Testing Workflows (#1)

* chore: testing the workflows

* chore: updating the workflow permissions

* chore: validating the workflow

* chore: adding the tflint

.github/workflows/release.yml

@@ -6,6 +6,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: write
+
 jobs:
   release:
     uses: appvia/appvia-cicd-workflows/.github/workflows/terraform-module-release.yml@main

.github/workflows/terraform.yml

@@ -7,17 +7,20 @@ on:
   pull_request:
     branches:
       - main
-      - vnext
+
+permissions:
+  contents: read
+  pull-requests: write
 
 jobs:
-  budgets-module-validation:
+  budgets-validation:
     uses: appvia/appvia-cicd-workflows/.github/workflows/terraform-module-validation.yml@main
-    name: Budgets Module Validation
+    name: Budgets Validation
     with:
       working-directory: modules/budgets
 
-  team-budgets-module-validation:
+  team-budgets-validation:
     uses: appvia/appvia-cicd-workflows/.github/workflows/terraform-module-validation.yml@main
-    name: Team Budgets Module Validation
+    name: Team Budgets Validation
     with:
       working-directory: modules/team-budgets

.tflint.hcl

@@ -9,6 +9,7 @@ config {
   force  = false
 }
 
+
 rule "terraform_required_providers" {
   enabled = true
 }

Makefile

@@ -0,0 +1,98 @@
+#
+# Copyright (C) 2024  Appvia Ltd <[email protected]>
+#  
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+AUTHOR_EMAIL[email protected]
+
+.PHONY: all security lint format documentation documentation-examples validate-all validate validate-examples init
+
+default: all
+
+all: 
+	$(MAKE) init
+	$(MAKE) validate
+	$(MAKE) lint
+	$(MAKE) security
+	$(MAKE) format
+	$(MAKE) documentation
+
+documentation: 
+	@echo "--> Generating documentation"
+	@terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .
+	$(MAKE) documentation-examples
+
+documentation-examples:
+	@echo "--> Generating documentation examples"
+	@find examples -type d -mindepth 1 -maxdepth 1 -exec terraform-docs markdown table --output-file README.md --output-mode inject {} \;
+
+init: 
+	@echo "--> Running terraform init"
+	@terraform init -backend=false
+
+security: 
+	@echo "--> Running Security checks"
+	@tfsec .
+	$(MAKE) security-examples
+
+security-examples:
+	@echo "--> Running Security checks on examples"
+	@find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+		echo "--> Validating $$dir"; \
+		tfsec $$dir; \
+	done
+
+validate-all:
+	@echo "--> Running all validation checks"
+	$(MAKE) validate
+	$(MAKE) validate-examples
+
+validate:
+	@echo "--> Running terraform validate"
+	@terraform init -backend=false
+	@terraform validate
+	$(MAKE) validate-examples
+
+validate-examples:
+	@echo "--> Running terraform validate on examples"
+	@find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+		echo "--> Validating $$dir"; \
+		terraform -chdir=$$dir init; \
+		terraform -chdir=$$dir validate; \
+	done
+
+lint:
+	@echo "--> Running tflint"
+	@tflint --init 
+	@tflint -f compact
+	$(MAKE) lint-examples
+
+lint-examples:
+	@echo "--> Running tflint on examples"
+	@find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+		echo "--> Linting $$dir"; \
+		tflint --chdir=$$dir --init; \
+		tflint --chdir=$$dir -f compact; \
+	done
+
+format: 
+	@echo "--> Running terraform fmt"
+	@terraform fmt -recursive -write=true
+
+clean:
+	@echo "--> Cleaning up"
+	@find . -type d -name ".terraform" | while read -r dir; do \
+		echo "--> Removing $$dir"; \
+		rm -rf $$dir; \
+	done

examples/budgets/README.md

@@ -0,0 +1,41 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
+| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.11.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_budgets"></a> [budgets](#module\_budgets) | ../../modules/budgets | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_secretsmanager_secret.notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |
+| [aws_secretsmanager_secret_version.notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_budgets"></a> [budgets](#input\_budgets) | A collection of budgets to provision | <pre>list(object({<br>    name         = string<br>    budget_type  = optional(string, "COST")<br>    limit_amount = optional(string, "100.0")<br>    limit_unit   = optional(string, "PERCENTAGE")<br>    time_unit    = optional(string, "MONTHLY")<br><br>    notification = optional(object({<br>      comparison_operator = string<br>      threshold           = number<br>      threshold_type      = string<br>      notification_type   = string<br>    }), null)<br><br>    auto_adjust_data = optional(list(object({<br>      auto_adjust_type = string<br>    })), [])<br><br>    cost_filter = optional(list(object({<br>      name   = string<br>      values = list(string)<br>    })), [])<br><br>    cost_types = optional(object({<br>      include_credit             = optional(bool, false)<br>      include_discount           = optional(bool, false)<br>      include_other_subscription = optional(bool, false)<br>      include_recurring          = optional(bool, false)<br>      include_refund             = optional(bool, false)<br>      include_subscription       = optional(bool, false)<br>      include_support            = optional(bool, false)<br>      include_tax                = optional(bool, false)<br>      include_upfront            = optional(bool, false)<br>      use_blended                = optional(bool, false)<br>      }), {<br>      include_credit             = false<br>      include_discount           = false<br>      include_other_subscription = false<br>      include_recurring          = false<br>      include_refund             = false<br>      include_subscription       = true<br>      include_support            = false<br>      include_tax                = false<br>      include_upfront            = false<br>      use_blended                = false<br>    })<br>  }))</pre> | `[]` | no |
+| <a name="input_notification_emails"></a> [notification\_emails](#input\_notification\_emails) | A list of email addresses to notify when a budget exceeds its threshold | `list(string)` | `[]` | no |
+| <a name="input_notification_secret_name"></a> [notification\_secret\_name](#input\_notification\_secret\_name) | The name of the secret containing the email address to notify when a budget exceeds its threshold | `string` | `"notification/secret"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->