draft

Author: JamesWoolfenden

.gitattributes

@@ -0,0 +1,63 @@
+###############################################################################
+# Set default behavior to automatically normalize line endings.
+###############################################################################
+* text=auto
+
+###############################################################################
+# Set default behavior for command prompt diff.
+#
+# This is need for earlier builds of msysgit that does not have it on by
+# default for csharp files.
+# Note: This is only used by command line
+###############################################################################
+#*.cs     diff=csharp
+
+###############################################################################
+# Set the merge driver for project and solution files
+#
+# Merging from the command prompt will add diff markers to the files if there
+# are conflicts (Merging from VS is not affected by the settings below, in VS
+# the diff markers are never inserted). Diff markers may cause the following
+# file extensions to fail to load in VS. An alternative would be to treat
+# these files as binary and thus will always conflict and require user
+# intervention with every merge. To do so, just uncomment the entries below
+###############################################################################
+#*.sln       merge=binary
+#*.csproj    merge=binary
+#*.vbproj    merge=binary
+#*.vcxproj   merge=binary
+#*.vcproj    merge=binary
+#*.dbproj    merge=binary
+#*.fsproj    merge=binary
+#*.lsproj    merge=binary
+#*.wixproj   merge=binary
+#*.modelproj merge=binary
+#*.sqlproj   merge=binary
+#*.wwaproj   merge=binary
+
+###############################################################################
+# behavior for image files
+#
+# image files are treated as binary by default.
+###############################################################################
+#*.jpg   binary
+#*.png   binary
+#*.gif   binary
+
+###############################################################################
+# diff behavior for common document formats
+#
+# Convert binary document formats to text before diffing them. This feature
+# is only available from the command line. Turn it on by uncommenting the
+# entries below.
+###############################################################################
+#*.doc   diff=astextplain
+#*.DOC   diff=astextplain
+#*.docx  diff=astextplain
+#*.DOCX  diff=astextplain
+#*.dot   diff=astextplain
+#*.DOT   diff=astextplain
+#*.pdf   diff=astextplain
+#*.PDF   diff=astextplain
+#*.rtf   diff=astextplain
+#*.RTF   diff=astextplain

.github/workflows/main.yml

@@ -0,0 +1,62 @@
+---
+# yamllint disable rule:line-length
+name: Verify and Bump
+on:
+  schedule:
+    - cron: '00 7 * * SUN'
+  push:
+    branches:
+      - main
+env:
+  terraform: 0.14.5
+  tf_target_dir: example/examplea
+  branch: main
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ env.branch }}
+          token: ${{ github.token }}
+      - name: Terraform Init
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: ${{ env.terraform }}
+          tf_actions_subcommand: init
+          tf_actions_working_dir: ${{ env.tf_target_dir }}
+      - name: Terraform Validate
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: ${{ env.terraform }}
+          tf_actions_subcommand: validate
+          tf_actions_working_dir: ${{ env.tf_target_dir }}
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ env.branch }}
+          token: ${{ github.token }}
+
+      - name: Checkov action
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: ${{ env.tf_target_dir }}
+          framework: terraform
+          args: "--output cli  --bc-api-key ${{ secrets.BC_API_KEY }}"
+  version:
+    name: versioning
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Bump version and push tag
+        if: ${{ !env.ACT }}
+        uses: anothrNick/github-tag-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEFAULT_BUMP: patch
+          WITH_V: "true"
+    needs: [terraform, security]

.github/workflows/pull_request.yml

@@ -0,0 +1,42 @@
+---
+# yamllint disable rule:line-length
+name: pull_request
+on: pull_request
+env:
+  terraform: 0.14.5
+  tf_target_dir: example/examplea
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          token: ${{ github.token }}
+      - name: Terraform Init
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: ${{ env.terraform }}
+          tf_actions_subcommand: init
+          tf_actions_working_dir: ${{ env.tf_target_dir }}
+      - name: Terraform Validate
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: ${{ env.terraform }}
+          tf_actions_subcommand: validate
+          tf_actions_working_dir: ${{ env.tf_target_dir }}
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          token: ${{ github.token }}
+
+      - name: Checkov action
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: "example/examplea"
+          framework: terraform
+          args: "--output cli  --bc-api-key ${{ secrets.BC_API_KEY }}"

.gitignore

@@ -0,0 +1,24 @@
+# Compiled files
+*.tfstate
+*.tfstate.backup
+*.zip
+.DS_Store
+# Module directory
+.terraform/
+.terraform
+__pycache__/
+.idea
+*.iml
+*.orig
+*.ini
+*~HEAD
+*backup
+*.ini
+tmp
+lambda
+*~HEAD
+*backup
+*.bak
+.terraform.tfstate.lock.info
+.terraform.lock.hcl
+*.log

.markdownlint.json

@@ -0,0 +1,12 @@
+{
+  "MD002": false,
+  "MD013": false,
+  "MD033": {
+    "allowed_elements": [
+      "br",
+      "pre"
+    ]
+  },
+  "MD034": false,
+  "MD041": false
+}

.markdownlintrc

@@ -0,0 +1,7 @@
+{
+  "default": true,
+  "first-header-h1": false,
+  "first-line-h1": false,
+  "line_length": false,
+  "no-multiple-blanks": false
+}

.pre-commit-config.yaml

@@ -0,0 +1,57 @@
+---
+# yamllint disable rule:line-length
+default_language_version:
+  python: python3.8
+repos:
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v3.4.0
+    hooks:
+      - id: check-json
+      - id: check-merge-conflict
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: pretty-format-json
+        args:
+          - --autofix
+      - id: detect-aws-credentials
+        args:
+          - --allow-missing-credentials
+      - id: detect-private-key
+  - repo: git://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.1.9
+    hooks:
+      - id: forbid-tabs
+        exclude_types: [python, javascript, dtd, markdown, makefile, xml]
+        exclude: binary|\.bin$
+  - repo: git://github.com/jameswoolfenden/pre-commit-shell
+    rev: 0.0.2
+    hooks:
+      - id: shell-lint
+  - repo: git://github.com/igorshubovych/markdownlint-cli
+    rev: v0.26.0
+    hooks:
+      - id: markdownlint
+  - repo: git://github.com/adrienverge/yamllint
+    rev: v1.26.0
+    hooks:
+      - id: yamllint
+        name: yamllint
+        description: This hook runs yamllint.
+        entry: yamllint
+        language: python
+        types: [file, yaml]
+  - repo: git://github.com/jameswoolfenden/pre-commit
+    rev: v0.1.35
+    hooks:
+      - id: terraform-fmt
+        language_version: python3.8
+      - id: tf2docs
+        language_version: python3.8
+  - repo: git://github.com/bridgecrewio/checkov
+    rev: 1.0.817
+    hooks:
+      - id: checkov
+        verbose: true
+        entry: checkov -d example/examplea --external-checks-dir checkov

.prettierignore

@@ -0,0 +1 @@
+README.md

.terraformignore

@@ -0,0 +1,6 @@
+.terraform/
+*.exe
+*.tfstate
+*.backup
+*.bak
+*.info