Merge pull request #2 from ministryofjustice/initial-setup

Initial setup

.github/CODEOWNERS

@@ -1,3 +1 @@
-# Add a team or username to this file
-# Example:
-# *   @ministryofjustice/operations-engineering
+* @ministryofjustice/nvvs-devops-admins

.github/workflows/release.yml

@@ -0,0 +1,41 @@
+name: release
+
+on:
+  push:
+    tags: ['v*.*.*'] # only a valid semver tag
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: '${{ github.repository_owner }}/nvvs/terraform'
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}

.gitignore

@@ -5,6 +5,7 @@ venv/
 env/
 .DS_STORE
 .vscode
+.idea/
 *.code-workspace
 *.sha256
 terraform.tfstate

.tflint.hcl.source

@@ -0,0 +1,10 @@
+config {
+  module = true
+  force = false
+}
+
+plugin "aws" {
+  enabled = true
+  version = "${TFLINT_AWS_RULESET_VERSION}"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}

Dockerfile

@@ -0,0 +1,42 @@
+FROM alpine:edge
+
+ARG PLATFORM=linux_amd64
+ARG TF_VERSION=1.1.8
+ARG TFLINT_VERSION=0.48.0
+ARG TFLINT_AWS_RULESET_VERSION=0.22.1
+ARG KUBECTL_VERSION=v1.22.0
+
+ARG TF_DIST_FILENAME="terraform_${TF_VERSION}_${PLATFORM}.zip"
+ARG TF_DIST_CHECKSUM_FILENAME="terraform_${TF_VERSION}_SHA256SUMS"
+
+LABEL org.opencontainers.image.description="Hashicorp Terraform and tflint" \
+      org.opencontainers.image.authors="Ministry of Justice - NVVS DevOps" \
+      org.opencontainers.image.url="https://github.com/ministryofjustice/nvvs/terraform" \
+      org.opencontainers.image.source="[email protected]:ministryofjustice/nvvs-containers.git" \
+      org.opencontainers.image.licenses="MIT"
+
+COPY .tflint.hcl.source /root/
+
+RUN wget https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_DIST_FILENAME} \
+  && wget https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_DIST_CHECKSUM_FILENAME} \
+  && set -o pipefail && grep ${PLATFORM} ${TF_DIST_CHECKSUM_FILENAME} | sha256sum -c - \
+  && unzip ${TF_DIST_FILENAME} -d /usr/local/bin \
+  && rm ${TF_DIST_FILENAME} ${TF_DIST_CHECKSUM_FILENAME} \
+  && wget https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_${PLATFORM}.zip \
+  && wget https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/checksums.txt \
+  && set -o pipefail && grep ${PLATFORM} checksums.txt | sha256sum -c - \
+  && unzip tflint_${PLATFORM}.zip -d /usr/local/bin \
+  && rm tflint_${PLATFORM}.zip checksums.txt \
+  && apk update && apk --no-cache add make gettext aws-cli curl openssl bash \
+  && envsubst < /root/.tflint.hcl.source > /root/.tflint.hcl \
+  && tflint --init \
+  && curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" \
+  && chmod +x kubectl \
+  && mv kubectl /usr/local/bin/kubectl \
+  && curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 \
+  && chmod +x get_helm.sh \
+  && ./get_helm.sh \
+  && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+  && unzip awscliv2.zip \
+  && ./aws/install -i /usr/local/aws-cli -b /usr/local/bin \
+  && rm awscliv2.zip

Makefile

@@ -0,0 +1,49 @@
+.DEFAULT_GOAL := help
+
+REGISTRY		:= ghcr.io
+GITHUB_OWNER	:= $$(git config remote.origin.url | cut -d : -f 2 | cut -d / -f 1)
+NAME			:= ${GITHUB_OWNER}/nvvs/terraform
+TAG				:= $$(git log -1 --pretty=%h)
+IMG				:= ${NAME}:${TAG}
+LATEST			:= ${NAME}:latest
+
+CURRENT_VERSION := $$(git describe --abbrev=0)
+CURRENT_NUMBER	:= $$(echo $(CURRENT_VERSION) | cut -d "v" -f 2)
+
+ifeq ($(SEMVAR),patch)
+  NEXT_NUMBER := $$(./semver/increment_version.sh -p $(CURRENT_NUMBER))
+else ifeq ($(SEMVAR),minor)
+  NEXT_NUMBER := $$(./semver/increment_version.sh -m $(CURRENT_NUMBER))
+else ifeq ($(SEMVAR),major)
+  NEXT_NUMBER := $$(./semver/increment_version.sh -M $(CURRENT_NUMBER))
+endif
+
+NEXT_VERSION := "v$(NEXT_NUMBER)"
+
+.PHONY: debug
+debug: ## debug
+	@echo $(NEXT_NUMBER)
+
+.PHONY: current_version
+current_version: ## Get current version eg v3.4.1
+	@echo $(CURRENT_VERSION)
+	@echo $(CURRENT_NUMBER)
+
+.PHONY: preview_version
+preview_version: ## increment version eg v3.4.1 > v3.5.0. Use SEMVAR=[ patch | minor | major ]
+	@echo "CURRENT_VERSION := $(CURRENT_VERSION)"
+	@echo "          $(SEMVAR) := $(NEXT_VERSION)"
+
+.PHONY: tag
+tag: ## Tag branch in git repo with next version number. Use SEMVAR=[ patch | minor | major ]
+	@echo "tagging with $(NEXT_VERSION)"
+	@git tag -a "$(NEXT_VERSION)" -m "Bump from $(CURRENT_VERSION) to $(NEXT_VERSION)"
+	@git push origin main --follow-tags
+
+.PHONY: build
+build: ## Build & tag Docker image
+	docker build --tag ${IMG} .
+	docker tag ${IMG} ${LATEST}
+
+help:
+	@grep -h -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

semver/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Fritz Mahnke
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

semver/README.md

@@ -0,0 +1,22 @@
+# bash-semver
+
+Increment semantic versioning strings in shell scripts.
+
+```shell
+$ ./increment_version.sh
+usage: increment_version.sh [-Mmp] major.minor.patch
+
+$ ./increment_version.sh -p 0.0.0
+0.0.1
+
+$ ./increment_version.sh -m 0.0.3
+0.1.0
+
+$ ./increment_version.sh -M 1.1.15
+2.0.0
+
+$ ./increment_version.sh -Mmp 2.3.4
+3.1.1
+```
+
+Sourced from https://github.com/fmahnke/shell-semver

semver/increment_version.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+# Increment a version string using Semantic Versioning (SemVer) terminology.
+
+# Parse command line options.
+
+while getopts ":Mmp" Option
+do
+  case $Option in
+    M ) major=true;;
+    m ) minor=true;;
+    p ) patch=true;;
+  esac
+done
+
+shift $(($OPTIND - 1))
+
+version=$1
+
+# Build array from version string.
+
+a=( ${version//./ } )
+
+# If version string is missing or has the wrong number of members, show usage message.
+
+if [ ${#a[@]} -ne 3 ]
+then
+  echo "usage: $(basename $0) [-Mmp] major.minor.patch"
+  exit 1
+fi
+
+# Increment version numbers as requested.
+
+if [ ! -z $major ]
+then
+  ((a[0]++))
+  a[1]=0
+  a[2]=0
+fi
+
+if [ ! -z $minor ]
+then
+  ((a[1]++))
+  a[2]=0
+fi
+
+if [ ! -z $patch ]
+then
+  ((a[2]++))
+fi
+
+echo "${a[0]}.${a[1]}.${a[2]}"
+