From 7bcaff92dfdea5c943754362e11ebb0476449607 Mon Sep 17 00:00:00 2001
From: Jordan Acosta <jordan@nuon.co>
Date: Tue, 26 Mar 2024 16:56:49 -0700
Subject: [PATCH] feat: make into reusable module (#3)

---
 .github/workflows/release.yml | 42 +++++++++++++++++++
 .gitignore                    |  1 +
 README.md                     | 26 ++++++++++++
 provider.tf                   | 76 -----------------------------------
 versions.tf                   |  4 ++
 5 files changed, 73 insertions(+), 76 deletions(-)
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .gitignore
 delete mode 100644 provider.tf

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..931ddc4
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,42 @@
+---
+name: release
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  id-token: write
+  issues: read
+  packages: write
+  pull-requests: write
+  statuses: write
+  actions: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: false
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  bump_tag:
+    name: bump tag
+    runs-on: ubuntu-latest
+    steps:
+      - name: Determine next version
+        id: semver
+        uses: ietf-tools/semver-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: main
+          patchAll: true
+
+      - name: Push tag
+        uses: mathieudutour/github-tag-action@v6.1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          custom_tag: ${{ steps.semver.outputs.nextStrict }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3fa8c86
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.terraform
diff --git a/README.md b/README.md
index d37f207..166f0e1 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,28 @@
 # aws-eks-sandbox
+
 Turnkey AWS EKS sandbox for Nuon apps.
+
+## Usage
+
+This module can be used via the [aws-eks](github.com/nuonco/sandboxes/aws-eks) project in [nuonco/sandboxes](github.com/nuonco/sandboxes).
+
+```hcl
+resource "nuon_app" "my_eks_app" {
+  name = "my_eks_app"
+}
+
+resource "nuon_app_sandbox" "main" {
+  app_id            = nuon_app.my_eks_app.id
+  terraform_version = "v1.6.3"
+  public_repo = {
+    repo      = "nuonco/sandboxes"
+    branch    = "main"
+    directory = "aws-eks"
+  }
+}
+
+resource "nuon_app_runner" "main" {
+  app_id      = nuon_app.my_eks_app.id
+  runner_type = "aws-eks"
+}
+```
diff --git a/provider.tf b/provider.tf
deleted file mode 100644
index 8cca4f4..0000000
--- a/provider.tf
+++ /dev/null
@@ -1,76 +0,0 @@
-locals {
-  k8s_exec = [{
-    api_version = "client.authentication.k8s.io/v1beta1"
-    command     = "aws-iam-authenticator"
-    # This requires the aws iam authenticator to be installed locally where Terraform is executed
-    args = ["token", "-i", module.eks.cluster_name, "-r", var.assume_role_arn]
-  }]
-}
-
-provider "aws" {
-  region = local.install_region
-
-  assume_role {
-    role_arn = var.assume_role_arn
-  }
-
-  default_tags {
-    tags = local.tags
-  }
-}
-
-# hack. see eks.tf for more details
-provider "aws" {
-  region = local.install_region
-  alias  = "no_tags"
-
-  assume_role {
-    role_arn = var.assume_role_arn
-  }
-}
-
-provider "kubernetes" {
-  host                   = module.eks.cluster_endpoint
-  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-
-  dynamic "exec" {
-    for_each = local.k8s_exec
-    content {
-      api_version = exec.value.api_version
-      command     = exec.value.command
-      args        = exec.value.args
-    }
-  }
-}
-
-provider "helm" {
-  kubernetes {
-    host                   = module.eks.cluster_endpoint
-    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-
-    dynamic "exec" {
-      for_each = local.k8s_exec
-      content {
-        api_version = exec.value.api_version
-        command     = exec.value.command
-        args        = exec.value.args
-      }
-    }
-  }
-}
-
-provider "kubectl" {
-  apply_retry_count      = 5
-  host                   = module.eks.cluster_endpoint
-  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  load_config_file       = false
-
-  dynamic "exec" {
-    for_each = local.k8s_exec
-    content {
-      api_version = exec.value.api_version
-      command     = exec.value.command
-      args        = exec.value.args
-    }
-  }
-}
diff --git a/versions.tf b/versions.tf
index ed85326..b5df3d9 100644
--- a/versions.tf
+++ b/versions.tf
@@ -8,6 +8,10 @@ terraform {
     aws = {
       source  = "hashicorp/aws"
       version = ">= 4.0"
+      # This is required in order for the calling TF project to pass in both the default and the no_tags aws providers.
+      # Everything works fine in the calling project, but this causes `terraform validate` to fail when run against this module itself.
+      # Apparently, this is a bug in Terraform: https://github.com/hashicorp/terraform/issues/28490
+      configuration_aliases = [aws.no_tags]
     }
     helm = {
       source  = "hashicorp/helm"