feat: add initial terraform (#1)

.circleci/config.yml

@@ -0,0 +1,92 @@
+version: 2.1
+
+executors:
+  terraform:
+    docker:
+      - image: cimg/deploy:2023.05
+  node:
+    docker:
+      - image: cimg/node:current
+
+  python:
+    docker:
+      - image: cimg/python:3.11.3
+
+  tf_docs:
+    docker:
+      - image: quay.io/terraform-docs/terraform-docs:0.17.0
+
+
+jobs:
+  terraform_check:
+    executor: terraform
+    steps:
+      - checkout
+      - run:
+          step_name: Run Terraform Validate
+          command: |
+            terraform init -backend=false
+            terraform validate
+  
+  terraform_docs:
+    executor: tf_docs
+    steps:
+      - checkout
+      - run:
+          step_name: Verify Terraform Documentation Generation
+          command: |
+            cp README.md /tmp
+            terraform-docs markdown .
+            diff /tmp/README.md README.md
+
+
+  msg_check:
+    executor: python
+    steps:
+      - checkout
+      - run:
+          command: |
+            if [ -z "${CIRCLE_PR_NUMBER}" ]; then
+              MSG="`git log -n 1 --pretty=%s`"
+            else
+              MSG="`curl -s https://api.github.com/repos/${CIRCLE_PR_REPONAME}/pulls/${CIRCLE_PR_NUMBER}|jq .title`"
+              MSG="${${MSG%%\"}##\"}"
+              if [ -z "$MSG" ]; then
+                MSG="`git log -n 1 --pretty=%s`"
+              fi
+            fi
+            
+            hooks/commit-msg.py "$MSG"
+
+  version_bump:
+    executor: node
+    steps:
+        - checkout
+        - run:
+            step_name: Semantic Release
+            command: |
+              eval $(ssh-agent -s)
+              echo $DEPLOY_KEY | base64 -d > /tmp/deploy_key
+              chmod 600 /tmp/deploy_key
+              ssh-add /tmp/deploy_key </dev/null
+              npx semantic-release
+
+
+workflows:
+  pr_test:
+    when: 
+      and:
+      - not: 
+          matches:
+            pattern: "^main$"
+            value: << pipeline.git.branch >>
+    jobs:
+      - terraform_check
+      - msg_check
+      - terraform_docs
+  release:
+    when:
+      and:
+      - equal: [ main, << pipeline.git.branch >> ]
+    jobs:
+      - version_bump

.github/CONTRIBUTING.md

@@ -0,0 +1,34 @@
+# Welcome to Fullstory's Terraform contributing guide
+
+Thanks for your time in contributing to this project! Please read all the information below to properly
+contribute with our workflow.
+
+## Issues
+
+- Make sure you test against the latest tagged version with the expected terraform version
+- Re-run the `init-repo.sh` to ensure your local is the expected setup
+- Provide a reprducible (or show) case. If you cannot accurately show the issue, it'll be difficult to fix
+
+## Setting up your workspace for dev
+
+- Run the `init-repo.sh` to ensure your dev workspace is correct with all tooling
+
+## Generating the README
+
+You can generate the README with HCL examples using `terraform-docs`. You can install `terraform-docs` by following [this guide](https://terraform-docs.io/user-guide/installation/).
+
+```
+terraform-docs markdown .
+```
+
+## Commit Messages
+
+This repo follows the [conventional commit](https://www.conventionalcommits.org/en/v1.0.0/#summary) message style. This is strictly enforced by git hooks (which should have been activated by the `init-repo.sh`) and by CI. A small example is below:
+
+```
+feat: allow customization of cloudfront headers that are forwarded to origin
+```
+
+## Opening a PR
+
+Thanks for contributing! When you're ready to open a PR, you will need to fork this repo, push changes to your fork, and then open a PR here. Note: See [Working with forks](https://help.github.com/articles/working-with-forks/) for a better way to use git push.

.github/pull_request_template.md

@@ -0,0 +1,20 @@
+## Description
+
+<!--- Describe your changes in detail -->
+<!--- Are these changes a new behavior? What was the old vs new -->
+
+## Issue or Ticket
+
+<!--- There should be an issue (github issue) or Jira ticket for this work -->
+
+<!--- Please link to the issue here: -->
+
+<!-- Comment this out if you'd like to include more information for an easier review
+## Additional Info
+ -->
+
+## Checklist before submitting PR for review
+
+- [ ] This change requires a doc update, and I've included it
+- [ ] My code follows the style guidelines of this project
+- [ ] I have ensured my code is commented and any new terraform variables have proper descriptions

.gitignore

@@ -0,0 +1,32 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# VSCode
+.vscode

.releaserc

@@ -0,0 +1,8 @@
+branches: ["main"]
+tagFormat: ${version}
+plugins:
+  [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/github"
+  ]

.terraform-docs.yaml

@@ -0,0 +1,26 @@
+formatter: "markdown"
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+content: |-
+  {{ .Requirements }}
+
+  {{ .Inputs }}
+
+  {{ .Outputs }}
+
+  ## Usage
+
+  ```hcl
+  {{ include "examples/basic/main.tf" }}
+  ```
+
+  ### Creating a READER role
+  This module **does not** create a READER role. You can use the following example to create a READER role that will allow a user to use and read all objects _and_ all future objects in the database.
+  ```hcl
+  {{ include "examples/reader_role/main.tf" }}
+  ```