Merge pull request #3 from geekcell/update-tmplates

docs: update templates

.github/.templatesyncignore

@@ -0,0 +1,9 @@
+README.md
+.github/workflows/*
+.terraform-docs.yml
+docs/20-badges.md
+docs/assets/logo.svg
+*.tf
+test/*
+go.mod
+go.sum

.github/dependabot.yml

@@ -0,0 +1,32 @@
+---
+##############################
+## Dependabot configuration ##
+##############################
+
+#
+# Documentation:
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
+#
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0
+
+  # Maintain dependencies for Terraform Providers
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0
+
+  # Maintain dependencies for Golang
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0

.github/pull_request-template.md

@@ -5,10 +5,6 @@
 
 ...
 
-## How this PR fixes it
-
-...
-
 ## Readiness Checklist
 
 ### Author/Contributor

.github/workflows/release.yaml

@@ -1,7 +1,7 @@
 ---
-####################################
-## Draft releases on Push to main ##
-####################################
+#####################
+## Create releases ##
+#####################
 
 #
 # Documentation:
@@ -13,9 +13,8 @@ on:
   push:
     branches: [ main ]
     tags: [ 'v*.*.*' ]
-
-permissions:
-  contents: write
+  pull_request:
+    types: [ labeled ]
 
 #################
 # Start the job #
@@ -26,6 +25,7 @@ jobs:
   ###############
   create-release:
     name: Create Release
+    if: github.event.action != 'labeled'
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
@@ -75,3 +75,22 @@ jobs:
           tag_name: ${{ steps.tag.outputs.value }}
           draft: false
           prerelease: false
+
+  ###########################
+  # Release preview comment #
+  ###########################
+  release-check:
+    if: github.event.action == 'labeled'
+    runs-on: ubuntu-latest
+    steps:
+      ############################
+      # Checkout the source code #
+      ############################
+      - name: Checkout Code
+        uses: actions/[email protected]
+
+      #######################
+      # Post status comment #
+      #######################
+      - name: Post bumpr status comment
+        uses: haya14busa/action-bumpr@v1

.github/workflows/sync-templates.yaml

@@ -10,7 +10,9 @@
 
 name: Sync templates
 on:
-  workflow_dispatch:
+  workflow_dispatch: # Trigger manually
+  schedule:
+    - cron:  "0 0 1 * *"  # Run at 00:00 on the first day of every month
 
 ##########################
 # Prevent duplicate jobs #
@@ -36,7 +38,7 @@ jobs:
       - name: Sync labels
         uses: EndBug/[email protected]
         with:
-          config-file: https://raw.githubusercontent.com/geekcell/template-terraform-module/main/.github/labels.yaml
+          config-file: https://gist.githubusercontent.com/Ic3w0lf/f5520c5f19d7098966f692c120f7a197/raw/75b134f76fbc55e2e64bd66f04e571d6d74b815e/terraform-aws-module-labels.yaml
 
   #######################
   # Sync template files #
@@ -50,33 +52,12 @@ jobs:
       ############################
       - name: Checkout Code
         uses: actions/[email protected]
-        with:
-          token: ${{ secrets.GEEKCELL_PAT_WORKFLOWS }}
-
-      ########################
-      # Patch template files #
-      ########################
-      - name: Force patching of template files
-        run: |
-          yes y | make setup/update-template
-
-      ####################
-      # Update README.md #
-      ####################
-      - name: Terraform docs
-        uses: terraform-docs/[email protected]
-        with:
-          config-file: .terraform-docs.yml
-          git-push: false
 
-      #############
-      # Create PR #
-      #############
-      - name: Create PR
-        uses: peter-evans/[email protected]
+      #######################
+      # Sync template files #
+      #######################
+      - name: actions-template-sync
+        uses: AndreasAugustin/[email protected]
         with:
-          token: ${{ secrets.GEEKCELL_PAT_WORKFLOWS }}
-          title: Updated template files
-          commit-message: Update template files from main repo
-          branch: update-template-files
-          delete-branch: true
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          source_repo_path: geekcell/terraform-aws-module-template

.pre-commit-config.yaml

@@ -1,16 +1,18 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.80.0
     hooks:
       - id: terraform_docs
       - id: terraform_fmt
       - id: terraform_validate
+        args:
+          - --hook-config=--retry-once-with-cleanup=true
         exclude: '^[^/]+$'
       - id: terraform_tflint
         exclude: ^examples/
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer

.terraform-docs.yml

@@ -2,13 +2,13 @@ formatter: "md table"
 header-from: main.tf
 
 recursive:
+  # Enable this if your module has submodules
   enabled: true
-  path: modules
 
 content: |-
-  {{ include "docs/logo.md" }}
+  {{ include "docs/10-header.md" }}
 
-  {{ include "docs/badges.md" }}
+  {{ include "docs/20-badges.md" }}
 
   {{ .Header }}
 

README.md

@@ -1,5 +1,5 @@
 <!-- BEGIN_TF_DOCS -->
-[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/template-terraform-module/main/docs/assets/logo.svg)](https://www.geekcell.io/)
+[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)
 
 ### Code Quality
 [![License](https://img.shields.io/github/license/geekcell/terraform-aws-new-relic-integration)](https://github.com/geekcell/terraform-aws-new-relic-integration/blob/master/LICENSE)
@@ -36,7 +36,10 @@
 # Terraform AWS New Relic Integration
 
 Terraform module which creates resources to integrate AWS with New Relic by using Kinesis Firehose streams. Supports
-VPC Flow logs.
+VPC Flow logs. Comes with the following sub modules:
+
+[Fargate PHP Daemon](./modules/fargate\_php\_daemon/README.md)
+[SSM License Key](./modules/ssm\_license\_key/README.md)
 
 ## Inputs
 
@@ -72,17 +75,17 @@ No outputs.
 
 ## Resources
 
-- resource.aws_cloudwatch_metric_stream.main (main.tf#137)
-- resource.aws_flow_log.main (main.tf#286)
-- resource.aws_kinesis_firehose_delivery_stream.cloudwatch_metrics (main.tf#149)
-- resource.aws_kinesis_firehose_delivery_stream.vpc_flow_logs (main.tf#185)
-- resource.aws_s3_bucket.main (main.tf#253)
-- resource.aws_s3_bucket_acl.main (main.tf#259)
-- resource.aws_s3_bucket_public_access_block.main (main.tf#274)
-- resource.aws_s3_bucket_server_side_encryption_configuration.main (main.tf#264)
-- resource.newrelic_api_access_key.main (main.tf#303)
-- resource.newrelic_cloud_aws_link_account.main (main.tf#317)
-- data source.aws_caller_identity.current (main.tf#7)
+- resource.aws_cloudwatch_metric_stream.main (main.tf#140)
+- resource.aws_flow_log.main (main.tf#289)
+- resource.aws_kinesis_firehose_delivery_stream.cloudwatch_metrics (main.tf#152)
+- resource.aws_kinesis_firehose_delivery_stream.vpc_flow_logs (main.tf#188)
+- resource.aws_s3_bucket.main (main.tf#256)
+- resource.aws_s3_bucket_acl.main (main.tf#262)
+- resource.aws_s3_bucket_public_access_block.main (main.tf#277)
+- resource.aws_s3_bucket_server_side_encryption_configuration.main (main.tf#267)
+- resource.newrelic_api_access_key.main (main.tf#306)
+- resource.newrelic_cloud_aws_link_account.main (main.tf#320)
+- data source.aws_caller_identity.current (main.tf#10)
 
 # Examples
 ### Minimal

docs/10-header.md

@@ -0,0 +1 @@
+[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)

main.tf

@@ -2,7 +2,10 @@
  * # Terraform AWS New Relic Integration
  *
  * Terraform module which creates resources to integrate AWS with New Relic by using Kinesis Firehose streams. Supports
- * VPC Flow logs.
+ * VPC Flow logs. Comes with the following sub modules:
+ *
+ * [Fargate PHP Daemon](./modules/fargate_php_daemon/README.md)
+ * [SSM License Key](./modules/ssm_license_key/README.md)
  */
 data "aws_caller_identity" "current" {}
 
@@ -15,13 +18,13 @@ module "iam_integration_role" {
   name            = coalesce(var.ingeration_role_name, "${var.name}-integration")
   use_name_prefix = var.integration_role_name_prefix
 
-  description  = "Role for New Relic integration."
-  policy_arns  = ["arn:aws:iam::aws:policy/ReadOnlyAccess"]
+  description = "Role for New Relic integration."
+  policy_arns = ["arn:aws:iam::aws:policy/ReadOnlyAccess"]
   assume_roles = {
     "AWS" : {
       actions     = ["sts:AssumeRole"]
       identifiers = ["754728514883"] # Unique identifier for New Relic account on AWS
-      conditions  = [
+      conditions = [
         {
           test     = "StringEquals"
           variable = "sts:ExternalId"
@@ -43,8 +46,8 @@ module "iam_firehose_role" {
   name            = coalesce(var.firehose_role_name, "${var.name}-firehose")
   use_name_prefix = var.firehose_role_name_prefix
 
-  description  = "Role for New Relic Firehose."
-  policy_arns  = [module.iam_firehose_policy.arn]
+  description = "Role for New Relic Firehose."
+  policy_arns = [module.iam_firehose_policy.arn]
   assume_roles = {
     "Service" : {
       identifiers = ["firehose.amazonaws.com"]
@@ -61,19 +64,19 @@ module "iam_firehose_policy" {
   use_name_prefix = var.firehose_role_name_prefix
 
   description = "Policy for New Relic Firehose."
-  statements  = [
+  statements = [
     {
-      sid     = "BucketList"
-      effect  = "Allow"
+      sid    = "BucketList"
+      effect = "Allow"
       actions = [
         "s3:GetBucketLocation",
         "s3:ListBucket"
       ]
       resources = [aws_s3_bucket.main.arn]
     },
     {
-      sid     = "BucketWrite"
-      effect  = "Allow"
+      sid    = "BucketWrite"
+      effect = "Allow"
       actions = [
         "s3:AbortMultipartUpload",
         "s3:GetObject",
@@ -96,8 +99,8 @@ module "iam_metric_stream_role" {
   name            = coalesce(var.metric_stream_role_name, "${var.name}-metric-stream")
   use_name_prefix = var.metric_stream_role_name_prefix
 
-  description  = "Role for New Relic Metric Stream."
-  policy_arns  = [module.iam_metric_stream_policy.arn]
+  description = "Role for New Relic Metric Stream."
+  policy_arns = [module.iam_metric_stream_policy.arn]
   assume_roles = {
     "Service" : {
       identifiers = ["streams.metrics.cloudwatch.amazonaws.com"]
@@ -114,10 +117,10 @@ module "iam_metric_stream_policy" {
   use_name_prefix = var.metric_stream_role_name_prefix
 
   description = "Policy for New Relic Metric Stream."
-  statements  = [
+  statements = [
     {
-      sid     = "FirehoseWrite"
-      effect  = "Allow"
+      sid    = "FirehoseWrite"
+      effect = "Allow"
       actions = [
         "firehose:PutRecord",
         "firehose:PutRecordBatch"

modules/fargate_php_daemon/README.md

@@ -40,6 +40,6 @@ No outputs.
 
 ## Resources
 
-- resource.aws_ecs_service.main (modules/fargate_php_daemon/main.tf#36)
-- resource.aws_service_discovery_service.main (modules/fargate_php_daemon/main.tf#66)
+- resource.aws_ecs_service.main (modules/fargate_php_daemon/main.tf#38)
+- resource.aws_service_discovery_service.main (modules/fargate_php_daemon/main.tf#68)
 <!-- END_TF_DOCS -->