Initial commit

.github/pull_request_template.md

@@ -0,0 +1,9 @@
+## Describe your changes
+
+## Issue ticket number and link
+
+## Checklist before requesting a review
+- [ ] I have performed a self-review of my code
+- [ ] If it is a core feature, I have added thorough tests.
+- [ ] Do we need to implement analytics?
+- [ ] Will this be part of a product update? If yes, please write one phrase about this update.

.github/workflows/delete-stack.yaml

@@ -0,0 +1,13 @@
+name: "Terraform Delete"
+
+on:
+  workflow_dispatch:
+
+permissions:
+  id-token: write # This is required for aws oidc connection
+  contents: read # This is required for actions/checkout
+  pull-requests: write # This is required for gh bot to comment PR
+
+jobs:
+  delete:
+    uses: subhamay-bhattacharyya/9999-reusable-wf/.github/workflows/tf-cicd-destroy.yaml@main

.github/workflows/deploy-stack.yaml

@@ -0,0 +1,28 @@
+name: "Terraform Plan and Deploy"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - 'feature**'
+    paths-ignore:
+      - '**/README.md'
+      - '**/.github/workflows/**.yaml'
+
+
+permissions:
+  id-token: write # This is required for aws oidc connection
+  contents: write # This is required for actions/checkout
+  issues: write
+  pull-requests: write # This is required for gh bot to comment PR
+
+jobs:
+  cicd:
+    uses: subhamay-bhattacharyya/9999-reusable-wf/.github/workflows/tf-cicd-create.yaml@main
+    with:
+      deploy-reviewer-test: 150314255
+      deploy-reviewer-prod: 144537759
+      pr-approver: bsubhamay-approver
+    secrets:
+      git-token: ${{ secrets.GIT_TOKEN }}

.github/workflows/drift-detection.yaml

@@ -0,0 +1,21 @@
+name: "Drift Detection"
+
+on:
+  workflow_dispatch:
+  # schedule:
+  #   - cron: '*/15 * * * *'
+
+jobs:
+  drift-detection:
+    name: "drift-detection"
+    uses: subhamay-bhattacharyya/9999-reusable-wf/.github/workflows/tf-drift-detection.yaml@main
+    with:
+      github-env: devl
+      terraform-ver: ${{ vars.TERRAFORM_VERSION }}
+      tfvar-file: devl.terraform.tfvars
+      aws-region: ${{ vars.AWS_REGION }}
+      aws-role-arn: ${{ vars.PROD_AWS_ROLE_ARN }}
+      aws-tf-state-bucket-name: ${{ vars.PROD_AWS_TF_STATE_BUCKET_NAME }}
+      kms-key-arn: ${{ vars.PROD_AWS_KMS_KEY_ARN }}
+    secrets:
+      git-token: ${{ secrets.GIT_TOKEN }}

.github/workflows/run-infracost.yaml

@@ -0,0 +1,12 @@
+name: "Run Infracost"
+
+on:
+  pull_request:
+    types: [opened, synchronize, closed]
+
+jobs:
+  create:
+    name: "run-infracost"
+    uses: subhamay-bhattacharyya/9999-reusable-wf/.github/workflows/tf-infracost.yaml@main
+    secrets:
+      infracost-api-key: ${{ secrets.INFRACOST_API_KEY }}

.gitignore

@@ -0,0 +1,44 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+# *.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore MacOS DS_Store file
+.DS_Store
+
+# Ignore media files
+*.pptx
+*.jpg