chore: Update tests to use local paths and add CI workflows (#4)

.github/pull_request_template.md

@@ -1,7 +1,7 @@
 ### What does this PR do?
 
 🛑 Please open an issue first to discuss any significant work and flesh out details/direction - we would hate for your time to be wasted.
-Consult the [CONTRIBUTING](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/CONTRIBUTING.md#contributing-via-pull-requests) guide for submitting pull-requests.
+Consult the [CONTRIBUTING](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/blob/main/.github/CONTRIBUTING.md#contributing-via-pull-requests) guide for submitting pull-requests.
 
 <!-- A brief description of the change being made with this pull request. -->
 
@@ -13,15 +13,8 @@ Consult the [CONTRIBUTING](https://github.com/aws-ia/terraform-aws-eks-blueprint
 ### More
 
 - [ ] Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
-- [ ] Yes, I have added a new example under [examples](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples) to support my PR
-- [ ] Yes, I have created another PR for add-ons under [add-ons](https://github.com/aws-samples/eks-blueprints-add-ons) repo (if applicable)
-- [ ] Yes, I have updated the [docs](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/docs) for this feature
 - [ ] Yes, I ran `pre-commit run -a` with this PR
 
-**Note**: Not all the PRs require a new example and/or doc page. In general:
-- Use an existing example when possible to demonstrate a new addons usage
-- A new docs page under `docs/add-ons/*` is required for new a new addon
-
 ### For Moderators
 
 - [ ] E2E Test successfully complete before merge?

.github/workflows/pr-title.yaml

@@ -0,0 +1,26 @@
+name: 'PR title'
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          requireScope: false
+          subjectPattern: ^[A-Z].+$
+          subjectPatternError: |
+            The subject "{subject}" found in the pull request title "{title}"
+            didn't match the configured pattern. Please ensure that the subject
+            starts with an uppercase character.
+          wip: true
+          validateSingleCommit: false

.github/workflows/pre-commit.yaml

@@ -0,0 +1,134 @@
+name: pre-commit
+
+on:
+  pull_request:
+    branches:
+      - main
+
+env:
+  TERRAFORM_DOCS_VERSION: v0.16.0
+  TFSEC_VERSION: v1.28.1
+  TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
+  TFLINT_VERSION: v0.45.0
+
+jobs:
+  collectInputs:
+    name: Collect workflow inputs
+    runs-on: ubuntu-latest
+    outputs:
+      directories: ${{ steps.dirs.outputs.directories }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Get root directories
+        id: dirs
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+
+  preCommitMinVersions:
+    name: Min TF pre-commit
+    needs: collectInputs
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
+    steps:
+      - name: Remove default Terraform
+        run: rm -rf $(which terraform)
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: dorny/paths-filter@v2
+        id: changes
+        with:
+          # We only need to check Terraform files for the current directory
+          # because the `preCommitMaxVersion` job will run the full,
+          # exhaustive checks (always)
+          filters: |
+            src:
+              - '${{ matrix.directory }}/*.tf'
+
+      - name: Config Terraform plugin cache
+        if: steps.changes.outputs.src == 'true'
+        run: mkdir --parents ${{ env.TERRAFORM_DOCS_VERSION }}
+
+      - name: Cache Terraform
+        uses: actions/cache@v3
+        if: steps.changes.outputs.src == 'true'
+        with:
+          path: ${{ env.TERRAFORM_DOCS_VERSION }}
+          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
+          restore-keys: ${{ runner.os }}-terraform-
+
+      - name: Terraform min/max versions
+        uses: clowdhaus/[email protected]
+        if: steps.changes.outputs.src == 'true'
+        id: minMax
+        with:
+          directory: ${{ matrix.directory }}
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory !=  '.' && steps.changes.outputs.src == 'true' }}
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory ==  '.' && steps.changes.outputs.src == 'true' }}
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
+
+  preCommitMaxVersion:
+    name: Max TF pre-commit
+    runs-on: ubuntu-latest
+    needs: collectInputs
+    steps:
+      - name: Remove default Terraform
+        run: rm -rf $(which terraform)
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: dorny/paths-filter@v2
+        id: changes
+        with:
+          filters: |
+            src:
+              - '**/*.tf'
+
+      - name: Config Terraform plugin cache
+        if: steps.changes.outputs.src == 'true'
+        run: mkdir --parents ${{ env.TERRAFORM_DOCS_VERSION }}
+
+      - name: Cache Terraform
+        uses: actions/cache@v3
+        if: steps.changes.outputs.src == 'true'
+        with:
+          path: ${{ env.TF_PLUGIN_CACHE_DIR }}
+          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
+          restore-keys: ${{ runner.os }}-terraform-
+
+      - name: Install tfsec
+        if: steps.changes.outputs.src == 'true'
+        run: curl -sSLo ./tfsec https://github.com/aquasecurity/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-$(uname)-amd64 && chmod +x tfsec && sudo mv tfsec /usr/bin/
+
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/[email protected]
+        if: steps.changes.outputs.src == 'true'
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        if: steps.changes.outputs.src == 'true'
+        with:
+          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
+          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+          tflint-version: ${{ env.TFLINT_VERSION }}

.github/workflows/stale-issue-pr.yaml

@@ -0,0 +1,33 @@
+name: 'Stale Issue/PR'
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v6
+        id: stale
+        with:
+          ascending: true
+          close-issue-message: 'Issue closed due to inactivity.'
+          close-pr-message: 'Pull request closed due to inactivity.'
+          days-before-close: 10
+          days-before-stale: 30
+          stale-issue-label: stale
+          stale-pr-label: stale
+          # Not stale if have this labels
+          exempt-issue-labels: 'bug,enhancement'
+          exempt-pr-labels: 'bug,enhancement'
+          operations-per-run: 100
+          stale-issue-message: |
+            This issue has been automatically marked as stale because it has been open 30 days
+            with no activity. Remove stale label or comment or this issue will be closed in 10 days
+          stale-pr-message: |
+            This PR has been automatically marked as stale because it has been open 30 days
+            with no activity. Remove stale label or comment or this PR will be closed in 10 days

.pre-commit-config.yaml

@@ -31,9 +31,10 @@ repos:
           - '--args=--only=terraform_required_providers'
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
+          - '--args=--only=terraform_empty_list_equality'
+          - '--args=--only=terraform_unused_required_providers'
       - id: terraform_validate
-        exclude: deploy
       - id: terraform_tfsec
         args:
           - --args=--concise-output
-          - --args=--exclude-path=examples/
+          - --args=--exclude-path=tests/

README.md

@@ -4,7 +4,7 @@ Terraform module which creates AWS Eks Multi Tenancy resources.
 
 ## Usage
 
-See [`examples`](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/tree/main/examples) directory for working examples to reference:
+See [`tests`](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/tree/main/test) directory for working tests to reference:
 
 
 ### Standalone - Admin Team
@@ -246,12 +246,6 @@ module "development_team" {
 }
 ```
 
-## Examples
-
-Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/tree/main/examples) are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
-
-- [Complete](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/tree/main/examples/complete)
-
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 

tests/README.md

@@ -0,0 +1,3 @@
+# Terraform AWS EKS Multi-Tenancy Tests
+
+- [Complete](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/tree/main/tests/complete)

examples/complete/README.md → tests/complete/README.md

@@ -3,7 +3,7 @@
 Configuration in this directory creates:
 
 - An EKS cluster for demonstration
-- An adminstrative team
+- An administrative team
 - A red team which demonstrates creating one team per module definition
 - Blue teams which demonstrates creating multiple teams per module definition
 
@@ -38,10 +38,10 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_admin_team"></a> [admin\_team](#module\_admin\_team) | github.com/aws-ia/terraform-aws-eks-blueprints-teams | v0.1.0 |
-| <a name="module_blue_teams"></a> [blue\_teams](#module\_blue\_teams) | github.com/aws-ia/terraform-aws-eks-blueprints-teams | v0.1.0 |
+| <a name="module_admin_team"></a> [admin\_team](#module\_admin\_team) | ../.. | n/a |
+| <a name="module_blue_teams"></a> [blue\_teams](#module\_blue\_teams) | ../.. | n/a |
 | <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.10 |
-| <a name="module_red_team"></a> [red\_team](#module\_red\_team) | github.com/aws-ia/terraform-aws-eks-blueprints-teams | v0.1.0 |
+| <a name="module_red_team"></a> [red\_team](#module\_red\_team) | ../.. | n/a |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources

examples/complete/main.tf → tests/complete/main.tf

@@ -18,8 +18,8 @@ data "aws_availability_zones" "available" {}
 data "aws_caller_identity" "current" {}
 
 locals {
-  region = "us-east-1"
-  name   = "eks-multi-tenancy-ex-${basename(path.cwd)}"
+  region = "us-west-2"
+  name   = "ex-teams-${basename(path.cwd)}"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -36,7 +36,7 @@ locals {
 ################################################################################
 
 module "admin_team" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-teams?ref=v0.1.0"
+  source = "../.."
 
   name = "admin-team"
 
@@ -48,7 +48,7 @@ module "admin_team" {
 }
 
 module "red_team" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-teams?ref=v0.1.0"
+  source = "../.."
 
   name = "red-team"
 
@@ -167,7 +167,7 @@ module "red_team" {
 }
 
 module "blue_teams" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-teams?ref=v0.1.0"
+  source = "../.."
 
   for_each = {
     one = {}
@@ -215,13 +215,6 @@ module "eks" {
   cluster_version                = "1.24"
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets