feat: first commit

.bulldozer.yml

@@ -0,0 +1,4 @@
+---
+remote: nrkno/nrk-bot-configs
+path: admin-groups/iac-admins/bulldozer/bulldozer.yaml
+ref: main

.envrc

@@ -0,0 +1 @@
+pre-commit install-hooks

.github/dependabot.yml

@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: terraform
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "12:00"
+      timezone: "Europe/Oslo"
+    commit-message:
+      prefix: chore(deps)
+    open-pull-requests-limit: 5
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "12:00"
+      timezone: "Europe/Oslo"
+    commit-message:
+      prefix: chore(deps)
+    open-pull-requests-limit: 5

.github/scripts/branch_restrictions.json

@@ -0,0 +1,56 @@
+{
+  "required_status_checks": {
+    "strict": true,
+    "checks": [
+      {
+        "context": "Terraform / Config Validation in ."
+      },
+      {
+        "context": "Terraform / Trivy Vulnerability Scan in ."
+      },
+      {
+        "context": "lint_release / Commit lint"
+      },
+      {
+        "context": "Terraform / Render terraform docs in ."
+      }
+    ]
+  },
+  "restrictions": {
+    "users": [],
+    "teams": [
+      "IaC-Admins"
+    ],
+    "apps": [
+      "NRKno-Bulldozer"
+    ]
+  },
+  "required_pull_request_reviews": {
+    "dismissal_restrictions": {
+      "users": [],
+      "teams": [
+        "IaC-Admins"
+      ],
+      "apps": [
+        "NRKno-Bulldozer"
+      ]
+    },
+    "dismiss_stale_reviews": true,
+    "bypass_pull_request_allowances": {
+      "users": [],
+      "teams": [],
+      "apps": []
+    },
+    "require_code_owner_reviews": true,
+    "require_last_push_approval": false,
+    "required_approving_review_count": 1
+  },
+  "enforce_admins": true,
+  "required_linear_history": true,
+  "allow_force_pushes": false,
+  "allow_deletions": false,
+  "block_creations": true,
+  "required_conversation_resolution": true,
+  "lock_branch": false,
+  "allow_fork_syncing": false
+}

.github/scripts/repo_settings.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+#set -e
+#set -x
+
+
+GH_TOKEN=$(gh auth token)
+REPO=$1
+BRANCH=$2
+
+gh repo edit $REPO --add-topic "terraform,terraform-module" \
+--enable-rebase-merge --delete-branch-on-merge \
+--enable-squash-merge=false --enable-merge-commit=false
+
+curl \
+-X PUT \
+-H "Accept: application/vnd.github+json" \
+-H "Authorization: Bearer ${GH_TOKEN}" \
+"https://api.github.com/repos/$REPO/branches/$BRANCH/protection" \
+--data-binary "@.github/scripts/branch_restrictions.json"

.github/workflows/lint-release.yaml

@@ -0,0 +1,14 @@
+---
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+name: Commit lint and release
+jobs:
+  lint_release:
+    uses: nrkno/github-workflow-semantic-release/.github/workflows/workflow.yaml@v3.1.0
+    with:
+      runs-on: linux

.github/workflows/terraform.yaml

@@ -0,0 +1,21 @@
+---
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  terraform:
+    name: Terraform
+    uses: nrkno/github-workflow-terraform-config/.github/workflows/workflow.yaml@v4.60.1
+    with:
+      terraform-docs-fail-on-diff: false
+      working-directory: .
+      trivy-ignore-files: .trivyignore
+    secrets:
+      registries: "terraform-registry.nrk.cloud=${{ secrets.PLATTFORM_TERRAFORM_REGISTRY_NRK_CLOUD }}"

.policy.yml

@@ -0,0 +1,4 @@
+---
+remote: nrkno/nrk-bot-configs
+path: admin-groups/iac-admins/policy-bot/policy-bot.yaml
+ref: main

.terraform-docs.yaml.example

@@ -0,0 +1,60 @@
+# With this file you can controll the behaviour of your README.md file.
+# To see what is possible please read: https://terraform-docs.io/user-guide/configuration/
+#
+# The following is an example of how to use this file to populate your README.md with info from your terraform code
+#
+formatter: markdown
+
+header-from: main.tf
+#footer-from:
+
+sections:
+  #hide: []
+  show:
+    - all
+
+content: |-
+  {{ .Header }}
+
+  {{ .Requirements }}
+
+  {{ .Inputs }}
+
+  {{ .Providers }}
+
+  {{ .Modules }}
+
+  {{ .Outputs }}
+
+  {{ .Resources }}
+
+output:
+  file: "README.md"
+  mode: replace
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  #from: 
+
+sort:
+  enabled: true
+  by: required
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: true
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: true
+  read-comments: false
+  required: true
+  sensitive: true
+  type: true

examples/main.example

@@ -0,0 +1,8 @@
+module "some-module" {
+  source  = "terraform-registry.nrk.cloud/nrkno/iac-terraform-module-template/generic"
+  version = "1.0.0"
+
+  argument1 = "value"
+  argument2 = "value"
+  argument3 = "value"
+}