From 165cb469a9306391cd7935237574fa190da04742 Mon Sep 17 00:00:00 2001 From: Tanner Doshier Date: Thu, 2 Jan 2025 11:55:54 -0500 Subject: [PATCH 1/6] WIP moving templates to subdirs --- .github/workflows/template-only-ci-infra.yml | 6 ++--- copier.yml | 8 +------ .../workflows/cd-{{app_name}}.yml.jinja | 0 .../ci-{{app_name}}-infra-service.yml.jinja | 0 ...app_name}}-pr-environment-checks.yml.jinja | 0 ...pp_name}}-pr-environment-destroy.yml.jinja | 0 ...{{app_name}}-vulnerability-scans.yml.jinja | 0 .../{{_copier_conf.answers_file}}.jinja | 0 .../{{app_name}}/playwright.config.js.jinja | 0 .../app/e2e}/{{app_name}}/tests/index.spec.js | 0 .../app-config/build_repository.tf | 0 .../app/infra}/{{app_name}}/app-config/dev.tf | 0 .../app-config/env-config/database.tf | 0 .../app-config/env-config/domain.tf | 0 .../env-config/environment_variables.tf | 0 .../app-config/env-config/file_upload_jobs.tf | 0 .../env-config/identity_provider.tf | 0 .../app-config/env-config/main.tf | 0 .../app-config/env-config/notifications.tf | 0 .../app-config/env-config/outputs.tf | 0 .../app-config/env-config/scheduled_jobs.tf | 0 .../app-config/env-config/variables.tf | 0 .../infra}/{{app_name}}/app-config/main.tf | 0 .../infra}/{{app_name}}/app-config/outputs.tf | 0 .../infra}/{{app_name}}/app-config/prod.tf | 0 .../infra}/{{app_name}}/app-config/staging.tf | 0 .../{{app_name}}/build-repository/main.tf | 0 .../app/infra}/{{app_name}}/database/main.tf | 0 .../infra}/{{app_name}}/database/network.tf | 0 .../infra}/{{app_name}}/database/outputs.tf | 0 .../infra}/{{app_name}}/database/variables.tf | 0 .../infra}/{{app_name}}/service/database.tf | 0 .../app/infra}/{{app_name}}/service/domain.tf | 0 .../{{app_name}}/service/identity_provider.tf | 0 .../infra}/{{app_name}}/service/image_tag.tf | 0 .../app/infra}/{{app_name}}/service/main.tf | 0 .../infra}/{{app_name}}/service/monitoring.tf | 0 .../infra}/{{app_name}}/service/network.tf | 0 .../{{app_name}}/service/notifications.tf | 0 .../infra}/{{app_name}}/service/outputs.tf | 0 .../infra}/{{app_name}}/service/secrets.tf | 0 .../infra}/{{app_name}}/service/storage.tf | 0 .../infra}/{{app_name}}/service/variables.tf | 0 .../app/{{app_name}}}/Makefile | 0 .dockleconfig => templates/base/.dockleconfig | 0 .../configure-aws-credentials/action.yml | 0 .../.github}/actions/first-file/action.yml | 0 .../actions/setup-terraform/action.yml | 21 ++++++++++++++++++ .../base/.github/pull_request_template.md | 15 +++++++++++++ .../base/.github}/workflows/README.md | 8 +++---- .../.github}/workflows/build-and-publish.yml | 0 .../.github}/workflows/check-ci-cd-auth.yml | 0 .../workflows/check-infra-deploy-status.yml | 0 .../base/.github}/workflows/ci-docs.yml | 0 .../base/.github}/workflows/ci-infra.yml | 0 .../workflows/database-migrations.yml | 0 .../base/.github}/workflows/deploy.yml | 0 .../base/.github}/workflows/e2e-tests.yml | 0 .../workflows/markdownlint-config.json | 0 .../workflows/pr-environment-checks.yml | 0 .../workflows/pr-environment-destroy.yml | 0 .../scan-orphaned-pr-environments.yml | 0 .../workflows/send-system-notification.yml | 0 .../workflows/vulnerability-scans.yml | 0 templates/base/.gitignore | 20 +++++++++++++++++ .grype.yml => templates/base/.grype.yml | 0 .../base/.hadolint.yaml | 0 .../{{_copier_conf.answers_file}}.jinja | 2 ++ .../base/.terraform-version | 0 .trivyignore => templates/base/.trivyignore | 0 Makefile => templates/base/Makefile | 0 .../base/bin}/account-ids-by-name | 0 .../base/bin}/check-database-roles | 0 .../base/bin}/check-github-actions-auth | 0 .../base/bin}/configure-monitoring-secret | 0 .../base/bin}/create-or-update-database-roles | 0 {bin => templates/base/bin}/create-tfbackend | 0 .../base/bin}/current-account-alias | 0 .../base/bin}/current-account-config-name | 0 .../base/bin}/current-account-id | 0 {bin => templates/base/bin}/current-region | 0 {bin => templates/base/bin}/deploy-release | 0 .../base/bin}/destroy-pr-environment | 0 .../bin}/infra-deploy-status-check-configs | 0 .../base/bin}/is-image-published | 0 {bin => templates/base/bin}/lint-markdown | 0 .../base/bin}/orphaned-pr-environments | 0 {bin => templates/base/bin}/publish-release | 0 {bin => templates/base/bin}/run-command | 0 .../base/bin}/run-database-migrations | 0 .../base/bin}/set-up-current-account | 0 {bin => templates/base/bin}/terraform-apply | 0 {bin => templates/base/bin}/terraform-init | 0 .../base/bin}/terraform-init-and-apply | 0 .../base/bin}/update-pr-environment | 0 {bin => templates/base/bin}/util.sh | 0 {docs => templates/base/docs}/code-reviews.md | 0 {docs => templates/base/docs}/compliance.md | 0 .../base/docs}/decisions/index.md | 0 ...markdown-architectural-decision-records.md | 0 .../decisions/infra/0001-ci-cd-interface.md | 0 ...se-custom-implementation-of-github-oidc.md | 0 .../0003-manage-ecr-in-prod-account-module.md | 0 ...kend-configs-into-separate-config-files.md | 0 ...base-infrastructure-into-separate-layer.md | 0 ...database-users-with-serverless-function.md | 0 .../0007-database-migration-architecture.md | 0 ...ig-from-tfvars-files-into-config-module.md | 0 ...separate-app-infrastructure-into-layers.md | 0 .../infra/0010-feature-flags-system-design.md | 0 .../infra/0011-network-layer-design.md | 0 .../base/docs}/decisions/template.md | 0 .../base/docs}/e2e/e2e-checks.md | 0 .../base/docs}/feature-flags.md | 0 .../base/docs}/infra/background-jobs.md | 0 .../base/docs}/infra/cloud-access-control.md | 0 .../docs}/infra/database-access-control.md | 0 .../docs}/infra/destroy-infrastructure.md | 0 ...structure-in-isolation-using-workspaces.md | 0 .../environment-variables-and-secrets.md | 0 .../base/docs}/infra/https-support.md | 0 .../infra/infrastructure-configuration.md | 0 .../base/docs}/infra/making-infra-changes.md | 0 .../base/docs}/infra/module-architecture.md | 0 .../base/docs}/infra/module-dependencies.md | 0 .../docs}/infra/pull-request-environments.md | 0 .../docs}/infra/service-command-execution.md | 0 .../infra/set-up-app-build-repository.md | 0 .../base/docs}/infra/set-up-app-env.md | 0 .../base/docs}/infra/set-up-aws-account.md | 0 .../base/docs}/infra/set-up-custom-domains.md | 0 .../base/docs}/infra/set-up-database.md | 0 .../infra/set-up-infrastructure-tools.md | 0 .../docs}/infra/set-up-monitoring-alerts.md | 0 .../base/docs}/infra/set-up-network.md | 0 .../infra/set-up-public-internet-access.md | 0 .../base/docs}/infra/style-guide.md | 0 .../base/docs}/infra/system-notifications.md | 0 .../base/docs}/infra/upgrade-database.md | 0 .../docs}/infra/vulnerability-management.md | 0 {docs => templates/base/docs}/releases.md | 0 .../base/docs}/system-architecture.md | 0 {e2e => templates/base/e2e}/.gitignore | 0 {e2e => templates/base/e2e}/Dockerfile | 0 {e2e => templates/base/e2e}/package-lock.json | 0 {e2e => templates/base/e2e}/package.json | 0 .../base/e2e}/playwright.config.js | 0 {e2e => templates/base/e2e}/run-e2e-test | 0 {e2e => templates/base/e2e}/util.js | 0 {infra => templates/base/infra}/.gitignore | 0 {infra => templates/base/infra}/README.md | 0 .../base/infra}/accounts/main.tf | 0 .../base/infra}/accounts/outputs.tf | 0 .../base/infra}/example.s3.tfbackend | 0 .../modules/auth-github-actions/README.md | 0 .../modules/auth-github-actions/main.tf | 0 .../modules/auth-github-actions/variables.tf | 0 .../container-image-repository/main.tf | 0 .../container-image-repository/outputs.tf | 0 .../container-image-repository/variables.tf | 0 .../base/infra/modules/database}/.gitignore | 0 .../base/infra}/modules/database/data/main.tf | 0 .../infra}/modules/database/data/outputs.tf | 0 .../infra}/modules/database/data/variables.tf | 0 .../modules/database/interface/outputs.tf | 0 .../modules/database/interface/variables.tf | 0 .../modules/database/resources/.gitignore | 2 ++ .../database/resources/authentication.tf | 0 .../modules/database/resources/backups.tf | 0 .../infra}/modules/database/resources/main.tf | 0 .../modules/database/resources/monitoring.tf | 0 .../modules/database/resources/networking.tf | 0 .../modules/database/resources/outputs.tf | 0 .../database/resources/role_manager.tf | 0 .../database/resources/role_manager/check.py | 0 .../database/resources/role_manager/db.py | 0 .../database/resources/role_manager/manage.py | 0 .../resources/role_manager/requirements.txt | 0 .../resources/role_manager/role_manager.py | 0 .../modules/database/resources/variables.tf | 0 .../infra/modules/database}/role_manager.zip | Bin .../base/infra}/modules/domain/data/main.tf | 0 .../infra}/modules/domain/data/outputs.tf | 0 .../infra}/modules/domain/data/variables.tf | 0 .../modules/domain/resources/certificates.tf | 0 .../infra}/modules/domain/resources/main.tf | 0 .../modules/domain/resources/outputs.tf | 0 .../modules/domain/resources/query_logs.tf | 0 .../modules/domain/resources/variables.tf | 0 .../resources/access_control.tf | 0 .../resources/main.tf | 0 .../resources/outputs.tf | 0 .../resources/variables.tf | 0 .../modules/identity-provider/data/main.tf | 0 .../modules/identity-provider/data/outputs.tf | 0 .../identity-provider/data/variables.tf | 0 .../identity-provider/resources/main.tf | 0 .../identity-provider/resources/outputs.tf | 0 .../identity-provider/resources/variables.tf | 0 .../base/infra}/modules/monitoring/main.tf | 0 .../base/infra}/modules/monitoring/outputs.tf | 0 .../infra}/modules/monitoring/variables.tf | 0 .../base/infra}/modules/network/data/main.tf | 0 .../infra}/modules/network/data/outputs.tf | 0 .../infra}/modules/network/data/variables.tf | 0 .../modules/network/interface/outputs.tf | 0 .../modules/network/interface/variables.tf | 0 .../infra}/modules/network/resources/main.tf | 0 .../modules/network/resources/variables.tf | 0 .../network/resources/vpc_endpoints.tf | 0 .../notifications-email-domain/data/main.tf | 0 .../data/outputs.tf | 0 .../data/variables.tf | 0 .../resources/access_control.tf | 0 .../resources/dns.tf | 0 .../resources/logs.tf | 0 .../resources/main.tf | 0 .../resources/outputs.tf | 0 .../resources/variables.tf | 0 .../notifications/resources/access_control.tf | 0 .../modules/notifications/resources/email.tf | 0 .../modules/notifications/resources/main.tf | 0 .../notifications/resources/outputs.tf | 0 .../notifications/resources/variables.tf | 0 .../base/infra}/modules/secret/main.tf | 0 .../base/infra}/modules/secret/outputs.tf | 0 .../base/infra}/modules/secret/variables.tf | 0 .../infra}/modules/service/access_control.tf | 0 .../infra}/modules/service/access_logs.tf | 0 .../modules/service/application_logs.tf | 0 .../modules/service/command_execution.tf | 0 .../infra}/modules/service/database_access.tf | 0 .../base/infra}/modules/service/dns.tf | 0 .../infra}/modules/service/events_jobs.tf | 0 .../infra}/modules/service/events_role.tf | 0 .../infra}/modules/service/load_balancer.tf | 0 .../base/infra}/modules/service/main.tf | 0 .../base/infra}/modules/service/networking.tf | 0 .../base/infra}/modules/service/outputs.tf | 0 .../infra}/modules/service/scheduled_jobs.tf | 0 .../infra}/modules/service/scheduler_role.tf | 0 .../base/infra}/modules/service/variables.tf | 0 .../service/workflow_orchestrator_role.tf | 0 .../infra}/modules/storage/access_control.tf | 0 .../base/infra}/modules/storage/encryption.tf | 0 .../base/infra}/modules/storage/events.tf | 0 .../base/infra}/modules/storage/lifecycle.tf | 0 .../base/infra}/modules/storage/main.tf | 0 .../base/infra}/modules/storage/outputs.tf | 0 .../base/infra}/modules/storage/variables.tf | 0 .../modules/terraform-backend-s3/README.md | 0 .../modules/terraform-backend-s3/main.tf | 0 .../modules/terraform-backend-s3/outputs.tf | 0 .../modules/terraform-backend-s3/variables.tf | 0 .../base/infra}/networks/main.tf.jinja | 0 .../base/infra}/networks/outputs.tf | 0 .../base/infra}/networks/variables.tf | 0 .../base/infra}/project-config/README.md | 0 .../infra}/project-config/aws_services.tf | 0 .../base/infra}/project-config/main.tf.jinja | 0 .../base/infra}/project-config/networks.tf | 0 .../base/infra}/project-config/outputs.tf | 0 .../project-config/system_notifications.tf | 0 {infra => templates/base/infra}/test/go.mod | 0 {infra => templates/base/infra}/test/go.sum | 0 .../base/infra}/test/helpers.go | 0 .../base/infra}/test/infra_test.go | 0 267 files changed, 68 insertions(+), 14 deletions(-) rename {.github => templates/app/.github}/workflows/cd-{{app_name}}.yml.jinja (100%) rename {.github => templates/app/.github}/workflows/ci-{{app_name}}-infra-service.yml.jinja (100%) rename {.github => templates/app/.github}/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja (100%) rename {.github => templates/app/.github}/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja (100%) rename {.github => templates/app/.github}/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja (100%) rename {.template-infra => templates/app/.template-infra}/{{_copier_conf.answers_file}}.jinja (100%) rename {e2e => templates/app/e2e}/{{app_name}}/playwright.config.js.jinja (100%) rename {e2e => templates/app/e2e}/{{app_name}}/tests/index.spec.js (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/build_repository.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/dev.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/database.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/domain.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/environment_variables.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/file_upload_jobs.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/identity_provider.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/main.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/notifications.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/outputs.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/scheduled_jobs.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/env-config/variables.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/main.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/outputs.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/prod.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/app-config/staging.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/build-repository/main.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/database/main.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/database/network.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/database/outputs.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/database/variables.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/database.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/domain.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/identity_provider.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/image_tag.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/main.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/monitoring.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/network.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/notifications.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/outputs.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/secrets.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/storage.tf (100%) rename {infra => templates/app/infra}/{{app_name}}/service/variables.tf (100%) rename {{{app_name}} => templates/app/{{app_name}}}/Makefile (100%) rename .dockleconfig => templates/base/.dockleconfig (100%) rename {.github => templates/base/.github}/actions/configure-aws-credentials/action.yml (100%) rename {.github => templates/base/.github}/actions/first-file/action.yml (100%) create mode 100644 templates/base/.github/actions/setup-terraform/action.yml create mode 100644 templates/base/.github/pull_request_template.md rename {.github => templates/base/.github}/workflows/README.md (81%) rename {.github => templates/base/.github}/workflows/build-and-publish.yml (100%) rename {.github => templates/base/.github}/workflows/check-ci-cd-auth.yml (100%) rename {.github => templates/base/.github}/workflows/check-infra-deploy-status.yml (100%) rename {.github => templates/base/.github}/workflows/ci-docs.yml (100%) rename {.github => templates/base/.github}/workflows/ci-infra.yml (100%) rename {.github => templates/base/.github}/workflows/database-migrations.yml (100%) rename {.github => templates/base/.github}/workflows/deploy.yml (100%) rename {.github => templates/base/.github}/workflows/e2e-tests.yml (100%) rename {.github => templates/base/.github}/workflows/markdownlint-config.json (100%) rename {.github => templates/base/.github}/workflows/pr-environment-checks.yml (100%) rename {.github => templates/base/.github}/workflows/pr-environment-destroy.yml (100%) rename {.github => templates/base/.github}/workflows/scan-orphaned-pr-environments.yml (100%) rename {.github => templates/base/.github}/workflows/send-system-notification.yml (100%) rename {.github => templates/base/.github}/workflows/vulnerability-scans.yml (100%) create mode 100644 templates/base/.gitignore rename .grype.yml => templates/base/.grype.yml (100%) rename .hadolint.yaml => templates/base/.hadolint.yaml (100%) create mode 100644 templates/base/.template-infra/{{_copier_conf.answers_file}}.jinja rename .terraform-version => templates/base/.terraform-version (100%) rename .trivyignore => templates/base/.trivyignore (100%) rename Makefile => templates/base/Makefile (100%) rename {bin => templates/base/bin}/account-ids-by-name (100%) rename {bin => templates/base/bin}/check-database-roles (100%) rename {bin => templates/base/bin}/check-github-actions-auth (100%) rename {bin => templates/base/bin}/configure-monitoring-secret (100%) rename {bin => templates/base/bin}/create-or-update-database-roles (100%) rename {bin => templates/base/bin}/create-tfbackend (100%) rename {bin => templates/base/bin}/current-account-alias (100%) rename {bin => templates/base/bin}/current-account-config-name (100%) rename {bin => templates/base/bin}/current-account-id (100%) rename {bin => templates/base/bin}/current-region (100%) rename {bin => templates/base/bin}/deploy-release (100%) rename {bin => templates/base/bin}/destroy-pr-environment (100%) rename {bin => templates/base/bin}/infra-deploy-status-check-configs (100%) rename {bin => templates/base/bin}/is-image-published (100%) rename {bin => templates/base/bin}/lint-markdown (100%) rename {bin => templates/base/bin}/orphaned-pr-environments (100%) rename {bin => templates/base/bin}/publish-release (100%) rename {bin => templates/base/bin}/run-command (100%) rename {bin => templates/base/bin}/run-database-migrations (100%) rename {bin => templates/base/bin}/set-up-current-account (100%) rename {bin => templates/base/bin}/terraform-apply (100%) rename {bin => templates/base/bin}/terraform-init (100%) rename {bin => templates/base/bin}/terraform-init-and-apply (100%) rename {bin => templates/base/bin}/update-pr-environment (100%) rename {bin => templates/base/bin}/util.sh (100%) rename {docs => templates/base/docs}/code-reviews.md (100%) rename {docs => templates/base/docs}/compliance.md (100%) rename {docs => templates/base/docs}/decisions/index.md (100%) rename {docs => templates/base/docs}/decisions/infra/0000-use-markdown-architectural-decision-records.md (100%) rename {docs => templates/base/docs}/decisions/infra/0001-ci-cd-interface.md (100%) rename {docs => templates/base/docs}/decisions/infra/0002-use-custom-implementation-of-github-oidc.md (100%) rename {docs => templates/base/docs}/decisions/infra/0003-manage-ecr-in-prod-account-module.md (100%) rename {docs => templates/base/docs}/decisions/infra/0004-separate-terraform-backend-configs-into-separate-config-files.md (100%) rename {docs => templates/base/docs}/decisions/infra/0005-separate-database-infrastructure-into-separate-layer.md (100%) rename {docs => templates/base/docs}/decisions/infra/0006-provision-database-users-with-serverless-function.md (100%) rename {docs => templates/base/docs}/decisions/infra/0007-database-migration-architecture.md (100%) rename {docs => templates/base/docs}/decisions/infra/0008-consolidate-infra-config-from-tfvars-files-into-config-module.md (100%) rename {docs => templates/base/docs}/decisions/infra/0009-separate-app-infrastructure-into-layers.md (100%) rename {docs => templates/base/docs}/decisions/infra/0010-feature-flags-system-design.md (100%) rename {docs => templates/base/docs}/decisions/infra/0011-network-layer-design.md (100%) rename {docs => templates/base/docs}/decisions/template.md (100%) rename {docs => templates/base/docs}/e2e/e2e-checks.md (100%) rename {docs => templates/base/docs}/feature-flags.md (100%) rename {docs => templates/base/docs}/infra/background-jobs.md (100%) rename {docs => templates/base/docs}/infra/cloud-access-control.md (100%) rename {docs => templates/base/docs}/infra/database-access-control.md (100%) rename {docs => templates/base/docs}/infra/destroy-infrastructure.md (100%) rename {docs => templates/base/docs}/infra/develop-and-test-infrastructure-in-isolation-using-workspaces.md (100%) rename {docs => templates/base/docs}/infra/environment-variables-and-secrets.md (100%) rename {docs => templates/base/docs}/infra/https-support.md (100%) rename {docs => templates/base/docs}/infra/infrastructure-configuration.md (100%) rename {docs => templates/base/docs}/infra/making-infra-changes.md (100%) rename {docs => templates/base/docs}/infra/module-architecture.md (100%) rename {docs => templates/base/docs}/infra/module-dependencies.md (100%) rename {docs => templates/base/docs}/infra/pull-request-environments.md (100%) rename {docs => templates/base/docs}/infra/service-command-execution.md (100%) rename {docs => templates/base/docs}/infra/set-up-app-build-repository.md (100%) rename {docs => templates/base/docs}/infra/set-up-app-env.md (100%) rename {docs => templates/base/docs}/infra/set-up-aws-account.md (100%) rename {docs => templates/base/docs}/infra/set-up-custom-domains.md (100%) rename {docs => templates/base/docs}/infra/set-up-database.md (100%) rename {docs => templates/base/docs}/infra/set-up-infrastructure-tools.md (100%) rename {docs => templates/base/docs}/infra/set-up-monitoring-alerts.md (100%) rename {docs => templates/base/docs}/infra/set-up-network.md (100%) rename {docs => templates/base/docs}/infra/set-up-public-internet-access.md (100%) rename {docs => templates/base/docs}/infra/style-guide.md (100%) rename {docs => templates/base/docs}/infra/system-notifications.md (100%) rename {docs => templates/base/docs}/infra/upgrade-database.md (100%) rename {docs => templates/base/docs}/infra/vulnerability-management.md (100%) rename {docs => templates/base/docs}/releases.md (100%) rename {docs => templates/base/docs}/system-architecture.md (100%) rename {e2e => templates/base/e2e}/.gitignore (100%) rename {e2e => templates/base/e2e}/Dockerfile (100%) rename {e2e => templates/base/e2e}/package-lock.json (100%) rename {e2e => templates/base/e2e}/package.json (100%) rename {e2e => templates/base/e2e}/playwright.config.js (100%) rename {e2e => templates/base/e2e}/run-e2e-test (100%) rename {e2e => templates/base/e2e}/util.js (100%) rename {infra => templates/base/infra}/.gitignore (100%) rename {infra => templates/base/infra}/README.md (100%) rename {infra => templates/base/infra}/accounts/main.tf (100%) rename {infra => templates/base/infra}/accounts/outputs.tf (100%) rename {infra => templates/base/infra}/example.s3.tfbackend (100%) rename {infra => templates/base/infra}/modules/auth-github-actions/README.md (100%) rename {infra => templates/base/infra}/modules/auth-github-actions/main.tf (100%) rename {infra => templates/base/infra}/modules/auth-github-actions/variables.tf (100%) rename {infra => templates/base/infra}/modules/container-image-repository/main.tf (100%) rename {infra => templates/base/infra}/modules/container-image-repository/outputs.tf (100%) rename {infra => templates/base/infra}/modules/container-image-repository/variables.tf (100%) rename {infra/modules/database/resources => templates/base/infra/modules/database}/.gitignore (100%) rename {infra => templates/base/infra}/modules/database/data/main.tf (100%) rename {infra => templates/base/infra}/modules/database/data/outputs.tf (100%) rename {infra => templates/base/infra}/modules/database/data/variables.tf (100%) rename {infra => templates/base/infra}/modules/database/interface/outputs.tf (100%) rename {infra => templates/base/infra}/modules/database/interface/variables.tf (100%) create mode 100644 templates/base/infra/modules/database/resources/.gitignore rename {infra => templates/base/infra}/modules/database/resources/authentication.tf (100%) rename {infra => templates/base/infra}/modules/database/resources/backups.tf (100%) rename {infra => templates/base/infra}/modules/database/resources/main.tf (100%) rename {infra => templates/base/infra}/modules/database/resources/monitoring.tf (100%) rename {infra => templates/base/infra}/modules/database/resources/networking.tf (100%) rename {infra => templates/base/infra}/modules/database/resources/outputs.tf (100%) rename {infra => templates/base/infra}/modules/database/resources/role_manager.tf (100%) rename {infra => templates/base/infra}/modules/database/resources/role_manager/check.py (100%) rename {infra => templates/base/infra}/modules/database/resources/role_manager/db.py (100%) rename {infra => templates/base/infra}/modules/database/resources/role_manager/manage.py (100%) rename {infra => templates/base/infra}/modules/database/resources/role_manager/requirements.txt (100%) rename {infra => templates/base/infra}/modules/database/resources/role_manager/role_manager.py (100%) rename {infra => templates/base/infra}/modules/database/resources/variables.tf (100%) rename {infra/modules/database/resources => templates/base/infra/modules/database}/role_manager.zip (100%) rename {infra => templates/base/infra}/modules/domain/data/main.tf (100%) rename {infra => templates/base/infra}/modules/domain/data/outputs.tf (100%) rename {infra => templates/base/infra}/modules/domain/data/variables.tf (100%) rename {infra => templates/base/infra}/modules/domain/resources/certificates.tf (100%) rename {infra => templates/base/infra}/modules/domain/resources/main.tf (100%) rename {infra => templates/base/infra}/modules/domain/resources/outputs.tf (100%) rename {infra => templates/base/infra}/modules/domain/resources/query_logs.tf (100%) rename {infra => templates/base/infra}/modules/domain/resources/variables.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider-client/resources/access_control.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider-client/resources/main.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider-client/resources/outputs.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider-client/resources/variables.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider/data/main.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider/data/outputs.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider/data/variables.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider/resources/main.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider/resources/outputs.tf (100%) rename {infra => templates/base/infra}/modules/identity-provider/resources/variables.tf (100%) rename {infra => templates/base/infra}/modules/monitoring/main.tf (100%) rename {infra => templates/base/infra}/modules/monitoring/outputs.tf (100%) rename {infra => templates/base/infra}/modules/monitoring/variables.tf (100%) rename {infra => templates/base/infra}/modules/network/data/main.tf (100%) rename {infra => templates/base/infra}/modules/network/data/outputs.tf (100%) rename {infra => templates/base/infra}/modules/network/data/variables.tf (100%) rename {infra => templates/base/infra}/modules/network/interface/outputs.tf (100%) rename {infra => templates/base/infra}/modules/network/interface/variables.tf (100%) rename {infra => templates/base/infra}/modules/network/resources/main.tf (100%) rename {infra => templates/base/infra}/modules/network/resources/variables.tf (100%) rename {infra => templates/base/infra}/modules/network/resources/vpc_endpoints.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/data/main.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/data/outputs.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/data/variables.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/resources/access_control.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/resources/dns.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/resources/logs.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/resources/main.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/resources/outputs.tf (100%) rename {infra => templates/base/infra}/modules/notifications-email-domain/resources/variables.tf (100%) rename {infra => templates/base/infra}/modules/notifications/resources/access_control.tf (100%) rename {infra => templates/base/infra}/modules/notifications/resources/email.tf (100%) rename {infra => templates/base/infra}/modules/notifications/resources/main.tf (100%) rename {infra => templates/base/infra}/modules/notifications/resources/outputs.tf (100%) rename {infra => templates/base/infra}/modules/notifications/resources/variables.tf (100%) rename {infra => templates/base/infra}/modules/secret/main.tf (100%) rename {infra => templates/base/infra}/modules/secret/outputs.tf (100%) rename {infra => templates/base/infra}/modules/secret/variables.tf (100%) rename {infra => templates/base/infra}/modules/service/access_control.tf (100%) rename {infra => templates/base/infra}/modules/service/access_logs.tf (100%) rename {infra => templates/base/infra}/modules/service/application_logs.tf (100%) rename {infra => templates/base/infra}/modules/service/command_execution.tf (100%) rename {infra => templates/base/infra}/modules/service/database_access.tf (100%) rename {infra => templates/base/infra}/modules/service/dns.tf (100%) rename {infra => templates/base/infra}/modules/service/events_jobs.tf (100%) rename {infra => templates/base/infra}/modules/service/events_role.tf (100%) rename {infra => templates/base/infra}/modules/service/load_balancer.tf (100%) rename {infra => templates/base/infra}/modules/service/main.tf (100%) rename {infra => templates/base/infra}/modules/service/networking.tf (100%) rename {infra => templates/base/infra}/modules/service/outputs.tf (100%) rename {infra => templates/base/infra}/modules/service/scheduled_jobs.tf (100%) rename {infra => templates/base/infra}/modules/service/scheduler_role.tf (100%) rename {infra => templates/base/infra}/modules/service/variables.tf (100%) rename {infra => templates/base/infra}/modules/service/workflow_orchestrator_role.tf (100%) rename {infra => templates/base/infra}/modules/storage/access_control.tf (100%) rename {infra => templates/base/infra}/modules/storage/encryption.tf (100%) rename {infra => templates/base/infra}/modules/storage/events.tf (100%) rename {infra => templates/base/infra}/modules/storage/lifecycle.tf (100%) rename {infra => templates/base/infra}/modules/storage/main.tf (100%) rename {infra => templates/base/infra}/modules/storage/outputs.tf (100%) rename {infra => templates/base/infra}/modules/storage/variables.tf (100%) rename {infra => templates/base/infra}/modules/terraform-backend-s3/README.md (100%) rename {infra => templates/base/infra}/modules/terraform-backend-s3/main.tf (100%) rename {infra => templates/base/infra}/modules/terraform-backend-s3/outputs.tf (100%) rename {infra => templates/base/infra}/modules/terraform-backend-s3/variables.tf (100%) rename {infra => templates/base/infra}/networks/main.tf.jinja (100%) rename {infra => templates/base/infra}/networks/outputs.tf (100%) rename {infra => templates/base/infra}/networks/variables.tf (100%) rename {infra => templates/base/infra}/project-config/README.md (100%) rename {infra => templates/base/infra}/project-config/aws_services.tf (100%) rename {infra => templates/base/infra}/project-config/main.tf.jinja (100%) rename {infra => templates/base/infra}/project-config/networks.tf (100%) rename {infra => templates/base/infra}/project-config/outputs.tf (100%) rename {infra => templates/base/infra}/project-config/system_notifications.tf (100%) rename {infra => templates/base/infra}/test/go.mod (100%) rename {infra => templates/base/infra}/test/go.sum (100%) rename {infra => templates/base/infra}/test/helpers.go (100%) rename {infra => templates/base/infra}/test/infra_test.go (100%) diff --git a/.github/workflows/template-only-ci-infra.yml b/.github/workflows/template-only-ci-infra.yml index 0c5ed7a44..f21e986db 100644 --- a/.github/workflows/template-only-ci-infra.yml +++ b/.github/workflows/template-only-ci-infra.yml @@ -6,8 +6,8 @@ on: - main pull_request: paths: - - bin/** - - infra/** + - templates/*/bin/** + - templates/*/infra/** - template-only-bin/** - template-only-infra/** - template-only-test/** @@ -40,7 +40,7 @@ jobs: - name: Set up Terraform uses: ./template-infra/.github/actions/setup-terraform with: - version-file: ./template-infra/.terraform-version + version-file: ./template-infra/templates/base/.terraform-version - uses: actions/setup-go@v5 with: diff --git a/copier.yml b/copier.yml index fb149e5f6..2392dccd1 100644 --- a/copier.yml +++ b/copier.yml @@ -100,10 +100,4 @@ _skip_if_exists: - "/{{ app_name }}/" - "/{{ app_name }}/Makefile" -_exclude: - - /.git - - /copier.yml - - /CODEOWNERS - - /CONTRIBUTING.md - - /LICENSE.md - - /README.md +_subdirectory: templates/{{ template }} diff --git a/.github/workflows/cd-{{app_name}}.yml.jinja b/templates/app/.github/workflows/cd-{{app_name}}.yml.jinja similarity index 100% rename from .github/workflows/cd-{{app_name}}.yml.jinja rename to templates/app/.github/workflows/cd-{{app_name}}.yml.jinja diff --git a/.github/workflows/ci-{{app_name}}-infra-service.yml.jinja b/templates/app/.github/workflows/ci-{{app_name}}-infra-service.yml.jinja similarity index 100% rename from .github/workflows/ci-{{app_name}}-infra-service.yml.jinja rename to templates/app/.github/workflows/ci-{{app_name}}-infra-service.yml.jinja diff --git a/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja b/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja similarity index 100% rename from .github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja rename to templates/app/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja diff --git a/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja b/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja similarity index 100% rename from .github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja rename to templates/app/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja diff --git a/.github/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja b/templates/app/.github/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja similarity index 100% rename from .github/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja rename to templates/app/.github/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja diff --git a/.template-infra/{{_copier_conf.answers_file}}.jinja b/templates/app/.template-infra/{{_copier_conf.answers_file}}.jinja similarity index 100% rename from .template-infra/{{_copier_conf.answers_file}}.jinja rename to templates/app/.template-infra/{{_copier_conf.answers_file}}.jinja diff --git a/e2e/{{app_name}}/playwright.config.js.jinja b/templates/app/e2e/{{app_name}}/playwright.config.js.jinja similarity index 100% rename from e2e/{{app_name}}/playwright.config.js.jinja rename to templates/app/e2e/{{app_name}}/playwright.config.js.jinja diff --git a/e2e/{{app_name}}/tests/index.spec.js b/templates/app/e2e/{{app_name}}/tests/index.spec.js similarity index 100% rename from e2e/{{app_name}}/tests/index.spec.js rename to templates/app/e2e/{{app_name}}/tests/index.spec.js diff --git a/infra/{{app_name}}/app-config/build_repository.tf b/templates/app/infra/{{app_name}}/app-config/build_repository.tf similarity index 100% rename from infra/{{app_name}}/app-config/build_repository.tf rename to templates/app/infra/{{app_name}}/app-config/build_repository.tf diff --git a/infra/{{app_name}}/app-config/dev.tf b/templates/app/infra/{{app_name}}/app-config/dev.tf similarity index 100% rename from infra/{{app_name}}/app-config/dev.tf rename to templates/app/infra/{{app_name}}/app-config/dev.tf diff --git a/infra/{{app_name}}/app-config/env-config/database.tf b/templates/app/infra/{{app_name}}/app-config/env-config/database.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/database.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/database.tf diff --git a/infra/{{app_name}}/app-config/env-config/domain.tf b/templates/app/infra/{{app_name}}/app-config/env-config/domain.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/domain.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/domain.tf diff --git a/infra/{{app_name}}/app-config/env-config/environment_variables.tf b/templates/app/infra/{{app_name}}/app-config/env-config/environment_variables.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/environment_variables.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/environment_variables.tf diff --git a/infra/{{app_name}}/app-config/env-config/file_upload_jobs.tf b/templates/app/infra/{{app_name}}/app-config/env-config/file_upload_jobs.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/file_upload_jobs.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/file_upload_jobs.tf diff --git a/infra/{{app_name}}/app-config/env-config/identity_provider.tf b/templates/app/infra/{{app_name}}/app-config/env-config/identity_provider.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/identity_provider.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/identity_provider.tf diff --git a/infra/{{app_name}}/app-config/env-config/main.tf b/templates/app/infra/{{app_name}}/app-config/env-config/main.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/main.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/main.tf diff --git a/infra/{{app_name}}/app-config/env-config/notifications.tf b/templates/app/infra/{{app_name}}/app-config/env-config/notifications.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/notifications.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/notifications.tf diff --git a/infra/{{app_name}}/app-config/env-config/outputs.tf b/templates/app/infra/{{app_name}}/app-config/env-config/outputs.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/outputs.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/outputs.tf diff --git a/infra/{{app_name}}/app-config/env-config/scheduled_jobs.tf b/templates/app/infra/{{app_name}}/app-config/env-config/scheduled_jobs.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/scheduled_jobs.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/scheduled_jobs.tf diff --git a/infra/{{app_name}}/app-config/env-config/variables.tf b/templates/app/infra/{{app_name}}/app-config/env-config/variables.tf similarity index 100% rename from infra/{{app_name}}/app-config/env-config/variables.tf rename to templates/app/infra/{{app_name}}/app-config/env-config/variables.tf diff --git a/infra/{{app_name}}/app-config/main.tf b/templates/app/infra/{{app_name}}/app-config/main.tf similarity index 100% rename from infra/{{app_name}}/app-config/main.tf rename to templates/app/infra/{{app_name}}/app-config/main.tf diff --git a/infra/{{app_name}}/app-config/outputs.tf b/templates/app/infra/{{app_name}}/app-config/outputs.tf similarity index 100% rename from infra/{{app_name}}/app-config/outputs.tf rename to templates/app/infra/{{app_name}}/app-config/outputs.tf diff --git a/infra/{{app_name}}/app-config/prod.tf b/templates/app/infra/{{app_name}}/app-config/prod.tf similarity index 100% rename from infra/{{app_name}}/app-config/prod.tf rename to templates/app/infra/{{app_name}}/app-config/prod.tf diff --git a/infra/{{app_name}}/app-config/staging.tf b/templates/app/infra/{{app_name}}/app-config/staging.tf similarity index 100% rename from infra/{{app_name}}/app-config/staging.tf rename to templates/app/infra/{{app_name}}/app-config/staging.tf diff --git a/infra/{{app_name}}/build-repository/main.tf b/templates/app/infra/{{app_name}}/build-repository/main.tf similarity index 100% rename from infra/{{app_name}}/build-repository/main.tf rename to templates/app/infra/{{app_name}}/build-repository/main.tf diff --git a/infra/{{app_name}}/database/main.tf b/templates/app/infra/{{app_name}}/database/main.tf similarity index 100% rename from infra/{{app_name}}/database/main.tf rename to templates/app/infra/{{app_name}}/database/main.tf diff --git a/infra/{{app_name}}/database/network.tf b/templates/app/infra/{{app_name}}/database/network.tf similarity index 100% rename from infra/{{app_name}}/database/network.tf rename to templates/app/infra/{{app_name}}/database/network.tf diff --git a/infra/{{app_name}}/database/outputs.tf b/templates/app/infra/{{app_name}}/database/outputs.tf similarity index 100% rename from infra/{{app_name}}/database/outputs.tf rename to templates/app/infra/{{app_name}}/database/outputs.tf diff --git a/infra/{{app_name}}/database/variables.tf b/templates/app/infra/{{app_name}}/database/variables.tf similarity index 100% rename from infra/{{app_name}}/database/variables.tf rename to templates/app/infra/{{app_name}}/database/variables.tf diff --git a/infra/{{app_name}}/service/database.tf b/templates/app/infra/{{app_name}}/service/database.tf similarity index 100% rename from infra/{{app_name}}/service/database.tf rename to templates/app/infra/{{app_name}}/service/database.tf diff --git a/infra/{{app_name}}/service/domain.tf b/templates/app/infra/{{app_name}}/service/domain.tf similarity index 100% rename from infra/{{app_name}}/service/domain.tf rename to templates/app/infra/{{app_name}}/service/domain.tf diff --git a/infra/{{app_name}}/service/identity_provider.tf b/templates/app/infra/{{app_name}}/service/identity_provider.tf similarity index 100% rename from infra/{{app_name}}/service/identity_provider.tf rename to templates/app/infra/{{app_name}}/service/identity_provider.tf diff --git a/infra/{{app_name}}/service/image_tag.tf b/templates/app/infra/{{app_name}}/service/image_tag.tf similarity index 100% rename from infra/{{app_name}}/service/image_tag.tf rename to templates/app/infra/{{app_name}}/service/image_tag.tf diff --git a/infra/{{app_name}}/service/main.tf b/templates/app/infra/{{app_name}}/service/main.tf similarity index 100% rename from infra/{{app_name}}/service/main.tf rename to templates/app/infra/{{app_name}}/service/main.tf diff --git a/infra/{{app_name}}/service/monitoring.tf b/templates/app/infra/{{app_name}}/service/monitoring.tf similarity index 100% rename from infra/{{app_name}}/service/monitoring.tf rename to templates/app/infra/{{app_name}}/service/monitoring.tf diff --git a/infra/{{app_name}}/service/network.tf b/templates/app/infra/{{app_name}}/service/network.tf similarity index 100% rename from infra/{{app_name}}/service/network.tf rename to templates/app/infra/{{app_name}}/service/network.tf diff --git a/infra/{{app_name}}/service/notifications.tf b/templates/app/infra/{{app_name}}/service/notifications.tf similarity index 100% rename from infra/{{app_name}}/service/notifications.tf rename to templates/app/infra/{{app_name}}/service/notifications.tf diff --git a/infra/{{app_name}}/service/outputs.tf b/templates/app/infra/{{app_name}}/service/outputs.tf similarity index 100% rename from infra/{{app_name}}/service/outputs.tf rename to templates/app/infra/{{app_name}}/service/outputs.tf diff --git a/infra/{{app_name}}/service/secrets.tf b/templates/app/infra/{{app_name}}/service/secrets.tf similarity index 100% rename from infra/{{app_name}}/service/secrets.tf rename to templates/app/infra/{{app_name}}/service/secrets.tf diff --git a/infra/{{app_name}}/service/storage.tf b/templates/app/infra/{{app_name}}/service/storage.tf similarity index 100% rename from infra/{{app_name}}/service/storage.tf rename to templates/app/infra/{{app_name}}/service/storage.tf diff --git a/infra/{{app_name}}/service/variables.tf b/templates/app/infra/{{app_name}}/service/variables.tf similarity index 100% rename from infra/{{app_name}}/service/variables.tf rename to templates/app/infra/{{app_name}}/service/variables.tf diff --git a/{{app_name}}/Makefile b/templates/app/{{app_name}}/Makefile similarity index 100% rename from {{app_name}}/Makefile rename to templates/app/{{app_name}}/Makefile diff --git a/.dockleconfig b/templates/base/.dockleconfig similarity index 100% rename from .dockleconfig rename to templates/base/.dockleconfig diff --git a/.github/actions/configure-aws-credentials/action.yml b/templates/base/.github/actions/configure-aws-credentials/action.yml similarity index 100% rename from .github/actions/configure-aws-credentials/action.yml rename to templates/base/.github/actions/configure-aws-credentials/action.yml diff --git a/.github/actions/first-file/action.yml b/templates/base/.github/actions/first-file/action.yml similarity index 100% rename from .github/actions/first-file/action.yml rename to templates/base/.github/actions/first-file/action.yml diff --git a/templates/base/.github/actions/setup-terraform/action.yml b/templates/base/.github/actions/setup-terraform/action.yml new file mode 100644 index 000000000..80d17aef7 --- /dev/null +++ b/templates/base/.github/actions/setup-terraform/action.yml @@ -0,0 +1,21 @@ +name: "Set up Terraform" +description: "Set up Terraform with the version stored in the .terraform-version file" +inputs: + version-file: + description: "File containing the terraform version to use." + default: ".terraform-version" +runs: + using: "composite" + steps: + - name: Get Terraform version + id: get-terraform-version + run: | + terraform_version="$(cat ${{ inputs.version-file }})" + echo "Terraform version: ${terraform_version}" + echo "terraform_version=${terraform_version}" >> "$GITHUB_OUTPUT" + shell: bash + - name: Set up Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: ${{ steps.get-terraform-version.outputs.terraform_version }} + terraform_wrapper: false diff --git a/templates/base/.github/pull_request_template.md b/templates/base/.github/pull_request_template.md new file mode 100644 index 000000000..a7db834a4 --- /dev/null +++ b/templates/base/.github/pull_request_template.md @@ -0,0 +1,15 @@ +## Ticket + +Resolves #{TICKET NUMBER OR URL} + +## Changes + +> What was added, updated, or removed in this PR. + +## Context for reviewers + +> Testing instructions, background context, more in-depth details of the implementation, and anything else you'd like to call out or ask reviewers. + +## Testing + +> Provide evidence that the code works as expected. Explain what was done for testing and the results of the test plan. Include screenshots, [GIF demos](https://www.cockos.com/licecap/), shell commands or output to help show the changes working as expected. ProTip: you can drag and drop or paste images into this textbox. diff --git a/.github/workflows/README.md b/templates/base/.github/workflows/README.md similarity index 81% rename from .github/workflows/README.md rename to templates/base/.github/workflows/README.md index 9ae197a35..78c34e051 100644 --- a/.github/workflows/README.md +++ b/templates/base/.github/workflows/README.md @@ -10,11 +10,11 @@ Each app should have: - `ci-`: must be created; should run linting and testing - `ci--vulnerability-scans`: calls `vulnerability-scans` - - Based on [ci-{{app_name}}-vulnerability-scans](https://github.com/navapbc/template-infra/blob/main/.github/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja) + - Based on [ci-{{app_name}}-vulnerability-scans](https://github.com/navapbc/template-infra/blob/main/templates/app/.github/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja) - `ci--pr-environment-checks.yml`: calls `pr-environment-checks.yml` to create or update a pull request environment (see [pull request environments](/docs/infra/pull-request-environments.md)) - - Based on [ci-{{app_name}}-pr-environment-checks.yml](https://github.com/navapbc/template-infra/blob/main/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja) + - Based on [ci-{{app_name}}-pr-environment-checks.yml](https://github.com/navapbc/template-infra/blob/main/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja) - `ci--pr-environment-destroy.yml`: calls `pr-environment-destroy.yml` to destroy the pull request environment (see [pull request environments](/docs/infra/pull-request-environments.md)) - - Based on [ci-{{app_name}}-pr-environment-destroy.yml](https://github.com/navapbc/template-infra/blob/main/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja) + - Based on [ci-{{app_name}}-pr-environment-destroy.yml](https://github.com/navapbc/template-infra/blob/main/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja) ### App-agnostic workflows @@ -27,7 +27,7 @@ Each app should have: Each app should have: - `cd-`: deploys an application - - Based on [`cd-{{app_name}}`](https://github.com/navapbc/template-infra/blob/main/.github/workflows/cd-{{app_name}}.yml.jinja) + - Based on [`cd-{{app_name}}`](https://github.com/navapbc/template-infra/blob/main/templates/app/.github/workflows/cd-{{app_name}}.yml.jinja) The CD workflow uses these reusable workflows: diff --git a/.github/workflows/build-and-publish.yml b/templates/base/.github/workflows/build-and-publish.yml similarity index 100% rename from .github/workflows/build-and-publish.yml rename to templates/base/.github/workflows/build-and-publish.yml diff --git a/.github/workflows/check-ci-cd-auth.yml b/templates/base/.github/workflows/check-ci-cd-auth.yml similarity index 100% rename from .github/workflows/check-ci-cd-auth.yml rename to templates/base/.github/workflows/check-ci-cd-auth.yml diff --git a/.github/workflows/check-infra-deploy-status.yml b/templates/base/.github/workflows/check-infra-deploy-status.yml similarity index 100% rename from .github/workflows/check-infra-deploy-status.yml rename to templates/base/.github/workflows/check-infra-deploy-status.yml diff --git a/.github/workflows/ci-docs.yml b/templates/base/.github/workflows/ci-docs.yml similarity index 100% rename from .github/workflows/ci-docs.yml rename to templates/base/.github/workflows/ci-docs.yml diff --git a/.github/workflows/ci-infra.yml b/templates/base/.github/workflows/ci-infra.yml similarity index 100% rename from .github/workflows/ci-infra.yml rename to templates/base/.github/workflows/ci-infra.yml diff --git a/.github/workflows/database-migrations.yml b/templates/base/.github/workflows/database-migrations.yml similarity index 100% rename from .github/workflows/database-migrations.yml rename to templates/base/.github/workflows/database-migrations.yml diff --git a/.github/workflows/deploy.yml b/templates/base/.github/workflows/deploy.yml similarity index 100% rename from .github/workflows/deploy.yml rename to templates/base/.github/workflows/deploy.yml diff --git a/.github/workflows/e2e-tests.yml b/templates/base/.github/workflows/e2e-tests.yml similarity index 100% rename from .github/workflows/e2e-tests.yml rename to templates/base/.github/workflows/e2e-tests.yml diff --git a/.github/workflows/markdownlint-config.json b/templates/base/.github/workflows/markdownlint-config.json similarity index 100% rename from .github/workflows/markdownlint-config.json rename to templates/base/.github/workflows/markdownlint-config.json diff --git a/.github/workflows/pr-environment-checks.yml b/templates/base/.github/workflows/pr-environment-checks.yml similarity index 100% rename from .github/workflows/pr-environment-checks.yml rename to templates/base/.github/workflows/pr-environment-checks.yml diff --git a/.github/workflows/pr-environment-destroy.yml b/templates/base/.github/workflows/pr-environment-destroy.yml similarity index 100% rename from .github/workflows/pr-environment-destroy.yml rename to templates/base/.github/workflows/pr-environment-destroy.yml diff --git a/.github/workflows/scan-orphaned-pr-environments.yml b/templates/base/.github/workflows/scan-orphaned-pr-environments.yml similarity index 100% rename from .github/workflows/scan-orphaned-pr-environments.yml rename to templates/base/.github/workflows/scan-orphaned-pr-environments.yml diff --git a/.github/workflows/send-system-notification.yml b/templates/base/.github/workflows/send-system-notification.yml similarity index 100% rename from .github/workflows/send-system-notification.yml rename to templates/base/.github/workflows/send-system-notification.yml diff --git a/.github/workflows/vulnerability-scans.yml b/templates/base/.github/workflows/vulnerability-scans.yml similarity index 100% rename from .github/workflows/vulnerability-scans.yml rename to templates/base/.github/workflows/vulnerability-scans.yml diff --git a/templates/base/.gitignore b/templates/base/.gitignore new file mode 100644 index 000000000..6b1bc4956 --- /dev/null +++ b/templates/base/.gitignore @@ -0,0 +1,20 @@ +# Ignore Terraform lock files +# As of Feb 2023, Terraform lock files, while well intentioned, have a tendency +# to get into a confusing state that requires recreating the lock file, which +# defeats the purpose. Moreover, lock files are per environment, which can make +# it difficult for people to upgrade dependencies (e.g. upgrade an AWS provider) +# across environments if certain environments are locked down (e.g. production). +.terraform.lock.hcl + +# MacOS files +.DS_Store + +# Ignore develop-specific VS code settings files +.vscode + +# Ignore local environment variables which can contain environment secrets +.env +.envrc + +# Python testing stuff +*__pycache__* diff --git a/.grype.yml b/templates/base/.grype.yml similarity index 100% rename from .grype.yml rename to templates/base/.grype.yml diff --git a/.hadolint.yaml b/templates/base/.hadolint.yaml similarity index 100% rename from .hadolint.yaml rename to templates/base/.hadolint.yaml diff --git a/templates/base/.template-infra/{{_copier_conf.answers_file}}.jinja b/templates/base/.template-infra/{{_copier_conf.answers_file}}.jinja new file mode 100644 index 000000000..a96840d68 --- /dev/null +++ b/templates/base/.template-infra/{{_copier_conf.answers_file}}.jinja @@ -0,0 +1,2 @@ +# Changes here will be overwritten by Copier +{{ _copier_answers|to_nice_yaml -}} diff --git a/.terraform-version b/templates/base/.terraform-version similarity index 100% rename from .terraform-version rename to templates/base/.terraform-version diff --git a/.trivyignore b/templates/base/.trivyignore similarity index 100% rename from .trivyignore rename to templates/base/.trivyignore diff --git a/Makefile b/templates/base/Makefile similarity index 100% rename from Makefile rename to templates/base/Makefile diff --git a/bin/account-ids-by-name b/templates/base/bin/account-ids-by-name similarity index 100% rename from bin/account-ids-by-name rename to templates/base/bin/account-ids-by-name diff --git a/bin/check-database-roles b/templates/base/bin/check-database-roles similarity index 100% rename from bin/check-database-roles rename to templates/base/bin/check-database-roles diff --git a/bin/check-github-actions-auth b/templates/base/bin/check-github-actions-auth similarity index 100% rename from bin/check-github-actions-auth rename to templates/base/bin/check-github-actions-auth diff --git a/bin/configure-monitoring-secret b/templates/base/bin/configure-monitoring-secret similarity index 100% rename from bin/configure-monitoring-secret rename to templates/base/bin/configure-monitoring-secret diff --git a/bin/create-or-update-database-roles b/templates/base/bin/create-or-update-database-roles similarity index 100% rename from bin/create-or-update-database-roles rename to templates/base/bin/create-or-update-database-roles diff --git a/bin/create-tfbackend b/templates/base/bin/create-tfbackend similarity index 100% rename from bin/create-tfbackend rename to templates/base/bin/create-tfbackend diff --git a/bin/current-account-alias b/templates/base/bin/current-account-alias similarity index 100% rename from bin/current-account-alias rename to templates/base/bin/current-account-alias diff --git a/bin/current-account-config-name b/templates/base/bin/current-account-config-name similarity index 100% rename from bin/current-account-config-name rename to templates/base/bin/current-account-config-name diff --git a/bin/current-account-id b/templates/base/bin/current-account-id similarity index 100% rename from bin/current-account-id rename to templates/base/bin/current-account-id diff --git a/bin/current-region b/templates/base/bin/current-region similarity index 100% rename from bin/current-region rename to templates/base/bin/current-region diff --git a/bin/deploy-release b/templates/base/bin/deploy-release similarity index 100% rename from bin/deploy-release rename to templates/base/bin/deploy-release diff --git a/bin/destroy-pr-environment b/templates/base/bin/destroy-pr-environment similarity index 100% rename from bin/destroy-pr-environment rename to templates/base/bin/destroy-pr-environment diff --git a/bin/infra-deploy-status-check-configs b/templates/base/bin/infra-deploy-status-check-configs similarity index 100% rename from bin/infra-deploy-status-check-configs rename to templates/base/bin/infra-deploy-status-check-configs diff --git a/bin/is-image-published b/templates/base/bin/is-image-published similarity index 100% rename from bin/is-image-published rename to templates/base/bin/is-image-published diff --git a/bin/lint-markdown b/templates/base/bin/lint-markdown similarity index 100% rename from bin/lint-markdown rename to templates/base/bin/lint-markdown diff --git a/bin/orphaned-pr-environments b/templates/base/bin/orphaned-pr-environments similarity index 100% rename from bin/orphaned-pr-environments rename to templates/base/bin/orphaned-pr-environments diff --git a/bin/publish-release b/templates/base/bin/publish-release similarity index 100% rename from bin/publish-release rename to templates/base/bin/publish-release diff --git a/bin/run-command b/templates/base/bin/run-command similarity index 100% rename from bin/run-command rename to templates/base/bin/run-command diff --git a/bin/run-database-migrations b/templates/base/bin/run-database-migrations similarity index 100% rename from bin/run-database-migrations rename to templates/base/bin/run-database-migrations diff --git a/bin/set-up-current-account b/templates/base/bin/set-up-current-account similarity index 100% rename from bin/set-up-current-account rename to templates/base/bin/set-up-current-account diff --git a/bin/terraform-apply b/templates/base/bin/terraform-apply similarity index 100% rename from bin/terraform-apply rename to templates/base/bin/terraform-apply diff --git a/bin/terraform-init b/templates/base/bin/terraform-init similarity index 100% rename from bin/terraform-init rename to templates/base/bin/terraform-init diff --git a/bin/terraform-init-and-apply b/templates/base/bin/terraform-init-and-apply similarity index 100% rename from bin/terraform-init-and-apply rename to templates/base/bin/terraform-init-and-apply diff --git a/bin/update-pr-environment b/templates/base/bin/update-pr-environment similarity index 100% rename from bin/update-pr-environment rename to templates/base/bin/update-pr-environment diff --git a/bin/util.sh b/templates/base/bin/util.sh similarity index 100% rename from bin/util.sh rename to templates/base/bin/util.sh diff --git a/docs/code-reviews.md b/templates/base/docs/code-reviews.md similarity index 100% rename from docs/code-reviews.md rename to templates/base/docs/code-reviews.md diff --git a/docs/compliance.md b/templates/base/docs/compliance.md similarity index 100% rename from docs/compliance.md rename to templates/base/docs/compliance.md diff --git a/docs/decisions/index.md b/templates/base/docs/decisions/index.md similarity index 100% rename from docs/decisions/index.md rename to templates/base/docs/decisions/index.md diff --git a/docs/decisions/infra/0000-use-markdown-architectural-decision-records.md b/templates/base/docs/decisions/infra/0000-use-markdown-architectural-decision-records.md similarity index 100% rename from docs/decisions/infra/0000-use-markdown-architectural-decision-records.md rename to templates/base/docs/decisions/infra/0000-use-markdown-architectural-decision-records.md diff --git a/docs/decisions/infra/0001-ci-cd-interface.md b/templates/base/docs/decisions/infra/0001-ci-cd-interface.md similarity index 100% rename from docs/decisions/infra/0001-ci-cd-interface.md rename to templates/base/docs/decisions/infra/0001-ci-cd-interface.md diff --git a/docs/decisions/infra/0002-use-custom-implementation-of-github-oidc.md b/templates/base/docs/decisions/infra/0002-use-custom-implementation-of-github-oidc.md similarity index 100% rename from docs/decisions/infra/0002-use-custom-implementation-of-github-oidc.md rename to templates/base/docs/decisions/infra/0002-use-custom-implementation-of-github-oidc.md diff --git a/docs/decisions/infra/0003-manage-ecr-in-prod-account-module.md b/templates/base/docs/decisions/infra/0003-manage-ecr-in-prod-account-module.md similarity index 100% rename from docs/decisions/infra/0003-manage-ecr-in-prod-account-module.md rename to templates/base/docs/decisions/infra/0003-manage-ecr-in-prod-account-module.md diff --git a/docs/decisions/infra/0004-separate-terraform-backend-configs-into-separate-config-files.md b/templates/base/docs/decisions/infra/0004-separate-terraform-backend-configs-into-separate-config-files.md similarity index 100% rename from docs/decisions/infra/0004-separate-terraform-backend-configs-into-separate-config-files.md rename to templates/base/docs/decisions/infra/0004-separate-terraform-backend-configs-into-separate-config-files.md diff --git a/docs/decisions/infra/0005-separate-database-infrastructure-into-separate-layer.md b/templates/base/docs/decisions/infra/0005-separate-database-infrastructure-into-separate-layer.md similarity index 100% rename from docs/decisions/infra/0005-separate-database-infrastructure-into-separate-layer.md rename to templates/base/docs/decisions/infra/0005-separate-database-infrastructure-into-separate-layer.md diff --git a/docs/decisions/infra/0006-provision-database-users-with-serverless-function.md b/templates/base/docs/decisions/infra/0006-provision-database-users-with-serverless-function.md similarity index 100% rename from docs/decisions/infra/0006-provision-database-users-with-serverless-function.md rename to templates/base/docs/decisions/infra/0006-provision-database-users-with-serverless-function.md diff --git a/docs/decisions/infra/0007-database-migration-architecture.md b/templates/base/docs/decisions/infra/0007-database-migration-architecture.md similarity index 100% rename from docs/decisions/infra/0007-database-migration-architecture.md rename to templates/base/docs/decisions/infra/0007-database-migration-architecture.md diff --git a/docs/decisions/infra/0008-consolidate-infra-config-from-tfvars-files-into-config-module.md b/templates/base/docs/decisions/infra/0008-consolidate-infra-config-from-tfvars-files-into-config-module.md similarity index 100% rename from docs/decisions/infra/0008-consolidate-infra-config-from-tfvars-files-into-config-module.md rename to templates/base/docs/decisions/infra/0008-consolidate-infra-config-from-tfvars-files-into-config-module.md diff --git a/docs/decisions/infra/0009-separate-app-infrastructure-into-layers.md b/templates/base/docs/decisions/infra/0009-separate-app-infrastructure-into-layers.md similarity index 100% rename from docs/decisions/infra/0009-separate-app-infrastructure-into-layers.md rename to templates/base/docs/decisions/infra/0009-separate-app-infrastructure-into-layers.md diff --git a/docs/decisions/infra/0010-feature-flags-system-design.md b/templates/base/docs/decisions/infra/0010-feature-flags-system-design.md similarity index 100% rename from docs/decisions/infra/0010-feature-flags-system-design.md rename to templates/base/docs/decisions/infra/0010-feature-flags-system-design.md diff --git a/docs/decisions/infra/0011-network-layer-design.md b/templates/base/docs/decisions/infra/0011-network-layer-design.md similarity index 100% rename from docs/decisions/infra/0011-network-layer-design.md rename to templates/base/docs/decisions/infra/0011-network-layer-design.md diff --git a/docs/decisions/template.md b/templates/base/docs/decisions/template.md similarity index 100% rename from docs/decisions/template.md rename to templates/base/docs/decisions/template.md diff --git a/docs/e2e/e2e-checks.md b/templates/base/docs/e2e/e2e-checks.md similarity index 100% rename from docs/e2e/e2e-checks.md rename to templates/base/docs/e2e/e2e-checks.md diff --git a/docs/feature-flags.md b/templates/base/docs/feature-flags.md similarity index 100% rename from docs/feature-flags.md rename to templates/base/docs/feature-flags.md diff --git a/docs/infra/background-jobs.md b/templates/base/docs/infra/background-jobs.md similarity index 100% rename from docs/infra/background-jobs.md rename to templates/base/docs/infra/background-jobs.md diff --git a/docs/infra/cloud-access-control.md b/templates/base/docs/infra/cloud-access-control.md similarity index 100% rename from docs/infra/cloud-access-control.md rename to templates/base/docs/infra/cloud-access-control.md diff --git a/docs/infra/database-access-control.md b/templates/base/docs/infra/database-access-control.md similarity index 100% rename from docs/infra/database-access-control.md rename to templates/base/docs/infra/database-access-control.md diff --git a/docs/infra/destroy-infrastructure.md b/templates/base/docs/infra/destroy-infrastructure.md similarity index 100% rename from docs/infra/destroy-infrastructure.md rename to templates/base/docs/infra/destroy-infrastructure.md diff --git a/docs/infra/develop-and-test-infrastructure-in-isolation-using-workspaces.md b/templates/base/docs/infra/develop-and-test-infrastructure-in-isolation-using-workspaces.md similarity index 100% rename from docs/infra/develop-and-test-infrastructure-in-isolation-using-workspaces.md rename to templates/base/docs/infra/develop-and-test-infrastructure-in-isolation-using-workspaces.md diff --git a/docs/infra/environment-variables-and-secrets.md b/templates/base/docs/infra/environment-variables-and-secrets.md similarity index 100% rename from docs/infra/environment-variables-and-secrets.md rename to templates/base/docs/infra/environment-variables-and-secrets.md diff --git a/docs/infra/https-support.md b/templates/base/docs/infra/https-support.md similarity index 100% rename from docs/infra/https-support.md rename to templates/base/docs/infra/https-support.md diff --git a/docs/infra/infrastructure-configuration.md b/templates/base/docs/infra/infrastructure-configuration.md similarity index 100% rename from docs/infra/infrastructure-configuration.md rename to templates/base/docs/infra/infrastructure-configuration.md diff --git a/docs/infra/making-infra-changes.md b/templates/base/docs/infra/making-infra-changes.md similarity index 100% rename from docs/infra/making-infra-changes.md rename to templates/base/docs/infra/making-infra-changes.md diff --git a/docs/infra/module-architecture.md b/templates/base/docs/infra/module-architecture.md similarity index 100% rename from docs/infra/module-architecture.md rename to templates/base/docs/infra/module-architecture.md diff --git a/docs/infra/module-dependencies.md b/templates/base/docs/infra/module-dependencies.md similarity index 100% rename from docs/infra/module-dependencies.md rename to templates/base/docs/infra/module-dependencies.md diff --git a/docs/infra/pull-request-environments.md b/templates/base/docs/infra/pull-request-environments.md similarity index 100% rename from docs/infra/pull-request-environments.md rename to templates/base/docs/infra/pull-request-environments.md diff --git a/docs/infra/service-command-execution.md b/templates/base/docs/infra/service-command-execution.md similarity index 100% rename from docs/infra/service-command-execution.md rename to templates/base/docs/infra/service-command-execution.md diff --git a/docs/infra/set-up-app-build-repository.md b/templates/base/docs/infra/set-up-app-build-repository.md similarity index 100% rename from docs/infra/set-up-app-build-repository.md rename to templates/base/docs/infra/set-up-app-build-repository.md diff --git a/docs/infra/set-up-app-env.md b/templates/base/docs/infra/set-up-app-env.md similarity index 100% rename from docs/infra/set-up-app-env.md rename to templates/base/docs/infra/set-up-app-env.md diff --git a/docs/infra/set-up-aws-account.md b/templates/base/docs/infra/set-up-aws-account.md similarity index 100% rename from docs/infra/set-up-aws-account.md rename to templates/base/docs/infra/set-up-aws-account.md diff --git a/docs/infra/set-up-custom-domains.md b/templates/base/docs/infra/set-up-custom-domains.md similarity index 100% rename from docs/infra/set-up-custom-domains.md rename to templates/base/docs/infra/set-up-custom-domains.md diff --git a/docs/infra/set-up-database.md b/templates/base/docs/infra/set-up-database.md similarity index 100% rename from docs/infra/set-up-database.md rename to templates/base/docs/infra/set-up-database.md diff --git a/docs/infra/set-up-infrastructure-tools.md b/templates/base/docs/infra/set-up-infrastructure-tools.md similarity index 100% rename from docs/infra/set-up-infrastructure-tools.md rename to templates/base/docs/infra/set-up-infrastructure-tools.md diff --git a/docs/infra/set-up-monitoring-alerts.md b/templates/base/docs/infra/set-up-monitoring-alerts.md similarity index 100% rename from docs/infra/set-up-monitoring-alerts.md rename to templates/base/docs/infra/set-up-monitoring-alerts.md diff --git a/docs/infra/set-up-network.md b/templates/base/docs/infra/set-up-network.md similarity index 100% rename from docs/infra/set-up-network.md rename to templates/base/docs/infra/set-up-network.md diff --git a/docs/infra/set-up-public-internet-access.md b/templates/base/docs/infra/set-up-public-internet-access.md similarity index 100% rename from docs/infra/set-up-public-internet-access.md rename to templates/base/docs/infra/set-up-public-internet-access.md diff --git a/docs/infra/style-guide.md b/templates/base/docs/infra/style-guide.md similarity index 100% rename from docs/infra/style-guide.md rename to templates/base/docs/infra/style-guide.md diff --git a/docs/infra/system-notifications.md b/templates/base/docs/infra/system-notifications.md similarity index 100% rename from docs/infra/system-notifications.md rename to templates/base/docs/infra/system-notifications.md diff --git a/docs/infra/upgrade-database.md b/templates/base/docs/infra/upgrade-database.md similarity index 100% rename from docs/infra/upgrade-database.md rename to templates/base/docs/infra/upgrade-database.md diff --git a/docs/infra/vulnerability-management.md b/templates/base/docs/infra/vulnerability-management.md similarity index 100% rename from docs/infra/vulnerability-management.md rename to templates/base/docs/infra/vulnerability-management.md diff --git a/docs/releases.md b/templates/base/docs/releases.md similarity index 100% rename from docs/releases.md rename to templates/base/docs/releases.md diff --git a/docs/system-architecture.md b/templates/base/docs/system-architecture.md similarity index 100% rename from docs/system-architecture.md rename to templates/base/docs/system-architecture.md diff --git a/e2e/.gitignore b/templates/base/e2e/.gitignore similarity index 100% rename from e2e/.gitignore rename to templates/base/e2e/.gitignore diff --git a/e2e/Dockerfile b/templates/base/e2e/Dockerfile similarity index 100% rename from e2e/Dockerfile rename to templates/base/e2e/Dockerfile diff --git a/e2e/package-lock.json b/templates/base/e2e/package-lock.json similarity index 100% rename from e2e/package-lock.json rename to templates/base/e2e/package-lock.json diff --git a/e2e/package.json b/templates/base/e2e/package.json similarity index 100% rename from e2e/package.json rename to templates/base/e2e/package.json diff --git a/e2e/playwright.config.js b/templates/base/e2e/playwright.config.js similarity index 100% rename from e2e/playwright.config.js rename to templates/base/e2e/playwright.config.js diff --git a/e2e/run-e2e-test b/templates/base/e2e/run-e2e-test similarity index 100% rename from e2e/run-e2e-test rename to templates/base/e2e/run-e2e-test diff --git a/e2e/util.js b/templates/base/e2e/util.js similarity index 100% rename from e2e/util.js rename to templates/base/e2e/util.js diff --git a/infra/.gitignore b/templates/base/infra/.gitignore similarity index 100% rename from infra/.gitignore rename to templates/base/infra/.gitignore diff --git a/infra/README.md b/templates/base/infra/README.md similarity index 100% rename from infra/README.md rename to templates/base/infra/README.md diff --git a/infra/accounts/main.tf b/templates/base/infra/accounts/main.tf similarity index 100% rename from infra/accounts/main.tf rename to templates/base/infra/accounts/main.tf diff --git a/infra/accounts/outputs.tf b/templates/base/infra/accounts/outputs.tf similarity index 100% rename from infra/accounts/outputs.tf rename to templates/base/infra/accounts/outputs.tf diff --git a/infra/example.s3.tfbackend b/templates/base/infra/example.s3.tfbackend similarity index 100% rename from infra/example.s3.tfbackend rename to templates/base/infra/example.s3.tfbackend diff --git a/infra/modules/auth-github-actions/README.md b/templates/base/infra/modules/auth-github-actions/README.md similarity index 100% rename from infra/modules/auth-github-actions/README.md rename to templates/base/infra/modules/auth-github-actions/README.md diff --git a/infra/modules/auth-github-actions/main.tf b/templates/base/infra/modules/auth-github-actions/main.tf similarity index 100% rename from infra/modules/auth-github-actions/main.tf rename to templates/base/infra/modules/auth-github-actions/main.tf diff --git a/infra/modules/auth-github-actions/variables.tf b/templates/base/infra/modules/auth-github-actions/variables.tf similarity index 100% rename from infra/modules/auth-github-actions/variables.tf rename to templates/base/infra/modules/auth-github-actions/variables.tf diff --git a/infra/modules/container-image-repository/main.tf b/templates/base/infra/modules/container-image-repository/main.tf similarity index 100% rename from infra/modules/container-image-repository/main.tf rename to templates/base/infra/modules/container-image-repository/main.tf diff --git a/infra/modules/container-image-repository/outputs.tf b/templates/base/infra/modules/container-image-repository/outputs.tf similarity index 100% rename from infra/modules/container-image-repository/outputs.tf rename to templates/base/infra/modules/container-image-repository/outputs.tf diff --git a/infra/modules/container-image-repository/variables.tf b/templates/base/infra/modules/container-image-repository/variables.tf similarity index 100% rename from infra/modules/container-image-repository/variables.tf rename to templates/base/infra/modules/container-image-repository/variables.tf diff --git a/infra/modules/database/resources/.gitignore b/templates/base/infra/modules/database/.gitignore similarity index 100% rename from infra/modules/database/resources/.gitignore rename to templates/base/infra/modules/database/.gitignore diff --git a/infra/modules/database/data/main.tf b/templates/base/infra/modules/database/data/main.tf similarity index 100% rename from infra/modules/database/data/main.tf rename to templates/base/infra/modules/database/data/main.tf diff --git a/infra/modules/database/data/outputs.tf b/templates/base/infra/modules/database/data/outputs.tf similarity index 100% rename from infra/modules/database/data/outputs.tf rename to templates/base/infra/modules/database/data/outputs.tf diff --git a/infra/modules/database/data/variables.tf b/templates/base/infra/modules/database/data/variables.tf similarity index 100% rename from infra/modules/database/data/variables.tf rename to templates/base/infra/modules/database/data/variables.tf diff --git a/infra/modules/database/interface/outputs.tf b/templates/base/infra/modules/database/interface/outputs.tf similarity index 100% rename from infra/modules/database/interface/outputs.tf rename to templates/base/infra/modules/database/interface/outputs.tf diff --git a/infra/modules/database/interface/variables.tf b/templates/base/infra/modules/database/interface/variables.tf similarity index 100% rename from infra/modules/database/interface/variables.tf rename to templates/base/infra/modules/database/interface/variables.tf diff --git a/templates/base/infra/modules/database/resources/.gitignore b/templates/base/infra/modules/database/resources/.gitignore new file mode 100644 index 000000000..e5dd1565a --- /dev/null +++ b/templates/base/infra/modules/database/resources/.gitignore @@ -0,0 +1,2 @@ +__pycache__ +vendor/ diff --git a/infra/modules/database/resources/authentication.tf b/templates/base/infra/modules/database/resources/authentication.tf similarity index 100% rename from infra/modules/database/resources/authentication.tf rename to templates/base/infra/modules/database/resources/authentication.tf diff --git a/infra/modules/database/resources/backups.tf b/templates/base/infra/modules/database/resources/backups.tf similarity index 100% rename from infra/modules/database/resources/backups.tf rename to templates/base/infra/modules/database/resources/backups.tf diff --git a/infra/modules/database/resources/main.tf b/templates/base/infra/modules/database/resources/main.tf similarity index 100% rename from infra/modules/database/resources/main.tf rename to templates/base/infra/modules/database/resources/main.tf diff --git a/infra/modules/database/resources/monitoring.tf b/templates/base/infra/modules/database/resources/monitoring.tf similarity index 100% rename from infra/modules/database/resources/monitoring.tf rename to templates/base/infra/modules/database/resources/monitoring.tf diff --git a/infra/modules/database/resources/networking.tf b/templates/base/infra/modules/database/resources/networking.tf similarity index 100% rename from infra/modules/database/resources/networking.tf rename to templates/base/infra/modules/database/resources/networking.tf diff --git a/infra/modules/database/resources/outputs.tf b/templates/base/infra/modules/database/resources/outputs.tf similarity index 100% rename from infra/modules/database/resources/outputs.tf rename to templates/base/infra/modules/database/resources/outputs.tf diff --git a/infra/modules/database/resources/role_manager.tf b/templates/base/infra/modules/database/resources/role_manager.tf similarity index 100% rename from infra/modules/database/resources/role_manager.tf rename to templates/base/infra/modules/database/resources/role_manager.tf diff --git a/infra/modules/database/resources/role_manager/check.py b/templates/base/infra/modules/database/resources/role_manager/check.py similarity index 100% rename from infra/modules/database/resources/role_manager/check.py rename to templates/base/infra/modules/database/resources/role_manager/check.py diff --git a/infra/modules/database/resources/role_manager/db.py b/templates/base/infra/modules/database/resources/role_manager/db.py similarity index 100% rename from infra/modules/database/resources/role_manager/db.py rename to templates/base/infra/modules/database/resources/role_manager/db.py diff --git a/infra/modules/database/resources/role_manager/manage.py b/templates/base/infra/modules/database/resources/role_manager/manage.py similarity index 100% rename from infra/modules/database/resources/role_manager/manage.py rename to templates/base/infra/modules/database/resources/role_manager/manage.py diff --git a/infra/modules/database/resources/role_manager/requirements.txt b/templates/base/infra/modules/database/resources/role_manager/requirements.txt similarity index 100% rename from infra/modules/database/resources/role_manager/requirements.txt rename to templates/base/infra/modules/database/resources/role_manager/requirements.txt diff --git a/infra/modules/database/resources/role_manager/role_manager.py b/templates/base/infra/modules/database/resources/role_manager/role_manager.py similarity index 100% rename from infra/modules/database/resources/role_manager/role_manager.py rename to templates/base/infra/modules/database/resources/role_manager/role_manager.py diff --git a/infra/modules/database/resources/variables.tf b/templates/base/infra/modules/database/resources/variables.tf similarity index 100% rename from infra/modules/database/resources/variables.tf rename to templates/base/infra/modules/database/resources/variables.tf diff --git a/infra/modules/database/resources/role_manager.zip b/templates/base/infra/modules/database/role_manager.zip similarity index 100% rename from infra/modules/database/resources/role_manager.zip rename to templates/base/infra/modules/database/role_manager.zip diff --git a/infra/modules/domain/data/main.tf b/templates/base/infra/modules/domain/data/main.tf similarity index 100% rename from infra/modules/domain/data/main.tf rename to templates/base/infra/modules/domain/data/main.tf diff --git a/infra/modules/domain/data/outputs.tf b/templates/base/infra/modules/domain/data/outputs.tf similarity index 100% rename from infra/modules/domain/data/outputs.tf rename to templates/base/infra/modules/domain/data/outputs.tf diff --git a/infra/modules/domain/data/variables.tf b/templates/base/infra/modules/domain/data/variables.tf similarity index 100% rename from infra/modules/domain/data/variables.tf rename to templates/base/infra/modules/domain/data/variables.tf diff --git a/infra/modules/domain/resources/certificates.tf b/templates/base/infra/modules/domain/resources/certificates.tf similarity index 100% rename from infra/modules/domain/resources/certificates.tf rename to templates/base/infra/modules/domain/resources/certificates.tf diff --git a/infra/modules/domain/resources/main.tf b/templates/base/infra/modules/domain/resources/main.tf similarity index 100% rename from infra/modules/domain/resources/main.tf rename to templates/base/infra/modules/domain/resources/main.tf diff --git a/infra/modules/domain/resources/outputs.tf b/templates/base/infra/modules/domain/resources/outputs.tf similarity index 100% rename from infra/modules/domain/resources/outputs.tf rename to templates/base/infra/modules/domain/resources/outputs.tf diff --git a/infra/modules/domain/resources/query_logs.tf b/templates/base/infra/modules/domain/resources/query_logs.tf similarity index 100% rename from infra/modules/domain/resources/query_logs.tf rename to templates/base/infra/modules/domain/resources/query_logs.tf diff --git a/infra/modules/domain/resources/variables.tf b/templates/base/infra/modules/domain/resources/variables.tf similarity index 100% rename from infra/modules/domain/resources/variables.tf rename to templates/base/infra/modules/domain/resources/variables.tf diff --git a/infra/modules/identity-provider-client/resources/access_control.tf b/templates/base/infra/modules/identity-provider-client/resources/access_control.tf similarity index 100% rename from infra/modules/identity-provider-client/resources/access_control.tf rename to templates/base/infra/modules/identity-provider-client/resources/access_control.tf diff --git a/infra/modules/identity-provider-client/resources/main.tf b/templates/base/infra/modules/identity-provider-client/resources/main.tf similarity index 100% rename from infra/modules/identity-provider-client/resources/main.tf rename to templates/base/infra/modules/identity-provider-client/resources/main.tf diff --git a/infra/modules/identity-provider-client/resources/outputs.tf b/templates/base/infra/modules/identity-provider-client/resources/outputs.tf similarity index 100% rename from infra/modules/identity-provider-client/resources/outputs.tf rename to templates/base/infra/modules/identity-provider-client/resources/outputs.tf diff --git a/infra/modules/identity-provider-client/resources/variables.tf b/templates/base/infra/modules/identity-provider-client/resources/variables.tf similarity index 100% rename from infra/modules/identity-provider-client/resources/variables.tf rename to templates/base/infra/modules/identity-provider-client/resources/variables.tf diff --git a/infra/modules/identity-provider/data/main.tf b/templates/base/infra/modules/identity-provider/data/main.tf similarity index 100% rename from infra/modules/identity-provider/data/main.tf rename to templates/base/infra/modules/identity-provider/data/main.tf diff --git a/infra/modules/identity-provider/data/outputs.tf b/templates/base/infra/modules/identity-provider/data/outputs.tf similarity index 100% rename from infra/modules/identity-provider/data/outputs.tf rename to templates/base/infra/modules/identity-provider/data/outputs.tf diff --git a/infra/modules/identity-provider/data/variables.tf b/templates/base/infra/modules/identity-provider/data/variables.tf similarity index 100% rename from infra/modules/identity-provider/data/variables.tf rename to templates/base/infra/modules/identity-provider/data/variables.tf diff --git a/infra/modules/identity-provider/resources/main.tf b/templates/base/infra/modules/identity-provider/resources/main.tf similarity index 100% rename from infra/modules/identity-provider/resources/main.tf rename to templates/base/infra/modules/identity-provider/resources/main.tf diff --git a/infra/modules/identity-provider/resources/outputs.tf b/templates/base/infra/modules/identity-provider/resources/outputs.tf similarity index 100% rename from infra/modules/identity-provider/resources/outputs.tf rename to templates/base/infra/modules/identity-provider/resources/outputs.tf diff --git a/infra/modules/identity-provider/resources/variables.tf b/templates/base/infra/modules/identity-provider/resources/variables.tf similarity index 100% rename from infra/modules/identity-provider/resources/variables.tf rename to templates/base/infra/modules/identity-provider/resources/variables.tf diff --git a/infra/modules/monitoring/main.tf b/templates/base/infra/modules/monitoring/main.tf similarity index 100% rename from infra/modules/monitoring/main.tf rename to templates/base/infra/modules/monitoring/main.tf diff --git a/infra/modules/monitoring/outputs.tf b/templates/base/infra/modules/monitoring/outputs.tf similarity index 100% rename from infra/modules/monitoring/outputs.tf rename to templates/base/infra/modules/monitoring/outputs.tf diff --git a/infra/modules/monitoring/variables.tf b/templates/base/infra/modules/monitoring/variables.tf similarity index 100% rename from infra/modules/monitoring/variables.tf rename to templates/base/infra/modules/monitoring/variables.tf diff --git a/infra/modules/network/data/main.tf b/templates/base/infra/modules/network/data/main.tf similarity index 100% rename from infra/modules/network/data/main.tf rename to templates/base/infra/modules/network/data/main.tf diff --git a/infra/modules/network/data/outputs.tf b/templates/base/infra/modules/network/data/outputs.tf similarity index 100% rename from infra/modules/network/data/outputs.tf rename to templates/base/infra/modules/network/data/outputs.tf diff --git a/infra/modules/network/data/variables.tf b/templates/base/infra/modules/network/data/variables.tf similarity index 100% rename from infra/modules/network/data/variables.tf rename to templates/base/infra/modules/network/data/variables.tf diff --git a/infra/modules/network/interface/outputs.tf b/templates/base/infra/modules/network/interface/outputs.tf similarity index 100% rename from infra/modules/network/interface/outputs.tf rename to templates/base/infra/modules/network/interface/outputs.tf diff --git a/infra/modules/network/interface/variables.tf b/templates/base/infra/modules/network/interface/variables.tf similarity index 100% rename from infra/modules/network/interface/variables.tf rename to templates/base/infra/modules/network/interface/variables.tf diff --git a/infra/modules/network/resources/main.tf b/templates/base/infra/modules/network/resources/main.tf similarity index 100% rename from infra/modules/network/resources/main.tf rename to templates/base/infra/modules/network/resources/main.tf diff --git a/infra/modules/network/resources/variables.tf b/templates/base/infra/modules/network/resources/variables.tf similarity index 100% rename from infra/modules/network/resources/variables.tf rename to templates/base/infra/modules/network/resources/variables.tf diff --git a/infra/modules/network/resources/vpc_endpoints.tf b/templates/base/infra/modules/network/resources/vpc_endpoints.tf similarity index 100% rename from infra/modules/network/resources/vpc_endpoints.tf rename to templates/base/infra/modules/network/resources/vpc_endpoints.tf diff --git a/infra/modules/notifications-email-domain/data/main.tf b/templates/base/infra/modules/notifications-email-domain/data/main.tf similarity index 100% rename from infra/modules/notifications-email-domain/data/main.tf rename to templates/base/infra/modules/notifications-email-domain/data/main.tf diff --git a/infra/modules/notifications-email-domain/data/outputs.tf b/templates/base/infra/modules/notifications-email-domain/data/outputs.tf similarity index 100% rename from infra/modules/notifications-email-domain/data/outputs.tf rename to templates/base/infra/modules/notifications-email-domain/data/outputs.tf diff --git a/infra/modules/notifications-email-domain/data/variables.tf b/templates/base/infra/modules/notifications-email-domain/data/variables.tf similarity index 100% rename from infra/modules/notifications-email-domain/data/variables.tf rename to templates/base/infra/modules/notifications-email-domain/data/variables.tf diff --git a/infra/modules/notifications-email-domain/resources/access_control.tf b/templates/base/infra/modules/notifications-email-domain/resources/access_control.tf similarity index 100% rename from infra/modules/notifications-email-domain/resources/access_control.tf rename to templates/base/infra/modules/notifications-email-domain/resources/access_control.tf diff --git a/infra/modules/notifications-email-domain/resources/dns.tf b/templates/base/infra/modules/notifications-email-domain/resources/dns.tf similarity index 100% rename from infra/modules/notifications-email-domain/resources/dns.tf rename to templates/base/infra/modules/notifications-email-domain/resources/dns.tf diff --git a/infra/modules/notifications-email-domain/resources/logs.tf b/templates/base/infra/modules/notifications-email-domain/resources/logs.tf similarity index 100% rename from infra/modules/notifications-email-domain/resources/logs.tf rename to templates/base/infra/modules/notifications-email-domain/resources/logs.tf diff --git a/infra/modules/notifications-email-domain/resources/main.tf b/templates/base/infra/modules/notifications-email-domain/resources/main.tf similarity index 100% rename from infra/modules/notifications-email-domain/resources/main.tf rename to templates/base/infra/modules/notifications-email-domain/resources/main.tf diff --git a/infra/modules/notifications-email-domain/resources/outputs.tf b/templates/base/infra/modules/notifications-email-domain/resources/outputs.tf similarity index 100% rename from infra/modules/notifications-email-domain/resources/outputs.tf rename to templates/base/infra/modules/notifications-email-domain/resources/outputs.tf diff --git a/infra/modules/notifications-email-domain/resources/variables.tf b/templates/base/infra/modules/notifications-email-domain/resources/variables.tf similarity index 100% rename from infra/modules/notifications-email-domain/resources/variables.tf rename to templates/base/infra/modules/notifications-email-domain/resources/variables.tf diff --git a/infra/modules/notifications/resources/access_control.tf b/templates/base/infra/modules/notifications/resources/access_control.tf similarity index 100% rename from infra/modules/notifications/resources/access_control.tf rename to templates/base/infra/modules/notifications/resources/access_control.tf diff --git a/infra/modules/notifications/resources/email.tf b/templates/base/infra/modules/notifications/resources/email.tf similarity index 100% rename from infra/modules/notifications/resources/email.tf rename to templates/base/infra/modules/notifications/resources/email.tf diff --git a/infra/modules/notifications/resources/main.tf b/templates/base/infra/modules/notifications/resources/main.tf similarity index 100% rename from infra/modules/notifications/resources/main.tf rename to templates/base/infra/modules/notifications/resources/main.tf diff --git a/infra/modules/notifications/resources/outputs.tf b/templates/base/infra/modules/notifications/resources/outputs.tf similarity index 100% rename from infra/modules/notifications/resources/outputs.tf rename to templates/base/infra/modules/notifications/resources/outputs.tf diff --git a/infra/modules/notifications/resources/variables.tf b/templates/base/infra/modules/notifications/resources/variables.tf similarity index 100% rename from infra/modules/notifications/resources/variables.tf rename to templates/base/infra/modules/notifications/resources/variables.tf diff --git a/infra/modules/secret/main.tf b/templates/base/infra/modules/secret/main.tf similarity index 100% rename from infra/modules/secret/main.tf rename to templates/base/infra/modules/secret/main.tf diff --git a/infra/modules/secret/outputs.tf b/templates/base/infra/modules/secret/outputs.tf similarity index 100% rename from infra/modules/secret/outputs.tf rename to templates/base/infra/modules/secret/outputs.tf diff --git a/infra/modules/secret/variables.tf b/templates/base/infra/modules/secret/variables.tf similarity index 100% rename from infra/modules/secret/variables.tf rename to templates/base/infra/modules/secret/variables.tf diff --git a/infra/modules/service/access_control.tf b/templates/base/infra/modules/service/access_control.tf similarity index 100% rename from infra/modules/service/access_control.tf rename to templates/base/infra/modules/service/access_control.tf diff --git a/infra/modules/service/access_logs.tf b/templates/base/infra/modules/service/access_logs.tf similarity index 100% rename from infra/modules/service/access_logs.tf rename to templates/base/infra/modules/service/access_logs.tf diff --git a/infra/modules/service/application_logs.tf b/templates/base/infra/modules/service/application_logs.tf similarity index 100% rename from infra/modules/service/application_logs.tf rename to templates/base/infra/modules/service/application_logs.tf diff --git a/infra/modules/service/command_execution.tf b/templates/base/infra/modules/service/command_execution.tf similarity index 100% rename from infra/modules/service/command_execution.tf rename to templates/base/infra/modules/service/command_execution.tf diff --git a/infra/modules/service/database_access.tf b/templates/base/infra/modules/service/database_access.tf similarity index 100% rename from infra/modules/service/database_access.tf rename to templates/base/infra/modules/service/database_access.tf diff --git a/infra/modules/service/dns.tf b/templates/base/infra/modules/service/dns.tf similarity index 100% rename from infra/modules/service/dns.tf rename to templates/base/infra/modules/service/dns.tf diff --git a/infra/modules/service/events_jobs.tf b/templates/base/infra/modules/service/events_jobs.tf similarity index 100% rename from infra/modules/service/events_jobs.tf rename to templates/base/infra/modules/service/events_jobs.tf diff --git a/infra/modules/service/events_role.tf b/templates/base/infra/modules/service/events_role.tf similarity index 100% rename from infra/modules/service/events_role.tf rename to templates/base/infra/modules/service/events_role.tf diff --git a/infra/modules/service/load_balancer.tf b/templates/base/infra/modules/service/load_balancer.tf similarity index 100% rename from infra/modules/service/load_balancer.tf rename to templates/base/infra/modules/service/load_balancer.tf diff --git a/infra/modules/service/main.tf b/templates/base/infra/modules/service/main.tf similarity index 100% rename from infra/modules/service/main.tf rename to templates/base/infra/modules/service/main.tf diff --git a/infra/modules/service/networking.tf b/templates/base/infra/modules/service/networking.tf similarity index 100% rename from infra/modules/service/networking.tf rename to templates/base/infra/modules/service/networking.tf diff --git a/infra/modules/service/outputs.tf b/templates/base/infra/modules/service/outputs.tf similarity index 100% rename from infra/modules/service/outputs.tf rename to templates/base/infra/modules/service/outputs.tf diff --git a/infra/modules/service/scheduled_jobs.tf b/templates/base/infra/modules/service/scheduled_jobs.tf similarity index 100% rename from infra/modules/service/scheduled_jobs.tf rename to templates/base/infra/modules/service/scheduled_jobs.tf diff --git a/infra/modules/service/scheduler_role.tf b/templates/base/infra/modules/service/scheduler_role.tf similarity index 100% rename from infra/modules/service/scheduler_role.tf rename to templates/base/infra/modules/service/scheduler_role.tf diff --git a/infra/modules/service/variables.tf b/templates/base/infra/modules/service/variables.tf similarity index 100% rename from infra/modules/service/variables.tf rename to templates/base/infra/modules/service/variables.tf diff --git a/infra/modules/service/workflow_orchestrator_role.tf b/templates/base/infra/modules/service/workflow_orchestrator_role.tf similarity index 100% rename from infra/modules/service/workflow_orchestrator_role.tf rename to templates/base/infra/modules/service/workflow_orchestrator_role.tf diff --git a/infra/modules/storage/access_control.tf b/templates/base/infra/modules/storage/access_control.tf similarity index 100% rename from infra/modules/storage/access_control.tf rename to templates/base/infra/modules/storage/access_control.tf diff --git a/infra/modules/storage/encryption.tf b/templates/base/infra/modules/storage/encryption.tf similarity index 100% rename from infra/modules/storage/encryption.tf rename to templates/base/infra/modules/storage/encryption.tf diff --git a/infra/modules/storage/events.tf b/templates/base/infra/modules/storage/events.tf similarity index 100% rename from infra/modules/storage/events.tf rename to templates/base/infra/modules/storage/events.tf diff --git a/infra/modules/storage/lifecycle.tf b/templates/base/infra/modules/storage/lifecycle.tf similarity index 100% rename from infra/modules/storage/lifecycle.tf rename to templates/base/infra/modules/storage/lifecycle.tf diff --git a/infra/modules/storage/main.tf b/templates/base/infra/modules/storage/main.tf similarity index 100% rename from infra/modules/storage/main.tf rename to templates/base/infra/modules/storage/main.tf diff --git a/infra/modules/storage/outputs.tf b/templates/base/infra/modules/storage/outputs.tf similarity index 100% rename from infra/modules/storage/outputs.tf rename to templates/base/infra/modules/storage/outputs.tf diff --git a/infra/modules/storage/variables.tf b/templates/base/infra/modules/storage/variables.tf similarity index 100% rename from infra/modules/storage/variables.tf rename to templates/base/infra/modules/storage/variables.tf diff --git a/infra/modules/terraform-backend-s3/README.md b/templates/base/infra/modules/terraform-backend-s3/README.md similarity index 100% rename from infra/modules/terraform-backend-s3/README.md rename to templates/base/infra/modules/terraform-backend-s3/README.md diff --git a/infra/modules/terraform-backend-s3/main.tf b/templates/base/infra/modules/terraform-backend-s3/main.tf similarity index 100% rename from infra/modules/terraform-backend-s3/main.tf rename to templates/base/infra/modules/terraform-backend-s3/main.tf diff --git a/infra/modules/terraform-backend-s3/outputs.tf b/templates/base/infra/modules/terraform-backend-s3/outputs.tf similarity index 100% rename from infra/modules/terraform-backend-s3/outputs.tf rename to templates/base/infra/modules/terraform-backend-s3/outputs.tf diff --git a/infra/modules/terraform-backend-s3/variables.tf b/templates/base/infra/modules/terraform-backend-s3/variables.tf similarity index 100% rename from infra/modules/terraform-backend-s3/variables.tf rename to templates/base/infra/modules/terraform-backend-s3/variables.tf diff --git a/infra/networks/main.tf.jinja b/templates/base/infra/networks/main.tf.jinja similarity index 100% rename from infra/networks/main.tf.jinja rename to templates/base/infra/networks/main.tf.jinja diff --git a/infra/networks/outputs.tf b/templates/base/infra/networks/outputs.tf similarity index 100% rename from infra/networks/outputs.tf rename to templates/base/infra/networks/outputs.tf diff --git a/infra/networks/variables.tf b/templates/base/infra/networks/variables.tf similarity index 100% rename from infra/networks/variables.tf rename to templates/base/infra/networks/variables.tf diff --git a/infra/project-config/README.md b/templates/base/infra/project-config/README.md similarity index 100% rename from infra/project-config/README.md rename to templates/base/infra/project-config/README.md diff --git a/infra/project-config/aws_services.tf b/templates/base/infra/project-config/aws_services.tf similarity index 100% rename from infra/project-config/aws_services.tf rename to templates/base/infra/project-config/aws_services.tf diff --git a/infra/project-config/main.tf.jinja b/templates/base/infra/project-config/main.tf.jinja similarity index 100% rename from infra/project-config/main.tf.jinja rename to templates/base/infra/project-config/main.tf.jinja diff --git a/infra/project-config/networks.tf b/templates/base/infra/project-config/networks.tf similarity index 100% rename from infra/project-config/networks.tf rename to templates/base/infra/project-config/networks.tf diff --git a/infra/project-config/outputs.tf b/templates/base/infra/project-config/outputs.tf similarity index 100% rename from infra/project-config/outputs.tf rename to templates/base/infra/project-config/outputs.tf diff --git a/infra/project-config/system_notifications.tf b/templates/base/infra/project-config/system_notifications.tf similarity index 100% rename from infra/project-config/system_notifications.tf rename to templates/base/infra/project-config/system_notifications.tf diff --git a/infra/test/go.mod b/templates/base/infra/test/go.mod similarity index 100% rename from infra/test/go.mod rename to templates/base/infra/test/go.mod diff --git a/infra/test/go.sum b/templates/base/infra/test/go.sum similarity index 100% rename from infra/test/go.sum rename to templates/base/infra/test/go.sum diff --git a/infra/test/helpers.go b/templates/base/infra/test/helpers.go similarity index 100% rename from infra/test/helpers.go rename to templates/base/infra/test/helpers.go diff --git a/infra/test/infra_test.go b/templates/base/infra/test/infra_test.go similarity index 100% rename from infra/test/infra_test.go rename to templates/base/infra/test/infra_test.go From b2c55c3d45d705a19d6902cb7cc79632a073e013 Mon Sep 17 00:00:00 2001 From: Tanner Doshier Date: Fri, 3 Jan 2025 09:48:37 -0500 Subject: [PATCH 2/6] WIP doc updates --- template-only-docs/set-up-pr-environments.md | 2 +- templates/app/.github/workflows/cd-{{app_name}}.yml.jinja | 2 +- .../.github/workflows/ci-{{app_name}}-infra-service.yml.jinja | 2 +- .../workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja | 2 +- .../workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/template-only-docs/set-up-pr-environments.md b/template-only-docs/set-up-pr-environments.md index f9c78a94b..283cc2075 100644 --- a/template-only-docs/set-up-pr-environments.md +++ b/template-only-docs/set-up-pr-environments.md @@ -3,6 +3,6 @@ [Pull request environments](/docs/infra/pull-request-environments.md) are temporary environments that exist during a pull request. Enable them after [setting up the app environment](/docs/infra/set-up-app-env.md): - In [ci-{{app_name}}-pr-environment-checks.yml](/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja) and [ci-{{app_name}}-pr-environment-destroy.yml](/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja), search for `!!`. -- Uncomment the PR environment triggers for spot testing. Run `nava-platform infra update --answers-only --data app_has_dev_env_setup=true .` to consistently enable things. +- Uncomment the PR environment triggers for spot testing. Run `nava-platform infra update-app --answers-only --data app_has_dev_env_setup=true . ` to consistently enable things. You can verify that PR environments are working by opening a new PR and waiting for the "PR Environment Update" job to finish. diff --git a/templates/app/.github/workflows/cd-{{app_name}}.yml.jinja b/templates/app/.github/workflows/cd-{{app_name}}.yml.jinja index 64001cbcb..a38e887f0 100644 --- a/templates/app/.github/workflows/cd-{{app_name}}.yml.jinja +++ b/templates/app/.github/workflows/cd-{{app_name}}.yml.jinja @@ -16,7 +16,7 @@ on: # !! Once you've set up the dev environment and are ready to enable continuous # deployment, run: # - # nava-platform infra update --answers-only --data app_has_dev_env_setup=true . + # nava-platform infra update-app --answers-only --data app_has_dev_env_setup=true . {{app_name}} # # to enable these lines. They are here as comments for context. # diff --git a/templates/app/.github/workflows/ci-{{app_name}}-infra-service.yml.jinja b/templates/app/.github/workflows/ci-{{app_name}}-infra-service.yml.jinja index d06f3e6b9..350a41230 100644 --- a/templates/app/.github/workflows/ci-{{app_name}}-infra-service.yml.jinja +++ b/templates/app/.github/workflows/ci-{{app_name}}-infra-service.yml.jinja @@ -20,7 +20,7 @@ on: # !! Once you've set up the dev environment and are ready to enable automated # infra tests, run: # - # nava-platform infra update --answers-only --data app_has_dev_env_setup=true . + # nava-platform infra update-app --answers-only --data app_has_dev_env_setup=true . {{app_name}} # # to enable these lines. They are here as comments for context. # diff --git a/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja b/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja index 899ff1958..f0ae79b34 100644 --- a/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja +++ b/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja @@ -14,7 +14,7 @@ on: # !! Once you've set up the dev environment and are ready to enable PR # environments, run: # - # nava-platform infra update --answers-only --data app_has_dev_env_setup=true . + # nava-platform infra update-app --answers-only --data app_has_dev_env_setup=true . {{app_name}} # # to enable these lines. They are here as comments for context. # diff --git a/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja b/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja index 137c93e1d..865021699 100644 --- a/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja +++ b/templates/app/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja @@ -12,7 +12,7 @@ on: # !! Once you've set up the dev environment and are ready to enable PR # environments, run: # - # nava-platform infra update --answers-only --data app_has_dev_env_setup=true . + # nava-platform infra update-app --answers-only --data app_has_dev_env_setup=true . {{app_name}} # # to enable these lines. They are here as comments for context. # From 24f3376d3f30c32f57a05735fec78e700be89e81 Mon Sep 17 00:00:00 2001 From: Tanner Doshier Date: Fri, 3 Jan 2025 11:27:57 -0500 Subject: [PATCH 3/6] Update .github/workflows/ci-infra.yml to use actions/setup-terraform --- templates/base/.github/workflows/ci-infra.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/templates/base/.github/workflows/ci-infra.yml b/templates/base/.github/workflows/ci-infra.yml index 78a82f9cd..24b9b5cf2 100644 --- a/templates/base/.github/workflows/ci-infra.yml +++ b/templates/base/.github/workflows/ci-infra.yml @@ -41,10 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.8.3 - terraform_wrapper: false + - uses: ./.github/actions/setup-terraform - name: Run infra-lint-terraform run: | echo "If this fails, run 'make infra-format'" @@ -54,10 +51,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.8.3 - terraform_wrapper: false + - uses: ./.github/actions/setup-terraform - name: Validate run: make infra-validate-modules check-compliance-with-checkov: From ab1574912c35b33fb57f02c224fcc53a6993721d Mon Sep 17 00:00:00 2001 From: Tanner Doshier Date: Fri, 3 Jan 2025 11:30:16 -0500 Subject: [PATCH 4/6] Restore ci-infra.yml and ci-docs.yml for template repo? --- .github/workflows/ci-docs.yml | 19 ++++++++ .github/workflows/ci-infra.yml | 89 ++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 .github/workflows/ci-docs.yml create mode 100644 .github/workflows/ci-infra.yml diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml new file mode 100644 index 000000000..0a28f1d7e --- /dev/null +++ b/.github/workflows/ci-docs.yml @@ -0,0 +1,19 @@ +name: CI Documentation Checks + +on: + push: + branches: + - main + pull_request: + +jobs: + lint-markdown: + name: Lint markdown + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + # This is the GitHub Actions-friendly port of the linter used in the Makefile. + - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 + with: + use-quiet-mode: "yes" # errors only. + config-file: ".github/workflows/markdownlint-config.json" diff --git a/.github/workflows/ci-infra.yml b/.github/workflows/ci-infra.yml new file mode 100644 index 000000000..24b9b5cf2 --- /dev/null +++ b/.github/workflows/ci-infra.yml @@ -0,0 +1,89 @@ +name: CI Infra Checks + +on: + push: + branches: + - main + paths: + - bin/** + - infra/** + - .github/workflows/** + pull_request: + paths: + - bin/** + - infra/** + - .github/workflows/** + +jobs: + lint-github-actions: + # Lint github actions files using https://github.com/rhysd/actionlint + # This job configuration is largely copied from https://github.com/rhysd/actionlint/blob/main/docs/usage.md#use-actionlint-on-github-actions + name: Lint GitHub Actions workflows + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Download actionlint + id: get_actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + shell: bash + - name: Check workflow files + run: ${{ steps.get_actionlint.outputs.executable }} -color + shell: bash + lint-scripts: + name: Lint scripts + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Shellcheck + run: make infra-lint-scripts + check-terraform-format: + name: Check Terraform format + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/setup-terraform + - name: Run infra-lint-terraform + run: | + echo "If this fails, run 'make infra-format'" + make infra-lint-terraform + validate-terraform: + name: Validate Terraform modules + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/setup-terraform + - name: Validate + run: make infra-validate-modules + check-compliance-with-checkov: + name: Check compliance with checkov + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: "3.10" + - name: Run Checkov check + # Pin to specific checkov version rather than running from checkov@master + # since checkov frequently adds new checks that can cause CI checks to fail unpredictably. + # There is currently no way to specify the checkov version to pin to (See https://github.com/bridgecrewio/checkov-action/issues/41) + # so we need to pin the version of the checkov-action, which indirectly pins the checkov version. + # In this case, checkov-action v12.2296.0 is mapped to checkov v2.3.194. + uses: bridgecrewio/checkov-action@v12.2296.0 + with: + directory: infra + framework: terraform + quiet: true # only displays failed checks + check-compliance-with-tfsec: + name: Check compliance with tfsec + runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: write + + steps: + - uses: actions/checkout@v4 + - name: Run tfsec check + uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0 + with: + github_token: ${{ github.token }} From 56fff7b7df4fc0a95acd717cbae96d07ab1f7fb3 Mon Sep 17 00:00:00 2001 From: Tanner Doshier Date: Fri, 3 Jan 2025 11:47:35 -0500 Subject: [PATCH 5/6] CI tweaks --- .github/actions/setup-terraform/action.yml | 2 +- .github/workflows/ci-docs.yml | 2 +- .github/workflows/ci-infra.yml | 19 +++++++++++-------- template-only.mak | 18 ++++++++++++++++++ 4 files changed, 31 insertions(+), 10 deletions(-) diff --git a/.github/actions/setup-terraform/action.yml b/.github/actions/setup-terraform/action.yml index 80d17aef7..42b1a37ce 100644 --- a/.github/actions/setup-terraform/action.yml +++ b/.github/actions/setup-terraform/action.yml @@ -3,7 +3,7 @@ description: "Set up Terraform with the version stored in the .terraform-version inputs: version-file: description: "File containing the terraform version to use." - default: ".terraform-version" + default: "./templates/base/.terraform-version" runs: using: "composite" steps: diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml index 0a28f1d7e..e7cd6ca35 100644 --- a/.github/workflows/ci-docs.yml +++ b/.github/workflows/ci-docs.yml @@ -16,4 +16,4 @@ jobs: - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 with: use-quiet-mode: "yes" # errors only. - config-file: ".github/workflows/markdownlint-config.json" + config-file: "templates/base/.github/workflows/markdownlint-config.json" diff --git a/.github/workflows/ci-infra.yml b/.github/workflows/ci-infra.yml index 24b9b5cf2..213e15d96 100644 --- a/.github/workflows/ci-infra.yml +++ b/.github/workflows/ci-infra.yml @@ -5,14 +5,16 @@ on: branches: - main paths: - - bin/** - - infra/** - .github/workflows/** + - templates/*/.github/workflows/** + - templates/*/bin/** + - templates/*/infra/** pull_request: paths: - - bin/** - - infra/** - .github/workflows/** + - templates/*/.github/workflows/** + - templates/*/bin/** + - templates/*/infra/** jobs: lint-github-actions: @@ -35,7 +37,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Shellcheck - run: make infra-lint-scripts + run: make -f template-only.mak infra-lint-scripts check-terraform-format: name: Check Terraform format runs-on: ubuntu-latest @@ -45,7 +47,7 @@ jobs: - name: Run infra-lint-terraform run: | echo "If this fails, run 'make infra-format'" - make infra-lint-terraform + make -f template-only.mak infra-lint-terraform validate-terraform: name: Validate Terraform modules runs-on: ubuntu-latest @@ -53,7 +55,7 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/actions/setup-terraform - name: Validate - run: make infra-validate-modules + run: make -f template-only.mak infra-validate-modules check-compliance-with-checkov: name: Check compliance with checkov runs-on: ubuntu-latest @@ -70,7 +72,8 @@ jobs: # In this case, checkov-action v12.2296.0 is mapped to checkov v2.3.194. uses: bridgecrewio/checkov-action@v12.2296.0 with: - directory: infra + # TODO: need to run different steps for templates/*/infra? + # directory: infra framework: terraform quiet: true # only displays failed checks check-compliance-with-tfsec: diff --git a/template-only.mak b/template-only.mak index 2ca519289..bc9687455 100644 --- a/template-only.mak +++ b/template-only.mak @@ -3,12 +3,30 @@ PROJECT_NAME ?= platform-template-infra +MODULES := $(notdir $(wildcard templates/base/infra/modules/*)) + .PHONY : \ clean \ test \ setup-app-backends \ destroy-account +infra-lint-scripts: ## Lint shell scripts + shellcheck templates/*/bin/** + +infra-lint-terraform: ## Lint Terraform code + terraform fmt -recursive -check templates/*/infra + +# The prerequisite for this rule is obtained by +# prefixing each module with the string "infra-validate-module-" +infra-validate-modules: ## Run terraform validate on reusable child modules +infra-validate-modules: $(patsubst %, infra-validate-module-%, $(MODULES)) + +infra-validate-module-%: + @echo "Validate library module: $*" + terraform -chdir=templates/base/infra/modules/$* init -backend=false + terraform -chdir=templates/base/infra/modules/$* validate + lint-template-scripts: ## Lint template only scripts shellcheck template-only-bin/** From ea7b94314950b6bfa2e7af434e5dbe73791e6bfa Mon Sep 17 00:00:00 2001 From: Tanner Doshier Date: Mon, 6 Jan 2025 15:13:56 -0500 Subject: [PATCH 6/6] Same casing for FROM and AS in tempalte-only-app/Dockerfile --- template-only-app/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template-only-app/Dockerfile b/template-only-app/Dockerfile index 5afd9d813..bbe87bd35 100644 --- a/template-only-app/Dockerfile +++ b/template-only-app/Dockerfile @@ -1,5 +1,5 @@ # Run `make update-docker-digest` to update the image -FROM python:3-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59 as release +FROM python:3-alpine@sha256:657dbdb20479a6523b46c06114c8fec7db448232f956a429d3cc0606d30c1b59 AS release RUN adduser --system --disabled-password --no-create-home app