From ce6acc99d2eee2447e52c40193c7cb2284eaf8f7 Mon Sep 17 00:00:00 2001 From: Mohammad Alhussan Date: Tue, 7 May 2024 10:49:03 +0200 Subject: [PATCH] chore: unify ci workflow Use a shared workflow from shared-workflows repo --- .github/workflows/workflow.yaml | 27 ++------- CHANGELOG.md | 1 + README.md | 37 ++++++------ TERRAFORM_DOCS.md | 0 default.nix | 35 +++++++++++ examples/basic-aws-integration/main.tf | 50 ---------------- examples/basic-aws-integration/outputs.tf | 58 ------------------- .../ce-management-account-access/README.md | 2 +- .../ce-meshcloud-account-access/README.md | 2 +- .../README.md | 2 +- .../README.md | 2 +- .../README.md | 2 +- 12 files changed, 66 insertions(+), 152 deletions(-) delete mode 100644 TERRAFORM_DOCS.md create mode 100644 default.nix delete mode 100644 examples/basic-aws-integration/main.tf delete mode 100644 examples/basic-aws-integration/outputs.tf diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index a250e58..57587d6 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -1,24 +1,9 @@ name: Terraform CI - -on: push +on: + push: + merge_group: + types: [checks_requested] jobs: - validate: - name: Validate - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v1 - - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: "1.5" - - # note: we can only validate the example atm. see https://github.com/hashicorp/terraform/issues/28490 - - run: terraform init -backend=false - working-directory: examples/basic-aws-integration - - - run: terraform validate - working-directory: examples/basic-aws-integration - - - run: terraform fmt -recursive -check + build: + uses: meshcloud/shared-workflows/.github/workflows/terraform-meshplatform-modules-build-workflow.yml@main \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 1185d9a..92f550b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [v0.3.0] ### Added + - Added workload identity federation - Added option to disable access keys diff --git a/README.md b/README.md index 5fc60fc..050d884 100644 --- a/README.md +++ b/README.md @@ -113,17 +113,22 @@ For an overview of the module structure, refer to [generated terraform docs](./T EOF ``` -2. Download the example `main.tf` and `outputs.tf` files. - - ```sh - # Downloads main.tf and outputs.tf files into ~/terraform-aws-meshplatform - wget https://raw.githubusercontent.com/meshcloud/terraform-aws-meshplatform/main/examples/basic-aws-integration/main.tf -O ~/terraform-aws-meshplatform/main.tf - wget https://raw.githubusercontent.com/meshcloud/terraform-aws-meshplatform/main/examples/basic-aws-integration/outputs.tf -O ~/terraform-aws-meshplatform/outputs.tf +2. Create a terraform file that calls this module and produces outputs. Similar to: + + ```hcl + module "meshplatform" { + source = "git::https://github.com/meshcloud/terraform-aws-meshplatform.git" + # FILL INPUTS + } + output "meshplatform" { + sensitive = true + value = module.meshplatform + } ``` -3. Open `~/terraform-aws-meshplatform/main.tf` with a text editor. Modify the module variables and Terraform state backend settings in the file. + > It is highly recommended to configure a [terraform backend](https://developer.hashicorp.com/terraform/language/settings/backends/configuration), otherwise you risk losing track of your applied resources. -4. Execute the module. +3. Execute the module. ```sh # Changes into ~/terraform-aws-meshplatform and applies terraform @@ -132,23 +137,19 @@ For an overview of the module structure, refer to [generated terraform docs](./T terraform apply ``` -5. Access terraform output and pass it securely to meshcloud. +4. Use the information from terraform output to configure the platform in meshStack. ```sh - # The JSON output contains sensitive values that must not be transmitted to meshcloud in plain text. + # The JSON output contains sensitive values that must not be transmitted anywhere other then the platform config screen in meshStack. terraform output -json ``` -## Example Usages - -Check [examples](./examples/) for different use cases. As a quick start we recommend using [basic-aws-integration](./examples/basic-aws-integration) example. - [^1]: This How-To guides you through the setup from your Cloudshell. You can also run the terraform scripts on your local machine. [^2]: You can also use other [ways to assign values input variables](https://www.terraform.io/language/values/variables#assigning-values-to-root-module-variables). ## Contributing Guide -Before opening a Pull Request, we recommend following the below steps to get a faster approval: +Before opening a Pull Request, please do the following: 1. Install [pre-commit](https://pre-commit.com/#install) @@ -167,9 +168,9 @@ Before opening a Pull Request, we recommend following the below steps to get a f | Name | Version | |------|---------| -| [aws.automation](#provider\_aws.automation) | >= 2.7.0 | -| [aws.management](#provider\_aws.management) | >= 2.7.0 | -| [aws.meshcloud](#provider\_aws.meshcloud) | >= 2.7.0 | +| [aws.automation](#provider\_aws.automation) | 5.48.0 | +| [aws.management](#provider\_aws.management) | 5.48.0 | +| [aws.meshcloud](#provider\_aws.meshcloud) | 5.48.0 | ## Modules diff --git a/TERRAFORM_DOCS.md b/TERRAFORM_DOCS.md deleted file mode 100644 index e69de29..0000000 diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..410ae60 --- /dev/null +++ b/default.nix @@ -0,0 +1,35 @@ +{ pkgs ? import { }, system ? builtins.currentSystem }: + +let + # fake opentofu as terraform so that tools like terraform-docs pre-commit hook (which doesn't have tofu support) + # fall back to tofu + tofu_terraform = + pkgs.stdenv.mkDerivation { + name = "tofu-terraform"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + echo '#!/usr/bin/env sh' > $out/bin/terraform + echo 'tofu $@' > $out/bin/terraform + chmod +x $out/bin/terraform + ''; + }; + +in + +pkgs.mkShell { + NIX_SHELL = "terraform-meshplatform-modules"; + shellHook = '' + echo starting terraform-meshplatform-modules shell + ''; + + buildInputs = [ + pkgs.pre-commit + pkgs.opentofu + pkgs.tflint + pkgs.terraform-docs + + # fake tofu as terraform + tofu_terraform + ]; +} diff --git a/examples/basic-aws-integration/main.tf b/examples/basic-aws-integration/main.tf deleted file mode 100644 index 464fcb1..0000000 --- a/examples/basic-aws-integration/main.tf +++ /dev/null @@ -1,50 +0,0 @@ -# It is highly recommended to setup a backend to store the terraform state file -# Removing the backend will output the terraform state in the local filesystem -# See https://www.terraform.io/language/settings/backends for more details -# -# Remove/comment the backend block below if you are only testing the module. -# Please be aware that you cannot destroy the created resources via terraform if you lose the state file. -terraform { - backend "s3" { - region = "eu-west-1" - profile = "myprofile" - bucket = "cloudfoundation-tfstates" - key = "meshstack/platforms/aws" - encrypt = true - } -} - -provider "aws" { - alias = "management" - profile = "management" -} - -provider "aws" { - alias = "meshcloud" - profile = "meshcloud" -} - -provider "aws" { - alias = "automation" - profile = "automation" -} - -module "meshplatform" { - source = "../../" - # note: for production use we recommend using a pinned version of the module like so - # source = "git::https://github.com/meshcloud/terraform-aws-meshplatform.git?ref=v0.2.0" - - - providers = { - aws.management = aws.management - aws.meshcloud = aws.meshcloud - aws.automation = aws.automation - } - - aws_sso_instance_arn = "arn:aws:sso:::instance/ssoins-xxxxxxxxxxxxxxx" - control_tower_enrollment_enabled = true - control_tower_portfolio_id = "port-xxxxxxxxxxx" - replicator_privileged_external_id = "replace with random UUID v4" - cost_explorer_privileged_external_id = "replace with random UUID v4" - landing_zone_ou_arns = ["arn:aws:organizations::*:ou/o-*/ou-*"] -} diff --git a/examples/basic-aws-integration/outputs.tf b/examples/basic-aws-integration/outputs.tf deleted file mode 100644 index 9186a5c..0000000 --- a/examples/basic-aws-integration/outputs.tf +++ /dev/null @@ -1,58 +0,0 @@ -output "management_account_id" { - value = module.meshplatform.management_account_id - description = "Management Account ID" -} - -output "meshcloud_account_id" { - value = module.meshplatform.meshcloud_account_id - description = "Meshcloud Account ID" -} - -output "automation_account_id" { - value = module.meshplatform.automation_account_id - description = "Automation Account ID" -} - -output "replicator_aws_iam_keys" { - value = module.meshplatform.replicator_aws_iam_keys - description = "You can access your credentials when you execute `terraform output replicator_aws_iam_keys` command" - sensitive = true -} - -output "replicator_management_account_role_arn" { - description = "Amazon Resource Name (ARN) of Management Account Role for replicator" - value = module.meshplatform.replicator_management_account_role_arn -} - -output "replicator_automation_account_role_arn" { - description = "Amazon Resource Name (ARN) of Automation Account Role for replicator" - value = module.meshplatform.replicator_automation_account_role_arn -} - -output "replicator_privileged_external_id" { - value = module.meshplatform.replicator_privileged_external_id - description = "Replicator privileged_external_id" - sensitive = true -} - -output "meshstack_access_role_name" { - value = module.meshplatform.meshstack_access_role_name - description = "The name for the Account Access Role that will be rolled out to all managed accounts." -} - -output "metering_aws_iam_keys" { - value = module.meshplatform.metering_aws_iam_keys - description = "You can access your credentials when you execute `terraform output metering_aws_iam_keys` command" - sensitive = true -} - -output "cost_explorer_management_account_role_arn" { - description = "Amazon Resource Name (ARN) of Management Account Role for replicator" - value = module.meshplatform.cost_explorer_management_account_role_arn -} - -output "cost_explorer_privileged_external_id" { - value = module.meshplatform.cost_explorer_privileged_external_id - description = "Cost explorer privileged_external_id" - sensitive = true -} diff --git a/modules/meshcloud-cost-explorer/ce-management-account-access/README.md b/modules/meshcloud-cost-explorer/ce-management-account-access/README.md index 691a2af..943654e 100644 --- a/modules/meshcloud-cost-explorer/ce-management-account-access/README.md +++ b/modules/meshcloud-cost-explorer/ce-management-account-access/README.md @@ -9,7 +9,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.21.0 | +| [aws](#provider\_aws) | 5.48.0 | ## Modules diff --git a/modules/meshcloud-cost-explorer/ce-meshcloud-account-access/README.md b/modules/meshcloud-cost-explorer/ce-meshcloud-account-access/README.md index 10cdd72..27d1927 100644 --- a/modules/meshcloud-cost-explorer/ce-meshcloud-account-access/README.md +++ b/modules/meshcloud-cost-explorer/ce-meshcloud-account-access/README.md @@ -9,7 +9,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.7.0 | +| [aws](#provider\_aws) | 5.48.0 | ## Modules diff --git a/modules/meshcloud-replicator/replicator-automation-account-access/README.md b/modules/meshcloud-replicator/replicator-automation-account-access/README.md index c4de9cb..28bf715 100644 --- a/modules/meshcloud-replicator/replicator-automation-account-access/README.md +++ b/modules/meshcloud-replicator/replicator-automation-account-access/README.md @@ -9,7 +9,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.7.0 | +| [aws](#provider\_aws) | 5.48.0 | ## Modules diff --git a/modules/meshcloud-replicator/replicator-management-account-access/README.md b/modules/meshcloud-replicator/replicator-management-account-access/README.md index 2923385..bc8c8ac 100644 --- a/modules/meshcloud-replicator/replicator-management-account-access/README.md +++ b/modules/meshcloud-replicator/replicator-management-account-access/README.md @@ -9,7 +9,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.21.0 | +| [aws](#provider\_aws) | 5.48.0 | ## Modules diff --git a/modules/meshcloud-replicator/replicator-meshcloud-account-access/README.md b/modules/meshcloud-replicator/replicator-meshcloud-account-access/README.md index 29c303f..eb8332b 100644 --- a/modules/meshcloud-replicator/replicator-meshcloud-account-access/README.md +++ b/modules/meshcloud-replicator/replicator-meshcloud-account-access/README.md @@ -9,7 +9,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.7.0 | +| [aws](#provider\_aws) | 5.48.0 | ## Modules