cloud-native-toolkit
diff --git a/‎.copywrite.hcl‎
Lines changed: 27 additions & 0 deletions b/‎.copywrite.hcl‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/CODE_OF_CONDUCT.md‎
Lines changed: 5 additions & 0 deletions b/‎.github/CODE_OF_CONDUCT.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 21 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎.github/scripts/validate-deploy.sh‎
Lines changed: 2 additions & 0 deletions b/‎.github/scripts/validate-deploy.sh‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 20 additions & 27 deletions b/‎.github/workflows/release.yml‎
Lines changed: 20 additions & 27 deletions
diff --git a/‎.github/workflows/tag.yaml‎
Lines changed: 39 additions & 0 deletions b/‎.github/workflows/tag.yaml‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 109 additions & 0 deletions b/‎.github/workflows/test.yml‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎.github/workflows/verify-pr.yaml‎
Lines changed: 0 additions & 110 deletions b/‎.github/workflows/verify-pr.yaml‎
Lines changed: 0 additions & 110 deletions
@@ -0,0 +1,27 @@
+# NOTE: This file is for HashiCorp specific licensing automation and can be deleted after creating a new repo with this template.
+schema_version = 1
+
+project {
+  license        = "MIT"
+  copyright_year = 2025
+
+  header_ignore = [
+    # examples used within documentation (prose)
+    "examples/**",
+
+    # GitHub issue template configuration
+    ".github/ISSUE_TEMPLATE/*.yml",
+
+    # golangci-lint tooling configuration
+    ".golangci.yml",
+
+    # GoReleaser tooling configuration
+    ".goreleaser.yml",
+
+    # IntelliJ metadata
+    ".idea/**",
+
+    # Github workflow configuration
+    ".github/**"
+  ]
+}
@@ -0,0 +1 @@
+* @hashicorp/terraform-devex
@@ -0,0 +1,5 @@
+# Code of Conduct
+
+HashiCorp Community Guidelines apply to you when interacting with the community here on GitHub and contributing code.
+
+Please read the full text at https://www.hashicorp.com/community-guidelines
@@ -0,0 +1,21 @@
+# See GitHub's documentation for more information on this file:
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+version: 2
+updates:
+  # Maintain dependencies for Go modules
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      # Check for updates to Go modules every weekday
+      interval: "daily"
+  - package-ecosystem: "gomod"
+    directory: "/tools"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # TODO: Dependabot only updates hashicorp GHAs in the template repository, the following lines can be removed for consumers of this template
+    allow:
+      - dependency-name: "hashicorp/*"
@@ -1,4 +1,6 @@
 #!/usr/bin/env bash
+# Copyright (c) 2025 Cloud-Native Toolkit
+# SPDX-License-Identifier: MIT
 
 BIN_DIR=$(cat .bin_dir)
 
 
@@ -1,48 +1,41 @@
-# This GitHub action can publish assets for release when a tag is created.
-# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
-#
-# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your 
-# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
-# secret. If you would rather own your own GPG handling, please fork this action
-# or use an alternative one for key handling.
-#
-# You will need to pass the `--batch` flag to `gpg` in your signing step 
-# in `goreleaser` to indicate this is being used in a non-interactive mode.
-#
-name: release
+# Terraform Provider release workflow.
+name: Release
 
+# This GitHub action creates a release when a tag that matches the pattern
+# "v*" (e.g. v0.1.0) is created.
 on:
   push:
     tags:
       - 'v*'
 
+# Releases need permissions to read and write the repository contents.
+# GitHub considers creating releases and uploading assets as writing contents.
+permissions:
+  contents: write
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
+          # Allow goreleaser to access older tag information.
           fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v3
+      - uses: actions/setup-go@v5
         with:
-          go-version: 1.19.4
-
+          go-version-file: 'go.mod'
+          cache: true
       - name: Import GPG key
+        uses: crazy-max/[email protected]
         id: import_gpg
-        uses: crazy-max/[email protected]
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.GPG_PASSPHRASE }}
-
+          passphrase: ${{ secrets.PASSPHRASE }}
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v3
+        uses: goreleaser/goreleaser-action@v6.2.1
         with:
-          version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
-          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
-          # GitHub sets this automatically
+          # GitHub sets the GITHUB_TOKEN secret automatically.
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
@@ -0,0 +1,39 @@
+name: Tag
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the main branch
+on:
+  push:
+    branches: [ main ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Drafts your next Release notes as Pull Requests are merged into "main"
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Create a draft release to generate a tag name
+      - name: Draft release
+        id: releaser
+        uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter.yaml
+          publish: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Delete the release because a new one will be created when tag is created
+      - name: Delete release
+        run: gh release delete ${{ steps.releaser.outputs.tag_name }}
+
+      # Create a tag using the tag_name generated by Release Drafter
+      - name: Create tag
+        uses: mathieudutour/[email protected]
+        with:
+          custom_tag: ${{ steps.releaser.outputs.tag_name }}
+          create_annotated_tag: true
+          github_token: ${{ secrets.TOKEN }}
@@ -0,0 +1,109 @@
+# Terraform Provider testing workflow.
+name: Tests
+
+# This GitHub action runs your tests for each pull request and push.
+# Optionally, you can turn it on using a schedule for regular testing.
+on:
+  pull_request:
+    paths-ignore:
+      - 'README.md'
+
+# Testing only needs permissions to read the repository contents.
+permissions:
+  contents: read
+
+jobs:
+  # Ensure project builds before running testing matrix
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      - run: go mod download
+      - run: go build -v .
+      - name: Run linters
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+
+  generate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      # We need the latest version of Terraform for our documentation generation to use
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_wrapper: false
+      - run: make generate
+      - name: git diff
+        run: |
+          git diff --compact-summary --exit-code || \
+            (echo; echo "Unexpected difference in directories after code generation. Run 'make generate' command and commit."; exit 1)
+
+  # Run acceptance tests in a matrix with Terraform CLI versions
+  test:
+    name: Terraform Provider Acceptance Tests
+    needs: build
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        # list whatever Terraform versions here you would like to support
+        terraform:
+          - '1.6.*'
+          - '1.7.*'
+          - '1.8.*'
+          - '1.9.*'
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ matrix.terraform }}
+          terraform_wrapper: false
+      - run: go mod download
+      - env:
+          TF_ACC: "1"
+        run: go test -v -cover ./internal/provider/
+        timeout-minutes: 10
+
+  verifyReleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/[email protected]
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
+  verifyAll:
+    needs: [generate,test,verifyReleaser]
+    runs-on: ubuntu-latest
+
+    steps:
+      - run: echo "Success"