Initial Commit

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @Richard-Barrett

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,41 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+
+- OS: [e.g. iOS]
+- Browser [e.g. chrome, safari]
+- Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+
+- Device: [e.g. iPhone6]
+- OS: [e.g. iOS8.1]
+- Browser [e.g. stock browser, safari]
+- Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -0,0 +1,11 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/pull_request_template.md

@@ -0,0 +1,7 @@
+DESCRIPTION
+-----------
+< Description of the PR and what it accomplishes >
+
+ISSUE
+------
+< GitHub Issue ID, Jira Ticket ID, Trello Link, or Custom >

.github/workflows/docs.yaml

@@ -0,0 +1,20 @@
+---
+name: 'Terraform Docs'
+on:
+  pull_request:
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.AUTOMATION_PAT }}
+      - name: 'Docs'
+        uses: terraform-docs/gh-actions@v1
+        with:
+          find-dir: terraform/
+          output-file: README.md
+          output-method: inject
+          git-push: "true"

.github/workflows/format.yaml

@@ -0,0 +1,24 @@
+---
+name: 'Format'
+on:
+  pull_request:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.AUTOMATION_PAT }}
+      - name: 'Setup'
+        uses: hashicorp/[email protected]
+        with:
+          terraform_version: 1.1.5
+      - name: 'Format'
+        id: fmt
+        run: terraform fmt -recursive
+      - name: 'Fix'
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: 'terraform fmt: automated action'

.github/workflows/greetings.yaml

@@ -0,0 +1,17 @@
+---
+name: Greetings
+
+on: [pull_request_target, issues]
+
+jobs:
+  greeting:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+    - uses: actions/first-interaction@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-message: 'Message that will be displayed on users first issue'
+        pr-message: 'Message that will be displayed on users first pull request'

.github/workflows/iac-codeql.yaml

@@ -0,0 +1,22 @@
+---
+name: "CodeQL IaC"
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch:
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: "ubuntu-latest"
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Initialize and Analyze IaC
+        id: codeql_iac
+        uses: advanced-security/codeql-extractor-iac@main

.github/workflows/pre-commit.yaml

@@ -0,0 +1,15 @@
+---
+name: Pre-Commit
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
+    #- uses: pre-commit/[email protected]

.github/workflows/release.yaml

@@ -0,0 +1,17 @@
+---
+name: 'Release'
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+      - name: 'Release'
+        uses: "marvinpinto/[email protected]"
+        with:
+          repo_token: "${{ secrets.AUTOMATION_PAT }}"
+          prerelease: false

.github/workflows/stale.yaml

@@ -0,0 +1,28 @@
+---
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '34 17 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v9
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'Stale issue message'
+        stale-pr-message: 'Stale pull request message'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'

.github/workflows/tag.yaml

@@ -0,0 +1,16 @@
+---
+name: 'Tag'
+on:
+  push:
+    branches:
+      - main
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+      - name: 'Tag'
+        uses: anothrNick/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUTOMATION_PAT }}

.github/workflows/terraform_validate.yaml

@@ -0,0 +1,16 @@
+---
+name: Terraform Validate
+on: [push]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Validate Terraform module
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: terraform validate
+        uses: dflook/terraform-validate@v1
+        with:
+          path: 'examples/complete/'

.github/workflows/tflint.yaml

@@ -0,0 +1,41 @@
+---
+name: TFLint
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  tflint:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: actions/cache@v4
+      name: Cache plugin dir
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - uses: terraform-linters/setup-tflint@v4
+      name: Setup TFLint
+      with:
+        tflint_version: v0.50.3
+
+    - name: Show version
+      run: tflint --version
+
+    - name: Init TFLint
+      run: tflint --init
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+
+    - name: Run TFLint
+      run: tflint -f compact

.github/workflows/trivy.yaml

@@ -0,0 +1,24 @@
+---
+name: Trivy Scan
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Security Scan
+        if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch)
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'config'
+          scan-ref: './examples/complete/'
+          hide-progress: false
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'

.pre-commit-config.yaml

@@ -0,0 +1,15 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+  - repo: https://github.com/antonbabenko/pre-commit-terraform #  https://github.com/antonbabenko/pre-commit-terraform#terraform_tflint
+    rev: v1.83.5 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_tflint
+      - id: terraform_validate

Makefile

@@ -0,0 +1,24 @@
+MKFILE_DIR := $(abspath $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))))
+
+# Make Terraform Documentation
+.PHONY: docs
+docs:
+	for directory in .; do \
+	  terraform-docs markdown table --output-file README.md --output-mode inject "$${directory}" ; \
+	done
+
+.Phony: format
+format:
+	cd terraform/ && terraform fmt -recursive && cd ..
+
+.PHONY: fixcommit
+fixcommit:
+	pre-commit run --all-files
+
+.PHONY: diagram
+diagram:
+	python3 diagram.py
+
+.PHONY: tflint
+tflint:
+	tflint --recursive