Skip to content
/ terraform-kitchen-template Public template

A template repository for terraform projects with kitchen tests, Github Actions and pre-commit hooks

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BrownUniversity/terraform-kitchen-template

BranchesTags

Repository files navigation

terraform-kitchen-template

A template repository for terraform projects with kitchen terraform tests, pre-commit hooks, and GitHub actions for CI, PR labeler and Relase Drafter. See Development section for details.

kitchen-tests

Contents:

Getting Started

This repository serves as a template for Terraform modules, that are tested using Kitchen-terraform. To get started, you should use this template to create a new repository. See instructions to get started with templates.

This template implements the following:

  • Example module to print a message with requiered files main.tf, variables.tf, outputs.tf

  • Ruby Gemfile and .ruby-version file to specify version of Ruby and ruby packages

  • Kitchen terraform configuration file .kitchen.yml with one example suite and a local backend

  • One simple example in the examples folder

  • Integration test for the example in test/integration folder.

  • An example of implementing a custom Inspec resource to execute a local command and capture the stdout. See test/integration/simple-template/libraries

  • The following pre-commit hooks for terraform. See Development Section for further instructions on using the pre-commit hooks

    Hook name Description
    terraform_fmt Rewrites all Terraform configuration files to a canonical format.
    terraform_docs Inserts input and output documentation into README.md.
    terraform_tflint Validates all Terraform configuration files with TFLint.
    terraform_tfsec TFSec static analysis of terraform templates to spot potential security issues.

  • GitHub Actions to label PullRequests, Draft Releases and Run the kitchen tests. See Development Section for further instructions

  • Protections on the default branch. Commits to default branch need to be through a PR that has been reviewed and has passing tests

How to use this module

After starting a new repository from this template, you should get familiar with the hooks an actions. A recommended way to do so, could be as follows:

  • Create a new feature branch git checkout -b chore/change-variable-defaults
  • Change the default message (in variables.tf) that gets printed by the module in this repository
  • Run the pre-commit hooks pre-commit run -a. The docs hook will update your README to reflect the change to the default value of message.
  • Commit, push and start a Pull Request. Based on the name of your branch, the PR should be labeled as chore
  • Request a reviewer, make sure tests are passing, and merge. After merging, a new Draft Release will be started with notes based on the name of the PR

Make sure to read the reminder on Development section.

After getting familiar with pre-commit hooks and actions, you are ready to customize your module.

Requirements

Name Version
terraform ~> 0.12

Providers

Name Version
null n/a

Inputs

Name Description Type Default Required
message Message to pass to echo string "Hello terraform-kitchen template" no

Outputs

Name Description
message Message to pass to echo

Testing

This repository uses Kitchen-Terraform to test the terraform modules. In the examplesdirectory you can find examples of how each module can be used. Those examples are fed to [Test Kitchen][https://kitchen.ci/]. To install test kitchen, first make sure you have Ruby and bundler installed.

brew install ruby
gem install bundler

Then install the prerequisites for test kitchen.

bundle install

You'll need to add some common credentials and secret variables

And now you're ready to run test kitchen. Test kitchen has a couple main commands:

  • bundle exec kitchen create initializes terraform.
  • bundle exec kitchen converge runs our terraform examples.
  • bundle exec kitchen verify runs our inspec scripts against a converged kitchen.
  • bundle exec kitchen test does all the above.

Development

Merging Policy

Use GitLab Flow.

  • Create feature branches for features and fixes from default branch
  • Merge only from PR with review
  • After merging to default branch a release is drafted using a github action. Check the draft and publish if you and tests are happy

Pre-commit hooks

Install and configure terraform pre-commit hooks To run them: pre-commit run -a

CI

This project has three workflows enabled:

  1. PR labeler: When openning a PR to default branch, a label is given automatically according to the name of your feature branch. The labeler follows thenrules in pr-labeler.yml

  2. Release Drafter: When merging to master, a release is drafted using the Release-Drafter Action

  3. Kitchen test is run on every commit unless [skip ci] is added to commit message.

About

A template repository for terraform projects with kitchen tests, Github Actions and pre-commit hooks

Topics

terraform inspec kitchen-terraform github-actions pre-commit-hooks

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages