feat: changes in modules

clouddrove · Mar 29, 2024 · bf873c7 · bf873c7
1 parent 0ea8f0c
commit bf873c7
Show file tree

Hide file tree

Showing 15 changed files with 132 additions and 171 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,12 +5,52 @@
 
 version: 2
 updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 3
+    assignees:
+      - "clouddrove-ci"
+    reviewers:
+      - "approvers"
+
   - package-ecosystem: "terraform" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+    # Add assignees
+    assignees:
+      - "clouddrove-ci"
+    # Add reviewer
+    reviewers:
+      - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/_example/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    # Add assignees
+    assignees:
+      - "clouddrove-ci"
+    # Add reviewer
+    reviewers:
+      - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "_example/" # Location of package manifests
+    directory: "/_example/" # Location of package manifests
     schedule:
       interval: "weekly"
-
+    # Add assignees
+    assignees:
+      - "clouddrove-ci"
+    # Add reviewer
+    reviewers:
+      - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml
@@ -0,0 +1,14 @@
+name: Auto Assign PRs
+
+on:
+  pull_request:
+    types: [opened, reopened]
+
+  workflow_dispatch:
+jobs:
+  assignee:
+    uses: clouddrove/github-shared-workflows/.github/workflows/[email protected]
+    secrets:
+      GITHUB: ${{ secrets.GITHUB }}
+    with:
+      assignees: 'clouddrove-ci'
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   changelog:
-    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.2.2
     secrets: inherit
     with:
       branch: 'master'
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml
diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
@@ -0,0 +1,11 @@
+name: tf-checks
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+  workflow_dispatch:
+jobs:
+  basic:
+    uses: clouddrove/github-shared-workflows/.github/workflows/[email protected]
+    with:
+      working_directory: './_example/'
diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
@@ -0,0 +1,11 @@
+name: tf-lint
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+  workflow_dispatch:
+jobs:
+  tf-lint:
+    uses: clouddrove/github-shared-workflows/.github/workflows/[email protected]
+    secrets:
+      GITHUB: ${{ secrets.GITHUB }}
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
 jobs:
   tfsec:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.2.2
     secrets: inherit
     with:
-      working_directory: '.'
+      working_directory: './_example'
diff --git a/_example/example.tf b/_example/example.tf
@@ -1,10 +1,19 @@
+# ------------------------------------------------------------------------------
+# Provider
+# ------------------------------------------------------------------------------
+
 provider "google" {
   project     = var.gcp_project_id
   credentials = var.gcp_credentials
   region      = var.gcp_region
   zone        = var.gcp_zone
 }
 
+# ------------------------------------------------------------------------------
+# Module
+# ------------------------------------------------------------------------------
+
+
 module "service-account" {
   source = "../"
 
@@ -13,10 +22,11 @@ module "service-account" {
   label_order = var.label_order
 
   service_account_enabled     = true
-  project_id                  = "clouddrove"
+  project_id                  = "clouddrove-1"
   service_account_key_enabled = true
   key_algorithm               = "KEY_ALG_RSA_2048"
   public_key_type             = "TYPE_X509_PEM_FILE"
   private_key_type            = "TYPE_GOOGLE_CREDENTIALS_FILE"
-  members                     = []
+  roles                       = ["roles/iam.serviceAccountUser", "roles/editor"]
+  members                     = ["user:[email protected]", "user:[email protected]"]
 }
diff --git a/_example/outputs.tf b/_example/outputs.tf
@@ -1,3 +1,7 @@
+# ------------------------------------------------------------------------------
+# Outputs
+# ------------------------------------------------------------------------------
+
 output "id" {
   value       = module.service-account.*.id
   description = "The ID of the service-account."

diff --git a/_example/varriables.tf b/_example/varriables.tf
@@ -1,3 +1,7 @@
+# ------------------------------------------------------------------------------
+# Variables
+# ------------------------------------------------------------------------------
+
 variable "environment" {
   type        = string
   default     = "service-account"

diff --git a/_example/versions.tf b/_example/versions.tf
@@ -1,3 +1,7 @@
+# ------------------------------------------------------------------------------
+# Versions
+# ------------------------------------------------------------------------------
+
 terraform {
   required_version = ">= 0.14, < 2.0"
 

diff --git a/main.tf b/main.tf
@@ -6,6 +6,9 @@ module "labels" {
   environment = var.environment
   label_order = var.label_order
 }
+# ------------------------------------------------------------------------------
+# resource_to_create_service_account
+# ------------------------------------------------------------------------------
 
 resource "google_service_account" "default" {
   count = var.service_account_enabled && var.module_enabled ? 1 : 0
@@ -15,6 +18,9 @@ resource "google_service_account" "default" {
   description  = var.description
   project      = var.project_id
 }
+# ------------------------------------------------------------------------------
+# resource_to_create_service_account_key
+# ------------------------------------------------------------------------------
 
 resource "google_service_account_key" "default" {
   count = var.service_account_key_enabled && var.module_enabled ? 1 : 0
@@ -26,11 +32,15 @@ resource "google_service_account_key" "default" {
   public_key_data    = var.public_key_data
   keepers            = var.keepers
 }
+# ------------------------------------------------------------------------------
+# resource_to_create_service_account_iam_binding
+# ------------------------------------------------------------------------------
 
 resource "google_service_account_iam_binding" "admin-account-iam" {
-  count = var.google_service_account_iam_binding_enabled && var.module_enabled ? 1 : 0
+  count = var.google_service_account_iam_binding_enabled && var.module_enabled ? length(var.roles) : 0
+
 
   service_account_id = join("", google_service_account.default.*.name)
-  role               = "roles/iam.serviceAccountUser"
+  role               = var.roles[count.index]
   members            = var.members
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,3 +1,6 @@
+# ------------------------------------------------------------------------------
+# Outputs
+# ------------------------------------------------------------------------------
 
 output "email" {
   value       = join("", google_service_account.default.*.email)