Merge pull request #3 from rhythmictech/readme

Add readme and commit hooks

Author: smiller171

.github/workflows/pre-commit-check.yaml

@@ -0,0 +1,30 @@
+---
+name: pre-commit-check
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  build:
+    runs-on: macOS-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Install prerequisites
+        run: ./bin/install-macos.sh
+      - name: initiallize Terraform
+        run: terraform init --backend=false
+      - uses: actions/cache@v1
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit|${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            pre-commit
+      - name: pre-commit run all
+        run: |
+          pre-commit run -a
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          SKIP: terraform_tflint_deep

.pre-commit-config.yaml

@@ -0,0 +1,43 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.31.0
+    hooks:
+      - id: terraform_docs
+        args:
+          - --args=--sort-by-required
+      - id: terraform_fmt
+      - id: terraform_tflint
+        alias: terraform_tflint_deep
+        name: terraform_tflint_deep
+        args:
+          - --args=--deep
+      - id: terraform_tflint
+        alias: terraform_tflint_nocreds
+        name: terraform_tflint_nocreds
+      - id: terraform_tfsec
+      - id: terraform_validate
+        exclude: examples
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.0.0
+    hooks:
+      - id: check-case-conflict
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-yaml
+        args:
+          - --unsafe
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+        args:
+          - --fix=lf
+      - id: no-commit-to-branch
+      - id: pretty-format-json
+        args:
+          - --autofix
+          - --top-keys=name,Name
+      - id: trailing-whitespace
+        args:
+          - --markdown-linebreak-ext=md
+        exclude: README.md

.tflint.hcl

@@ -0,0 +1,45 @@
+config {
+  module     = true
+  deep_check = false
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+  format  = "snake_case"
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Rhythmic Technologies, Inc.
+Copyright (c) 2020 Rhythmic Technologies, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -0,0 +1,74 @@
+# terraform-aws-imagebuilder-pipeline [![](https://github.com/rhythmictech/terraform-aws-imagebuilder-pipeline/workflows/pre-commit-check/badge.svg)](https://github.com/rhythmictech/terraform-aws-imagebuilder-pipeline/actions) <a href="https://twitter.com/intent/follow?screen_name=RhythmicTech"><img src="https://img.shields.io/twitter/follow/RhythmicTech?style=social&logo=RhythmicTech" alt="follow on Twitter"></a>
+Terraform module for creating EC2 Image Builder Pipelines from Cloudformation
+
+## Example
+Here's what using the module will look like
+```hcl
+module "test_pipeline" {
+  source  = "rhythmictech/imagebuilder-recipe/aws"
+  version = "~> 0.2.0"
+
+  description = "Testing pipeline"
+  name        = "test-pipeline"
+  tags        = local.tags
+  recipe_arn  = module.test_recipe.recipe_arn
+  public      = false
+}
+```
+
+## About
+Allows the creation of EC2 Image Builder Pipelines with Cloudformation until native support is added to TF
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.2 |
+| aws | ~> 2.44 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | ~> 2.44 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| name | name to use for component | `string` | n/a | yes |
+| recipe\_arn | ARN of the recipe to use. Must change with Recipe version | `string` | n/a | yes |
+| additional\_iam\_policy\_arns | List of ARN policies for addional builder permissions | `list(string)` | `[]` | no |
+| cloudformation\_timeout | How long to wait (in minutes) for CFN to apply before giving up | `number` | `10` | no |
+| description | description of component | `string` | `null` | no |
+| enabled | Whether pipeline is ENABLED or DISABLED | `bool` | `true` | no |
+| instance\_types | Instance types to create images from. It's unclear why this is a list. Possibly because different types can result in different images (like ARM instances) | `list(string)` | <pre>[<br>  "t3.medium"<br>]</pre> | no |
+| key\_pair | EC2 key pair to add to the default user on the builder | `string` | `null` | no |
+| license\_config\_arns | If you're using License Manager, your ARNs go here | `list(string)` | `null` | no |
+| log\_bucket | Bucket to store logs in. If this is ommited logs will not be stored | `string` | `null` | no |
+| log\_prefix | S3 prefix to store logs at. Recommended if sharing bucket with other pipelines | `string` | `null` | no |
+| public | Whether resulting AMI should be public | `bool` | `false` | no |
+| regions | Regions that AMIs will be available in | `list(string)` | <pre>[<br>  "us-east-1",<br>  "us-east-2",<br>  "us-west-1",<br>  "us-west-2",<br>  "ca-central-1"<br>]</pre> | no |
+| schedule | Schedule expression for when pipeline should run automatically https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-imagepipeline-schedule.html | <pre>object({<br>    PipelineExecutionStartCondition = string<br>    ScheduleExpression              = string<br>  })</pre> | <pre>{<br>  "PipelineExecutionStartCondition": "EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE",<br>  "ScheduleExpression": "cron(0 0 * * mon)"<br>}</pre> | no |
+| security\_group\_ids | Security group IDs for the Image Builder | `list(string)` | `null` | no |
+| shared\_account\_ids | AWS accounts to share AMIs with. If this is left null AMIs will be public | `list(string)` | `[]` | no |
+| sns\_topic\_arn | SNS topic to notify when new images are created | `string` | `null` | no |
+| subnet | Subnet ID to use for builder | `string` | `null` | no |
+| tags | map of tags to use for CFN stack and component | `map(string)` | `{}` | no |
+| terminate\_on\_failure | Change to false if you want to ssh into a builder for debugging after failure | `bool` | `true` | no |
+| test\_config | Whether to run tests during image creation and maximum time to allow tests to run | <pre>object({<br>    ImageTestsEnabled = bool<br>    TimeoutMinutes    = number<br>  })</pre> | <pre>{<br>  "ImageTestsEnabled": true,<br>  "TimeoutMinutes": 60<br>}</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| pipeline\_arn | ARN of EC2 Image Builder Pipeline |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## The Giants underneath this module
+- pre-commit.com/
+- terraform.io/
+- github.com/tfutils/tfenv
+- github.com/segmentio/terraform-docs

bin/install-macos.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+echo 'installing brew packages'
+brew update
+brew tap liamg/tfsec
+brew install tfenv tflint terraform-docs pre-commit liamg/tfsec/tfsec coreutils
+brew upgrade tfenv tflint terraform-docs pre-commit liamg/tfsec/tfsec coreutils
+
+echo 'installing pre-commit hooks'
+pre-commit install
+
+echo 'setting pre-commit hooks to auto-install on clone in the future'
+git config --global init.templateDir ~/.git-template
+pre-commit init-templatedir ~/.git-template
+
+echo 'installing terraform with tfenv'
+tfenv install min-required
+tfenv use min-required

cloudformation.yml.tpl

@@ -33,7 +33,7 @@ Resources:
         ${ indent(8, chomp(yamlencode(tags))) }
   infraConfig:
     Type: AWS::ImageBuilder::InfrastructureConfiguration
-    Properties: 
+    Properties:
       Name: ${name}-infrastructure-configuration
       %{~ if description != null ~}
       Description: ${description}

example/basic/global.auto.tfvars

@@ -0,0 +1,27 @@
+# basic example
+A basic example for this repository
+
+## Code
+```hcl
+module "test_pipeline" {
+  source  = "rhythmictech/imagebuilder-recipe/aws"
+  version = "~> 0.2.0"
+
+  description = "Testing pipeline"
+  name        = "test-pipeline"
+  tags        = local.tags
+  recipe_arn  = module.test_recipe.recipe_arn
+  public      = false
+}
+```
+
+## Applying
+```
+>  terraform apply
+
+Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+pipeline_arn = arn:aws:imagebuilder:us-east-1:000000000000:image-pipeline/test-pipeline
+```