feat: Initial commit

.github/dependabot.yaml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+- package-ecosystem: terraform
+  directory: "/"
+  schedule:
+    interval: daily
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily

.github/workflows/pre-commit.yml

@@ -0,0 +1,36 @@
+name: pre-commit
+on:
+  push:
+    branches: ["*"]
+jobs:
+  pre-commit:
+    permissions: read-all
+    runs-on: ubuntu-latest
+    container:
+      image: alpine:3.19
+    env:
+      APK_CACHE_DIR: ~/.cache/apk
+    steps:
+      - name: Install job dependencies
+        run: apk add tar git
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache
+          key: pre-commit
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Ensure cache directories
+        run: |
+          mkdir -p $APK_CACHE_DIR
+          mkdir -p ~/.cache/pip
+          mkdir -p ~/.cache/pre-commit
+      - name: Install job dependencies
+        run: |
+          apk update --cache-dir $APK_CACHE_DIR
+          apk add --cache-dir $APK_CACHE_DIR python3-dev py3-pip pipx gcc musl-dev
+      - name: Run pre-commit-hooks
+        run: |
+          git config --global --add safe.directory $PWD
+          pipx run pre-commit run --all-files --color=always --show-diff-on-failure

.github/workflows/semantic-release.yml

@@ -0,0 +1,43 @@
+name: semantic-release
+on:
+  workflow_run:
+    workflows: [pre-commit]
+    types: [completed]
+    branches: [master]
+jobs:
+  semantic-release:
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+    runs-on: ubuntu-latest
+    container:
+      image: node:lts-alpine3.19
+    env:
+      NPM_CACHE_DIR: ~/.cache/npm
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: Install job dependencies
+        run: apk add tar git
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache
+          key: semantic-release
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install semantic-release and plugins
+        run: npm install --cache $NPM_CACHE_DIR
+          semantic-release
+          @semantic-release/github
+          @semantic-release/changelog
+          @semantic-release/git
+          @semantic-release/exec
+          conventional-changelog-conventionalcommits
+      - name: Run semantic-release
+        run: |
+          git config --global --add safe.directory $PWD
+          npx semantic-release

.pre-commit-config.yaml

@@ -0,0 +1,24 @@
+---
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_tflint
+  - repo: https://github.com/terraform-docs/terraform-docs
+    rev: "v0.16.0"
+    hooks:
+      - id: terraform-docs-system
+        args: [./]
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: detect-private-key
+      - id: end-of-file-fixer
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.17.0
+    hooks:
+      - id: yamllint
+        args: [-c=.yaml-lint.yml]

.releaserc.yml

@@ -0,0 +1,15 @@
+---
+branches:
+  - master
+plugins:
+  - - "@semantic-release/commit-analyzer"
+    - preset: conventionalcommits
+  - - "@semantic-release/release-notes-generator"
+    - preset: conventionalcommits
+  - "@semantic-release/github"
+  - - "@semantic-release/changelog"
+    - changelogFile: CHANGELOG.md
+      changelogTitle: "# Changelog"
+  - - "@semantic-release/git"
+    - assets: CHANGELOG.md
+      message: "chore(release): ${nextRelease.version}\n\n${nextRelease.notes}"

.terraform-docs.yml

@@ -0,0 +1,18 @@
+---
+# .terraform-docs.yml
+formatter: markdown table
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+content: |-
+  {{ .Header }}
+
+  {{ .Inputs }}
+
+  {{ .Outputs }}

.yaml-lint.yml

@@ -0,0 +1,4 @@
+---
+rules:
+  line-length:
+    max: 120

README.md

@@ -0,0 +1,17 @@
+<!-- BEGIN_TF_DOCS -->
+# Terraform Module Kustomization
+
+This module is a convenience wrapper for the kustomization\_resource.
+(https://registry.terraform.io/providers/kbst/kustomization/latest/docs)
+It creates kustomization resources from a kustomization data source.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_kustomization_data_source"></a> [kustomization\_data\_source](#input\_kustomization\_data\_source) | This input accepts a kustomization\_build or kustomization\_overlay data source as input. | <pre>object({<br>    ids       = set(string)<br>    ids_prio  = list(set(string))<br>    manifests = map(string)<br>  })</pre> | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

main.tf

@@ -0,0 +1,71 @@
+/**
+ * # Terraform Module Kustomization
+ *
+ * This module is a convenience wrapper for the kustomization_resource.
+ * (https://registry.terraform.io/providers/kbst/kustomization/latest/docs)
+ * It creates kustomization resources from a kustomization data source.
+ */
+
+terraform {
+  required_providers {
+    kustomization = {
+      source  = "kbst/kustomization"
+      version = "~> 0.9"
+    }
+  }
+  required_version = "~> 1.0"
+}
+
+variable "kustomization_data_source" {
+  type = object({
+    ids       = set(string)
+    ids_prio  = list(set(string))
+    manifests = map(string)
+  })
+  description = "This input accepts a kustomization_build or kustomization_overlay data source as input."
+}
+
+# first loop through resources in ids_prio[0]
+resource "kustomization_resource" "p0" {
+  for_each = var.kustomization_data_source.ids_prio[0]
+
+  manifest = (
+    contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
+    ? sensitive(var.kustomization_data_source.manifests[each.value])
+    : var.kustomization_data_source.manifests[each.value]
+  )
+}
+
+# then loop through resources in ids_prio[1]
+# and set an explicit depends_on on kustomization_resource.p0
+# wait 2 minutes for any deployment or daemonset to become ready
+resource "kustomization_resource" "p1" {
+  for_each = var.kustomization_data_source.ids_prio[1]
+
+  manifest = (
+    contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
+    ? sensitive(var.kustomization_data_source.manifests[each.value])
+    : var.kustomization_data_source.manifests[each.value]
+  )
+  wait = true
+  timeouts {
+    create = "2m"
+    update = "2m"
+  }
+
+  depends_on = [kustomization_resource.p0]
+}
+
+# finally, loop through resources in ids_prio[2]
+# and set an explicit depends_on on kustomization_resource.p1
+resource "kustomization_resource" "p2" {
+  for_each = var.kustomization_data_source.ids_prio[2]
+
+  manifest = (
+    contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
+    ? sensitive(var.kustomization_data_source.manifests[each.value])
+    : var.kustomization_data_source.manifests[each.value]
+  )
+
+  depends_on = [kustomization_resource.p1]
+}