chore: unify ci workflow

Use a shared workflow from shared-workflows repo
meshcloud · May 7, 2024 · ce6acc9 · ce6acc9
1 parent c30f4fd
commit ce6acc9
Show file tree

Hide file tree

Showing 12 changed files with 66 additions and 152 deletions.
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -1,24 +1,9 @@
 name: Terraform CI
-
-on: push
+on:
+  push:
+  merge_group:
+    types: [checks_requested]
 
 jobs:
-  validate:
-    name: Validate
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v1
-
-      - uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: "1.5"
-
-        # note: we can only validate the example atm. see https://github.com/hashicorp/terraform/issues/28490
-      - run: terraform init -backend=false
-        working-directory: examples/basic-aws-integration
-
-      - run: terraform validate
-        working-directory: examples/basic-aws-integration
-
-      - run: terraform fmt -recursive -check
+  build:
+    uses: meshcloud/shared-workflows/.github/workflows/terraform-meshplatform-modules-build-workflow.yml@main
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [v0.3.0]
 
 ### Added
+
 - Added workload identity federation
 - Added option to disable access keys
 

diff --git a/README.md b/README.md
@@ -113,17 +113,22 @@ For an overview of the module structure, refer to [generated terraform docs](./T
       EOF
       ```
 
-2. Download the example `main.tf` and `outputs.tf` files.
-
-    ```sh
-    # Downloads main.tf and outputs.tf files into ~/terraform-aws-meshplatform
-    wget https://raw.githubusercontent.com/meshcloud/terraform-aws-meshplatform/main/examples/basic-aws-integration/main.tf -O ~/terraform-aws-meshplatform/main.tf
-    wget https://raw.githubusercontent.com/meshcloud/terraform-aws-meshplatform/main/examples/basic-aws-integration/outputs.tf -O ~/terraform-aws-meshplatform/outputs.tf
+2. Create a terraform file that calls this module and produces outputs. Similar to:
+
+    ```hcl
+    module "meshplatform" {
+      source = "git::https://github.com/meshcloud/terraform-aws-meshplatform.git"
+      # FILL INPUTS
+    }
+    output "meshplatform" {
+      sensitive = true
+      value     = module.meshplatform
+    }
     ```
 
-3. Open `~/terraform-aws-meshplatform/main.tf` with a text editor. Modify the module variables and Terraform state backend settings in the file.
+    > It is highly recommended to configure a [terraform backend](https://developer.hashicorp.com/terraform/language/settings/backends/configuration), otherwise you risk losing track of your applied resources.
 
-4. Execute the module.
+3. Execute the module.
 
     ```sh
     # Changes into ~/terraform-aws-meshplatform and applies terraform
@@ -132,23 +137,19 @@ For an overview of the module structure, refer to [generated terraform docs](./T
     terraform apply
     ```
 
-5. Access terraform output and pass it securely to meshcloud.
+4. Use the information from terraform output to configure the platform in meshStack.
 
     ```sh
-    # The JSON output contains sensitive values that must not be transmitted to meshcloud in plain text.
+    # The JSON output contains sensitive values that must not be transmitted anywhere other then the platform config screen in meshStack.
     terraform output -json
     ```
 
-## Example Usages
-
-Check [examples](./examples/) for different use cases. As a quick start we recommend using [basic-aws-integration](./examples/basic-aws-integration) example.
-
 [^1]: This How-To guides you through the setup from your Cloudshell. You can also run the terraform scripts on your local machine.
 [^2]: You can also use other [ways to assign values input variables](https://www.terraform.io/language/values/variables#assigning-values-to-root-module-variables).
 
 ## Contributing Guide
 
-Before opening a Pull Request, we recommend following the below steps to get a faster approval:
+Before opening a Pull Request, please do the following:
 
 1. Install [pre-commit](https://pre-commit.com/#install)
 
@@ -167,9 +168,9 @@ Before opening a Pull Request, we recommend following the below steps to get a f
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws.automation"></a> [aws.automation](#provider\_aws.automation) | >= 2.7.0 |
-| <a name="provider_aws.management"></a> [aws.management](#provider\_aws.management) | >= 2.7.0 |
-| <a name="provider_aws.meshcloud"></a> [aws.meshcloud](#provider\_aws.meshcloud) | >= 2.7.0 |
+| <a name="provider_aws.automation"></a> [aws.automation](#provider\_aws.automation) | 5.48.0 |
+| <a name="provider_aws.management"></a> [aws.management](#provider\_aws.management) | 5.48.0 |
+| <a name="provider_aws.meshcloud"></a> [aws.meshcloud](#provider\_aws.meshcloud) | 5.48.0 |
 
 ## Modules
 

diff --git a/TERRAFORM_DOCS.md b/TERRAFORM_DOCS.md
diff --git a/default.nix b/default.nix
@@ -0,0 +1,35 @@
+{ pkgs ? import <nixpkgs> { }, system ? builtins.currentSystem }:
+
+let
+  # fake opentofu as terraform so that tools like terraform-docs pre-commit hook (which doesn't have tofu support)
+  # fall back to tofu
+  tofu_terraform =
+    pkgs.stdenv.mkDerivation {
+      name = "tofu-terraform";
+      phases = [ "installPhase" ];
+      installPhase = ''
+        mkdir -p $out/bin
+        echo '#!/usr/bin/env sh' > $out/bin/terraform
+        echo 'tofu $@' > $out/bin/terraform
+        chmod +x $out/bin/terraform
+      '';
+    };
+
+in
+
+pkgs.mkShell {
+  NIX_SHELL = "terraform-meshplatform-modules";
+  shellHook = ''
+    echo starting terraform-meshplatform-modules shell
+  '';
+
+  buildInputs = [
+    pkgs.pre-commit
+    pkgs.opentofu
+    pkgs.tflint
+    pkgs.terraform-docs
+
+    # fake tofu as terraform
+    tofu_terraform
+  ];
+}
diff --git a/examples/basic-aws-integration/main.tf b/examples/basic-aws-integration/main.tf
diff --git a/examples/basic-aws-integration/outputs.tf b/examples/basic-aws-integration/outputs.tf
diff --git a/modules/meshcloud-cost-explorer/ce-management-account-access/README.md b/modules/meshcloud-cost-explorer/ce-management-account-access/README.md
@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.21.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.48.0 |
 
 ## Modules
 

diff --git a/modules/meshcloud-cost-explorer/ce-meshcloud-account-access/README.md b/modules/meshcloud-cost-explorer/ce-meshcloud-account-access/README.md
@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.7.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.48.0 |
 
 ## Modules
 

diff --git a/modules/meshcloud-replicator/replicator-automation-account-access/README.md b/modules/meshcloud-replicator/replicator-automation-account-access/README.md
@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.7.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.48.0 |
 
 ## Modules
 

diff --git a/modules/meshcloud-replicator/replicator-management-account-access/README.md b/modules/meshcloud-replicator/replicator-management-account-access/README.md
@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.21.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.48.0 |
 
 ## Modules
 

diff --git a/modules/meshcloud-replicator/replicator-meshcloud-account-access/README.md b/modules/meshcloud-replicator/replicator-meshcloud-account-access/README.md
@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.7.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.48.0 |
 
 ## Modules