From c228015bdd738e25bae001b55b4400d97fac3d53 Mon Sep 17 00:00:00 2001 From: Kolbeinn Date: Fri, 7 Jul 2023 09:35:15 +0000 Subject: [PATCH] chore: apply Terraform module scaffolding (#1) Signed-off-by: Salim Afiune Maya Signed-off-by: Scott Ford Signed-off-by: Ross Co-authored-by: matthew zeier Co-authored-by: Salim Afiune Co-authored-by: Scott Ford Co-authored-by: Ross Co-authored-by: Darren <75614232+dmurray-lacework@users.noreply.github.com> Co-authored-by: Sourcegraph --- .github/ISSUE_TEMPLATE/bug_report.md | 28 ++ .github/ISSUE_TEMPLATE/feature_request.md | 20 ++ .github/pull-request-template.md | 26 ++ .gitignore | 46 ++++ CHANGELOG.md | 0 CONTRIBUTING.md | 40 +++ DEVELOPER_GUIDELINES.md | 162 +++++++++++ GNUmakefile | 7 + LICENSE | 21 ++ README.md | 18 ++ RELEASE_NOTES.md | 2 + VERSION | 1 + examples/default/README.md | 20 ++ examples/default/main.tf | 5 + examples/default/versions.tf | 9 + main.tf | 1 + output.tf | 4 + scripts/ci_tests.sh | 44 +++ scripts/release.sh | 69 +++++ scripts/release_helpers.sh | 315 ++++++++++++++++++++++ variables.tf | 5 + versions.tf | 10 + 22 files changed, 853 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/pull-request-template.md create mode 100644 .gitignore create mode 100644 CHANGELOG.md create mode 100644 CONTRIBUTING.md create mode 100644 DEVELOPER_GUIDELINES.md create mode 100644 GNUmakefile create mode 100644 LICENSE create mode 100644 RELEASE_NOTES.md create mode 100644 VERSION create mode 100644 examples/default/README.md create mode 100644 examples/default/main.tf create mode 100644 examples/default/versions.tf create mode 100644 main.tf create mode 100644 output.tf create mode 100755 scripts/ci_tests.sh create mode 100755 scripts/release.sh create mode 100644 scripts/release_helpers.sh create mode 100644 variables.tf create mode 100644 versions.tf diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..89c5178 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,28 @@ +--- +name: Bug report +about: Create a report to help us improve +title: 'bug:' +labels: bug +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**Steps to reproduce** + + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Please complete the following information):** + - Terraform Version: [e.g. v1.0.0 ] + - Module Version [e.g. v0.15.0] + +Run `terraform version` to find your Terraform version. +You can find the module version by running `terraform providers` or in your terraform configuration. If developing locally you can check the `VERSION` file in the project root directory. + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..e0bd484 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: 'feat: ' +labels: 'feat' +--- + +# Feature Request + +**Describe the Feature Request** +A clear and concise description of what the feature request is. Please include if your feature request is related to a problem + +**Is your feature request related to a problem? Please describe** +Problems related that made you consider this feature request + +**Describe Preferred Solution** +A clear and concise description of what you want to happen and alternatives + +**Additional Context** +List any other information that is relevant to your issue. Stack traces, related issues, suggestions on how to add, use case, Stack Overflow links, forum links, screenshots, OS if applicable, etc. \ No newline at end of file diff --git a/.github/pull-request-template.md b/.github/pull-request-template.md new file mode 100644 index 0000000..babb3c9 --- /dev/null +++ b/.github/pull-request-template.md @@ -0,0 +1,26 @@ + + +## Summary + + + +## How did you test this change? + + + +## Issue + + \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7360939 --- /dev/null +++ b/.gitignore @@ -0,0 +1,46 @@ +# Local .terraform directories +**/.terraform/* + +# generated via "make ci" +examples/**/.terraform.lock.hcl + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Credentials Files +**/credentials.json +**/*.json + +# Local testing variables +*.tfvars + +# vim +*.swp + +/.idea/ +.DS_Store diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..e69de29 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..2d9888f --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,40 @@ +# Contributing to the Lacework Terraform Modules + +### Table Of Contents + +* [Before getting started?](#before-getting-started) + +* [How to Contribute?](#how-can-i-contribute) + * [Reporting Bugs](#reporting-bugs) + * [Feature Requests](#feature-requests) + * [Pull Requests](#creating-a-pull-request) + +* [Developer Guidelines](/DEVELOPER_GUIDELINES.md) + + +## Before getting started + +Read the [README.md](README.md) and + Hashicorps [best practices and syntax guidelines](https://www.terraform.io/docs/configuration/index.html) + +## Reporting Bugs + +Ensure the issue you are raising has not already been created under [issues](https://github.com/lacework/terraform--/issues). +If no current issue addresses the problem, open a new [issue](https://github.com/lacework/terraform--/issues/new). +Include as much relevant information as possible. See the [bug template](https://github.com/lacework/terraform--/blob/main/.github/ISSUE_TEMPLATE/bug_report.md) for help on creating a new issue. + +## Feature Requests + +If you wish to submit a request to add new functionality or an improvement to a terraform module then use the the [feature request](https://github.com/lacework/terraform--/blob/main/.github/ISSUE_TEMPLATE/feature_request.md) template to +open a new [issue](https://github.com/lacework/terraform--/issues/new) + +## Creating a Pull Request + +If you have made a change or added new functionality, you can submit a pull request. The project maintainers will aim to review in a 2 week timeframe. When submitting a pull request please read the [developer guidelines](/DEVELOPER_GUIDELINES.md) + +The examples folder contains Terraform code that run as part of the CI pipeline. A new pull request will trigger this test run to ensure no breaking changes are added. We recommended sanity checking your own Terraform changes before submitting the change for review. + + +Thanks, + +Project Maintainers \ No newline at end of file diff --git a/DEVELOPER_GUIDELINES.md b/DEVELOPER_GUIDELINES.md new file mode 100644 index 0000000..9fca457 --- /dev/null +++ b/DEVELOPER_GUIDELINES.md @@ -0,0 +1,162 @@ +## Terraform Modules Developer Guidelines + +### Installation +It is recommended to use tfenv or tfswitch. This makes managing and switching between Terraform versions quick and easy. + +***TFenv*** + +```brew install tfenv``` +To get up and running with TFenv refer to the Usage section of the README + +***TFSwitch*** + +```brew install warrensbox/tap/tfswitch``` +To get up and running with TFSwitch refer to the documentation + +***Indentation*** + +Use two spaces, no tabs. + +```hcl +resource "aws_instance" "example" { + ami = "abc123" + + network_interface { + # ... + } +} +``` + +***Comments*** + +Our best practice is to add a comment for every resource declared. This comment should explain what the resource is doing and how it interconnects with other resources. Hashicorp recommends using # for single-line comments. + +Here is an example of a resource with its comment: + +```hcl +# Create the Lacework application within Azure Active Directory to grant +# access to Azure Storage, Azure Key Vault, AAD Graph API, and Microsoft Graph +resource "azuread_application" "default" { + ... +} +``` + + +***Input Variables*** + +Always document user-facing variables, even if your variable names are self-descriptive like api_key or account, they could be easily misinterpreted. Always add a description field with a brief explanation. + +A couple of examples: + + +```hcl +variable "account" { + type = string + description = "Lacework account subdomain of URL (i.e. .lacework.net)" +} +``` + +```hcl +variable "api_key" { + type = string + description = "A Lacework API access key" +} +``` +Additionally, any required variables like api keys, or required tagging should not have default values, and should require the user to input those either manually each run, or optimally using a terraform.tfvars file + +***Recommended Project File Organization*** + +A few best practices for organizing Terraform projects: + +* `main.tf` - Store the main structure of your terraform code in this file +* `variables.tf` - All variables for your project +* `output.tf` - All outputs in this file +* `tfvars.example` - An example terraform.tfvars file for easy cp for users (note: *.tfvars are typically +ignored by .gitignore +* `.gitignore` - Critical to ensure that any sensitive information used in tfvars are not checked in to git + + +***Version Support / Documentation*** + +Hashicorp release frequent patch and minor updates as needed, as well as new major releases of Terraform each year. Although Hashicorp provide solid documentation on how to upgrade between major releases of Terraform, Lacework must contend with the fact that Lacework customers do not all upgrade in a timely manor. For this reason Tech Alliances Team must continue to update documentation with supported versions of Terraform, as well as update CI pipelines to test changes across each supported version. + +***Standard Versioning for Code Snippets*** +All customer facing code snippets should adhere to the standard of using pessimistic version constraint to minor releases. + +```hcl +module "aws_config" { + source = "lacework/config/aws" + version = "~> 0.1" +} +``` +```hcl +module "aws_cloudtrail" { + source = "lacework/cloudtrail/aws" + version = "~> 0.1" + + bucket_force_destroy = true + use_existing_iam_role = true + iam_role_name = module.aws_config.iam_role_name + iam_role_arn = module.aws_config.iam_role_arn + iam_role_external_id = module.aws_config.external_id +} +``` + +The example above will work for version 0.1.9 as well as 0.4.0, but will not pull in any major releases such as 1.0.0. + +For more information visit [Semantic Versioning 2.0.0](https://semver.org/) + +## Commit message standard + +The format is: + +``` +type(scope): subject +BODY +FOOTER +``` +Each commit message consists of a header, body, and footer. The header is mandatory, the scope is optional, the type and subject are mandatory. +When writing a commit message try and limit each line of the commit to a max of 100 hundred characters, so it can be read easily. + +### Type + +| Type | Description | +| ----- | ----------- | +| feat: | A new feature you're adding | +| fix: |A bug fix| +| style: | Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc) | +| refactor: | A code change that neither fixes a bug nor adds a feature | +| test: | Everything related to testing | +| docs: | Everything related to documentation | +| chore: | Regular code maintenance | +| build: | Changes that affect the build | +| ci: | Changes to our CI configuration files and scripts | +| perf: | A code change that improves performance | +| metric: | A change that provides better insights about the adoption of features and code statistics | + +### Scope +The optional scope refers to the section that this commit belongs to, for example, changing a specific component or service, a directive, pipes, etc. +Think about it as an indicator that will let the developers know at first glance what section of your code you are changing. + +A few good examples are: + +feat(client): +docs(cli): +chore(tests): +ci(directive): + +### Subject +The subject should contain a short description of the change, and written in present-tense, for example, use “add” and not “added”, or “change” and not “changed”. +I like to fill this sentence below to understand what should I put as my description of my change: + +If applied, this commit will ________________________________________. + +### Body +The body should contain a longer description of the change, try not to repeat the subject and keep it in the present tense as above. +Put as much context as you think it is needed, don’t be shy and explain your thought process, limitations, ideas for new features or fixes, etc. + +### Footer +The footer is used to reference issues, pull requests or breaking changes, for example, “Fixes ticket #123”. + +## Signing commits +Signed commits are required for any contribution to this project. Please see Github's documentation on configuring signed commits, [tell git about your signing key](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/telling-git-about-your-signing-key) and [signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) diff --git a/GNUmakefile b/GNUmakefile new file mode 100644 index 0000000..e5154a6 --- /dev/null +++ b/GNUmakefile @@ -0,0 +1,7 @@ +default: ci + +ci: + scripts/ci_tests.sh + +release: ci + scripts/release.sh prepare diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9c37a24 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Lacework, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index e69de29..2cf22f8 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,18 @@ + + +# terraform-- + +[![GitHub release](https://img.shields.io/github/release/lacework/terraform--.svg)](https://github.com/lacework/terraform--/releases/) +[![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/lacework/terraform-modules%2Ftest-compatibility?type=cf-1&key=eyJhbGciOiJIUzI1NiJ9.NWVmNTAxOGU4Y2FjOGQzYTkxYjg3ZDEx.RJ3DEzWmBXrJX7m38iExJ_ntGv4_Ip8VTa-an8gBwBo)]( https://g.codefresh.io/pipelines/edit/new/builds?id=607e25e6728f5a6fba30431b&pipeline=test-compatibility&projects=terraform-modules&projectId=607db54b728f5a5f8930405d) + +A Terraform Module to __________________________ with Lacework. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|----------| + +## Outputs + +| Name | Description | +|------|-------------| diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md new file mode 100644 index 0000000..fe40c47 --- /dev/null +++ b/RELEASE_NOTES.md @@ -0,0 +1,2 @@ +# Release Notes +Release notes are automatically generated during a release. diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..0d4d124 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.1.0-dev diff --git a/examples/default/README.md b/examples/default/README.md new file mode 100644 index 0000000..f794a80 --- /dev/null +++ b/examples/default/README.md @@ -0,0 +1,20 @@ +# Default Example + +Every Terraform module must have one or more examples. + +```hcl +terraform { + required_providers { + lacework = { + source = "lacework/lacework" + } + } +} + +provider "lacework" {} + +module "lacework_module" { + source = "lacework//" + version = "~> 0.1" +} +``` diff --git a/examples/default/main.tf b/examples/default/main.tf new file mode 100644 index 0000000..c915300 --- /dev/null +++ b/examples/default/main.tf @@ -0,0 +1,5 @@ +provider "lacework" {} + +module "lacework_module" { + source = "../.." +} diff --git a/examples/default/versions.tf b/examples/default/versions.tf new file mode 100644 index 0000000..9a7746c --- /dev/null +++ b/examples/default/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 0.12.26" + + required_providers { + lacework = { + source = "lacework/lacework" + } + } +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..0cb26d8 --- /dev/null +++ b/main.tf @@ -0,0 +1 @@ +# Your Terraform code goes here :) diff --git a/output.tf b/output.tf new file mode 100644 index 0000000..f737e2c --- /dev/null +++ b/output.tf @@ -0,0 +1,4 @@ +#output "example" { +# value = var.example +# description = "This is just an example of an output" +#} diff --git a/scripts/ci_tests.sh b/scripts/ci_tests.sh new file mode 100755 index 0000000..899250f --- /dev/null +++ b/scripts/ci_tests.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# +# Name:: ci_tests.sh +# Description:: Use this script to run ci tests of this repository +# Author:: Salim Afiune Maya () +# +set -eou pipefail + +readonly project_name=terraform-- + +TEST_CASES=( + examples/default +) + +log() { + echo "--> ${project_name}: $1" +} + +warn() { + echo "xxx ${project_name}: $1" >&2 +} + +integration_tests() { + for tcase in ${TEST_CASES[*]}; do + log "Running tests at $tcase" + ( cd $tcase || exit 1 + terraform init + terraform validate + terraform plan + ) || exit 1 + done +} + +lint_tests() { + log "terraform fmt check" + terraform fmt -check +} + +main() { + lint_tests + integration_tests +} + +main || exit 99 diff --git a/scripts/release.sh b/scripts/release.sh new file mode 100755 index 0000000..21abeac --- /dev/null +++ b/scripts/release.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# +# Name:: release.sh +# Description:: Use this script to prepare a new release on Github, +# the automation will create a GH tag like 'v0.1.0' +# (using the VERSION file) +# Author:: Salim Afiune Maya () +# +set -eou pipefail + +# common release functions +source scripts/release_helpers.sh + +# Required Variables +readonly org_name=lacework +readonly project_name=terraform-- +readonly git_user="Lacework Inc." +readonly git_email="tech-ally@lacework.net" +readonly required_files_for_release=( + RELEASE_NOTES.md + CHANGELOG.md + VERSION +) +readonly main_branch=main + +# Variable that changes during release +VERSION=$(cat VERSION) + +usage() { + local _cmd + _cmd="$(basename "${0}")" + cat <) +# + +log() { + echo "--> ${project_name}: $1" +} + +warn() { + echo "xxx ${project_name}: $1" >&2 +} + +trigger_release() { + if [[ "$VERSION" =~ "-dev" ]]; then + log "No release needed. (VERSION=${VERSION})" + log "" + log "Read more about the release process at:" + log " - https://github.com/${org_name}/${project_name}/wiki/Release-Process" + else + log "VERSION ready to be released to 'x.y.z' tag. Triggering a release!" + log "" + tag_release + sleep 5 # just so github has the new tag available + bump_version + fi +} + +tag_release() { + local _tag="v$VERSION" + log "creating github tag: $_tag" + git tag "$_tag" + git push origin "$_tag" +} + +find_latest_version() { + local _pattern="v[0-9]\+.[0-9]\+.[0-9]\+" + local _versions + local _latest + _versions=$(git ls-remote --tags --quiet | grep $_pattern | tr '/' ' ' | awk '{print $NF}') + if [ "$_versions" != "" ]; then + _latest=$(echo "$_versions" | sed 's/v//' | tr '.' ' ' | sort -nr -k 1 -k 2 -k 3 | tr ' ' '.' | head -1) + echo "v$_latest" + else + git rev-list --max-parents=0 HEAD + fi +} + +bump_version() { + log "updating version after tagging release" + latest_version=$(find_latest_version) + + if [[ "v$VERSION" == "$latest_version" ]]; then + case "${1:-}" in + major) + echo $VERSION | awk -F. '{printf("%d.%d.%d-dev", $1+1, $2, $3)}' > VERSION + ;; + minor) + echo $VERSION | awk -F. '{printf("%d.%d.%d-dev", $1, $2+1, $3)}' > VERSION + ;; + *) + echo $VERSION | awk -F. '{printf("%d.%d.%d-dev", $1, $2, $3+1)}' > VERSION + ;; + esac + VERSION=$(cat VERSION) + log "version bumped from $latest_version to v$VERSION" + else + log "skipping version bump. Already bumped to v$VERSION" + return + fi + + log "commiting and pushing the version bump to github" + if [ "$CI" != "" ]; then + git config --global user.email $git_email + git config --global user.name $git_user + git config --global user.signingkey $GPG_SIGNING_KEY + fi + git_add_version_files + git commit -sS -m "ci: version bump to v$VERSION" + git push origin $main_branch +} + +# @afiune explain why this is here? To override it +git_add_version_files() { + git add VERSION +} + +verify_release() { + log "verifying new release" + _changed_file=$(git whatchanged --name-only --pretty="" origin..HEAD) + for f in "${required_files_for_release[@]}"; do + if [[ "$_changed_file" =~ "$f" ]]; then + log "(required) '$f' has been modified. Great!" + else + warn "$f needs to be updated" + warn "" + warn "Read more about the release process at:" + warn " - https://github.com/${org_name}/${project_name}/wiki/Release-Process" + exit 123 + fi + done + + if [[ "$VERSION" =~ "-dev" ]]; then + warn "the 'VERSION' needs to be cleaned up to be only 'x.y.z' tag" + warn "" + warn "Read more about the release process at:" + warn " - https://github.com/${org_name}/${project_name}/wiki/Release-Process" + exit 123 + else + log "(required) VERSION has been cleaned up to 'x.y.z' tag. Great!" + fi +} + +publish_release() { + log "releasing v$VERSION" + create_release +} + +create_release() { + local _tag + _tag=$(git describe --tags) + local _body="/tmp/release.json" + + log "generating GH release $_tag" + generate_release_body "$_body" + curl -XPOST -H "Authorization: token $GITHUB_TOKEN" --data "@$_body" \ + https://api.github.com/repos/${org_name}/${project_name}/releases + + log "the release has been completed!" + log "" + log " -> https://github.com/${org_name}/${project_name}/releases/tag/${_tag}" +} + +prepare_release() { + log "preparing new release" + prerequisites + remove_tag_version + check_for_minor_version_bump + generate_release_notes + update_changelog + push_release + open_pull_request +} + +push_release() { + log "commiting and pushing the release to github" + _version_no_tag=$(echo $VERSION | awk -F. '{printf("%d.%d.%d", $1, $2, $3)}') + if [ "$CI" != "" ]; then + git config --global user.email $git_email + git config --global user.name $git_user + git config --global user.signingkey $GPG_SIGNING_KEY + fi + git checkout -B release + git commit -sS -am "release: v$_version_no_tag" + git push origin release -f +} + +open_pull_request() { + local _body="/tmp/pr.json" + local _pr="/tmp/pr.out" + + log "opening GH pull request" + generate_pr_body "$_body" + curl -XPOST -H "Authorization: token $GITHUB_TOKEN" --data "@$_body" \ + https://api.github.com/repos/${org_name}/${project_name}/pulls > $_pr + + _pr_url=$(jq .html_url $_pr) + log "" + log "It is time to review the release!" + log " $_pr_url" +} + +update_changelog() { + log "updating CHANGELOG.md" + _changelog=$(cat CHANGELOG.md) + echo "# v$VERSION" > CHANGELOG.md + echo "" >> CHANGELOG.md + echo "$(cat CHANGES.md)" >> CHANGELOG.md + echo "---" >> CHANGELOG.md + echo "$_changelog" >> CHANGELOG.md + # clean changes file since we don't need it anymore + rm CHANGES.md +} + +generate_release_notes() { + log "generating release notes at RELEASE_NOTES.md" + load_list_of_changes + echo "# Release Notes" > RELEASE_NOTES.md + echo "Another day, another release. These are the release notes for the version \`v$VERSION\`." >> RELEASE_NOTES.md + echo "" >> RELEASE_NOTES.md + echo "$(cat CHANGES.md)" >> RELEASE_NOTES.md +} + +load_list_of_changes() { + latest_version=$(find_latest_version) + local _list_of_changes=$(git log --no-merges --pretty="* %s (%an)([%h](https://github.com/${org_name}/${project_name}/commit/%H))" ${latest_version}..${main_branch}) + + # init changes file + true > CHANGES.md + + _feat=$(echo "$_list_of_changes" | grep "\* feat[:(]") + _refactor=$(echo "$_list_of_changes" | grep "\* refactor[:(]") + _perf=$(echo "$_list_of_changes" | grep "\* perf[:(]") + _fix=$(echo "$_list_of_changes" | grep "\* fix[:(]") + _doc=$(echo "$_list_of_changes" | grep "\* doc[:(]") + _docs=$(echo "$_list_of_changes" | grep "\* docs[:(]") + _style=$(echo "$_list_of_changes" | grep "\* style[:(]") + _chore=$(echo "$_list_of_changes" | grep "\* chore[:(]") + _build=$(echo "$_list_of_changes" | grep "\* build[:(]") + _ci=$(echo "$_list_of_changes" | grep "\* ci[:(]") + _test=$(echo "$_list_of_changes" | grep "\* test[:(]") + + if [ "$_feat" != "" ]; then + echo "## Features" >> CHANGES.md + echo "$_feat" >> CHANGES.md + fi + + if [ "$_refactor" != "" ]; then + echo "## Refactor" >> CHANGES.md + echo "$_refactor" >> CHANGES.md + fi + + if [ "$_perf" != "" ]; then + echo "## Performance Improvements" >> CHANGES.md + echo "$_perf" >> CHANGES.md + fi + + if [ "$_fix" != "" ]; then + echo "## Bug Fixes" >> CHANGES.md + echo "$_fix" >> CHANGES.md + fi + + if [ "${_docs}${_doc}" != "" ]; then + echo "## Documentation Updates" >> CHANGES.md + if [ "$_doc" != "" ]; then echo "$_doc" >> CHANGES.md; fi + if [ "$_docs" != "" ]; then echo "$_docs" >> CHANGES.md; fi + fi + + if [ "${_style}${_chore}${_build}${_ci}${_test}" != "" ]; then + echo "## Other Changes" >> CHANGES.md + if [ "$_style" != "" ]; then echo "$_style" >> CHANGES.md; fi + if [ "$_chore" != "" ]; then echo "$_chore" >> CHANGES.md; fi + if [ "$_build" != "" ]; then echo "$_build" >> CHANGES.md; fi + if [ "$_ci" != "" ]; then echo "$_ci" >> CHANGES.md; fi + if [ "$_test" != "" ]; then echo "$_test" >> CHANGES.md; fi + fi +} + +prerequisites() { + local _branch=$(git rev-parse --abbrev-ref HEAD) + if [ "$_branch" != "${main_branch}" ]; then + warn "Releases must be generated from the '${main_branch}' branch. (current $_branch)" + warn "Switch to the ${main_branch} branch and try again." + exit 127 + fi + + local _unsaved_changes=$(git status -s) + if [ "$_unsaved_changes" != "" ]; then + warn "You have unsaved changes in the ${main_branch} branch. Are you resuming a release?" + warn "To resume a release you have to start over, to remove all unsaved changes run the command:" + warn " git reset --hard origin/${main_branch}" + exit 127 + fi +} + +check_for_minor_version_bump() { + if release_contains_features; then + log "new feature detected, minor version bump" + echo $VERSION | awk -F. '{printf("%d.%d.0", $1, $2+1)}' > VERSION + VERSION=$(cat VERSION) + log "updated version to v$VERSION" + fi +} + +release_contains_features() { + latest_version=$(find_latest_version) + git log --no-merges --pretty="%s" ${latest_version}..${main_branch} | grep "feat[:(]" >/dev/null + return $? +} + +remove_tag_version() { + echo $VERSION | awk -F. '{printf("%d.%d.%d", $1, $2, $3)}' > VERSION + VERSION=$(cat VERSION) + log "updated version to v$VERSION" +} + +generate_release_body() { + _file=${1:-release.json} + _tag=$(git describe --tags) + _release_notes=$(jq -aRs . <<< cat RELEASE_NOTES.md) + cat < $_file +{ + "tag_name": "$_tag", + "name": "$_tag", + "draft": false, + "prerelease": false, + "body": $_release_notes +} +EOF +} + +generate_pr_body() { + _file=${1:-pr.json} + _version_no_tag=$(echo $VERSION | awk -F. '{printf("%d.%d.%d", $1, $2, $3)}') + _release_notes=$(jq -aRs . <<< cat RELEASE_NOTES.md) + cat < $_file +{ + "base": "${main_branch}", + "head": "release", + "title": "Release v$_version_no_tag", + "body": $_release_notes +} +EOF +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..2920689 --- /dev/null +++ b/variables.tf @@ -0,0 +1,5 @@ +#variable "example" { +# type = string +# default = "" +# description = "This is just an example of a variable" +#} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..0cf1249 --- /dev/null +++ b/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 0.12.31" + + required_providers { + lacework = { + source = "lacework/lacework" + version = "~> 1.0" + } + } +}