Tf pipeline (#21)

* update of pipeline

* adding manual trigger

* Reformat terraform files (#22)

* terraform fmt

* add newline at EOF

* add newline at EOF

---------

Co-authored-by: steled <steled@users.noreply.github.com>
Co-authored-by: steled <steled@gmx.net>

* tflint fix

* working-dir fix

* adding tf docs section

* terraform-docs: automated action

* Reformat terraform files (#23)

* terraform fmt

* add newline at EOF

* add newline at EOF

* terraform fmt

---------

Co-authored-by: steled <steled@users.noreply.github.com>
Co-authored-by: steled <steled@gmx.net>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: steled <steled@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: steled

.github/workflows/terraform.yml

@@ -1,72 +1,90 @@
 name: 'Terraform'
 
+# Controls when the workflow will run
 on:
+  workflow_dispatch:
+  # Triggers the workflow on push (only for the "main" branch) or pull request events
   push:
     branches:
       - main
   pull_request:
 
-# env:
-#   TF_VER: 1.2.8
+#  if a new commit is pushed to the main branch while a previous run is still in progress, the previous run will be cancelled and the new one will start
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  terraform:
-    name: 'Terraform'
-    runs-on: ubuntu-latest
+  tffmt:
     permissions:
+      contents: write
       pull-requests: write
+    runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Checkout
+        uses: actions/checkout@v4
 
-    - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v3
-      # with:
-      #   terraform_version: $TF_VER
+      - name: terraform fmt
+        uses: dflook/terraform-fmt@v1
+        with:
+          path: .
 
-    - name: Terraform Format
-      id: fmt
-      run: terraform fmt -check -recursive
-      continue-on-error: true
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        with:
+          commit-message: terraform fmt
+          title: Reformat terraform files
+          body: Update Terraform files to canonical format using `terraform fmt`
+          branch: automated-terraform-fmt
+          base: ${{ github.head_ref }}
+
+  tflint:
+    runs-on: ubuntu-latest
 
-#    - name: Terraform Init
-#      id: init
-#      run: terraform init
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - name: Checkout source code
+      uses: actions/checkout@v4
 
-    - uses: actions/github-script@v7
-      if: github.event_name == 'pull_request'
+    - name: Cache plugin dir
+      uses: actions/cache@v4
       with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        script: |
-          // 1. Retrieve existing bot comments for the PR
-          const { data: comments } = await github.rest.issues.listComments({
-            owner: context.repo.owner,
-            repo: context.repo.repo,
-            issue_number: context.issue.number,
-          })
-          const botComment = comments.find(comment => {
-            return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
-          })
-    
-          // 2. Prepare format of the comment
-          const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+        path: ~/.tflint.d/plugins
+        key: tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - name: Setup TFLint
+      uses: terraform-linters/setup-tflint@v4
+
+    - name: Show version
+      run: tflint --version
 
-          *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+    - name: Init TFLint
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+      run: tflint --recursive --init
 
-          // 3. If we have a comment, update it, otherwise create a new one
-          if (botComment) {
-            github.rest.issues.updateComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              comment_id: botComment.id,
-              body: output
-            })
-          } else {
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: output
-            })
-          }
+    - name: Run TFLint
+      run: tflint --recursive --call-module-type=all
+
+  tfdocs:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - name: Checkout source code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render terraform docs inside the README.md and push changes back to PR branch
+      uses: terraform-docs/gh-actions@v1.3.0
+      with:
+        working-dir: .
+        output-file: README.md
+        output-method: inject
+        git-push: "true"

README.md

@@ -1 +1,30 @@
 # terraformmodules
+
+
+# TF Docs
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+No modules.
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

cert-manager_cloudflare/cert-manager.tf

@@ -5,15 +5,15 @@ resource "kubernetes_namespace" "certmanager" {
 }
 
 resource "helm_release" "certmanager" {
-  name       = "cert-manager"
-  namespace  = kubernetes_namespace.certmanager.metadata[0].name
+  name      = "cert-manager"
+  namespace = kubernetes_namespace.certmanager.metadata[0].name
 
   repository = "https://charts.jetstack.io"
   chart      = "cert-manager"
   version    = var.cert_manager_version # check version here: https://artifacthub.io/packages/helm/cert-manager/cert-manager/
 
   set {
-    name = "installCRDs"
+    name  = "installCRDs"
     value = "true"
   }
 
@@ -22,5 +22,5 @@ resource "helm_release" "certmanager" {
     command = "kubectl delete crd certificaterequests.cert-manager.io certificates.cert-manager.io challenges.acme.cert-manager.io clusterissuers.cert-manager.io issuers.cert-manager.io orders.acme.cert-manager.io"
   }
 
-  depends_on = [ kubernetes_secret.cloudflare_api_token_secret ]
+  depends_on = [kubernetes_secret.cloudflare_api_token_secret]
 }

cert-manager_cloudflare/clusterissuer_selfsigned.tf

@@ -8,7 +8,7 @@ spec:
   selfSigned: {}
 YAML
 
-  depends_on = [ helm_release.certmanager ]
+  depends_on = [helm_release.certmanager]
 }
 
 resource "kubectl_manifest" "cert_manager_certificate_steled_selfsigned_ca" {

cert-manager_cloudflare/main.tf

@@ -7,7 +7,7 @@ terraform {
       version = "~> 2.16.1"
     }
     kubernetes = {
-      source = "hashicorp/kubernetes"
+      source  = "hashicorp/kubernetes"
       version = "~> 2.35.0"
     }
     kubectl = {

cert-manager_cloudflare/variables.tf

@@ -1,5 +1,5 @@
 variable "cert_manager_version" {
-  type = string
+  type        = string
   description = "Set the version of cert-manager"
 }
 
@@ -12,6 +12,6 @@ variable "cert_manager_email" {
 }
 
 variable "namespace" {
-  type = string
+  type        = string
   description = "Name of the kubernetes namespace"
 }

cert-manager_duckdns/cert-manager.tf

@@ -5,15 +5,15 @@ resource "kubernetes_namespace" "certmanager" {
 }
 
 resource "helm_release" "certmanager" {
-  name       = "cert-manager"
-  namespace  = kubernetes_namespace.certmanager.metadata[0].name
+  name      = "cert-manager"
+  namespace = kubernetes_namespace.certmanager.metadata[0].name
 
   repository = "https://charts.jetstack.io"
   chart      = "cert-manager"
   version    = var.cert_manager_version # check version here: https://artifacthub.io/packages/helm/cert-manager/cert-manager/
 
   set {
-    name = "installCRDs"
+    name  = "installCRDs"
     value = "true"
   }
 }

cert-manager_duckdns/duckdns-webhook.tf

@@ -1,19 +1,19 @@
 resource "helm_release" "duckdns_webhook" {
   # name       = "cert-manager-webhook-duckdns"
-  name       = "cert-manager-duckdns-webhook"
-  namespace  = kubernetes_namespace.certmanager.metadata[0].name
+  name      = "cert-manager-duckdns-webhook"
+  namespace = kubernetes_namespace.certmanager.metadata[0].name
 
   # repository = "https://steled.github.io/cert-manager-webhook-duckdns/"
   repository = "https://csp33.github.io/cert-manager-duckdns-webhook"
   # chart      = "cert-manager-webhook-duckdns"
-  chart      = "cert-manager-duckdns-webhook"
-  version    = var.duckdns_webhook_version # check version here: https://github.com/steled/cert-manager-webhook-duckdns/blob/master/charts/cert-manager-webhook-duckdns/Chart.yaml#L4
+  chart   = "cert-manager-duckdns-webhook"
+  version = var.duckdns_webhook_version # check version here: https://github.com/steled/cert-manager-webhook-duckdns/blob/master/charts/cert-manager-webhook-duckdns/Chart.yaml#L4
 
   # values = [ templatefile(var.duckdns_webhook_values_yaml, {
   #   duckdns_webhook_ip_address = var.duckdns_webhook_ip_address
   # })]
 
-  values = [ file(var.duckdns_webhook_values_yaml) ]
+  values = [file(var.duckdns_webhook_values_yaml)]
 
-  depends_on = [ helm_release.certmanager ]
+  depends_on = [helm_release.certmanager]
 }

cert-manager_duckdns/main.tf

@@ -7,7 +7,7 @@ terraform {
       version = ">= 2.9.0"
     }
     kubernetes = {
-      source = "hashicorp/kubernetes"
+      source  = "hashicorp/kubernetes"
       version = "~> 2.35.0"
     }
   }

cert-manager_duckdns/variables.tf

@@ -1,24 +1,24 @@
 variable "namespace" {
-  type = string
+  type        = string
   description = "Name of the kubernetes namespace"
 }
 
 variable "cert_manager_version" {
-  type = string
+  type        = string
   description = "Set the version of cert-manager"
 }
 
 variable "duckdns_webhook_version" {
-  type = string
+  type        = string
   description = "Set the version of duckdns webhook"
 }
 
 variable "duckdns_webhook_values_yaml" {
-  type = string
+  type        = string
   description = "Path to the duckdns webhook values.yml file, relative to the root module"
 }
 
-variable "duckdns_webhook_ip_address" {
-  type        = string
-  description = "IP address for duckdns webhook service"
-}
+# variable "duckdns_webhook_ip_address" {
+#   type        = string
+#   description = "IP address for duckdns webhook service"
+# }