feat: added terraform-module template

ALT-F4-LLC · Jul 13, 2024 · e3f48c0 · e3f48c0
1 parent a85aa33
commit e3f48c0
Show file tree

Hide file tree

Showing 9 changed files with 234 additions and 21 deletions.
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -89,6 +89,24 @@ func (c Config) GetTemplater() (Templater, error) {
 			return tpl, err
 		}
 
+		// Then convert them back into the type for the templater selected
+		if err := json.Unmarshal(b, &tpl); err != nil {
+			return tpl, err
+		}
+		return tpl, nil
+
+	case "terraform-module":
+		if Debug {
+			fmt.Println("loading terraform module templater")
+		}
+		tpl := NewTerraformModuleConfig(c)
+
+		// Convert the parameters (map type) to JSON
+		b, err := json.Marshal(c.Parameters)
+		if err != nil {
+			return tpl, err
+		}
+
 		// Then convert them back into the type for the templater selected
 		if err := json.Unmarshal(b, &tpl); err != nil {
 			return tpl, err

diff --git a/internal/config/terraform_module.go b/internal/config/terraform_module.go
@@ -0,0 +1,42 @@
+package config
+
+import (
+	"github.com/ALT-F4-LLC/build-configs/internal/templates"
+)
+
+const TerraformModuleName = "terraform-module"
+
+type TerraformModuleConfig struct {
+	Config
+	Nix       NixConfig `json:"nix,omitempty" yaml:"nix,omitempty"`
+	Providers []string  `json:"providers,omitempty" yaml:"providers,omitempty"`
+}
+
+func NewTerraformModuleConfig(c Config) TerraformModuleConfig {
+	return TerraformModuleConfig{
+		Config: c,
+		Nix:    NewNixConfig(),
+	}
+}
+
+func (c TerraformModuleConfig) Render() error {
+	renderMap := templates.RenderMap{
+		templates.AllCommonTemplates: {
+			".envrc",
+			".github/renovate.json",
+		},
+		templates.TerraformModuleTemplates: {
+			".github/workflows/terraform.yaml",
+			".gitignore",
+			"flake.nix",
+			"justfile",
+		},
+	}
+
+	files, err := templates.RenderTemplates(renderMap, c)
+	if err != nil {
+		return err
+	}
+
+	return templates.WriteFiles(files)
+}
diff --git a/internal/templates/templates.go b/internal/templates/templates.go
@@ -25,11 +25,15 @@ var (
 	//go:embed all:templates/terraform/*
 	terraformFS embed.FS
 
-	AllCommonTemplates  *template.Template
-	GoCommonTemplates   *template.Template
-	GoCobraCliTemplates *template.Template
-	GoLambdaTemplates   *template.Template
-	TerraformTemplates  *template.Template
+	//go:embed all:templates/terraform-module/*
+	terraformModuleFS embed.FS
+
+	AllCommonTemplates       *template.Template
+	GoCommonTemplates        *template.Template
+	GoCobraCliTemplates      *template.Template
+	GoLambdaTemplates        *template.Template
+	TerraformTemplates       *template.Template
+	TerraformModuleTemplates *template.Template
 )
 
 // RenderMap maps a template set to the filenames* that should be written.
@@ -43,6 +47,7 @@ func init() {
 	GoCobraCliTemplates = template.Must(template.ParseFS(goCobraCliFS, "templates/go-cobra-cli/*"))
 	GoLambdaTemplates = template.Must(template.ParseFS(goLambdaFS, "templates/go-lambda/*"))
 	TerraformTemplates = template.Must(template.ParseFS(terraformFS, "templates/terraform/*"))
+	TerraformModuleTemplates = template.Must(template.ParseFS(terraformModuleFS, "templates/terraform-module/*"))
 }
 
 func RenderTemplates(in RenderMap, context any) (map[string]string, error) {

diff --git a/internal/templates/templates/terraform-module/.github__workflows__terraform.yaml b/internal/templates/templates/terraform-module/.github__workflows__terraform.yaml
@@ -0,0 +1,39 @@
+name: terraform
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+env:
+  CACHIX_BINARY_CACHE: {{ .Nix.Cachix.BinaryCache }}
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v15
+        with:
+          authToken: ${{"{{"}} secrets.CACHIX_AUTH_TOKEN {{"}}"}}
+          name: ${{"{{"}} env.CACHIX_BINARY_CACHE {{"}}"}}
+      - uses: actions/checkout@v4
+      - run: nix develop -c just check
+
+  package:
+    needs:
+      - check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v15
+        with:
+          authToken: ${{"{{"}} secrets.ALTF4LLC_CACHIX_AUTH_TOKEN {{"}}"}}
+          name: ${{"{{"}} env.CACHIX_BINARY_CACHE {{"}}"}}
+      - uses: actions/checkout@v4
+      - run: nix develop -c just package
diff --git a/internal/templates/templates/terraform-module/.gitignore b/internal/templates/templates/terraform-module/.gitignore
@@ -0,0 +1,38 @@
+.direnv
+*.tfplan
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
diff --git a/internal/templates/templates/terraform-module/flake.nix b/internal/templates/templates/terraform-module/flake.nix
@@ -0,0 +1,54 @@
+{
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+
+  outputs = inputs @ {
+    flake-parts,
+    nixpkgs,
+    ...
+  }:
+    flake-parts.lib.mkFlake {inherit inputs;} {
+      systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin"];
+
+      perSystem = {
+        config,
+        pkgs,
+        system,
+        ...
+      }: let
+        inherit (pkgs) just mkShell terraform-docs;
+        terraform = pkgs.terraform.withPlugins (ps: [
+          {{- range $p := .Providers }}
+          ps.{{ $p }}
+          {{- end }}
+        ]);
+      in {
+        _module.args.pkgs = import nixpkgs {
+          inherit system;
+          config.allowUnfree = true;
+        };
+
+        devShells = {
+          default = mkShell {
+            inputsFrom = [config.packages.default];
+            nativeBuildInputs = [
+              just
+              terraform-docs
+            ];
+          };
+        };
+
+        packages = {
+          default =
+            pkgs.runCommand "default"
+            {
+              src = ./.;
+            } ''
+              mkdir -p $out
+              cp -R $src/*.tf $out
+              ${terraform}/bin/terraform -chdir="$out" init
+              ${terraform}/bin/terraform -chdir="$out" validate
+            '';
+        };
+      };
+    };
+}
diff --git a/internal/templates/templates/terraform-module/justfile b/internal/templates/templates/terraform-module/justfile
@@ -0,0 +1,19 @@
+_default:
+    just --list
+
+check:
+    nix flake check
+
+docs:
+	terraform-docs markdown table \
+		--output-file README.md \
+		--output-mode inject .
+
+init:
+    terraform init
+
+package:
+    nix build --json --no-link --print-build-logs .
+
+validate:
+    terraform validate
diff --git a/internal/templates/templates/terraform/.github__workflows__terraform.yaml b/internal/templates/templates/terraform/.github__workflows__terraform.yaml
@@ -29,16 +29,16 @@ jobs:
       - run: nix develop -c just check
 
   plan:
-    runs-on: ubuntu-latest
-    needs: check
     concurrency:
-      group: tf-lock
       cancel-in-progress: false
+      group: tf-lock
+    env:
+      TF_VAR_PLATFORM_DIRECTORY_TOKEN: ${{"{{"}} secrets.TF_VAR_PLATFORM_DIRECTORY_TOKEN {{"}}"}}
+    needs: check
     permissions:
       contents: read
       id-token: write
-    env:
-      TF_VAR_PLATFORM_DIRECTORY_TOKEN: ${{"{{"}} secrets.TF_VAR_PLATFORM_DIRECTORY_TOKEN {{"}}"}}
+    runs-on: ubuntu-latest
     steps:
       - uses: cachix/install-nix-action@v27
         with:
@@ -63,19 +63,19 @@ jobs:
           path: terraform.tfplan
 
   apply:
-    if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
-    needs: plan
-    environment:
-      name: prod
-    permissions:
-      contents: read
-      id-token: write
     concurrency:
       group: tf-lock
       cancel-in-progress: false
+    environment:
+      name: prod
     env:
       TF_VAR_PACKER_SSH_PUBLIC_KEY: ${{"{{"}} secrets.TF_VAR_PACKER_SSH_PUBLIC_KEY {{"}}"}}
+    if: github.ref == 'refs/heads/main'
+    needs: plan
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
     steps:
       - uses: cachix/install-nix-action@v27
         with:

diff --git a/internal/templates/templates/terraform/flake.nix b/internal/templates/templates/terraform/flake.nix
@@ -1,5 +1,5 @@
 {
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
 
   outputs = inputs @ {
     flake-parts,
@@ -11,8 +11,6 @@
 
       perSystem = {
         config,
-        self',
-        inputs',
         pkgs,
         system,
         ...