feat: basic seqerakit module

.gitignore

@@ -36,3 +36,6 @@ tests/logs/*
 tests/datafiles/*.tfvars
 tests/datafiles/secrets/*.json
 tests/.templatefile_cache
+
+# Generated files from modules
+**/generated/

modules/seqerakit/README.md

@@ -0,0 +1,195 @@
+# Seqerakit Module
+
+Generates and manages Seqerakit configuration files and scripts for Tower/Seqera Platform integration.
+
+## Features
+
+- Generates Seqerakit setup YAML configuration
+- Creates AWS Batch compute environment configurations  
+- Manages secrets loading from AWS Systems Manager (SSM)
+- Supports both Fusion v2 and traditional compute environments
+- Handles multiple credential types (AWS, GitHub, Docker, CodeCommit)
+- Generates CodeCommit workspace ID scripts
+
+## Usage
+
+```hcl
+module "seqerakit" {
+  source = "./modules/seqerakit/v1.0.0"
+
+  # Required Configuration
+  aws_account = var.aws_account
+  aws_region  = var.aws_region
+  aws_profile = var.aws_profile
+  default_tags = var.default_tags
+  app_name = var.app_name
+
+  # Seqerakit Settings
+  flag_run_seqerakit = true
+  seqerakit_org_name = "my-org"
+  seqerakit_org_fullname = "My Organization"
+  seqerakit_org_url = "https://my-org.seqera.io"
+  seqerakit_team_name = "my-team"
+  seqerakit_team_members = "user1@example.com,user2@example.com"
+  seqerakit_workspace_name = "my-workspace"
+  seqerakit_workspace_fullname = "My Workspace"
+  seqerakit_compute_env_name = "my-compute-env"
+  seqerakit_compute_env_region = "us-west-2"
+  seqerakit_root_bucket = "my-s3-bucket"
+  seqerakit_workdir = "/tmp/work"
+  seqerakit_outdir = "/tmp/output"
+
+  # AWS Configuration
+  seqerakit_aws_use_fusion_v2 = true
+  seqerakit_aws_use_forge = true
+  seqerakit_aws_use_batch = true
+  seqerakit_aws_fusion_instances = "m5.large,m5.xlarge"
+  seqerakit_aws_normal_instances = "t3.medium,t3.large"
+  seqerakit_aws_manual_head_queue = "head-queue"
+  seqerakit_aws_manual_compute_queue = "compute-queue"
+
+  # Credentials Configuration
+  seqerakit_flag_credential_create_aws = true
+  seqerakit_flag_credential_create_github = true
+  seqerakit_flag_credential_create_docker = true
+  seqerakit_flag_credential_create_codecommit = true
+  seqerakit_flag_credential_use_aws_role = false
+
+  # Infrastructure (optional)
+  vpc_id = var.vpc_id
+  subnet_ids = var.subnet_ids
+  security_group_ids = var.security_group_ids
+  ec2_key_pair_name = var.ec2_key_pair_name
+
+  # Secrets
+  secrets_bootstrap_seqerakit = "/myapp/seqerakit/secrets"
+}
+```
+
+## Secrets Management
+
+### Environment Variable Approach
+The module uses environment variables instead of hardcoded secrets for security:
+
+```bash
+# Load secrets from SSM into environment variables
+source helpers/load_seqerakit_secrets.sh
+
+# Run terraform to generate config files
+terraform apply
+```
+
+### SSM Parameter Structure
+Store secrets in SSM as a JSON object:
+
+```json
+{
+  "TOWER_AWS_USER": {"value": "AKIA..."},
+  "TOWER_AWS_PASSWORD": {"value": "secret..."},
+  "TOWER_AWS_ROLE": {"value": "arn:aws:iam::..."},
+  "TOWER_GITHUB_USER": {"value": "username"},
+  "TOWER_GITHUB_TOKEN": {"value": "ghp_..."},
+  "TOWER_DOCKER_USER": {"value": "username"},
+  "TOWER_DOCKER_TOKEN": {"value": "token..."},
+  "TOWER_CODECOMMIT_USER": {"value": "username"},
+  "TOWER_CODECOMMIT_PASSWORD": {"value": "password..."},
+  "TOWER_CODECOMMIT_REGION": {"value": "us-west-2"}
+}
+```
+
+### Loading Scripts
+```bash
+# Auto-detect AWS profile from terraform.tfvars
+source helpers/load_seqerakit_secrets.sh
+
+# Specify bootstrap path
+source helpers/load_seqerakit_secrets.sh /myapp/seqerakit/config
+
+# Specify both path and profile
+source helpers/load_seqerakit_secrets.sh /myapp/seqerakit/config playground
+```
+
+## Generated Files
+
+| File | Description |
+|------|-------------|
+| `setup.yml` | Main Seqerakit configuration |
+| `aws_batch_manual.yml` | AWS Batch compute environment |
+| `codecommit_set_workspace_id.sh` | CodeCommit workspace setup |
+| `load_seqerakit_secrets.sh` | Secrets loading script |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| `aws_account` | AWS account ID | `string` | n/a | yes |
+| `aws_region` | AWS region | `string` | n/a | yes |
+| `aws_profile` | AWS profile to use | `string` | n/a | yes |
+| `default_tags` | Default tags to apply to all resources | `map(string)` | n/a | yes |
+| `app_name` | Application name | `string` | n/a | yes |
+| `flag_run_seqerakit` | Whether to run Seqerakit setup | `bool` | n/a | yes |
+| `seqerakit_org_name` | Seqerakit organization name | `string` | n/a | yes |
+| `seqerakit_org_fullname` | Seqerakit organization full name | `string` | n/a | yes |
+| `seqerakit_org_url` | Seqerakit organization URL | `string` | n/a | yes |
+| `seqerakit_team_name` | Seqerakit team name | `string` | n/a | yes |
+| `seqerakit_team_members` | Seqerakit team members (comma-separated) | `string` | n/a | yes |
+| `seqerakit_workspace_name` | Seqerakit workspace name | `string` | n/a | yes |
+| `seqerakit_workspace_fullname` | Seqerakit workspace full name | `string` | n/a | yes |
+| `seqerakit_compute_env_name` | Seqerakit compute environment name | `string` | n/a | yes |
+| `seqerakit_compute_env_region` | Seqerakit compute environment region | `string` | n/a | yes |
+| `seqerakit_root_bucket` | Seqerakit root S3 bucket | `string` | n/a | yes |
+| `seqerakit_workdir` | Seqerakit working directory | `string` | n/a | yes |
+| `seqerakit_outdir` | Seqerakit output directory | `string` | n/a | yes |
+| `seqerakit_aws_use_fusion_v2` | Whether to use Fusion v2 for Seqerakit | `bool` | n/a | yes |
+| `seqerakit_aws_use_forge` | Whether to use Forge for Seqerakit | `bool` | n/a | yes |
+| `seqerakit_aws_use_batch` | Whether to use AWS Batch for Seqerakit | `bool` | n/a | yes |
+| `seqerakit_aws_fusion_instances` | Fusion instance types for Seqerakit | `string` | n/a | yes |
+| `seqerakit_aws_normal_instances` | Normal instance types for Seqerakit | `string` | n/a | yes |
+| `seqerakit_aws_manual_head_queue` | Manual head queue for Seqerakit | `string` | n/a | yes |
+| `seqerakit_aws_manual_compute_queue` | Manual compute queue for Seqerakit | `string` | n/a | yes |
+| `seqerakit_flag_credential_create_aws` | Whether to create AWS credentials for Seqerakit | `bool` | n/a | yes |
+| `seqerakit_flag_credential_create_github` | Whether to create GitHub credentials for Seqerakit | `bool` | n/a | yes |
+| `seqerakit_flag_credential_create_docker` | Whether to create Docker credentials for Seqerakit | `bool` | n/a | yes |
+| `seqerakit_flag_credential_create_codecommit` | Whether to create CodeCommit credentials for Seqerakit | `bool` | n/a | yes |
+| `seqerakit_flag_credential_use_aws_role` | Whether to use AWS role for Seqerakit credentials | `bool` | n/a | yes |
+| `vpc_id` | VPC ID for compute environment | `string` | `""` | no |
+| `subnet_ids` | Subnet IDs for compute environment | `list(string)` | `[]` | no |
+| `security_group_ids` | Security group IDs for compute environment | `list(string)` | `[]` | no |
+| `ec2_key_pair_name` | EC2 Key pair name for compute environment | `string` | `""` | no |
+| `secrets_bootstrap_seqerakit` | SSM SecureString parameter name for Seqerakit secrets | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| `seqerakit_yml` | Generated seqerakit setup YAML content |
+| `aws_batch_manual` | Generated AWS Batch manual compute environment YAML |
+| `codecommit_script` | Generated CodeCommit workspace ID script |
+| `load_secrets_script` | Script to load Seqerakit secrets from SSM into environment variables |
+| `generated_files` | Map of generated file paths |
+| `seqerakit_secrets` | Seqerakit secrets from SSM (sensitive) |
+
+## Troubleshooting
+
+### Missing Environment Variables
+```bash
+# Check if secrets are loaded
+echo $TOWER_AWS_USER
+echo $TOWER_GITHUB_TOKEN
+
+# Verify SSM parameter exists
+aws ssm get-parameter --name "/myapp/seqerakit/secrets" --with-decryption
+```
+
+### Empty Values
+Empty values are normal if certain credentials aren't configured in your bootstrap parameter.
+
+## Requirements
+
+- Terraform >= 1.0
+- AWS Provider >= 5.0
+- Local Provider >= 2.0
+
+## Version History
+
+- **v1.0.0** - Initial release with consolidated module structure and environment variable secrets

modules/seqerakit/v1.0.0/compute-envs/aws_batch_manual.yml.tpl

@@ -0,0 +1,14 @@
+compute-envs:
+  - type: aws-batch 
+    config-mode: manual
+    name: "${seqerakit_compute_env_name}"
+    workspace: "${seqerakit_org_name}/${seqerakit_workspace_name}"
+    credentials: 'aws_credentials'
+    work-dir: ${seqerakit_workdir}
+    region: ${aws_region}
+    head-queue: ${seqerakit_aws_manual_head_queue}
+    compute-queue: ${seqerakit_aws_manual_compute_queue}
+    fusion-v2: ${use_fusion_v2}
+    wave: ${use_wave}
+    wait: 'AVAILABLE'
+    overwrite: True

modules/seqerakit/v1.0.0/credentials/codecommit.json

@@ -0,0 +1,13 @@
+{
+  "credentials": {
+    "name": "myCodeCommit",
+    "description": "myCodeCommit",
+    "provider": "codecommit",
+    "baseUrl": "WILL_BE_SUBSTITUTED_BY_ANSIBLE",
+    "category": "dunno",
+    "keys": {
+      "username": "WILL_BE_SUBSTITUTED_BY_ANSIBLE",
+      "password": "WILL_BE_SUBSTITUTED_BY_ANSIBLE"
+    }
+  }
+}

modules/seqerakit/v1.0.0/helpers/codecommit_set_workspace_id.sh.tpl

@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+# Add TF vars here and export to keep segregated.
+export CC_ORG_NAME=${seqerakit_org_name}
+export CC_WORKSPACE_NAME=${seqerakit_workspace_name}

modules/seqerakit/v1.0.0/helpers/load_seqerakit_secrets.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# ------------------------------------------------------------------------------------
+# Load Seqerakit Secrets from SSM into Environment Variables
+# ------------------------------------------------------------------------------------
+# Usage: source load_seqerakit_secrets.sh [bootstrap_ssm_path] [aws_profile] [aws_region]
+# Example: source load_seqerakit_secrets.sh /scidev/seqerakit/config playground us-east-1
+# ------------------------------------------------------------------------------------
+
+# set -e
+
+# Get parameters
+BOOTSTRAP_SSM_PATH=${1:-"/scidev/seqerakit/config"}
+AWS_PROFILE_PARAM=${2:-"$AWS_PROFILE"}
+AWS_REGION_PARAM=${3:-"$AWS_DEFAULT_REGION"}
+
+echo "Loading secrets from: $BOOTSTRAP_SSM_PATH"
+if [ -n "$AWS_PROFILE_PARAM" ]; then
+    echo "Using AWS profile: $AWS_PROFILE_PARAM"
+    export AWS_PROFILE="$AWS_PROFILE_PARAM"
+fi
+if [ -n "$AWS_REGION_PARAM" ]; then
+    echo "Using AWS region: $AWS_REGION_PARAM"
+    export AWS_DEFAULT_REGION="$AWS_REGION_PARAM"
+    export AWS_REGION="$AWS_REGION_PARAM"
+fi
+
+# Check dependencies
+if ! command -v jq &> /dev/null; then
+    echo "❌ Error: jq is required. Install with: brew install jq"
+    return 1
+fi
+
+if ! command -v aws &> /dev/null; then
+    echo "❌ Error: AWS CLI is required"
+    return 1
+fi
+
+# Test AWS CLI
+if ! aws sts get-caller-identity &>/dev/null; then
+    echo "❌ Error: AWS CLI not configured. Run 'aws configure' or 'aws sso login'"
+    return 1
+fi
+
+# Get the bootstrap parameter
+BOOTSTRAP_JSON=$(aws ssm get-parameters \
+    --name "$BOOTSTRAP_SSM_PATH" \
+    --with-decryption \
+    --query "Parameters[*].{Value:Value}" \
+    --output text)
+
+if [ -z "$BOOTSTRAP_JSON" ] || [ "$BOOTSTRAP_JSON" = "None" ]; then
+    echo "❌ Error: Parameter not found: $BOOTSTRAP_SSM_PATH"
+    return 1
+fi
+
+# Validate JSON
+if ! echo "$BOOTSTRAP_JSON" | jq empty 2>/dev/null; then
+    echo "❌ Error: Invalid JSON in parameter"
+    return 1
+fi
+
+# Extract and set environment variables
+export TOWER_AWS_USER=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_AWS_USER"]["value"] // empty')
+export TOWER_AWS_PASSWORD=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_AWS_PASSWORD"]["value"] // empty')
+export TOWER_AWS_ROLE=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_AWS_ROLE"]["value"] // empty')
+export TOWER_GITHUB_USER=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_GITHUB_USER"]["value"] // empty')
+export TOWER_GITHUB_TOKEN=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_GITHUB_TOKEN"]["value"] // empty')
+export TOWER_DOCKER_USER=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_DOCKER_USER"]["value"] // empty')
+export TOWER_DOCKER_TOKEN=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_DOCKER_TOKEN"]["value"] // empty')
+export TOWER_CODECOMMIT_USER=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_CODECOMMIT_USER"]["value"] // empty')
+export TOWER_CODECOMMIT_PASSWORD=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_CODECOMMIT_PASSWORD"]["value"] // empty')
+export TOWER_CODECOMMIT_REGION=$(echo "$BOOTSTRAP_JSON" | jq -r '.["TOWER_CODECOMMIT_REGION"]["value"] // empty')
+
+echo "✓ Secrets loaded successfully"

modules/seqerakit/v1.0.0/helpers/split_for_codecommit.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+import yaml
+
+yaml.sort_base_mapping_type_on_output = False
+
+original_setup = open('../setup.yml', 'r')
+
+cc_first_keys = ["organizations","workspaces","teams","participants","credentials"]
+cc_second_keys = ["pipelines","launch","compute-envs"]
+
+cc_first_dict = {}
+cc_second_dict = {}
+
+original_yaml = yaml.safe_load(original_setup) #, Loader=Loader)
+
+
+for key in cc_first_keys:
+    cc_first_dict[key] = original_yaml[key]
+
+for key in cc_second_keys:
+    cc_second_dict[key] = original_yaml[key]
+
+
+with open('../cc_first.yaml', 'w') as yamlfile:
+    yaml.safe_dump(cc_first_dict, yamlfile, sort_keys=False)
+
+with open('../cc_second.yaml', 'w') as yamlfile:
+    yaml.safe_dump(cc_second_dict, yamlfile, sort_keys=False)
+