add git hooks and update docs (#9)

Author: marcincuber

.pre-commit-config.yaml

@@ -0,0 +1,25 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v2.5.0
+  hooks:
+  - id: check-added-large-files
+    args: ['--maxkb=500']
+  - id: check-executables-have-shebangs
+  - id: pretty-format-json
+    args: ['--autofix', '--no-sort-keys', '--indent=2']
+  - id: check-byte-order-marker
+  - id: check-case-conflict
+  - id: check-executables-have-shebangs
+  - id: check-merge-conflict
+  - id: check-symlinks
+  - id: detect-private-key
+  - id: check-merge-conflict
+  - id: detect-aws-credentials
+    args: ['--allow-missing-credentials']
+  - id: trailing-whitespace
+- repo: git://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.25.0
+  hooks:
+  - id: terraform_fmt
+  - id: terraform_docs
+  - id: terraform_tflint

Makefile

@@ -2,58 +2,15 @@ ifneq (,)
 .error This Makefile requires GNU Make.
 endif
 
-.PHONY: gen _gen-main _gen-examples _update-tf-docs
+.PHONY: hooks validate
 
-CURRENT_DIR     = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
-TF_EXAMPLES     = $(sort $(dir $(wildcard $(CURRENT_DIR)examples/*/)))
-TF_DOCS_VERSION = 0.6.0
+help:
+	@grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
-# Adjust your delimiter here or overwrite via make arguments
-DELIM_START = <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-DELIM_CLOSE = <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+hooks: ## Commit hooks setup
+	@pre-commit install
+	@pre-commit gc
+	@pre-commit autoupdate
 
-gen: _update-tf-docs
-	@echo "################################################################################"
-	@echo "# Terraform-docs generate"
-	@echo "################################################################################"
-	@$(MAKE) --no-print-directory _gen-main
-	@$(MAKE) --no-print-directory _gen-examples
-
-_gen-main:
-	@echo "------------------------------------------------------------"
-	@echo "# Main module"
-	@echo "------------------------------------------------------------"
-	@if docker run --rm \
-		-v $(CURRENT_DIR):/data \
-		-e DELIM_START='$(DELIM_START)' \
-		-e DELIM_CLOSE='$(DELIM_CLOSE)' \
-		cytopia/terraform-docs:$(TF_DOCS_VERSION) \
-		terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults md README.md; then \
-		echo "OK"; \
-	else \
-		echo "Failed"; \
-		exit 1; \
-	fi
-
-_gen-examples:
-	@$(foreach example,\
-		$(TF_EXAMPLES),\
-		DOCKER_PATH="examples/$(notdir $(patsubst %/,%,$(example)))"; \
-		echo "------------------------------------------------------------"; \
-		echo "# $${DOCKER_PATH}"; \
-		echo "------------------------------------------------------------"; \
-		if docker run --rm \
-			-v $(CURRENT_DIR):/data \
-			-e DELIM_START='$(DELIM_START)' \
-			-e DELIM_CLOSE='$(DELIM_CLOSE)' \
-			cytopia/terraform-docs:$(TF_DOCS_VERSION) \
-			terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults md $${DOCKER_PATH}/README.md; then \
-			echo "OK"; \
-		else \
-			echo "Failed"; \
-			exit 1; \
-		fi; \
-	)
-
-_update-tf-docs:
-	docker pull cytopia/terraform-docs:$(TF_DOCS_VERSION)
+validate: ## Validate files with pre-commit hooks
+	@pre-commit run --all-files

README.md

@@ -18,7 +18,7 @@ resource "aws_ecs_cluster" "cluster" {
 module "ecs-farage" {
   source = "umotif-public/ecs-fargate/aws"
   version = "~> 1.0"
-  
+
   name_prefix        = "ecs-fargate-example"
   vpc_id             = "vpc-abasdasd132"
   private_subnet_ids = ["subnet-abasdasd132123", "subnet-abasdasd132123132"]
@@ -61,52 +61,66 @@ Module managed by [Marcin Cuber](https://github.com/marcincuber) [LinkedIn](http
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| cluster\_id | The Amazon Resource Name (ARN) that identifies the cluster. | string | n/a | yes |
-| health\_check | A health block containing health check settings for the target group. Overrides the defaults. | map(string) | n/a | yes |
-| lb\_arn | Arn for the LB for which the service should be attach to. | string | n/a | yes |
-| name\_prefix | A prefix used for naming resources. | string | n/a | yes |
-| private\_subnet\_ids | A list of private subnets inside the VPC | list(string) | n/a | yes |
-| task\_container\_image | The image used to start a container. | string | n/a | yes |
-| task\_container\_port | The port number on the container that is bound to the user-specified or automatically assigned host port | number | n/a | yes |
-| vpc\_id | The VPC ID. | string | n/a | yes |
-| container\_name | Optional name for the container to be used instead of name_prefix. | string | `""` | no |
-| deployment\_controller\_type | Type of deployment controller. Valid values: CODE_DEPLOY, ECS. | string | `"ECS"` | no |
+| cluster\_id | The Amazon Resource Name \(ARN\) that identifies the cluster. | string | n/a | yes |
+| container\_name | Optional name for the container to be used instead of name\_prefix. | string | `""` | no |
+| deployment\_controller\_type | Type of deployment controller. Valid values: CODE\_DEPLOY, ECS. | string | `"ECS"` | no |
 | deployment\_maximum\_percent | The upper limit of the number of running tasks that can be running in a service during a deployment | number | `"200"` | no |
 | deployment\_minimum\_healthy\_percent | The lower limit of the number of running tasks that must remain running and healthy in a service during a deployment | number | `"50"` | no |
 | desired\_count | The number of instances of the task definitions to place and keep running. | number | `"1"` | no |
+| health\_check | A health block containing health check settings for the target group. Overrides the defaults. | map(string) | n/a | yes |
 | health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers. | number | `"300"` | no |
+| lb\_arn | Arn for the LB for which the service should be attach to. | string | n/a | yes |
+| load\_balanced | Whether the task should be loadbalanced. | bool | `"true"` | no |
 | log\_retention\_in\_days | Number of days the logs will be retained in CloudWatch. | number | `"30"` | no |
-| propogate\_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION. | string | `"TASK_DEFINITION"` | no |
-| repository\_credentials | name or ARN of a secrets manager secret (arn:aws:secretsmanager:region:aws_account_id:secret:secret_name) | string | `""` | no |
+| logs\_kms\_key | The KMS key ARN to use to encrypt container logs. | string | `""` | no |
+| name\_prefix | A prefix used for naming resources. | string | n/a | yes |
+| private\_subnet\_ids | A list of private subnets inside the VPC | list(string) | n/a | yes |
+| propogate\_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION. | string | `"TASK_DEFINITION"` | no |
+| repository\_credentials | name or ARN of a secrets manager secret \(arn:aws:secretsmanager:region:aws\_account\_id:secret:secret\_name\) | string | `""` | no |
 | repository\_credentials\_kms\_key | key id, key ARN, alias name or alias ARN of the key that encrypted the repository credentials | string | `"alias/aws/secretsmanager"` | no |
-| service\_registry\_arn | ARN of aws_service_discovery_service resource | string | `""` | no |
-| tags | A map of tags (key-value pairs) passed to resources. | map(string) | `{}` | no |
+| service\_registry\_arn | ARN of aws\_service\_discovery\_service resource | string | `""` | no |
+| tags | A map of tags \(key-value pairs\) passed to resources. | map(string) | `{}` | no |
+| target\_group\_name | The name for the tasks target group | string | `""` | no |
 | task\_container\_assign\_public\_ip | Assigned public IP to the container. | bool | `"false"` | no |
 | task\_container\_command | The command that is passed to the container. | list(string) | `[]` | no |
 | task\_container\_environment | The environment variables to pass to a container. | map(string) | `{}` | no |
+| task\_container\_image | The image used to start a container. | string | n/a | yes |
+| task\_container\_port | The port number on the container that is bound to the user-specified or automatically assigned host port | number | n/a | yes |
 | task\_container\_protocol | Protocol that the container exposes. | string | `"HTTP"` | no |
 | task\_definition\_cpu | Amount of CPU to reserve for the task. | number | `"256"` | no |
-| task\_definition\_memory | The soft limit (in MiB) of memory to reserve for the container. | number | `"512"` | no |
+| task\_definition\_memory | The soft limit \(in MiB\) of memory to reserve for the container. | number | `"512"` | no |
 | task\_host\_port | The port number on the container instance to reserve for your container. | number | `"0"` | no |
-| target\_group\_name | The name for the tasks target group. | string | `""` | no |
-| load\_balanced | Whether the task should be loadbalanced. | bool | `true` | no |
-| logs_kms_key | The KMS key ARN to use to encrypt container logs. | string | `""` | no |
+| vpc\_id | The VPC ID. | string | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | log\_group\_name | The name of the Cloudwatch log group for the task. |
-| service\_arn | The Amazon Resource Name (ARN) that identifies the ECS service. |
+| service\_arn | The Amazon Resource Name \(ARN\) that identifies the ECS service. |
 | service\_name | The name of the service. |
-| service\_sg\_id | The Amazon Resource Name (ARN) that identifies the service security group. |
+| service\_sg\_id | The Amazon Resource Name \(ARN\) that identifies the service security group. |
 | target\_group\_arn | The ARN of the Target Group used by Load Balancer. |
 | target\_group\_name | The Name of the Target Group used by Load Balancer. |
-| task\_role\_arn | The Amazon Resource Name (ARN) specifying the ECS service role. |
+| task\_role\_arn | The Amazon Resource Name \(ARN\) specifying the ECS service role. |
 | task\_role\_name | The name of the Fargate task service role. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## License
 
 See LICENSE for full details.
+
+## Pre-commit hooks
+
+### Install dependencies
+
+* [`pre-commit`](https://pre-commit.com/#install)
+* [`terraform-docs`](https://github.com/segmentio/terraform-docs) required for `terraform_docs` hooks.
+* [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook.
+
+#### MacOS
+
+```bash
+brew install pre-commit terraform-docs tflint
+```

examples/core/README.md

@@ -6,52 +6,4 @@ terraform init
 terraform validate
 terraform plan
 terraform apply --auto-approve
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| cluster\_id | The Amazon Resource Name (ARN) that identifies the cluster. | string | n/a | yes |
-| health\_check | A health block containing health check settings for the target group. Overrides the defaults. | map(string) | n/a | yes |
-| lb\_arn | Arn for the LB for which the service should be attach to. | string | n/a | yes |
-| name\_prefix | A prefix used for naming resources. | string | n/a | yes |
-| private\_subnet\_ids | A list of private subnets inside the VPC | list(string) | n/a | yes |
-| task\_container\_image | The image used to start a container. | string | n/a | yes |
-| task\_container\_port | The port number on the container that is bound to the user-specified or automatically assigned host port | number | n/a | yes |
-| vpc\_id | The VPC ID. | string | n/a | yes |
-| container\_name | Optional name for the container to be used instead of name_prefix. | string | `""` | no |
-| deployment\_controller\_type | Type of deployment controller. Valid values: CODE_DEPLOY, ECS. | string | `"ECS"` | no |
-| deployment\_maximum\_percent | The upper limit of the number of running tasks that can be running in a service during a deployment | number | `"200"` | no |
-| deployment\_minimum\_healthy\_percent | The lower limit of the number of running tasks that must remain running and healthy in a service during a deployment | number | `"50"` | no |
-| desired\_count | The number of instances of the task definitions to place and keep running. | number | `"1"` | no |
-| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers. | number | `"300"` | no |
-| log\_retention\_in\_days | Number of days the logs will be retained in CloudWatch. | number | `"30"` | no |
-| propogate\_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION. | string | `"TASK_DEFINITION"` | no |
-| repository\_credentials | name or ARN of a secrets manager secret (arn:aws:secretsmanager:region:aws_account_id:secret:secret_name) | string | `""` | no |
-| repository\_credentials\_kms\_key | key id, key ARN, alias name or alias ARN of the key that encrypted the repository credentials | string | `"alias/aws/secretsmanager"` | no |
-| service\_registry\_arn | ARN of aws_service_discovery_service resource | string | `""` | no |
-| tags | A map of tags (key-value pairs) passed to resources. | map(string) | `{}` | no |
-| task\_container\_assign\_public\_ip | Assigned public IP to the container. | bool | `"false"` | no |
-| task\_container\_command | The command that is passed to the container. | list(string) | `[]` | no |
-| task\_container\_environment | The environment variables to pass to a container. | map(string) | `{}` | no |
-| task\_container\_protocol | Protocol that the container exposes. | string | `"HTTP"` | no |
-| task\_definition\_cpu | Amount of CPU to reserve for the task. | number | `"256"` | no |
-| task\_definition\_memory | The soft limit (in MiB) of memory to reserve for the container. | number | `"512"` | no |
-| task\_host\_port | The port number on the container instance to reserve for your container. | number | `"0"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| log\_group\_name | The name of the Cloudwatch log group for the task. |
-| service\_arn | The Amazon Resource Name (ARN) that identifies the ECS service. |
-| service\_name | The name of the service. |
-| service\_sg\_id | The Amazon Resource Name (ARN) that identifies the service security group. |
-| target\_group\_arn | The ARN of the Target Group used by Load Balancer. |
-| target\_group\_name | The Name of the Target Group used by Load Balancer. |
-| task\_role\_arn | The Amazon Resource Name (ARN) specifying the ECS service role. |
-| task\_role\_name | The name of the Fargate task service role. |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+```

main.tf

@@ -5,8 +5,8 @@ resource "aws_cloudwatch_log_group" "main" {
   name              = var.name_prefix
   retention_in_days = var.log_retention_in_days
 
-  kms_key_id        = var.logs_kms_key
-  tags              = var.tags
+  kms_key_id = var.logs_kms_key
+  tags       = var.tags
 }
 
 #####
@@ -74,7 +74,7 @@ resource "aws_security_group_rule" "egress_service" {
 # Load Balancer Target group
 #####
 resource "aws_lb_target_group" "task" {
-  name = var.target_group_name !="" ? var.target_group_name :  "${var.name_prefix}-target-${var.task_container_port}"
+  name        = var.target_group_name != "" ? var.target_group_name : "${var.name_prefix}-target-${var.task_container_port}"
   vpc_id      = var.vpc_id
   protocol    = var.task_container_protocol
   port        = var.task_container_port
@@ -101,7 +101,7 @@ resource "aws_lb_target_group" "task" {
   tags = merge(
     var.tags,
     {
-      Name = var.target_group_name !="" ? var.target_group_name :  "${var.name_prefix}-target-${var.task_container_port}"
+      Name = var.target_group_name != "" ? var.target_group_name : "${var.name_prefix}-target-${var.task_container_port}"
     },
   )
 }

variables.tf

@@ -160,13 +160,13 @@ variable "target_group_name" {
 }
 
 variable "load_balanced" {
-  type = bool
-  default = true
+  type        = bool
+  default     = true
   description = "Whether the task should be loadbalanced."
 }
 
 variable "logs_kms_key" {
-  type = string
+  type        = string
   description = "The KMS key ARN to use to encrypt container logs."
-  default = ""
+  default     = ""
 }