Set up repo to generate terraform module releases (#3)

## Summary:
This PR sets up a simple versioning system for our Terraform modules repository.

### What's Added

- **Manual Release Workflow** - GitHub Action to create module releases
  - Go to Actions → Manual Release
  - Enter module name, version number, and optional release notes
  - Creates git tags and GitHub releases automatically

- **Dependabot Configuration** - Automatic updates for:
  - Terraform provider versions
  - GitHub Actions versions

### How to Use

When you want to release a module version:

1. Go to Actions → Manual Release
2. Enter module name (e.g., `scheduled-function`)
3. Enter version (e.g., `1.0.0`)
4. Add release notes (optional)
5. Run workflow

This creates a git tag like `scheduled-function-v1.0.0` and a GitHub release with usage instructions.

### Benefits

- No complex workflows or commit message requirements
- Automatic dependency updates via Dependabot
- Clean release process with proper git tags
- Generated usage instructions for each release

Check [Releases](../../releases) page to see available module versions.

Issue: INFRA-10715

## Test plan:
n/a, will be tested in following PRs that add modules

Author: jwbron

Reviewers: csilvers, jwbron

Required Reviewers:

Approved By: csilvers

Checks: ✅ 1 check was successful

Pull Request URL: #3

Author: jwbron

.github/CONTRIBUTING.md

@@ -1,8 +1,35 @@
-This repository is not accepting contributions. We’re releasing the code for others
-to refer to and learn from, but we are not open to pull requests or issues at
-this time.
-
-Khan Academy is a non-profit organization with a mission to provide a free,
-world-class education to anyone, anywhere. You can help us in that mission by
-[donating](https://khanacademy.org/donate) or looking at
-[career opportunities](https://khanacademy.org/careers).
+# Contributing to Terraform Modules
+
+## Development Workflow
+
+1. Fork and clone the repository
+2. Create a feature branch from `main`
+3. Make your changes to modules in `terraform/modules/`
+4. Submit a pull request
+
+## Releases
+
+Releases are created manually using the **Manual Release** GitHub Action:
+
+1. Go to Actions → Manual Release
+2. Select the module name (e.g., `scheduled-function`)
+3. Enter version number (e.g., `1.0.0`) 
+4. Add optional release notes in the text field
+5. Run the workflow
+
+### Release Notes
+
+Release notes are added through the workflow input field and support markdown formatting. Include:
+
+```markdown
+## What's Changed
+- New feature: Description of new functionality
+- Bug fix: Description of what was fixed
+- Breaking change: Description of breaking changes
+
+## Upgrade Notes
+- Any special instructions for upgrading
+- Migration steps if needed
+```
+
+The workflow automatically adds usage instructions to every release.

.github/workflows/gerald-push.yml

@@ -9,7 +9,7 @@ jobs:
   gerald:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           ref: '${{ github.ref }}'
           # GitHub Actions doesn't allow us to take the length of github.event.commits, so we have to pass the array into node and take the length there.

.github/workflows/lint.yml

@@ -0,0 +1,19 @@
+name: Lint
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  pr-test:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies and lint
+        run: make lint

.github/workflows/manual-release.yml

@@ -0,0 +1,142 @@
+name: Manual Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      module:
+        description: 'Module name to release (e.g., scheduled-function)'
+        required: true
+        type: string
+      version:
+        description: 'Version number (e.g., 1.0.0)'
+        required: true
+        type: string
+      release_notes:
+        description: 'Release notes (optional)'
+        required: false
+        type: string
+
+permissions:
+  contents: write
+
+jobs:
+  validate-input:
+    name: Validate Input
+    runs-on: ubuntu-latest
+    outputs:
+      module-exists: ${{ steps.check-module.outputs.exists }}
+      version-valid: ${{ steps.check-version.outputs.valid }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check if module exists
+        id: check-module
+        run: |
+          if [ -d "terraform/modules/${{ github.event.inputs.module }}" ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+            echo "Module ${{ github.event.inputs.module }} exists"
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+            echo "ERROR: Module ${{ github.event.inputs.module }} does not exist"
+            exit 1
+          fi
+
+      - name: Validate version format
+        id: check-version
+        run: |
+          version="${{ github.event.inputs.version }}"
+          if [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "valid=true" >> $GITHUB_OUTPUT
+            echo "Version format is valid: $version"
+          else
+            echo "valid=false" >> $GITHUB_OUTPUT
+            echo "ERROR: Version format is invalid: $version (expected format: x.y.z)"
+            exit 1
+          fi
+
+  create-release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    needs: validate-input
+    if: needs.validate-input.outputs.module-exists == 'true' && needs.validate-input.outputs.version-valid == 'true'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check version constraints
+        run: |
+          module="${{ github.event.inputs.module }}"
+          new_version="${{ github.event.inputs.version }}"
+          tag_name="$module-v$new_version"
+          
+          # Check if exact tag already exists
+          if git tag -l | grep -q "^$tag_name$"; then
+            echo "ERROR: Tag $tag_name already exists"
+            exit 1
+          fi
+          
+          # Get latest version for this module
+          latest_tag=$(git tag -l "${module}-v*" | sort -V | tail -n1)
+          
+          if [ -n "$latest_tag" ]; then
+            latest_version=${latest_tag#${module}-v}
+            echo "Latest existing version: $latest_version"
+            echo "New version: $new_version"
+            
+            # Compare versions using sort -V (version sort)
+            higher_version=$(echo -e "$latest_version\n$new_version" | sort -V | tail -n1)
+            
+            if [ "$higher_version" = "$latest_version" ] && [ "$new_version" != "$latest_version" ]; then
+              echo "ERROR: New version $new_version is not greater than latest version $latest_version"
+              echo "Next valid versions would be:"
+              
+              # Suggest next versions
+              IFS='.' read -r major minor patch <<< "$latest_version"
+              echo "   - Patch: $major.$minor.$((patch + 1))"
+              echo "   - Minor: $major.$((minor + 1)).0"  
+              echo "   - Major: $((major + 1)).0.0"
+              exit 1
+            fi
+          else
+            echo "No existing versions found for module $module"
+          fi
+          
+          echo "Version $new_version is valid and available"
+
+      - name: Generate release notes
+        id: generate-notes
+        run: |
+          module="${{ github.event.inputs.module }}"
+          version="${{ github.event.inputs.version }}"
+          user_notes="${{ github.event.inputs.release_notes }}"
+          
+          # Create release notes
+          {
+            echo "# $module v$version"
+            echo ""
+            if [ -n "$user_notes" ]; then
+              echo "$user_notes"
+              echo ""
+            fi
+            echo "## Usage"
+            echo ""
+            echo '```hcl'
+            echo "module \"$module\" {"
+            echo "  source = \"git::https://github.com/${{ github.repository }}.git//terraform/modules/$module?ref=$module-v$version\""
+            echo "  "
+            echo "  # Module configuration"
+            echo "}"
+            echo '```'
+          } > release_notes.md
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.event.inputs.module }}-v${{ github.event.inputs.version }}
+          name: "${{ github.event.inputs.module }} v${{ github.event.inputs.version }}"
+          body_path: release_notes.md
+          draft: false
+          prerelease: false 

.gitignore

@@ -102,3 +102,5 @@ dist
 
 # TernJS port file
 .tern-port
+
+.venv

Makefile

@@ -0,0 +1,73 @@
+# Tool versions
+TERRAFORM_VERSION := 1.8.0
+TFLINT_VERSION := 0.51.1
+ACTIONLINT_VERSION := 1.7.7
+
+# OS and architecture detection
+OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
+ARCH := $(shell uname -m | sed 's/x86_64/amd64/; s/arm64/arm64/')
+
+VENV := .venv
+
+# Terraform variables
+TF_WORKSPACE ?= default
+TF_DIR := terraform
+
+.PHONY: deps
+deps:
+	@mkdir -p ${VENV}/bin
+
+.PHONY: tflint-install
+tflint-install: deps
+	@if ! command -v ${VENV}/bin/tflint >/dev/null 2>&1 || [ "$$(${VENV}/bin/tflint --version | head -1 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')" != "${TFLINT_VERSION}" ]; then \
+		echo "Installing tflint v${TFLINT_VERSION}..."; \
+		echo "Downloading for OS: ${OS}, ARCH: ${ARCH}"; \
+		mkdir -p ${VENV}/bin; \
+		pushd ${VENV}/bin; \
+		curl -sL "https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_${OS}_${ARCH}.zip" -o tflint.zip; \
+		unzip -o tflint.zip; \
+		rm tflint.zip; \
+		chmod +x tflint; \
+		popd; \
+		${VENV}/bin/tflint --init; \
+	fi
+
+.PHONY: terraform-install
+terraform-install: deps
+	@if ! command -v ${VENV}/bin/terraform >/dev/null 2>&1 || [ "$$(${VENV}/bin/terraform version -json | jq -r '.terraform_version')" != "${TERRAFORM_VERSION}" ]; then \
+		echo "Installing terraform v${TERRAFORM_VERSION}..."; \
+		echo "Downloading for OS: ${OS}, ARCH: ${ARCH}"; \
+		mkdir -p ${VENV}/bin; \
+		pushd ${VENV}/bin; \
+		curl -sL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_${OS}_${ARCH}.zip" -o terraform.zip; \
+		unzip -o terraform.zip; \
+		rm terraform.zip; \
+		chmod +x terraform; \
+		popd; \
+	fi
+
+.PHONY: actionlint-install
+actionlint-install: deps
+	@if ! command -v ${VENV}/bin/actionlint >/dev/null 2>&1 || [ "$$(${VENV}/bin/actionlint -version 2>/dev/null | head -1)" != "${ACTIONLINT_VERSION}" ]; then \
+		echo "Installing actionlint v${ACTIONLINT_VERSION}..."; \
+		echo "Downloading for OS: ${OS}, ARCH: ${ARCH}"; \
+		mkdir -p ${VENV}/bin; \
+		pushd ${VENV}/bin; \
+		curl -sL "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_${OS}_${ARCH}.tar.gz" -o actionlint.tar.gz; \
+		tar xzf actionlint.tar.gz; \
+		rm actionlint.tar.gz; \
+		chmod +x actionlint; \
+		popd; \
+	fi
+
+.PHONY: lint
+lint: tflint-install terraform-install actionlint-install
+	PATH=${VENV}/bin:$$PATH tflint --recursive
+	PATH=${VENV}/bin:$$PATH terraform fmt -recursive -check
+	PATH=${VENV}/bin:$$PATH actionlint $(git rev-parse --show-toplevel)
+
+.PHONY: fix
+fix: tflint-install terraform-install actionlint-install
+	PATH=${VENV}/bin:$$PATH tflint --recursive --fix
+	PATH=${VENV}/bin:$$PATH terraform fmt -recursive
+	PATH=${VENV}/bin:$$PATH actionlint $(git rev-parse --show-toplevel)

README.md

@@ -1,8 +1,42 @@
-This repository is not accepting contributions. We’re releasing the code for others
-to refer to and learn from, but we are not open to pull requests or issues at
-this time.
-
-Khan Academy is a non-profit organization with a mission to provide a free,
-world-class education to anyone, anywhere. You can help us in that mission by
-[donating](https://khanacademy.org/donate) or looking at
-[career opportunities](https://khanacademy.org/careers).
+# Terraform Modules
+
+This repository contains shared, reusable Terraform modules designed to simplify infrastructure provisioning and promote consistency across projects.
+
+## Overview
+
+These modules encapsulate common infrastructure patterns and best practices, allowing teams to quickly deploy standardized resources without duplicating configuration code.
+
+## Usage
+
+To use a module from this repository, reference it in your Terraform configuration with a specific version:
+
+```hcl
+module "scheduled_function" {
+  source = "git::https://github.com/your-org/terraform-modules.git//terraform/modules/scheduled-function?ref=v1.0.0"
+  
+  # Module-specific variables
+  function_name = "my-scheduled-function"
+  schedule_expression = "rate(1 hour)"
+}
+```
+
+Always use a specific version tag (e.g., `?ref=v1.0.0`) to ensure consistent deployments and avoid unexpected changes.
+
+## Structure
+
+Each module is self-contained in its own directory under `terraform/modules/` and includes:
+- **main.tf** - Primary resource definitions
+- **variables.tf** - Input variable declarations  
+- **outputs.tf** - Output value definitions
+- **versions.tf** - Provider version constraints
+- **README.md** - Module-specific documentation (auto-generated)
+- **CHANGELOG.md** - Module changelog (auto-generated)
+- **examples/** - Usage examples and test cases
+
+## Versioning
+
+Module versions are managed manually using GitHub Actions. 
+
+See the [Contributing Guide](.github/CONTRIBUTING.md#releases) for details on creating releases.
+
+Check the [Releases](../../releases) page for available versions.