.com/workloads" visibility = "public" has_issues = true From f97836ee2a96938baa5a1b522893fca76439d982 Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Wed, 18 Jan 2023 13:43:37 -0500 Subject: [PATCH 2/7] Adding test github organization profile --- files.tf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 files.tf diff --git a/files.tf b/files.tf new file mode 100644 index 0000000..2a93854 --- /dev/null +++ b/files.tf @@ -0,0 +1,7 @@ +resource "github_repository_file" "organization_profile" { + repository = module.special_repositories[".github"].github_repository.name + file = "/profile/README.md" + branch = "main" + content = "test" + overwrite_on_create = true +} \ No newline at end of file From c9c9e4d4a24c79f7075485815db481c5c8b061ca Mon Sep 17 00:00:00 2001 From: Kerim Satirli Date: Thu, 19 Jan 2023 12:07:39 +0100 Subject: [PATCH 3/7] corrects path for dependabot config --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index f070493..e0d796a 100644 --- a/variables.tf +++ b/variables.tf @@ -354,7 +354,7 @@ locals { overwrite_on_create = true }, { - file = "./github/dependabot.yml", + file = ".github/dependabot.yml", content = file("./templates/dependabot/terraform.yml"), overwrite_on_create = true }, From bff6782fae3cb1b647c005e5154476c55d70280c Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Thu, 19 Jan 2023 09:02:39 -0500 Subject: [PATCH 4/7] Added a first pass at the intention behind workloads --- files.tf | 12 ++++++++---- templates/background-brief.txt | 5 +++++ templates/organization-profile.tftpl | 3 +++ 3 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 templates/background-brief.txt create mode 100644 templates/organization-profile.tftpl diff --git a/files.tf b/files.tf index 2a93854..613a408 100644 --- a/files.tf +++ b/files.tf @@ -1,7 +1,11 @@ resource "github_repository_file" "organization_profile" { - repository = module.special_repositories[".github"].github_repository.name - file = "/profile/README.md" - branch = "main" - content = "test" + repository = module.special_repositories[".github"].github_repository.name + file = "/profile/README.md" + branch = "main" + content = templatefile( + "./templates/organization-profile.tftpl", { + background = file("./templates/background-brief.txt") + } + ) overwrite_on_create = true } \ No newline at end of file diff --git a/templates/background-brief.txt b/templates/background-brief.txt new file mode 100644 index 0000000..cb49433 --- /dev/null +++ b/templates/background-brief.txt @@ -0,0 +1,5 @@ +The purpose behind Workloads is threefold. + +1. Provide an opinionated, best-practices oriented workflow for deploying a job orchestration platform to popular Cloud Service Providers (CSPs). +2. Provide Terraform blueprints that anyone can consume in an "off the shelf" fashion, without an "all or nothing" mindset. +3. Provide a way to easily test the limits of deploying HashiCorp Nomad everywhere as edge compute resources. \ No newline at end of file diff --git a/templates/organization-profile.tftpl b/templates/organization-profile.tftpl new file mode 100644 index 0000000..3e634f8 --- /dev/null +++ b/templates/organization-profile.tftpl @@ -0,0 +1,3 @@ +# Workloads + +${background} \ No newline at end of file From c629d0896d8d7a400363eb26a9671e71c2a54d12 Mon Sep 17 00:00:00 2001 From: Kerim Satirli Date: Sat, 9 Sep 2023 14:07:58 +0200 Subject: [PATCH 5/7] Update variables.tf Signed-off-by: Kerim Satirli --- variables.tf | 536 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 454 insertions(+), 82 deletions(-) diff --git a/variables.tf b/variables.tf index e0d796a..9ad5551 100644 --- a/variables.tf +++ b/variables.tf @@ -15,6 +15,103 @@ variable "github_token" { sensitive = true } +variable "actions_config" { + type = map(object({ + owner = string + repository = string + + # support GitHub Actions that share a repository and are stored in a sub-directory + # value is optional and must be supplied without leading slash + path = optional(string) + + version = string + })) + + description = "Complex Object of GitHub Actions Configuration." + + default = { + # see https://github.com/reviewdog/action-actionlint/releases + actionlint = { + owner = "reviewdog" + repository = "action-actionlint" + version = "v1.37.1" + } + + # see https://github.com/actions/checkout/releases + checkout = { + owner = "actions" + repository = "checkout" + version = "v3.6.0" + } + + # see https://github.com/actions/upload-artifact/releases + upload_artifact = { + owner = "actions" + repository = "upload-artifact" + version = "v3.1.2" + } + + # see https://github.com/github/codeql-action/releases + codeql_upload = { + owner = "github" + repository = "codeql-action" + path = "upload-sarif" + version = "codeql-bundle-v2.14.3" + } + + # see https://github.com/gaurav-nelson/github-action-markdown-link-check/releases + markdown = { + owner = "gaurav-nelson" + repository = "github-action-markdown-link-check" + version = "1.0.15" + } + + # see # https://github.com/snyk/actions/releases + snyk_iac = { + owner = "snyk" + repository = "actions" + path = "iac" + version = "0.4.0" + } + + # see https://github.com/hashicorp/setup-packer/releases + packer = { + owner = "hashicorp" + repository = "setup-packer" + version = "v2.0.0" + } + + # see https://github.com/ossf/scorecard-action/releases + scorecard = { + owner = "ossf" + repository = "scorecard-action" + version = "v2.2.0" + } + + # see https://github.com/super-linter/super-linter/releases + superlinter = { + owner = "super-linter" + repository = "super-linter" + path = "slim" + version = "v5.2.1" + } + + # see https://github.com/hashicorp/setup-terraform/releases + terraform = { + owner = "hashicorp" + repository = "setup-terraform" + version = "v2.0.3" + } + + # see https://github.com/terraform-docs/gh-actions/releases + terraform_docs = { + owner = "terraform-docs" + repository = "gh-actions" + version = "v1.0.0" + } + } +} + variable "organization_owners" { type = list(string) description = "User Names of GitHub Organization Owners." @@ -33,13 +130,17 @@ variable "organization_members" { #"davemay99", # Dave May (HashiCorp) "DerekStrickland", # Derek Strickland (Aquia) "drewmullen", # Drew Mullen (AWS) + "ericreeves", # Eric Reeves (HashiCorp) + "devopswithcobra", # Greg Thomas (HashiCorp) "im2nguyen", # Tu Nguyen (HashiCorp) "joatmon08", # Rosemary Wang (HashiCorp) "justinretzolk", # Justin Retzolk (HashiCorp) "lhaig", # Lance Haig (HashiCorp) "lomar92", # Amar Lojo (HashiCorp) - "straubt1", # Tom Straub (HashiCorp) "rizkybiz", # Justin DeFrank (HashiCorp) + "sofixa", # Adrian Todorov (HashiCorp) + "straubt1", # Tom Straub (HashiCorp) + "timothymamo", # Timothy Mamo (DigitalOcean) ] } @@ -50,8 +151,8 @@ variable "repositories" { homepage_url = string visibility = string topics = list(string) - has_issues = bool # TODO: mark as optional when 1.3.0 is out - has_wiki = bool # TODO: mark as optional when 1.3.0 is out + has_issues = bool # TODO: mark as optional + has_wiki = bool # TODO: mark as optional allow_merge_commit = bool allow_rebase_merge = bool delete_branch_on_merge = bool @@ -60,25 +161,117 @@ variable "repositories" { description = "List of GitHub Repositories." default = [ + { + name = ".github" + description = "Community Health Files and Assets" + homepage_url = "https://github.com/workloads" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "github", + ] + + allow_merge_commit = true + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "assets" + description = "🔒 (non-public) Design and Content Assets" + homepage_url = "https://github.com/workloads" + visibility = "private" + has_issues = true + has_wiki = false + + topics = [] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "container-images" + description = "Packer Templates for commonly used Container Images" + homepage_url = "https://github.com/orgs/workloads/packages?repo_name=container-images" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "docker", + "packer", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "edge-case" + description = "Docs and Diagrams for the Edge Case" + homepage_url = "https://github.com/workloads/edge-case" + visibility = "private" + has_issues = true + has_wiki = false + + topics = [ + "cyberdeck", + "raspberry-pi", + "seeedstudio", + "turing-pi", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "edge-case-docs" + description = "🔒 (non-public) Docs for the Edge Case" + homepage_url = "https://github.com/workloads/edge-case" + visibility = "private" + has_issues = false + has_wiki = false + + topics = [ + "cyberdeck", + "raspberry-pi", + "seeedstudio", + "turing-pi", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, { name = "nomad-pack-registry" - description = "Nomad Pack Registry." - homepage_url = "" + description = "Nomad Pack Registry" + homepage_url = "https://github.com/workloads/nomad-pack-registry" visibility = "public" has_issues = true has_wiki = false topics = [ "nomad", + "nomad-packs" ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, { name = "packer-templates" - description = "Packer Templates for common providers." + description = "Packer Templates for commonly used Providers" homepage_url = "https://app.terraform.io/app/workloads/workspaces/packer-images" visibility = "public" has_issues = true @@ -93,59 +286,27 @@ variable "repositories" { ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, - ] -} - -variable "special_repositories" { - type = list(object({ - name = string - description = string - homepage_url = string - visibility = string - topics = list(string) - has_issues = bool # TODO: mark as optional when 1.3.0 is out - has_wiki = bool # TODO: mark as optional when 1.3.0 is out - allow_merge_commit = bool - allow_rebase_merge = bool - delete_branch_on_merge = bool - })) - - description = "List of non-Terraform-based GitHub Repositories." - - default = [{ - name = ".github" - description = "Community Health Files and Assets." - homepage_url = "https://github.com/workloads" - visibility = "public" - has_issues = true - has_wiki = false - - topics = [ - "github", - ] - - allow_merge_commit = true - allow_rebase_merge = false - delete_branch_on_merge = true - }, { - name = "assets" - description = "(non-public) Design and Content Assets." - homepage_url = "https://github.com/workloads" - visibility = "private" + name = "tooling" + description = "Common Tooling for @workloads Projects" + homepage_url = "https://github.com/workloads/tooling" + visibility = "public" has_issues = true has_wiki = false - topics = [] + topics = [ + "makefile", + ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true - - } + }, ] } @@ -156,8 +317,8 @@ variable "terraform_repositories" { homepage_url = string visibility = string topics = list(string) - has_issues = bool # TODO: mark as optional when 1.3.0 is out - has_wiki = bool # TODO: mark as optional when 1.3.0 is out + has_issues = optional(bool) + has_wiki = optional(bool) allow_merge_commit = bool allow_rebase_merge = bool delete_branch_on_merge = bool @@ -166,9 +327,27 @@ variable "terraform_repositories" { description = "List of GitHub Repositories." default = [ + { + name = "community" + description = "Terraform-managed Community Resources" + homepage_url = "https://app.terraform.io/app/workloads/workspaces/community" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "discord", + "terraform", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, { name = "dns" - description = "Terraform-managed DNS resources." + description = "Terraform-managed DNS Resources" homepage_url = "https://app.terraform.io/app/workloads/workspaces/dns" visibility = "public" has_issues = true @@ -181,12 +360,13 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, { name = "github-organization" - description = "Terraform-managed GitHub resources." + description = "Terraform-managed GitHub Resources" homepage_url = "https://app.terraform.io/app/workloads/workspaces/repositories" visibility = "public" has_issues = true @@ -199,12 +379,13 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, { name = "networking" - description = "Terraform-managed networking components." + description = "Terraform-managed Networking Components" homepage_url = "https://app.terraform.io/app/workloads/workspaces/networking" visibility = "public" has_issues = true @@ -216,13 +397,14 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, { name = "regional-aws-deployment" - description = "Regional Deployment of AWS-specific Resources." - homepage_url = "https://app.terraform.io/app/workloads/workspaces?tag=regional-provider%3Aaws" + description = "Regional Deployment of AWS-specific Resources" + homepage_url = "https://go.workloads.io/aws-regional" visibility = "public" has_issues = true has_wiki = false @@ -233,12 +415,68 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "regional-azure-deployment" + description = "Regional Deployment of Azure-specific Resources" + homepage_url = "https://go.workloads.io/azure-regional" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "azure", + "terraform", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "regional-do-deployment" + description = "Regional Deployment of DigitalOcean-specific Resources" + homepage_url = "https://go.workloads.io/do-regional" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "digital-ocean", + "terraform", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "regional-gcp-deployment" + description = "Regional Deployment of GCP-specific Resources" + homepage_url = "https://go.workloads.io/gcp-regional" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "gcp", + "google-cloud", + "terraform", + ] + + allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, { name = "regional-workspaces" - description = "Terraform-managed Regional Terraform Cloud (TFC) Workspaces." + description = "Terraform-managed Regional Terraform Cloud Workspaces" homepage_url = "https://app.terraform.io/app/workloads/regional-workspaces" visibility = "public" has_issues = true @@ -250,12 +488,31 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "services-configuration" + description = "Terraform-managed Services Configuration" + homepage_url = "https://app.terraform.io/app/workloads/workspaces/services-configuration" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "terraform", + "vault", + ] + + allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, { name = "services-deployment" - description = "Terraform-managed services deployment." + description = "Terraform-managed Services Deployment" homepage_url = "https://app.terraform.io/app/workloads/workspaces/services-deployment" visibility = "public" has_issues = true @@ -271,13 +528,68 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "users" + description = "Terraform-managed User Directory Management" + homepage_url = "https://app.terraform.io/app/workloads/workspaces/users" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "okta", + "terraform", + "vault" + ] + + allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, + { + name = "web-assets" + description = "CloudFront-hosted Public Assets" + homepage_url = "https://assets.workloads.io" + visibility = "public" + has_issues = false + has_wiki = false + + topics = [ + "aws", + "terraform", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "web-redirects" + description = "URL Redirects." + homepage_url = "https://go.workloads.io" + visibility = "public" + has_issues = false + has_wiki = false + topics = [ + "aws", + "terraform", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, { name = "website" - description = "Terraform-rendered, GitHub-infused website." + description = "Terraform-rendered, GitHub-infused Project Website" homepage_url = "https://workloads.io" visibility = "public" has_issues = true @@ -290,12 +602,13 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, { name = "workspaces" - description = "Terraform-managed Terraform Cloud (TFC) Workspaces." + description = "Terraform-managed Terraform Cloud Workspaces" homepage_url = "https://app.terraform.io/app/workloads/workspaces" visibility = "public" has_issues = true @@ -306,76 +619,135 @@ variable "terraform_repositories" { ] allow_merge_commit = false + allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true }, ] } +variable "scorecard_checks" { + type = string + description = "OpenSSF Scorecard Checks." + + # see https://github.com/ossf/scorecard/blob/main/docs/checks.md + default = "Binary-Artifacts,Branch-Protection,Code-Review,Dangerous-Workflow,Dependency-Update-Tool,License,Maintained,Pinned-Dependencies,SAST,Security-Policy,Token-Permissions,Vulnerabilities" +} + locals { - # list of files to manage for the GitHub Repository. + # list of files to manage for ALL GitHub Repositories. repository_files = [ { - file = ".github/workflows/markdown.yml", - content = file("./templates/workflows/markdown.yml"), + file = ".github/workflows/markdown.yml", + content = templatefile("./templates/workflows/markdown.tftpl.yml", { + checkout = local.actions_config["checkout"] + markdown = local.actions_config["markdown"] + }) + overwrite_on_create = true }, { - file = ".github/workflows/superlinter.yml", - content = file("./templates/workflows/superlinter.yml"), + file = ".github/workflows/superlinter.yml" + content = templatefile("./templates/workflows/superlinter.tftpl.yml", { + checkout = local.actions_config["checkout"] + superlinter = local.actions_config["superlinter"] + }) + overwrite_on_create = true }, { - file = ".markdown-link-check.json", - content = file("./templates/.markdown-link-check.json"), + file = ".markdown-link-check.json" + content = file("./templates/.markdown-link-check.json") overwrite_on_create = true }, { - file = ".markdown-lint.yml", - content = file("./templates/.markdown-lint.yml"), + file = ".markdown-lint.yml" + content = file("./templates/.markdown-lint.yml") overwrite_on_create = true }, { file = ".yaml-lint.yml", - content = file("./templates/.yaml-lint.yml"), + content = file("./templates/.yaml-lint.yml") overwrite_on_create = true }, { file = "LICENSE", - content = file("./templates/LICENSE"), + content = file("./templates/LICENSE") overwrite_on_create = true }, ] + # list of files to manage for Terraform-specific GitHub Repositories. terraform_repository_files = concat(local.repository_files, [ { - file = ".gitignore", - content = file("./templates/gitignores/terraform.gitignore"), + # see https://git-scm.com/docs/gitattributes + file = ".gitattributes" + content = file("./templates/gitattributes/terraform.gitattributes") overwrite_on_create = true }, { - file = ".github/dependabot.yml", - content = file("./templates/dependabot/terraform.yml"), + file = ".gitignore" + content = file("./templates/gitignores/terraform.gitignore") overwrite_on_create = true }, { - file = ".github/workflows/terraform.yml", - content = file("./templates/workflows/terraform.yml"), + # see https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#about-code-owners + file = "CODEOWNERS" + + content = templatefile("./templates/codeowners.tftpl.yml", { + codeowner = "@${var.github_owner}/${github_team.maintainers.slug}" + }) + + overwrite_on_create = true + }, + { + # see https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#about-the-dependabotyml-file + file = ".github/dependabot.yml" + + content = templatefile("./templates/dependabot/terraform.tftpl.yml", { + assignee = "${var.github_owner}/${github_team.maintainers.slug}" + }) + overwrite_on_create = true }, { - file = ".github/workflows/terraform-docs.yml", - content = file("./templates/workflows/terraform-docs.yml"), + file = ".github/workflows/snyk-iac.yml" + content = templatefile("./templates/workflows/snyk-iac.tftpl.yml", { + checkout = local.actions_config["checkout"] + codeql_upload = local.actions_config["codeql_upload"] + snyk_iac = local.actions_config["snyk_iac"] + }) + + overwrite_on_create = true + }, + { + file = ".github/workflows/terraform.yml" + content = templatefile("./templates/workflows/terraform.tftpl.yml", { + checkout = local.actions_config["checkout"] + terraform = local.actions_config["terraform"] + }) + + overwrite_on_create = true + }, + { + file = ".github/workflows/terraform-docs.yml" + content = templatefile("./templates/workflows/terraform-docs.tftpl.yml", { + checkout = local.actions_config["checkout"] + terraform_docs = local.actions_config["terraform_docs"] + }) + overwrite_on_create = true }, { - file = ".terraform-docs.yml", - content = file("./templates/.terraform-docs.yml"), + # see https://terraform-docs.io/user-guide/configuration/ + file = ".terraform-docs.yml" + content = file("./templates/.terraform-docs.yml") overwrite_on_create = true }, { - file = ".tflint.hcl", - content = file("./templates/.tflint.hcl"), + # see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md + file = ".tflint.hcl" + content = file("./templates/.tflint.hcl") overwrite_on_create = true }, ]) From 9194f87028161ad9fec1d9b1907ef6459c4b5d40 Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Thu, 19 Jan 2023 09:02:39 -0500 Subject: [PATCH 6/7] Added a first pass at the intention behind workloads --- files.tf | 12 ++++++++---- templates/background-brief.txt | 5 +++++ templates/organization-profile.tftpl | 3 +++ 3 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 templates/background-brief.txt create mode 100644 templates/organization-profile.tftpl diff --git a/files.tf b/files.tf index 2a93854..613a408 100644 --- a/files.tf +++ b/files.tf @@ -1,7 +1,11 @@ resource "github_repository_file" "organization_profile" { - repository = module.special_repositories[".github"].github_repository.name - file = "/profile/README.md" - branch = "main" - content = "test" + repository = module.special_repositories[".github"].github_repository.name + file = "/profile/README.md" + branch = "main" + content = templatefile( + "./templates/organization-profile.tftpl", { + background = file("./templates/background-brief.txt") + } + ) overwrite_on_create = true } \ No newline at end of file diff --git a/templates/background-brief.txt b/templates/background-brief.txt new file mode 100644 index 0000000..cb49433 --- /dev/null +++ b/templates/background-brief.txt @@ -0,0 +1,5 @@ +The purpose behind Workloads is threefold. + +1. Provide an opinionated, best-practices oriented workflow for deploying a job orchestration platform to popular Cloud Service Providers (CSPs). +2. Provide Terraform blueprints that anyone can consume in an "off the shelf" fashion, without an "all or nothing" mindset. +3. Provide a way to easily test the limits of deploying HashiCorp Nomad everywhere as edge compute resources. \ No newline at end of file diff --git a/templates/organization-profile.tftpl b/templates/organization-profile.tftpl new file mode 100644 index 0000000..3e634f8 --- /dev/null +++ b/templates/organization-profile.tftpl @@ -0,0 +1,3 @@ +# Workloads + +${background} \ No newline at end of file From 117dc6bcb728c6d7500c6f770ae0f5f1d1438097 Mon Sep 17 00:00:00 2001 From: Kerim Satirli Date: Tue, 12 Dec 2023 18:56:33 +0100 Subject: [PATCH 7/7] linting --- variables.tf | 359 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 294 insertions(+), 65 deletions(-) diff --git a/variables.tf b/variables.tf index 9ad5551..a633d35 100644 --- a/variables.tf +++ b/variables.tf @@ -34,21 +34,21 @@ variable "actions_config" { actionlint = { owner = "reviewdog" repository = "action-actionlint" - version = "v1.37.1" + version = "v1.39.1" + } + + # see https://github.com/aws-actions/configure-aws-credentials/releases + aws_credentials = { + owner = "aws-actions" + repository = "configure-aws-credentials" + version = "v4.0.1" } # see https://github.com/actions/checkout/releases checkout = { owner = "actions" repository = "checkout" - version = "v3.6.0" - } - - # see https://github.com/actions/upload-artifact/releases - upload_artifact = { - owner = "actions" - repository = "upload-artifact" - version = "v3.1.2" + version = "v4.1.1" } # see https://github.com/github/codeql-action/releases @@ -56,51 +56,49 @@ variable "actions_config" { owner = "github" repository = "codeql-action" path = "upload-sarif" - version = "codeql-bundle-v2.14.3" + version = "codeql-bundle-v2.15.3" } - # see https://github.com/gaurav-nelson/github-action-markdown-link-check/releases - markdown = { - owner = "gaurav-nelson" - repository = "github-action-markdown-link-check" - version = "1.0.15" - } - - # see # https://github.com/snyk/actions/releases - snyk_iac = { - owner = "snyk" - repository = "actions" - path = "iac" - version = "0.4.0" + hugo = { + owner = "peaceiris" + repository = "actions-hugo" + version = "v2.6.0" } # see https://github.com/hashicorp/setup-packer/releases packer = { owner = "hashicorp" repository = "setup-packer" - version = "v2.0.0" + version = "v2.0.1" } # see https://github.com/ossf/scorecard-action/releases scorecard = { owner = "ossf" repository = "scorecard-action" - version = "v2.2.0" + version = "v2.3.1" + } + + # see # https://github.com/snyk/actions/releases + snyk_iac = { + owner = "snyk" + repository = "actions" + path = "iac" + version = "0.4.0" } # see https://github.com/super-linter/super-linter/releases superlinter = { owner = "super-linter" repository = "super-linter" - path = "slim" - version = "v5.2.1" + version = "v5.7.2" } # see https://github.com/hashicorp/setup-terraform/releases terraform = { owner = "hashicorp" repository = "setup-terraform" - version = "v2.0.3" + version = "v3.0.0" } # see https://github.com/terraform-docs/gh-actions/releases @@ -109,9 +107,68 @@ variable "actions_config" { repository = "gh-actions" version = "v1.0.0" } + + # see https://github.com/actions/upload-artifact/releases + upload_artifact = { + owner = "actions" + repository = "upload-artifact" + version = "v3.1.3" + } } } +variable "hugo_version" { + type = string + description = "Hugo Version." + default = "0.120.0" +} + +variable "issue_labels_hashicorp" { + type = list(object({ + color = string + description = optional(string) + name = string + })) + + description = "HashiCorp Product-specific Issue Labels." + + default = [ + { + color = "EC585D" + description = "Issues related to HashiCorp Boundary" + name = "boundary" + }, { + color = "DC477D" + description = "Issues related to HashiCorp Consul" + name = "consul" + }, { + color = "000000" + description = "Issues related to HashiCorp Cloud Platform" + name = "hashicorp-cloud-platform" + }, { + color = "60DEA9" + description = "Issues related to HashiCorp Nomad" + name = "nomad" + }, { + color = "63D0FF" + description = "Issues related to HashiCorp Packer" + name = "packer" + }, { + color = "844FBA" + description = "Issues related to HashiCorp Terraform" + name = "terraform" + }, { + color = "FFEC6E" + description = "Issues related to HashiCorp Vault" + name = "vault" + }, { + color = "62D4DC" + description = "Issues related to HashiCorp Waypoint" + name = "waypoint" + } + ] +} + variable "organization_owners" { type = list(string) description = "User Names of GitHub Organization Owners." @@ -123,27 +180,93 @@ variable "organization_owners" { } variable "organization_members" { - type = list(string) - description = "User Names of GitHub Organization Members." + type = list(object({ + username = string + teams = list(string) + })) + + description = "User Names and Team Associations of GitHub Organization Members." default = [ - #"davemay99", # Dave May (HashiCorp) - "DerekStrickland", # Derek Strickland (Aquia) - "drewmullen", # Drew Mullen (AWS) - "ericreeves", # Eric Reeves (HashiCorp) - "devopswithcobra", # Greg Thomas (HashiCorp) - "im2nguyen", # Tu Nguyen (HashiCorp) - "joatmon08", # Rosemary Wang (HashiCorp) - "justinretzolk", # Justin Retzolk (HashiCorp) - "lhaig", # Lance Haig (HashiCorp) - "lomar92", # Amar Lojo (HashiCorp) - "rizkybiz", # Justin DeFrank (HashiCorp) - "sofixa", # Adrian Todorov (HashiCorp) - "straubt1", # Tom Straub (HashiCorp) - "timothymamo", # Timothy Mamo (DigitalOcean) + { + # Derek Strickland (Aquia) + username : "DerekStrickland", + teams : [] + }, { + # Drew Mullen (River Point Technology) + username : "drewmullen", + teams : [] + }, { + # Eric Reeves (HashiCorp) + username : "ericreeves", + teams : [] + }, { + # Greg Thomas (HashiCorp) + username : "devopswithcobra", + teams : [] + }, { + # Tu Nguyen (HashiCorp) + username : "im2nguyen", + teams : [] + }, { + # Rosemary Wang (HashiCorp) + username : "joatmon08", + teams : [] + }, { + # Justin Retzolk (HashiCorp) + username : "justinretzolk", + teams : [ + "terraform", + ] + }, { + # Lance Haig (HashiCorp) + username : "lhaig", + teams : [ + "nomad", + ] + }, { + # Amar Lojo (HashiCorp) + username : "lomar92", + teams : [] + }, { + # Justin DeFrank (HashiCorp) + username : "rizkybiz", + teams : [ + "terraform", + "boundary", + ] + }, { + # Adrian Todorov (HashiCorp) + username : "sofixa", + teams : [ + "terraform", + "nomad", + ] + }, { + # Tom Straub (HashiCorp) + username : "straubt1", + teams : [ + "terraform", + ] + }, { + # Timothy Mamo (DigitalOcean) + username : "timothymamo", + teams : [] + } ] } +variable "outside_collaborators" { + type = map(list(string)) + description = "Map of Outside Collaborators." + + default = { + "minecraft-bot" : [ + "LetsChill", # Tahar Ali + ] + } +} + variable "repositories" { type = list(object({ name = string @@ -251,6 +374,44 @@ variable "repositories" { allow_rebase_merge = false delete_branch_on_merge = true }, + { + name = "hugo-theme-workloads" + description = "Hugo Theme for @workloads Website" + homepage_url = "https://workloads.io" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "hugo", + "hugo-theme" + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "minecraft-bot" + description = "Mineflayer-based Excavation Assistant" + homepage_url = "https://github.com/workloads/minecraft-bot" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "minecraft", + "minecraft-bot", + "mineflayer", + "mineflayer-bot", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, { name = "nomad-pack-registry" description = "Nomad Pack Registry" @@ -302,6 +463,24 @@ variable "repositories" { "makefile", ] + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, + { + name = "website" + description = "Hugo-powered Website" + homepage_url = "https://workloads.io" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "aws", + "hugo", + ] + allow_merge_commit = false allow_squash_merge = true allow_rebase_merge = false @@ -310,6 +489,35 @@ variable "repositories" { ] } +variable "reviewer_teams" { + type = list(object({ + name_suffix = string + description = string + privacy = optional(string, "closed") + })) + + description = "List of Reviewer Teams." + + default = [ + { + name_suffix = "boundary" + description = "Boundary" + }, + { + name_suffix = "nomad" + description = "Nomad (incl. Nomad Packs)" + }, + { + name_suffix = "terraform" + description = "Terraform (incl. Modules)" + }, + { + name_suffix = "vault" + description = "Vault (incl. HCP Vault Secrets)" + } + ] +} + variable "terraform_repositories" { type = list(object({ name = string @@ -532,6 +740,25 @@ variable "terraform_repositories" { allow_rebase_merge = false delete_branch_on_merge = true }, + { + name = "terraform-aws-regional-cidrs" + description = "Terraform Module: Regional CIDRs for AWS" + homepage_url = "https://registry.terraform.io/modules/workloads/regional-cidrs/aws/latest" + visibility = "public" + has_issues = true + has_wiki = false + + topics = [ + "aws", + "terraform", + "terraform-module", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, { name = "users" description = "Terraform-managed User Directory Management" @@ -569,6 +796,24 @@ variable "terraform_repositories" { allow_rebase_merge = false delete_branch_on_merge = true }, + { + name = "web-assets-sync" + description = "Terraform-managed Public Assets Sync" + homepage_url = "https://assets.workloads.io" + visibility = "public" + has_issues = false + has_wiki = false + + topics = [ + "aws", + "terraform", + ] + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + delete_branch_on_merge = true + }, { name = "web-redirects" description = "URL Redirects." @@ -588,16 +833,15 @@ variable "terraform_repositories" { delete_branch_on_merge = true }, { - name = "website" - description = "Terraform-rendered, GitHub-infused Project Website" - homepage_url = "https://workloads.io" + name = "website-deployment" + description = "Website Deployment for @workloads" + homepage_url = "https://github.com/workloads/website" visibility = "public" - has_issues = true + has_issues = false has_wiki = false topics = [ "aws", - "html5", "terraform", ] @@ -605,8 +849,7 @@ variable "terraform_repositories" { allow_squash_merge = true allow_rebase_merge = false delete_branch_on_merge = true - }, - { + }, { name = "workspaces" description = "Terraform-managed Terraform Cloud Workspaces" homepage_url = "https://app.terraform.io/app/workloads/workspaces" @@ -637,15 +880,6 @@ variable "scorecard_checks" { locals { # list of files to manage for ALL GitHub Repositories. repository_files = [ - { - file = ".github/workflows/markdown.yml", - content = templatefile("./templates/workflows/markdown.tftpl.yml", { - checkout = local.actions_config["checkout"] - markdown = local.actions_config["markdown"] - }) - - overwrite_on_create = true - }, { file = ".github/workflows/superlinter.yml" content = templatefile("./templates/workflows/superlinter.tftpl.yml", { @@ -655,11 +889,6 @@ locals { overwrite_on_create = true }, - { - file = ".markdown-link-check.json" - content = file("./templates/.markdown-link-check.json") - overwrite_on_create = true - }, { file = ".markdown-lint.yml" content = file("./templates/.markdown-lint.yml")