Merge pull request #3 from binbashar/BBL-119-tf0.12-test-auto-release

BBL-119 - tf0.12 tests + auto release

.circleci/config.yml

@@ -0,0 +1,154 @@
+version: 2.1
+
+jobs:
+  #
+  # Test 1 & Test 2
+  #
+  test-static-code-and-linting:
+    machine:
+      image: ubuntu-1604:201903-01
+      # This job has been blocked because Docker Layer Caching is not available on your plan.
+      # Please upgrade to continue building.
+      # Note: you will need to push a new commit or call the API to rerun the pipeline.
+      #docker_layer_caching: true
+
+    steps:
+      - checkout
+
+      - run: pwd
+      - run: ls -ltra
+      - run: git branch
+
+      - run:
+          name: test1-terraform-format
+          command: |
+            if [[ $(make format| tail -n +2) ]]; then
+              echo "==================================================================================================="
+              echo " NOT PASSED - There are Terraform conf files that needs a canonical format and styleto be formated "
+              echo "==================================================================================================="
+              exit 1
+            else
+              echo "==================================================================================================="
+              echo " PASSED - All Terraform conf files already have canonical format and are correcyly styled          "
+              echo "==================================================================================================="
+            fi
+
+      - run:
+          name: test2-terraform-linting
+          command: |
+            if make lint-deep | grep 'Awesome! Your code is following the best practices'; then
+              echo "==============================================================================================="
+              echo " PASSED - Awesome! Your code is following the best practices                                   "
+              echo "==============================================================================================="
+            else
+              echo "==============================================================================================="
+              echo " NOT PASSED - Terraform lint needed                                                            "
+              echo "==============================================================================================="
+            fi
+  #
+  # Test 3
+  #
+  test-e2e-terratests:
+    machine:
+      image: ubuntu-1604:201903-01
+      #docker_layer_caching: true
+
+    steps:
+      - checkout
+
+      - run: pwd
+      - run: ls -ltra
+      - run: git branch
+
+      - run:
+          name: Install awscli
+          command: sudo pip install awscli
+
+      - run:
+          name: Configure awscli
+          command: |
+            echo "AWS_ACCESS_KEY_ID - $AWS_ACCESS_KEY_ID"
+            echo "AWS_PROFILE_NAME - $AWS_PROFILE_NAME"
+
+            # AWS defautl awscli profile
+            aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
+            aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
+            aws configure set region us-east-1
+            aws configure set output json
+
+            # AWS dev awscli profile
+            aws configure set role_arn arn:aws:iam::$AWS_ACCOUNT_ID_DEV:role/DeployMaster --profile $AWS_PROFILE_NAME
+            aws configure set source_profile default --profile $AWS_PROFILE_NAME
+
+#      - run: cat ~/.aws/credentials
+#      - run: cat ~/.aws/config
+
+      - run:
+          name: Test AWS permissions
+          command: aws ec2 describe-instances --region us-east-1 --profile $AWS_PROFILE_NAME
+
+      - run:
+          name: test3-terratests-dep-init
+          command: make terratest-dep-init
+
+      - run:
+          name: test3-terratests-go-test
+          command: make terratest-go-test
+
+  #
+  # Release
+  #
+  release-patch-with-changelog:
+    machine:
+      image: ubuntu-1604:201903-01
+      #docker_layer_caching: true
+
+    steps:
+      - checkout
+
+      - run: pwd
+      - run: ls -ltra
+      - run: git branch
+
+      - run:
+          name: release-patch-with-changelog-circleci
+          command: |
+            if git status | grep 'nothing to commit, working tree clean'; then
+              echo "==============================================================================================="
+              echo "release-patch-with-changelog-circleci"
+              echo "==============================================================================================="
+              git config --global user.email "$GIT_USER_EMAIL"
+              git config --global user.name "$GIT_USER_NAME"
+              make release-patch-with-changelog-circleci
+            else
+              echo "==============================================================================================="
+              echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below "
+              echo "==============================================================================================="
+              echo "$(git status)"
+              echo "==============================================================================================="
+            fi
+#
+# Jobs workflow
+#
+workflows:
+  version: 2
+  changelog_and_release:
+    jobs:
+      - test-static-code-and-linting:
+          context: binbashar-org-global-context
+          filters:
+            branches:
+             ignore: # only branches matching the below regex filters will run
+               - master
+      - test-e2e-terratests:
+          context: binbashar-org-global-context
+          filters:
+            branches:
+             ignore: # only branches matching the below regex filters will run
+               - master
+      - release-patch-with-changelog:
+          context: binbashar-org-global-context
+          filters:
+            branches:
+             only: # only branches matching the below regex filters will run
+               - master

.gitignore

@@ -5,6 +5,7 @@
 # Except
 #
 !*.env.example
+!*.circleci
 !*.dockeringnore
 !*.hosts
 !/.gitignore
@@ -65,6 +66,8 @@ Thumbs.db
 *.iml
 *.ipr
 .vscode
+/src
+/venv
 
 # Custom Project tools files #
 ########################

Makefile

@@ -4,9 +4,11 @@ LOCAL_OS_USER := $(shell whoami)
 LOCAL_OS_SSH_DIR := ~/.ssh
 LOCAL_OS_GIT_CONF_DIR := ~/.gitconfig
 LOCAL_OS_AWS_CONF_DIR := ~/.aws
+LOCAL_OS_AWS_PROFILE := bb-dev-deploymaster
+LOCAL_OS_AWS_REGION := us-east-1
 
 TF_PWD_DIR := $(shell pwd)
-TF_VER := 0.12.3
+TF_VER := 0.12.12
 TF_PWD_CONT_DIR := "/go/src/project/"
 TF_DOCKER_ENTRYPOINT := /usr/local/go/bin/terraform
 TF_DOCKER_IMAGE := binbash/terraform-resources
@@ -85,8 +87,20 @@ doc-tf-eleven: ## A utility to generate documentation from Terraform 0.11 module
 doc-tf-twelve: ## A utility to generate documentation from Terraform 0.12 modules in various output formats.
 	bash terraform-docs.sh markdown ${TF_PWD_DIR}
 
-lint: ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan.
-	docker run --rm -v ${TF_PWD_DIR}:/data -t wata727/tflint --deep
+lint: ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan (tf0.11 --> < 0.9.2.
+	docker run --rm \
+	-v ${LOCAL_OS_AWS_CONF_DIR}:/root/.aws \
+	-v ${TF_PWD_DIR}:/data \
+	-t wata727/tflint:0.12.1
+
+lint-deep: ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan (tf0.11 --> < 0.9.2.
+	docker run --rm \
+	-v ${LOCAL_OS_AWS_CONF_DIR}:/root/.aws \
+	-v ${TF_PWD_DIR}:/data \
+	-t wata727/tflint:0.12.1 --deep \
+	--aws-profile=${LOCAL_OS_AWS_PROFILE} \
+	--aws-creds-file=/root/.aws/credentials \
+	--aws-region=${LOCAL_OS_AWS_REGION}
 
 #==============================================================#
 # TERRATEST 												   #
@@ -102,6 +116,12 @@ terratest-go-test: ## lint: TFLint is a Terraform linter for detecting errors th
 	${TERRATEST_GO_CMD_PREFIX} test
 	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} .
 
+#==============================================================#
+# CIRCLECI 													   #
+#==============================================================#
+circleci-validate-config: ## Validate A CircleCI Config (https://circleci.com/docs/2.0/local-cli/)
+	circleci config validate .circleci/config.yml
+
 #==============================================================#
 # GIT RELEASE 												   #
 #==============================================================#
@@ -111,24 +131,80 @@ release-patch: ## releasing patch (eg: 0.0.1 -> 0.0.2) based on semantic tagging
 	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
 	${GIT_SEMTAG_CMD_PREFIX} final -s patch
 
+release-patch-with-changelog: ## make changelog-patch && git add && git commit && make release-patch
+	@if git status | grep 'nothing to commit, working directory clean'; then\
+		make changelog-patch;\
+		git status;\
+		git add CHANGELOG.md;\
+		git commit -m "Updating CHANGELOG.md via make changelog-patch for ${GIT_SEMTAG_VER_PATCH} [ci skip]";\
+		git push origin master;\
+		make release-patch;\
+	else\
+		echo "===============================================================================================";\
+    	echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below ";\
+		echo "===============================================================================================";\
+    	echo "$$(git status)";\
+		echo "===============================================================================================";\
+	fi
+
+release-patch-with-changelog-circleci: ## make changelog-patch && git add && git commit && make release-patch
+	make changelog-patch
+	git status
+	git add CHANGELOG.md
+	git commit -m "Updating CHANGELOG.md via make changelog-patch for ${GIT_SEMTAG_VER_PATCH} [ci skip]"
+	git push origin master
+	make release-patch
+
 release-minor: ## releasing minor (eg: 0.0.2 -> 0.1.0) based on semantic tagging script for Git
 	# pre-req -> https://github.com/pnikosis/semtag
 	${GIT_SEMTAG_CMD_PREFIX} get
 	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
 	${GIT_SEMTAG_CMD_PREFIX} final -s minor
 
+release-minor-with-changelog: ## make changelog-minor && git add && git commit && make release-minor
+	@if git status |grep 'nothing to commit, working directory clean'; then\
+		make changelog-minor;\
+		git status;\
+		git add CHANGELOG.md;\
+		git commit -m "Updating CHANGELOG.md via make changelog-minorfor ${GIT_SEMTAG_VER_PATCH} [ci skip]";\
+		git push origin master;\
+		make release-minor;\
+	else\
+		echo "===============================================================================================";\
+    	echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below ";\
+		echo "===============================================================================================";\
+    	echo "$$(git status)";\
+		echo "===============================================================================================";\
+	fi
+
 release-major: ## releasing major (eg: 0.1.0 -> 1.0.0) based on semantic tagging script for Git
 	# pre-req -> https://github.com/pnikosis/semtag
 	${GIT_SEMTAG_CMD_PREFIX} get
 	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
 	${GIT_SEMTAG_CMD_PREFIX} final -s major
 
+release-major-with-changelog: ## make changelog-major && git add && git commit && make release-major
+	@if git status |grep 'nothing to commit, working directory clean'; then\
+		make changelog-major;\
+		git status;\
+		git add CHANGELOG.md;\
+		git commit -m "Updating CHANGELOG.md via make changelog-major for ${GIT_SEMTAG_VER_PATCH} [ci skip]";\
+		git push origin master;\
+		make release-major;\
+	else\
+		echo "===============================================================================================";\
+    	echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below ";\
+		echo "===============================================================================================";\
+    	echo "$$(git status)";\
+		echo "===============================================================================================";\
+	fi
+
 changelog-init: ## git-chglog (https://github.com/git-chglog/git-chglog) config initialization -> ./.chglog
 	@if [ ! -d ./.chglog ]; then\
 		docker run --rm -v ${TF_PWD_DIR}:/data -it binbash/git-release --init;\
 		sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.chglog;\
 	else\
-		  echo "==============================";\
+		echo "==============================";\
     	echo "git-chglog already initialized";\
     	echo "==============================";\
     	echo "$$(ls ./.chglog)";\

README.md

@@ -23,10 +23,10 @@ We have a tfstate S3 Bucket per account
 
 ## Releases
 - **Versions:** `<= 0.x.y` (Terraform 0.11.x compatible)
-    - eg: https://registry.terraform.io/modules/binbashar/ec2-jenkins-vault/aws/0.0.1
+    - eg: https://registry.terraform.io/modules/binbashar/tfstate-backend/aws/0.0.1
 
 - **Versions:** `>= 1.x.y` (Terraform 0.12.x compatible -> **WIP**)
-    - eg: https://registry.terraform.io/modules/binbashar/ec2-jenkins-vault/aws/1.0.0
+    - eg: https://registry.terraform.io/modules/binbashar/tfstate-backend/aws/1.0.0
 
 ## Inputs
 
@@ -37,6 +37,9 @@ We have a tfstate S3 Bucket per account
 | attributes | Additional attributes (e.g. `state`) | list | `<list>` | no |
 | block\_public\_acls | Whether Amazon S3 should block public ACLs for this bucket. | string | `"false"` | no |
 | block\_public\_policy | Whether Amazon S3 should block public bucket policies for this bucket. | string | `"false"` | no |
+| bucket\_replication\_enabled | Enable/Disable replica for S3 bucket (for cross region replication purpose) | string | `"false"` | no |
+| bucket\_replication\_profile | AWS profile for replica bucket | string | `""` | no |
+| bucket\_replication\_region | Region for replica bucket, same region or cross region could be used. | string | `""` | no |
 | context | Default context to use for passing state between label invocations | map | `<map>` | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `"-"` | no |
 | enable\_server\_side\_encryption | Enable DynamoDB server-side encryption | string | `"true"` | no |
@@ -95,4 +98,29 @@ output "dynamodb_table_name" {
   value       = module.terraform_state_backend.dynamodb_table_name
   description = "DynamoDB table name"
 }
-```
+```
+
+# Release Management
+
+## Docker based makefile commands
+- https://cloud.docker.com/u/binbash/repository/docker/binbash/git-release
+- https://github.com/binbashar/terraform-aws-tfstate-backend/blob/master/Makefile
+
+Root directory `Makefile` has the automated steps (to be integrated with **CircleCI jobs** []() )
+
+### CircleCi PR auto-release job
+<div align="left">
+  <img src="https://raw.githubusercontent.com/binbashar/terraform-aws-tfstate-backend/master/figures/circleci.png" alt="leverage-circleci" width="230"/>
+</div>
+
+- https://circleci.com/gh/binbashar/terraform-aws-tfstate-backend
+- **NOTE:** Will only run after merged PR.
+
+### Manual execution from workstation
+```
+$ make
+Available Commands:
+ - release-major-with-changelog make changelog-major && git add && git commit && make release-major
+ - release-minor-with-changelog make changelog-minor && git add && git commit && make release-minor
+ - release-patch-with-changelog make changelog-patch && git add && git commit && make release-patch
+ ```