From faa3556878cb62a31714c74ec3b71ba8d3bf927f Mon Sep 17 00:00:00 2001
From: Joachim Hill-Grannec <joachim.hill@gmail.com>
Date: Thu, 11 Jan 2024 15:02:56 -0600
Subject: [PATCH] feat: add yaml and tf lint, publish kustomizations via OCI.
 Will still need to refactor at a future date

---
 .github/workflows/lint-tf.yaml                | 17 ++++++++++++
 .github/workflows/lint-yaml.yaml              | 16 ++++++++++++
 .github/workflows/publish-kustomizations.yaml | 26 +++++++++++++++++++
 .tflint.hcl                                   |  5 ++++
 .yamllint                                     | 12 +++++++++
 Makefile                                      | 17 ++++++++++++
 catalog-info.yaml                             | 17 ++++++++++++
 README.md => docs/README.md                   |  5 ++++
 gitops/components/multus/kustomization.yaml   |  1 -
 .../multus/kustomize/nidhogg/resources.yaml   |  8 +++---
 .../overlays/multus-daemonset-readiness.yaml  |  1 -
 mkdocs.yaml                                   |  5 ++++
 12 files changed, 124 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/lint-tf.yaml
 create mode 100644 .github/workflows/lint-yaml.yaml
 create mode 100644 .github/workflows/publish-kustomizations.yaml
 create mode 100644 .tflint.hcl
 create mode 100644 .yamllint
 create mode 100644 Makefile
 create mode 100644 catalog-info.yaml
 rename README.md => docs/README.md (95%)
 create mode 100644 mkdocs.yaml

diff --git a/.github/workflows/lint-tf.yaml b/.github/workflows/lint-tf.yaml
new file mode 100644
index 0000000..2f9d494
--- /dev/null
+++ b/.github/workflows/lint-tf.yaml
@@ -0,0 +1,17 @@
+name: Lint TF files
+on:
+  pull_request:
+    paths:
+      - '**.tf'
+    branches:
+      - main
+
+jobs:
+  lint-tf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: terraform-linters/setup-tflint@v2.0.1
+        with:
+          tflint_version: v0.45.0
+      - run: make lint-tf
diff --git a/.github/workflows/lint-yaml.yaml b/.github/workflows/lint-yaml.yaml
new file mode 100644
index 0000000..587767a
--- /dev/null
+++ b/.github/workflows/lint-yaml.yaml
@@ -0,0 +1,16 @@
+name: Lint YAML files
+on:
+  pull_request:
+    paths:
+      - '**.yaml'
+      - '**.yml'
+    branches:
+      - main
+
+jobs:
+  lint-yaml:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: sudo apt-get install -y yamllint
+      - run: make lint-yaml
diff --git a/.github/workflows/publish-kustomizations.yaml b/.github/workflows/publish-kustomizations.yaml
new file mode 100644
index 0000000..cb9900b
--- /dev/null
+++ b/.github/workflows/publish-kustomizations.yaml
@@ -0,0 +1,26 @@
+name: publish-kustomizations
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - gitops/**
+      - '!**/*.md'
+jobs:
+  publish-kustomizations:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    env:
+      IMAGE: "ghcr.io/pelotech/kustomizations/foundation:0.0.1"
+      GITHUB_ACTOR: ${{ github.actor }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: oras-project/setup-oras@v1
+      - name: publish
+        run: |
+          tar -cf foundation.tar gitops/
+          oras login ghcr.io -u $GITHUB_ACTOR -p $GITHUB_TOKEN
+          oras push ${IMAGE} foundation.tar
diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000..f281206
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,5 @@
+plugin "aws" {
+    enabled = true
+    version = "0.22.1"
+    source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
\ No newline at end of file
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..7306079
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,12 @@
+extends: relaxed
+
+rules:
+  line-length: disable
+  commas: disable
+  indentation:
+    spaces: 2
+    indent-sequences: whatever
+
+ignore: |
+  *.terraform/
+  gitops/base-install/cert-manager/create-issuer/templates/create-issuer.yaml
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..6b0c07c
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,17 @@
+.PHONY: lint
+lint: lint-tf lint-yaml
+
+# TODO: fail on exit 1 but not 2
+.PHONY: lint-tf
+lint-tf:
+	tflint --init
+	tflint --recursive || echo "Temp bypass and need to figure out warnings"
+
+
+.PHONY: lint-yaml
+lint-yaml:
+	yamllint -c .yamllint .
+
+.PHONY: format
+format:
+	terraform fmt -recursive
diff --git a/catalog-info.yaml b/catalog-info.yaml
new file mode 100644
index 0000000..ceffd03
--- /dev/null
+++ b/catalog-info.yaml
@@ -0,0 +1,17 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: foundation
+  description: Foundation is the opinionated approach to k8s cluster setup
+  tags:
+    - kustomize
+    - helm
+    - terraform
+    - k8s
+  annotations:
+    github.com/project-slug: pelotech/foundation
+    backstage.io/techdocs-ref: dir:.
+spec:
+  type: infrastructure
+  lifecycle: production
+  owner: leads
diff --git a/README.md b/docs/README.md
similarity index 95%
rename from README.md
rename to docs/README.md
index 4dac05c..561eb86 100644
--- a/README.md
+++ b/docs/README.md
@@ -1,3 +1,8 @@
+![TF Lint](https://github.com/pelotech/foundation/actions/workflows/lint-tf.yaml/badge.svg)
+![YAML Lint](https://github.com/pelotech/foundation/actions/workflows/lint-yaml.yaml/badge.svg)
+![Publish-Kustomizations](https://github.com/pelotech/foundation/actions/workflows/publish-kustomizations.yaml/badge.svg)
+
+
 # Foundation - Pelotech's GitOps K8s Cluster
 Foundation is our repository of base, reusable manifests for setting up GitOps k8s clusters, currently targeted for AWS EKS. ArgoCD is installed as the GitOps agent in a self-managed fashion and also includes Pelotech's set of opinionated components to solve everything that K8s doesn't out of the box (DNS/TLS, storage, logs/metrics etc.)
 
diff --git a/gitops/components/multus/kustomization.yaml b/gitops/components/multus/kustomization.yaml
index a8187a2..e3f99c2 100644
--- a/gitops/components/multus/kustomization.yaml
+++ b/gitops/components/multus/kustomization.yaml
@@ -16,4 +16,3 @@ patches:
         value:
           namespace: nidhogg-system
           server: https://kubernetes.default.svc
-
diff --git a/gitops/components/multus/kustomize/nidhogg/resources.yaml b/gitops/components/multus/kustomize/nidhogg/resources.yaml
index 86b430c..1c4ab46 100644
--- a/gitops/components/multus/kustomize/nidhogg/resources.yaml
+++ b/gitops/components/multus/kustomize/nidhogg/resources.yaml
@@ -49,10 +49,10 @@ spec:
         imagePullPolicy: Always
         name: manager
         args:
-         - --config-file=/config/config.json
-         - --leader-election
-         - --leader-namespace=nidhogg-system
-         - --leader-configmap=nidhogg-election
+          - --config-file=/config/config.json
+          - --leader-election
+          - --leader-namespace=nidhogg-system
+          - --leader-configmap=nidhogg-election
         env:
           - name: POD_NAMESPACE
             valueFrom:
diff --git a/gitops/components/multus/kustomize/overlays/multus-daemonset-readiness.yaml b/gitops/components/multus/kustomize/overlays/multus-daemonset-readiness.yaml
index d6a20ae..c024133 100644
--- a/gitops/components/multus/kustomize/overlays/multus-daemonset-readiness.yaml
+++ b/gitops/components/multus/kustomize/overlays/multus-daemonset-readiness.yaml
@@ -12,4 +12,3 @@ spec:
               command:
                 - cat
                 - /host/etc/cni/net.d/10-aws.conflist
-
diff --git a/mkdocs.yaml b/mkdocs.yaml
new file mode 100644
index 0000000..2b4af24
--- /dev/null
+++ b/mkdocs.yaml
@@ -0,0 +1,5 @@
+site_name: foundation
+site_description: foundation project documentation
+
+plugins:
+  - techdocs-core