Merge pull request #7 from BCDevOps/add-gha-workflows

add gha workflows
BCDevOps · Feb 14, 2023 · f3bac9d · f3bac9d
2 parents 1644dff + fe53d19
commit f3bac9d
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 2 deletions.
diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml
@@ -0,0 +1,18 @@
+name: Generate terraform docs
+on:
+  - pull_request
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render terraform docs inside the README.md and push changes back to PR branch
+      uses: terraform-docs/[email protected]
+      with:
+        working-dir: .
+        output-file: README.md
+        output-method: inject
+        git-push: "true"
diff --git a/.github/workflows/terraform-fmt.yaml b/.github/workflows/terraform-fmt.yaml
@@ -0,0 +1,12 @@
+name: terraform format check
+on:
+  - pull_request
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: hashicorp/setup-terraform@v2
+
+    - name: terraform fmt
+      run: terraform fmt -check -recursive -diff
diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml
@@ -0,0 +1,15 @@
+name: terraform validate
+on:
+  - pull_request
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: hashicorp/setup-terraform@v2
+
+    - name: terraform init
+      run: terraform init -input=false -backend=false
+
+    - name: terraform validate
+      run: terraform validate
diff --git a/README.md b/README.md
@@ -11,11 +11,64 @@ This repo provides a starting point for users who want to create valid Terraform
 <!--- Example: <library_name> - [![GitHub](<shield_icon_link>)](<path_to_library_LICENSE>) --->
 
 ## Project Status
+
 - [x] Development
 - [ ] Production/Maintenance
 
-## Documentation
-<!--- Point to another readme or create a GitHub Pages (https://guides.github.com/features/pages/) --->
+# Documentation
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
+| <a name="requirement_keycloak"></a> [keycloak](#requirement\_keycloak) | >= 2.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
+| <a name="provider_external"></a> [external](#provider\_external) | n/a |
+| <a name="provider_keycloak"></a> [keycloak](#provider\_keycloak) | >= 2.0.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_cloud_roles"></a> [cloud\_roles](#module\_cloud\_roles) | github.com/BCDevOps/terraform-keycloak-role-group-simplification | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.bcgov_perm_boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role.admin_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.role-policy-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_saml_provider.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |
+| [aws_caller_identity.aws_context](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [external_external.saml_idp_descriptor](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
+| [keycloak_realm.kc-lz-sso-realm](https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/data-sources/realm) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_name"></a> [account\_name](#input\_account\_name) | Name to identify the account. | `string` | n/a | yes |
+| <a name="input_account_roles"></a> [account\_roles](#input\_account\_roles) | Roles and associated policies for an account. | `map(string)` | n/a | yes |
+| <a name="input_aws_saml_idp_name"></a> [aws\_saml\_idp\_name](#input\_aws\_saml\_idp\_name) | Name for Keycloak IDP that will be created in AWS | `string` | `"BCGovKeyCloak"` | no |
+| <a name="input_kc_base_url"></a> [kc\_base\_url](#input\_kc\_base\_url) | Base URL of KeyCloak instance to interact with. | `string` | n/a | yes |
+| <a name="input_kc_iam_auth_client_id"></a> [kc\_iam\_auth\_client\_id](#input\_kc\_iam\_auth\_client\_id) | Client ID of client where KC roles corresponding to AWS roles will be created. | `string` | n/a | yes |
+| <a name="input_kc_realm"></a> [kc\_realm](#input\_kc\_realm) | KeyCloak realm where terraform client has been created and where users/groups to be created/manipulated exist. | `string` | n/a | yes |
+| <a name="input_trusted_login_sources"></a> [trusted\_login\_sources](#input\_trusted\_login\_sources) | A list of one or more URLs from which login is expected and permitted. | `list(string)` | <pre>[<br>  "https://signin.aws.amazon.com/saml"<br>]</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_roles"></a> [roles](#output\_roles) | module outputs should be defined and documented here. |
+<!-- END_TF_DOCS -->
 
 ## References