From 89c4946c34369b3f6bf6c5f7ee6301fc28ccfb11 Mon Sep 17 00:00:00 2001
From: Sarun Nuntaviriyakul <48861591+guyzsarun@users.noreply.github.com>
Date: Sun, 17 Dec 2023 16:42:24 +0100
Subject: [PATCH] Feature: Terraform CI (#4)

* add tf workflow

* update ci

* update exit command

* update return code

* update exit code

* fmt

* update readme
---
 .github/workflows/main.yml | 30 ++++++++++++++++++++++++++++++
 README.md                  |  3 ++-
 bastion.tf                 |  2 +-
 eks.tf                     | 26 +++++++++++++-------------
 output.tf                  |  8 ++++----
 security_group.tf          |  6 +++---
 variables.tf               |  4 ++--
 vpc.tf                     |  4 ++--
 8 files changed, 57 insertions(+), 26 deletions(-)
 create mode 100644 .github/workflows/main.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..406be41
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,30 @@
+name: terraform
+
+on:
+  push:
+    branches:
+    - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Init
+        run: terraform init
+
+      - name: Linting
+        run: |
+          if ! terraform fmt -recursive -check; then
+            echo 'Please run  "terraform fmt -recursive" '
+            exit 1
+          fi
+
+      - name: Validate
+        run: terraform validate
diff --git a/README.md b/README.md
index 6219411..5c38e05 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,2 @@
-# terraform-aws
\ No newline at end of file
+# terraform-aws
+[![terraform](https://github.com/guyzsarun/terraform-aws/actions/workflows/main.yml/badge.svg)](https://github.com/guyzsarun/terraform-aws/actions/workflows/main.yml)
\ No newline at end of file
diff --git a/bastion.tf b/bastion.tf
index 82af04f..b265640 100644
--- a/bastion.tf
+++ b/bastion.tf
@@ -11,7 +11,7 @@ resource "aws_instance" "bastion-vm" {
 
   subnet_id = aws_subnet.main-vpc-subnet-public[0].id
 
-  user_data =  "${file("helper/init.sh")}"
+  user_data = file("helper/init.sh")
 
   vpc_security_group_ids = [
     aws_security_group.allow_ssh.id,
diff --git a/eks.tf b/eks.tf
index f4b034a..d62ca3b 100644
--- a/eks.tf
+++ b/eks.tf
@@ -7,7 +7,7 @@ module "eks" {
   cluster_version = var.eks-config.version
 
   vpc_id     = aws_vpc.main-vpc.id
-  subnet_ids = [ for i in aws_subnet.main-vpc-subnet-private  : i.id]
+  subnet_ids = [for i in aws_subnet.main-vpc-subnet-private : i.id]
 
   cluster_endpoint_public_access = true
   eks_managed_node_groups = {
@@ -53,19 +53,19 @@ locals {
       name = "terraform"
       user = {
         exec = {
-          apiVersion = "client.authentication.k8s.io/v1beta1"
-          command= "aws"
-          interactiveMode= "IfAvailable"
-          provideClusterInfo= false
+          apiVersion         = "client.authentication.k8s.io/v1beta1"
+          command            = "aws"
+          interactiveMode    = "IfAvailable"
+          provideClusterInfo = false
           args = [
-           "--region",
-           split(":",module.eks.cluster_arn)[3],
-           "eks",
-           "get-token",
-           "--cluster-name",
-           "${module.eks.cluster_name}",
-           "--output",
-           "json"
+            "--region",
+            split(":", module.eks.cluster_arn)[3],
+            "eks",
+            "get-token",
+            "--cluster-name",
+            "${module.eks.cluster_name}",
+            "--output",
+            "json"
           ]
         }
       }
diff --git a/output.tf b/output.tf
index 6f46a72..548a887 100644
--- a/output.tf
+++ b/output.tf
@@ -17,15 +17,15 @@ output "private-vm" {
 
 output "nat-gateway" {
   value = {
-    public_ip = aws_nat_gateway.nat-gw.public_ip
+    public_ip  = aws_nat_gateway.nat-gw.public_ip
     private_ip = aws_nat_gateway.nat-gw.private_ip
   }
 }
 
-output "eks"{
+output "eks" {
   value = {
-    cluster_name = module.eks.cluster_name
-    cluster_endpoint = module.eks.cluster_endpoint
+    cluster_name           = module.eks.cluster_name
+    cluster_endpoint       = module.eks.cluster_endpoint
     get_kubeconfig_command = "aws eks update-kubeconfig --name ${module.eks.cluster_name}"
   }
 }
\ No newline at end of file
diff --git a/security_group.tf b/security_group.tf
index 52f27fc..049b79c 100644
--- a/security_group.tf
+++ b/security_group.tf
@@ -67,8 +67,8 @@ resource "aws_vpc_security_group_egress_rule" "allow_egress_rule_ipv6" {
 }
 
 resource "aws_network_acl" "main-vpc-nacl-public" {
-  vpc_id = aws_vpc.main-vpc.id
-  subnet_ids =[for i in aws_subnet.main-vpc-subnet-public : i.id]
+  vpc_id     = aws_vpc.main-vpc.id
+  subnet_ids = [for i in aws_subnet.main-vpc-subnet-public : i.id]
 
   egress {
     protocol   = -1
@@ -95,7 +95,7 @@ resource "aws_network_acl" "main-vpc-nacl-public" {
 }
 
 resource "aws_network_acl" "main-vpc-nacl-private" {
-  vpc_id = aws_vpc.main-vpc.id
+  vpc_id     = aws_vpc.main-vpc.id
   subnet_ids = [for i in aws_subnet.main-vpc-subnet-private : i.id]
 
   egress {
diff --git a/variables.tf b/variables.tf
index f150347..b384746 100644
--- a/variables.tf
+++ b/variables.tf
@@ -17,8 +17,8 @@ variable "ssh_key_pair" {
 
 variable "eks-config" {
   type = object({
-    name = string
-    version = string
+    name     = string
+    version  = string
     min_node = number
     max_node = number
   })
diff --git a/vpc.tf b/vpc.tf
index 6c276f6..de62950 100644
--- a/vpc.tf
+++ b/vpc.tf
@@ -55,7 +55,7 @@ resource "aws_route_table" "main-vpc-private-routetable" {
   vpc_id = aws_vpc.main-vpc.id
 
   route {
-    cidr_block = "0.0.0.0/0"
+    cidr_block     = "0.0.0.0/0"
     nat_gateway_id = aws_nat_gateway.nat-gw.id
   }
 
@@ -91,7 +91,7 @@ resource "aws_internet_gateway" "gw" {
 }
 
 resource "aws_eip" "nat" {
-  domain   = "vpc"
+  domain = "vpc"
   tags = {
     Name = "nat"
   }