A template repository for terraform projects with kitchen terraform tests, pre-commit hooks, and GitHub actions for CI, PR labeler and Relase Drafter. See Development section for details.

• Getting Started
• How to use this module
• Requirements
• Providers
• Inputs
• Testing
• Development

This repository serves as a template for Terraform modules, that are tested using Kitchen-terraform. To get started, you should use this template to create a new repository. See instructions to get started with templates.

This template implements the following:

• Example module to print a message with requiered files main.tf, variables.tf, outputs.tf

• Ruby Gemfile and .ruby-version file to specify version of Ruby and ruby packages

• Kitchen terraform configuration file .kitchen.yml with one example suite and a local backend

• One simple example in the examples folder

• Integration test for the example in test/integration folder.

• An example of implementing a custom Inspec resource to execute a local command and capture the stdout. See test/integration/simple-template/libraries

• The following pre-commit hooks for terraform. See Development Section for further instructions on using the pre-commit hooks

  Hook name	Description
  terraform_fmt	Rewrites all Terraform configuration files to a canonical format.
  terraform_docs	Inserts input and output documentation into README.md.
  terraform_tflint	Validates all Terraform configuration files with TFLint.
  terraform_tfsec	TFSec static analysis of terraform templates to spot potential security issues.

• GitHub Actions to label PullRequests, Draft Releases and Run the kitchen tests. See Development Section for further instructions

• Protections on the default branch. Commits to default branch need to be through a PR that has been reviewed and has passing tests

After starting a new repository from this template, you should get familiar with the hooks an actions. A recommended way to do so, could be as follows:

• Create a new feature branch git checkout -b chore/change-variable-defaults
• Change the default message (in variables.tf) that gets printed by the module in this repository
• Run the pre-commit hooks pre-commit run -a. The docs hook will update your README to reflect the change to the default value of message.
• Commit, push and start a Pull Request. Based on the name of your branch, the PR should be labeled as chore
• Request a reviewer, make sure tests are passing, and merge. After merging, a new Draft Release will be started with notes based on the name of the PR

Make sure to read the reminder on Development section.

After getting familiar with pre-commit hooks and actions, you are ready to customize your module.

This repository uses Kitchen-Terraform to test the terraform modules. In the examplesdirectory you can find examples of how each module can be used. Those examples are fed to [Test Kitchen][https://kitchen.ci/]. To install test kitchen, first make sure you have Ruby and bundler installed.

brew install ruby
gem install bundler

Then install the prerequisites for test kitchen.

bundle install

You'll need to add some common credentials and secret variables

And now you're ready to run test kitchen. Test kitchen has a couple main commands:

• bundle exec kitchen create initializes terraform.
• bundle exec kitchen converge runs our terraform examples.
• bundle exec kitchen verify runs our inspec scripts against a converged kitchen.
• bundle exec kitchen test does all the above.

Use GitLab Flow.

• Create feature branches for features and fixes from default branch
• Merge only from PR with review
• After merging to default branch a release is drafted using a github action. Check the draft and publish if you and tests are happy

Install and configure terraform pre-commit hooks To run them: pre-commit run -a

This project has three workflows enabled:

1. PR labeler: When openning a PR to default branch, a label is given automatically according to the name of your feature branch. The labeler follows thenrules in pr-labeler.yml

2. Release Drafter: When merging to master, a release is drafted using the Release-Drafter Action

3. Kitchen test is run on every commit unless [skip ci] is added to commit message.