launchbynttdata · ben-vaughan-nttd · Nov 24, 2025 · Nov 25, 2025
@@ -0,0 +1,45 @@
+# GitHub Copilot Instructions
+
+## File Editing Rules
+
+- **NEVER remove license headers** from files when making edits.
+- Always preserve the Apache 2.0 license header at the top of all source files (`.tf`, `.go`, `.sh`, etc.).
+- When editing files, include the full license header in replacements if modifying code near the top of files.
+
+## Terminal Command Rules
+
+- **DO NOT use timeout flags** with terminal commands (e.g., avoid `-timeout` with go test)
+- Let commands run to completion naturally. Do not use `less`, `more`, `head`, `tail` or similar pagers to truncate output as these will interrupt the execution of the command and potentially lead to corruption of the terraform state files.
+- If a command needs to be stopped, the user will cancel it manually.
+- For long-running tests, rely on the default behavior rather than imposing artificial time limits.
+
+## Terraform Best Practices
+
+- Follow the module structure defined in the repository.
+- Maintain consistency with existing patterns.
+- Use dynamic blocks appropriately for optional nested configurations.
+- Always validate configurations with `terraform validate` before planning or applying.
+
+## Testing Guidelines
+
+- Write comprehensive tests that verify actual AWS resource creation.
+- Use the AWS SDK to verify resource properties match Terraform outputs.
+- Test both required and optional parameters.
+- Include validation for resource naming, encryption, and other critical settings.
+
+## Documentation Standards
+
+- Focus on "why" and not "how" in documentation.
+- Ensure clarity and conciseness in documentation.
+- Use examples to illustrate complex concepts.
+- Keep documentation up to date with code changes.
+- Track changes in a CHANGELOG.md file instead of individual change documentation files.
+
+## Terraform Primitive Module Development
+
+- Primitive modules should be designed for reuse across multiple projects.
+- Primitive modules should not contain any configuration or opinionated settings.
+- Primitive modules should only wrap a single resource type. The only exception is when a resource requires a data source to function properly.
+- The terraform code should exist in the root of the repository.
+- The agent will modify the test files found in `/tests/testimpl/test_impl.go` to add test coverage for the primitive module.
+- The agent should not modify any files outside of the root directory, the example implementations found in `/examples/`, and `/tests/testimpl/test_impl.go`.
@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"
@@ -0,0 +1,49 @@
+---
+name-template: "$RESOLVED_VERSION"
+tag-template: "$RESOLVED_VERSION"
+template: |
+  # Changelog
+
+  $CHANGES
+
+  ---
+
+  See details of [all code changes](https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION) since previous release.
+
+categories:
+  - title: ":warning: Breaking Changes"
+    labels:
+      - "major"
+  - title: "🚀 Features"
+    labels:
+      - "minor"
+  - title: "🔧 Fixes"
+    collapse-after: 3
+    labels:
+      - "patch"
+
+autolabeler:
+  - label: "major"
+    branch:
+      - '/(patch|bug|fix|feature|chore)!\/.+/'
+  - label: "minor"
+    branch:
+      - '/feature\/.+/'
+  - label: "patch"
+    branch:
+      - '/(patch|bug|fix|chore)\/.+/'
+
+change-template: "- $TITLE @$AUTHOR (#$NUMBER)"
+
+version-resolver:
+  major:
+    labels:
+      - "major"
+  minor:
+    labels:
+      - "minor"
+  patch:
+    labels:
+      - "patch"
+      - "dependencies"
+  default: patch
@@ -0,0 +1,15 @@
+name: Label Pull Request
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  check:
+    name: "Label Pull Request"
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/[email protected]
+    secrets: inherit # pragma: allowlist secret
@@ -0,0 +1,22 @@
+name: Check AWS Terraform Code
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review]
+    branches: [main]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  check:
+    name: "Check AWS Terraform Code"
+    permissions:
+      contents: read
+      id-token: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/[email protected]
+    with:
+      assume_role_arn: ${{ vars.TERRAFORM_CHECK_AWS_ASSUME_ROLE_ARN }}
+      region: ${{ vars.TERRAFORM_CHECK_AWS_REGION }}
+    secrets: inherit # pragma: allowlist secret
@@ -0,0 +1,18 @@
+name: Publish Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  release-on-merge:
+    name: "Create and Publish Release on Merge"
+    permissions:
+      contents: write
+      pull-requests: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/[email protected]
+    secrets: inherit # pragma: allowlist secret
@@ -2,8 +2,7 @@ terraform.*
 .repo/
 components/
 .semverbot.toml
-.tflint.hcl
-.golangci.yaml
+
 
 .idea
 !examples/*.tfvars
@@ -56,10 +55,7 @@ terraform.rc
 # Files from common modules
 azure_env.sh
 .releaserc.json
-.tflint.hcl
-
-# Pre-commit hook
-.pre-commit-config.yaml
 
 # VS Code
 .vscode/
+.envrc
@@ -0,0 +1,5 @@
+version: "2"
+run:
+  # Timeout for analysis, e.g. 30s, 5m.
+  timeout: 5m
+  allow-parallel-runners: true
@@ -0,0 +1,61 @@
+# .pre-commit-config.yaml
+repos:
+  - repo: local
+    hooks:
+      - id: forbidden-files
+        name: forbidden files
+        entry:
+          found Copier update rejection files; review and remove them before
+          merging.
+        language: fail
+        files: "\\.rej$"
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-case-conflict
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: check-merge-conflict
+        args: [--assume-in-merge]
+      - id: check-shebang-scripts-are-executable
+      - id: check-yaml
+        args:
+          - --allow-multiple-documents
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args:
+          - --fix=auto
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.99.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs
+        args:
+          - --hook-config=--path-to-file=README.md
+          - --hook-config=--add-to-existing-file=true
+          - --hook-config=--create-file-if-not-exist=true
+          - --args=--sort=false
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v2.6.2
+    hooks:
+      - id: golangci-lint
+        name: golangci-lint
+        description: Fast linters runner for Go.
+        entry: golangci-lint run --fix
+        types: [go]
+        language: golang
+        pass_filenames: false
+  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
+    rev: v9.22.0
+    hooks:
+      - id: commitlint
+        stages: [commit-msg]
+        additional_dependencies: ["@commitlint/config-conventional"]
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]
+        exclude: package.lock.json
@@ -0,0 +1,4 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
@@ -1,9 +1,8 @@
-conftest 0.44.1
-golang 1.21.7
-golangci-lint 1.55.2
-pre-commit 3.3.3
+conftest 0.56.0
+golang 1.25.4
+golangci-lint 2.6.2
+pre-commit 4.4.0
 regula 3.2.1 # https://github.com/launchbynttdata/asdf-regula
-terraform 1.5.5
-terraform-docs 0.16.0
-terragrunt 0.39.2
-tflint 0.48.0
+terraform 1.14.0
+terraform-docs 0.20.0
+tflint 0.60.0
@@ -18,7 +18,7 @@ LCAF_ENV_FILE = .lcafenv
 # Source repository for repo manifests
 REPO_MANIFESTS_URL ?= https://github.com/launchbynttdata/launch-common-automation-framework.git
 # Branch of source repository for repo manifests. Other tags not currently supported.
-REPO_BRANCH ?= refs/tags/1.0.0
+REPO_BRANCH ?= refs/tags/1.8.1
 # Path to seed manifest in repository referenced in REPO_MANIFESTS_URL
 REPO_MANIFEST ?= manifests/terraform_modules/seed/manifest.xml
 

@@ -104,19 +104,19 @@ If `make check` target is successful, developer is good to commit the code to pr
 - runs `conftests`. `conftests` make sure `policy` checks are successful.
 - runs `terratest`. This is integration test suit.
 - runs `opa` tests
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.0, <= 1.5.5 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.5 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.62.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.100.0 |
 
 ## Modules
 
@@ -144,4 +144,5 @@ No modules.
 |------|-------------|
 | <a name="output_log_group_name"></a> [log\_group\_name](#output\_log\_group\_name) | n/a |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | n/a |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+| <a name="output_log_group_kms_key_id"></a> [log\_group\_kms\_key\_id](#output\_log\_group\_kms\_key\_id) | n/a |
+<!-- END_TF_DOCS -->