From 5c5e127ad6047fb77f89021a50cc1436d4f98cf7 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Fri, 26 Sep 2025 15:05:54 -0400 Subject: [PATCH 01/25] round 3 baby --- infrastructure/aws/.terraform-version | 1 + infrastructure/aws/backend.tf | 9 +++++++++ infrastructure/aws/main.tf | 11 +++++++++++ infrastructure/aws/providers.tf | 12 ++++++++++++ infrastructure/aws/secrets.tf | 0 infrastructure/aws/variables.tf | 10 ++++++++++ 6 files changed, 43 insertions(+) create mode 100644 infrastructure/aws/.terraform-version create mode 100644 infrastructure/aws/backend.tf create mode 100644 infrastructure/aws/main.tf create mode 100644 infrastructure/aws/providers.tf create mode 100644 infrastructure/aws/secrets.tf create mode 100644 infrastructure/aws/variables.tf diff --git a/infrastructure/aws/.terraform-version b/infrastructure/aws/.terraform-version new file mode 100644 index 0000000..feaae22 --- /dev/null +++ b/infrastructure/aws/.terraform-version @@ -0,0 +1 @@ +1.13.0 diff --git a/infrastructure/aws/backend.tf b/infrastructure/aws/backend.tf new file mode 100644 index 0000000..d995729 --- /dev/null +++ b/infrastructure/aws/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "c4c-neu-terraform-state-files" + key = "aws/terraform.tfstate" + region = "us-east-2" + dynamodb_table = "terraform-state-lock" + encrypt = true + } +} diff --git a/infrastructure/aws/main.tf b/infrastructure/aws/main.tf new file mode 100644 index 0000000..65e40f0 --- /dev/null +++ b/infrastructure/aws/main.tf @@ -0,0 +1,11 @@ +resource "aws_db_instance" "branch_rds" { + allocated_storage = 10 + db_name = "branch_rds" + engine = "postgres" + engine_version = "18.0" + instance_class = "db.t3.micro" + username = data.infisical_secrets.aws_folder.secrets["rds-username"].value + password = data.infisical_secrets.aws_folder.secrets["rds-password"].value + parameter_group_name = "default.postgres18.0" + skip_final_snapshot = true +} diff --git a/infrastructure/aws/providers.tf b/infrastructure/aws/providers.tf new file mode 100644 index 0000000..f0902a5 --- /dev/null +++ b/infrastructure/aws/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.14.1" + } + } +} + +provider "aws" { + region = "us-east-2" +} \ No newline at end of file diff --git a/infrastructure/aws/secrets.tf b/infrastructure/aws/secrets.tf new file mode 100644 index 0000000..e69de29 diff --git a/infrastructure/aws/variables.tf b/infrastructure/aws/variables.tf new file mode 100644 index 0000000..53a5f69 --- /dev/null +++ b/infrastructure/aws/variables.tf @@ -0,0 +1,10 @@ +data "infisical_secrets" "aws_folder" { + env_slug = "dev" + workspace_id = var.infisical_workspace_id + folder_path = "/aws" +} + +variable "infisical_workspace_id" { + type = string + default = "d1ee8b80-118c-4daf-ae84-31da43261b76" +} \ No newline at end of file From 93e0c2225f413f583d8171e8c014c148ea989abd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 26 Sep 2025 19:06:34 +0000 Subject: [PATCH 02/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- README.md | 430 ++++++++++++++++++++++++++++++++ infrastructure/aws/README.md | 37 +++ infrastructure/aws/providers.tf | 2 +- 3 files changed, 468 insertions(+), 1 deletion(-) create mode 100644 infrastructure/aws/README.md diff --git a/README.md b/README.md index 8b13789..97dd257 100644 --- a/README.md +++ b/README.md @@ -1 +1,431 @@ +# terraform-docs +[![Build Status](https://github.com/terraform-docs/terraform-docs/workflows/ci/badge.svg)](https://github.com/terraform-docs/terraform-docs/actions) [![GoDoc](https://pkg.go.dev/badge/github.com/terraform-docs/terraform-docs)](https://pkg.go.dev/github.com/terraform-docs/terraform-docs) [![Go Report Card](https://goreportcard.com/badge/github.com/terraform-docs/terraform-docs)](https://goreportcard.com/report/github.com/terraform-docs/terraform-docs) [![Codecov Report](https://codecov.io/gh/terraform-docs/terraform-docs/branch/master/graph/badge.svg)](https://codecov.io/gh/terraform-docs/terraform-docs) [![License](https://img.shields.io/github/license/terraform-docs/terraform-docs)](https://github.com/terraform-docs/terraform-docs/blob/master/LICENSE) [![Latest release](https://img.shields.io/github/v/release/terraform-docs/terraform-docs)](https://github.com/terraform-docs/terraform-docs/releases) + +![terraform-docs-teaser](./images/terraform-docs-teaser.png) + +## What is terraform-docs + +A utility to generate documentation from Terraform modules in various output formats. + +## Installation + +macOS users can install using [Homebrew]: + +```bash +brew install terraform-docs +``` + +or + +```bash +brew install terraform-docs/tap/terraform-docs +``` + +Windows users can install using [Scoop]: + +```bash +scoop bucket add terraform-docs https://github.com/terraform-docs/scoop-bucket +scoop install terraform-docs +``` + +or [Chocolatey]: + +```bash +choco install terraform-docs +``` + +Stable binaries are also available on the [releases] page. To install, download the +binary for your platform from "Assets" and place this into your `$PATH`: + +```bash +curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.17.0/terraform-docs-v0.17.0-$(uname)-amd64.tar.gz +tar -xzf terraform-docs.tar.gz +chmod +x terraform-docs +mv terraform-docs /usr/local/bin/terraform-docs +``` + +**NOTE:** Windows releases are in `ZIP` format. + +The latest version can be installed using `go install` or `go get`: + +```bash +# go1.17+ +go install github.com/terraform-docs/terraform-docs@v0.17.0 +``` + +```bash +# go1.16 +GO111MODULE="on" go get github.com/terraform-docs/terraform-docs@v0.17.0 +``` + +**NOTE:** please use the latest Go to do this, minimum `go1.16` is required. + +This will put `terraform-docs` in `$(go env GOPATH)/bin`. If you encounter the error +`terraform-docs: command not found` after installation then you may need to either add +that directory to your `$PATH` as shown [here] or do a manual installation by cloning +the repo and run `make build` from the repository which will put `terraform-docs` in: + +```bash +$(go env GOPATH)/src/github.com/terraform-docs/terraform-docs/bin/$(uname | tr '[:upper:]' '[:lower:]')-amd64/terraform-docs +``` + +## Usage + +### Running the binary directly + +To run and generate documentation into README within a directory: + +```bash +terraform-docs markdown table --output-file README.md --output-mode inject /path/to/module +``` + +Check [`output`] configuration for more details and examples. + +### Using docker + +terraform-docs can be run as a container by mounting a directory with `.tf` +files in it and run the following command: + +```bash +docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs:0.17.0 markdown /terraform-docs +``` + +If `output.file` is not enabled for this module, generated output can be redirected +back to a file: + +```bash +docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs:0.17.0 markdown /terraform-docs > doc.md +``` + +**NOTE:** Docker tag `latest` refers to _latest_ stable released version and `edge` +refers to HEAD of `master` at any given point in time. + +### Using GitHub Actions + +To use terraform-docs GitHub Action, configure a YAML workflow file (e.g. +`.github/workflows/documentation.yml`) with the following: + +```yaml +name: Generate terraform docs +on: + - pull_request + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs and push changes back to PR + uses: terraform-docs/gh-actions@main + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" +``` + +Read more about [terraform-docs GitHub Action] and its configuration and +examples. + +### pre-commit hook + +With pre-commit, you can ensure your Terraform module documentation is kept +up-to-date each time you make a commit. + +First [install pre-commit] and then create or update a `.pre-commit-config.yaml` +in the root of your Git repo with at least the following content: + +```yaml +repos: + - repo: https://github.com/terraform-docs/terraform-docs + rev: "v0.17.0" + hooks: + - id: terraform-docs-go + args: ["markdown", "table", "--output-file", "README.md", "./mymodule/path"] +``` + +Then run: + +```bash +pre-commit install +pre-commit install-hooks +``` + +Further changes to your module's `.tf` files will cause an update to documentation +when you make a commit. + +## Configuration + +terraform-docs can be configured with a yaml file. The default name of this file is +`.terraform-docs.yml` and the path order for locating it is: + +1. root of module directory +1. `.config/` folder at root of module directory +1. current directory +1. `.config/` folder at current directory +1. `$HOME/.tfdocs.d/` + +```yaml +formatter: "" # this is required + +version: "" + +header-from: main.tf +footer-from: "" + +recursive: + enabled: false + path: modules + +sections: + hide: [] + show: [] + +content: "" + +output: + file: "" + mode: inject + template: |- + + {{ .Content }} + + +output-values: + enabled: false + from: "" + +sort: + enabled: true + by: name + +settings: + anchor: true + color: true + default: true + description: false + escape: true + hide-empty: false + html: true + indent: 2 + lockfile: true + read-comments: true + required: true + sensitive: true + type: true +``` + +## Content Template + +Generated content can be customized further away with `content` in configuration. +If the `content` is empty the default order of sections is used. + +Compatible formatters for customized content are `asciidoc` and `markdown`. `content` +will be ignored for other formatters. + +`content` is a Go template with following additional variables: + +- `{{ .Header }}` +- `{{ .Footer }}` +- `{{ .Inputs }}` +- `{{ .Modules }}` +- `{{ .Outputs }}` +- `{{ .Providers }}` +- `{{ .Requirements }}` +- `{{ .Resources }}` + +and following functions: + +- `{{ include "relative/path/to/file" }}` + +These variables are the generated output of individual sections in the selected +formatter. For example `{{ .Inputs }}` is Markdown Table representation of _inputs_ +when formatter is set to `markdown table`. + +Note that sections visibility (i.e. `sections.show` and `sections.hide`) takes +precedence over the `content`. + +Additionally there's also one extra special variable avaialble to the `content`: + +- `{{ .Module }}` + +As opposed to the other variables mentioned above, which are generated sections +based on a selected formatter, the `{{ .Module }}` variable is just a `struct` +representing a [Terraform module]. + +````yaml +content: |- + Any arbitrary text can be placed anywhere in the content + + {{ .Header }} + + and even in between sections + + {{ .Providers }} + + and they don't even need to be in the default order + + {{ .Outputs }} + + include any relative files + + {{ include "relative/path/to/file" }} + + {{ .Inputs }} + + # Examples + + ```hcl + {{ include "examples/foo/main.tf" }} + ``` + + ## Resources + + {{ range .Module.Resources }} + - {{ .GetMode }}.{{ .Spec }} ({{ .Position.Filename }}#{{ .Position.Line }}) + {{- end }} +```` + +## Build on top of terraform-docs + +terraform-docs primary use-case is to be utilized as a standalone binary, but +some parts of it is also available publicly and can be imported in your project +as a library. + +```go +import ( + "github.com/terraform-docs/terraform-docs/format" + "github.com/terraform-docs/terraform-docs/print" + "github.com/terraform-docs/terraform-docs/terraform" +) + +// buildTerraformDocs for module root `path` and provided content `tmpl`. +func buildTerraformDocs(path string, tmpl string) (string, error) { + config := print.DefaultConfig() + config.ModuleRoot = path // module root path (can be relative or absolute) + + module, err := terraform.LoadWithOptions(config) + if err != nil { + return "", err + } + + // Generate in Markdown Table format + formatter := format.NewMarkdownTable(config) + + if err := formatter.Generate(module); err != nil { + return "", err + } + + // // Note: if you don't intend to provide additional template for the generated + // // content, or the target format doesn't provide templating (e.g. json, yaml, + // // xml, or toml) you can use `Content()` function instead of `Render()`. + // // `Content()` returns all the sections combined with predefined order. + // return formatter.Content(), nil + + return formatter.Render(tmpl) +} +``` + +## Plugin + +Generated output can be heavily customized with [`content`], but if using that +is not enough for your use-case, you can write your own plugin. + +In order to install a plugin the following steps are needed: + +- download the plugin and place it in `~/.tfdocs.d/plugins` (or `./.tfdocs.d/plugins`) +- make sure the plugin file name is `tfdocs-format-` +- modify [`formatter`] of `.terraform-docs.yml` file to be `` + +**Important notes:** + +- if the plugin file name is different than the example above, terraform-docs won't +be able to to pick it up nor register it properly +- you can only use plugin thorough `.terraform-docs.yml` file and it cannot be used +with CLI arguments + +To create a new plugin create a new repository called `tfdocs-format-` with +following `main.go`: + +```go +package main + +import ( + _ "embed" //nolint + + "github.com/terraform-docs/terraform-docs/plugin" + "github.com/terraform-docs/terraform-docs/print" + "github.com/terraform-docs/terraform-docs/template" + "github.com/terraform-docs/terraform-docs/terraform" +) + +func main() { + plugin.Serve(&plugin.ServeOpts{ + Name: "", + Version: "0.1.0", + Printer: printerFunc, + }) +} + +//go:embed sections.tmpl +var tplCustom []byte + +// printerFunc the function being executed by the plugin client. +func printerFunc(config *print.Config, module *terraform.Module) (string, error) { + tpl := template.New(config, + &template.Item{Name: "custom", Text: string(tplCustom)}, + ) + + rendered, err := tpl.Render("custom", module) + if err != nil { + return "", err + } + + return rendered, nil +} +``` + +Please refer to [tfdocs-format-template] for more details. You can create a new +repository from it by clicking on `Use this template` button. + +## Documentation + +- **Users** + - Read the [User Guide] to learn how to use terraform-docs + - Read the [Formats Guide] to learn about different output formats of terraform-docs + - Refer to [Config File Reference] for all the available configuration options +- **Developers** + - Read [Contributing Guide] before submitting a pull request + +Visit [our website] for all documentation. + +## Community + +- Discuss terraform-docs on [Slack] + +## License + +MIT License - Copyright (c) 2021 The terraform-docs Authors. + +[Chocolatey]: https://www.chocolatey.org +[Config File Reference]: https://terraform-docs.io/user-guide/configuration/ +[`content`]: https://terraform-docs.io/user-guide/configuration/content/ +[Contributing Guide]: CONTRIBUTING.md +[Formats Guide]: https://terraform-docs.io/reference/terraform-docs/ +[`formatter`]: https://terraform-docs.io/user-guide/configuration/formatter/ +[here]: https://golang.org/doc/code.html#GOPATH +[Homebrew]: https://brew.sh +[install pre-commit]: https://pre-commit.com/#install +[`output`]: https://terraform-docs.io/user-guide/configuration/output/ +[releases]: https://github.com/terraform-docs/terraform-docs/releases +[Scoop]: https://scoop.sh/ +[Slack]: https://slack.terraform-docs.io/ +[terraform-docs GitHub Action]: https://github.com/terraform-docs/gh-actions +[Terraform module]: https://pkg.go.dev/github.com/terraform-docs/terraform-docs/terraform#Module +[tfdocs-format-template]: https://github.com/terraform-docs/tfdocs-format-template +[our website]: https://terraform-docs.io/ +[User Guide]: https://terraform-docs.io/user-guide/introduction/ diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md new file mode 100644 index 0000000..5897080 --- /dev/null +++ b/infrastructure/aws/README.md @@ -0,0 +1,37 @@ +# Terraform Module + + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | 6.14.1 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 6.14.1 | +| [infisical](#provider\_infisical) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | +| [infisical_secrets.aws_folder](https://registry.terraform.io/providers/hashicorp/infisical/latest/docs/data-sources/secrets) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | n/a | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | + +## Outputs + +No outputs. + diff --git a/infrastructure/aws/providers.tf b/infrastructure/aws/providers.tf index f0902a5..b039bb0 100644 --- a/infrastructure/aws/providers.tf +++ b/infrastructure/aws/providers.tf @@ -1,7 +1,7 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = "6.14.1" } } From 706668922f207f39a473b23d50ab264959f0dd40 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Fri, 26 Sep 2025 15:08:25 -0400 Subject: [PATCH 03/25] added infisical as a provider in aws --- infrastructure/aws/providers.tf | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/infrastructure/aws/providers.tf b/infrastructure/aws/providers.tf index b039bb0..b73dae3 100644 --- a/infrastructure/aws/providers.tf +++ b/infrastructure/aws/providers.tf @@ -4,9 +4,22 @@ terraform { source = "hashicorp/aws" version = "6.14.1" } + infisical = { + source = "infisical/infisical" + } } } provider "aws" { region = "us-east-2" +} + +provider "infisical" { + host = "https://app.infisical.com" + auth = { + universal = { + client_id = var.infisical_client_id + client_secret = var.infisical_client_secret + } + } } \ No newline at end of file From 56b7f4ad56c051f9fc4591dd2c37d306cfef8bc0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 26 Sep 2025 19:08:58 +0000 Subject: [PATCH 04/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/aws/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md index 5897080..e3b99c8 100644 --- a/infrastructure/aws/README.md +++ b/infrastructure/aws/README.md @@ -23,7 +23,7 @@ No modules. | Name | Type | |------|------| | [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | -| [infisical_secrets.aws_folder](https://registry.terraform.io/providers/hashicorp/infisical/latest/docs/data-sources/secrets) | data source | +| [infisical_secrets.aws_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | ## Inputs From 05a14ccdc4679359f930950f458c8229ae0b7b27 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Fri, 26 Sep 2025 15:12:42 -0400 Subject: [PATCH 05/25] added missing vars to aws folder --- infrastructure/aws/secrets.tf | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/infrastructure/aws/secrets.tf b/infrastructure/aws/secrets.tf index e69de29..c4985bd 100644 --- a/infrastructure/aws/secrets.tf +++ b/infrastructure/aws/secrets.tf @@ -0,0 +1,31 @@ +data "infisical_secrets" "github_folder" { + env_slug = "dev" + workspace_id = var.infisical_workspace_id + folder_path = "/github" +} +data "infisical_secrets" "infisical_folder" { + env_slug = "dev" + workspace_id = var.infisical_workspace_id + folder_path = "/infisical" +} +resource "github_actions_secret" "infisical_client_id" { + repository = github_repository.branch.name + secret_name = "INFISICAL_CLIENT_ID" + plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-id"].value +} + +resource "github_actions_secret" "infisical_client_secret" { + repository = github_repository.branch.name + secret_name = "INFISICAL_CLIENT_SECRET" + plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-secret"].value +} + + + +variable "infisical_client_id" { + type = string +} + +variable "infisical_client_secret" { + type = string +} From fcb5aff096b3ea1fddd60bf1ca6419b28ae66d5c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 26 Sep 2025 19:13:08 +0000 Subject: [PATCH 06/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/aws/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md index e3b99c8..458d8c7 100644 --- a/infrastructure/aws/README.md +++ b/infrastructure/aws/README.md @@ -12,6 +12,7 @@ | Name | Version | |------|---------| | [aws](#provider\_aws) | 6.14.1 | +| [github](#provider\_github) | n/a | | [infisical](#provider\_infisical) | n/a | ## Modules @@ -23,12 +24,18 @@ No modules. | Name | Type | |------|------| | [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | +| [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | +| [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | | [infisical_secrets.aws_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | +| [infisical_secrets.github_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | +| [infisical_secrets.infisical_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [infisical\_client\_id](#input\_infisical\_client\_id) | n/a | `string` | n/a | yes | +| [infisical\_client\_secret](#input\_infisical\_client\_secret) | n/a | `string` | n/a | yes | | [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | n/a | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | ## Outputs From 97f02cccd2adf1c2bdf6db3e208f1845e886e09b Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 13:07:41 -0400 Subject: [PATCH 07/25] root file for shared variables --- infrastructure/aws/main.tf | 4 +- infrastructure/aws/secrets.tf | 2 - infrastructure/aws/variables.tf | 21 ++++-- infrastructure/github/outputs.tf | 19 ++++++ infrastructure/github/secrets.tf | 2 + infrastructure/root.tf | 108 +++++++++++++++++++++++++++++++ 6 files changed, 145 insertions(+), 11 deletions(-) create mode 100644 infrastructure/github/outputs.tf create mode 100644 infrastructure/root.tf diff --git a/infrastructure/aws/main.tf b/infrastructure/aws/main.tf index 65e40f0..634a812 100644 --- a/infrastructure/aws/main.tf +++ b/infrastructure/aws/main.tf @@ -4,8 +4,8 @@ resource "aws_db_instance" "branch_rds" { engine = "postgres" engine_version = "18.0" instance_class = "db.t3.micro" - username = data.infisical_secrets.aws_folder.secrets["rds-username"].value - password = data.infisical_secrets.aws_folder.secrets["rds-password"].value + username = var.rds_username + password = var.rds_password parameter_group_name = "default.postgres18.0" skip_final_snapshot = true } diff --git a/infrastructure/aws/secrets.tf b/infrastructure/aws/secrets.tf index c4985bd..aebf533 100644 --- a/infrastructure/aws/secrets.tf +++ b/infrastructure/aws/secrets.tf @@ -20,8 +20,6 @@ resource "github_actions_secret" "infisical_client_secret" { plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-secret"].value } - - variable "infisical_client_id" { type = string } diff --git a/infrastructure/aws/variables.tf b/infrastructure/aws/variables.tf index 53a5f69..7ccb6b8 100644 --- a/infrastructure/aws/variables.tf +++ b/infrastructure/aws/variables.tf @@ -1,10 +1,17 @@ -data "infisical_secrets" "aws_folder" { - env_slug = "dev" - workspace_id = var.infisical_workspace_id - folder_path = "/aws" -} - variable "infisical_workspace_id" { type = string default = "d1ee8b80-118c-4daf-ae84-31da43261b76" -} \ No newline at end of file +} + +# RDS credentials passed from GitHub module +variable "rds_username" { + description = "RDS username" + type = string + sensitive = true +} + +variable "rds_password" { + description = "RDS password" + type = string + sensitive = true +} diff --git a/infrastructure/github/outputs.tf b/infrastructure/github/outputs.tf new file mode 100644 index 0000000..15b5278 --- /dev/null +++ b/infrastructure/github/outputs.tf @@ -0,0 +1,19 @@ +# Export RDS credentials from GitHub module +output "rds_username" { + description = "RDS username from Infisical" + value = data.infisical_secrets.aws_folder.secrets["rds-username"].value + sensitive = true +} + +output "rds_password" { + description = "RDS password from Infisical" + value = data.infisical_secrets.aws_folder.secrets["rds-password"].value + sensitive = true +} + +# Export other useful values +output "github_repository_name" { + description = "Name of the GitHub repository" + value = github_repository.branch.name +} + diff --git a/infrastructure/github/secrets.tf b/infrastructure/github/secrets.tf index 3b03076..e728384 100644 --- a/infrastructure/github/secrets.tf +++ b/infrastructure/github/secrets.tf @@ -17,6 +17,8 @@ data "infisical_secrets" "infisical_folder" { } + + resource "github_actions_secret" "aws_access_key_id" { repository = github_repository.branch.name secret_name = "AWS_ACCESS_KEY_ID" diff --git a/infrastructure/root.tf b/infrastructure/root.tf new file mode 100644 index 0000000..b916a44 --- /dev/null +++ b/infrastructure/root.tf @@ -0,0 +1,108 @@ +# Root module that demonstrates how to pass data between modules + +# Configure providers +terraform { + required_providers { + github = { + source = "integrations/github" + version = "~> 6.0" + } + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + infisical = { + source = "infisical/infisical" + version = "~> 0.8" + } + } +} + +# Configure the GitHub Provider +provider "github" { + token = var.github_token +} + +# Configure the AWS Provider +provider "aws" { + region = var.aws_region +} + +# Configure the Infisical Provider +provider "infisical" { + client_id = var.infisical_client_id + client_secret = var.infisical_client_secret +} + +# GitHub module - this will fetch RDS credentials from Infisical +module "github" { + source = "./github" + + infisical_client_id = var.infisical_client_id + infisical_client_secret = var.infisical_client_secret + infisical_workspace_id = var.infisical_workspace_id + repository_collaborators = var.repository_collaborators +} + +# AWS module - receives RDS credentials from GitHub module +module "aws" { + source = "./aws" + + # Pass RDS credentials from GitHub module outputs + rds_username = module.github.rds_username + rds_password = module.github.rds_password + + infisical_workspace_id = var.infisical_workspace_id +} + +# Variables for the root module +variable "github_token" { + description = "GitHub personal access token" + type = string + sensitive = true +} + +variable "aws_region" { + description = "AWS region" + type = string + default = "us-east-1" +} + +variable "infisical_client_id" { + description = "Infisical client ID" + type = string + sensitive = true +} + +variable "infisical_client_secret" { + description = "Infisical client secret" + type = string + sensitive = true +} + +variable "infisical_workspace_id" { + description = "Infisical workspace ID" + type = string + default = "d1ee8b80-118c-4daf-ae84-31da43261b76" +} + +variable "repository_collaborators" { + description = "List of GitHub users to add as collaborators" + type = list(object({ + username = string + permission = string + })) + default = [] +} + +# Outputs from the root module +output "rds_endpoint" { + description = "RDS instance endpoint" + value = module.aws.rds_endpoint +} + +output "github_repository_name" { + description = "GitHub repository name" + value = module.github.github_repository_name +} + From 85cd8ba309e504545479745a32e0824cb6f6d2a1 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 13:11:47 -0400 Subject: [PATCH 08/25] added version to root --- infrastructure/.terraform-version | 1 + 1 file changed, 1 insertion(+) create mode 100644 infrastructure/.terraform-version diff --git a/infrastructure/.terraform-version b/infrastructure/.terraform-version new file mode 100644 index 0000000..f88cf52 --- /dev/null +++ b/infrastructure/.terraform-version @@ -0,0 +1 @@ +1.13.0 \ No newline at end of file From a8251b330dda12e35d0dd04798b9e920cdeb0293 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 28 Sep 2025 17:12:09 +0000 Subject: [PATCH 09/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/README.md | 44 +++++++++++++++++++++++++++++++++ infrastructure/aws/README.md | 3 ++- infrastructure/github/README.md | 6 ++++- 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 infrastructure/README.md diff --git a/infrastructure/README.md b/infrastructure/README.md new file mode 100644 index 0000000..54f0707 --- /dev/null +++ b/infrastructure/README.md @@ -0,0 +1,44 @@ +# Terraform Module + + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | ~> 5.0 | +| [github](#requirement\_github) | ~> 6.0 | +| [infisical](#requirement\_infisical) | ~> 0.8 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [aws](#module\_aws) | ./aws | n/a | +| [github](#module\_github) | ./github | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"us-east-1"` | no | +| [github\_token](#input\_github\_token) | GitHub personal access token | `string` | n/a | yes | +| [infisical\_client\_id](#input\_infisical\_client\_id) | Infisical client ID | `string` | n/a | yes | +| [infisical\_client\_secret](#input\_infisical\_client\_secret) | Infisical client secret | `string` | n/a | yes | +| [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | Infisical workspace ID | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | +| [repository\_collaborators](#input\_repository\_collaborators) | List of GitHub users to add as collaborators | 
list(object({
    username   = string
    permission = string
  }))
| `[]` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [github\_repository\_name](#output\_github\_repository\_name) | GitHub repository name | +| [rds\_endpoint](#output\_rds\_endpoint) | RDS instance endpoint | + diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md index 458d8c7..6758240 100644 --- a/infrastructure/aws/README.md +++ b/infrastructure/aws/README.md @@ -26,7 +26,6 @@ No modules. | [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | | [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | | [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | -| [infisical_secrets.aws_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | | [infisical_secrets.github_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | | [infisical_secrets.infisical_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | @@ -37,6 +36,8 @@ No modules. | [infisical\_client\_id](#input\_infisical\_client\_id) | n/a | `string` | n/a | yes | | [infisical\_client\_secret](#input\_infisical\_client\_secret) | n/a | `string` | n/a | yes | | [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | n/a | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | +| [rds\_password](#input\_rds\_password) | RDS password | `string` | n/a | yes | +| [rds\_username](#input\_rds\_username) | RDS username | `string` | n/a | yes | ## Outputs diff --git a/infrastructure/github/README.md b/infrastructure/github/README.md index 866ca0a..cc2031d 100644 --- a/infrastructure/github/README.md +++ b/infrastructure/github/README.md @@ -45,5 +45,9 @@ No modules. ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [github\_repository\_name](#output\_github\_repository\_name) | Name of the GitHub repository | +| [rds\_password](#output\_rds\_password) | RDS password from Infisical | +| [rds\_username](#output\_rds\_username) | RDS username from Infisical | From dc0100a9450ae76a39669be9065da629de48d510 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 13:36:29 -0400 Subject: [PATCH 10/25] no more root --- infrastructure/.terraform-version | 1 - infrastructure/root.tf | 108 ------------------------------ 2 files changed, 109 deletions(-) delete mode 100644 infrastructure/.terraform-version delete mode 100644 infrastructure/root.tf diff --git a/infrastructure/.terraform-version b/infrastructure/.terraform-version deleted file mode 100644 index f88cf52..0000000 --- a/infrastructure/.terraform-version +++ /dev/null @@ -1 +0,0 @@ -1.13.0 \ No newline at end of file diff --git a/infrastructure/root.tf b/infrastructure/root.tf deleted file mode 100644 index b916a44..0000000 --- a/infrastructure/root.tf +++ /dev/null @@ -1,108 +0,0 @@ -# Root module that demonstrates how to pass data between modules - -# Configure providers -terraform { - required_providers { - github = { - source = "integrations/github" - version = "~> 6.0" - } - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - infisical = { - source = "infisical/infisical" - version = "~> 0.8" - } - } -} - -# Configure the GitHub Provider -provider "github" { - token = var.github_token -} - -# Configure the AWS Provider -provider "aws" { - region = var.aws_region -} - -# Configure the Infisical Provider -provider "infisical" { - client_id = var.infisical_client_id - client_secret = var.infisical_client_secret -} - -# GitHub module - this will fetch RDS credentials from Infisical -module "github" { - source = "./github" - - infisical_client_id = var.infisical_client_id - infisical_client_secret = var.infisical_client_secret - infisical_workspace_id = var.infisical_workspace_id - repository_collaborators = var.repository_collaborators -} - -# AWS module - receives RDS credentials from GitHub module -module "aws" { - source = "./aws" - - # Pass RDS credentials from GitHub module outputs - rds_username = module.github.rds_username - rds_password = module.github.rds_password - - infisical_workspace_id = var.infisical_workspace_id -} - -# Variables for the root module -variable "github_token" { - description = "GitHub personal access token" - type = string - sensitive = true -} - -variable "aws_region" { - description = "AWS region" - type = string - default = "us-east-1" -} - -variable "infisical_client_id" { - description = "Infisical client ID" - type = string - sensitive = true -} - -variable "infisical_client_secret" { - description = "Infisical client secret" - type = string - sensitive = true -} - -variable "infisical_workspace_id" { - description = "Infisical workspace ID" - type = string - default = "d1ee8b80-118c-4daf-ae84-31da43261b76" -} - -variable "repository_collaborators" { - description = "List of GitHub users to add as collaborators" - type = list(object({ - username = string - permission = string - })) - default = [] -} - -# Outputs from the root module -output "rds_endpoint" { - description = "RDS instance endpoint" - value = module.aws.rds_endpoint -} - -output "github_repository_name" { - description = "GitHub repository name" - value = module.github.github_repository_name -} - From afdb2682a0ded853ed995d12367b978372a17fc4 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 13:39:16 -0400 Subject: [PATCH 11/25] added githug repo resource in aws --- infrastructure/aws/secrets.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/infrastructure/aws/secrets.tf b/infrastructure/aws/secrets.tf index aebf533..3ae4d5f 100644 --- a/infrastructure/aws/secrets.tf +++ b/infrastructure/aws/secrets.tf @@ -8,14 +8,18 @@ data "infisical_secrets" "infisical_folder" { workspace_id = var.infisical_workspace_id folder_path = "/infisical" } + +data "github_repository" "branch" { + name = "branch" +} resource "github_actions_secret" "infisical_client_id" { - repository = github_repository.branch.name + repository = data.github_repository.branch.name secret_name = "INFISICAL_CLIENT_ID" plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-id"].value } resource "github_actions_secret" "infisical_client_secret" { - repository = github_repository.branch.name + repository = data.github_repository.branch.name secret_name = "INFISICAL_CLIENT_SECRET" plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-secret"].value } From 804127573133bc8c1be151eaa840c05c494153cb Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 28 Sep 2025 17:39:40 +0000 Subject: [PATCH 12/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/aws/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md index 6758240..12a2f95 100644 --- a/infrastructure/aws/README.md +++ b/infrastructure/aws/README.md @@ -26,6 +26,7 @@ No modules. | [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | | [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | | [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | +| [github_repository.branch](https://registry.terraform.io/providers/hashicorp/github/latest/docs/data-sources/repository) | data source | | [infisical_secrets.github_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | | [infisical_secrets.infisical_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | From 27691e6c3e86ef6c3c4906b4a321edcae427a762 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 13:52:38 -0400 Subject: [PATCH 13/25] added github as resource --- infrastructure/aws/providers.tf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/infrastructure/aws/providers.tf b/infrastructure/aws/providers.tf index b73dae3..052fad8 100644 --- a/infrastructure/aws/providers.tf +++ b/infrastructure/aws/providers.tf @@ -4,6 +4,10 @@ terraform { source = "hashicorp/aws" version = "6.14.1" } + github = { + source = "integrations/github" + version = "~> 6.6" + } infisical = { source = "infisical/infisical" } @@ -14,6 +18,11 @@ provider "aws" { region = "us-east-2" } +provider "github" { + owner = "Code-4-Community" + token = data.infisical_secrets.github_folder.secrets["branch-gh-admin"].value +} + provider "infisical" { host = "https://app.infisical.com" auth = { @@ -22,4 +31,4 @@ provider "infisical" { client_secret = var.infisical_client_secret } } -} \ No newline at end of file +} From ed38dc48a919e3514ffee933741fbcb98bd485ee Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 28 Sep 2025 17:53:09 +0000 Subject: [PATCH 14/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/aws/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md index 12a2f95..f9a18af 100644 --- a/infrastructure/aws/README.md +++ b/infrastructure/aws/README.md @@ -6,13 +6,14 @@ | Name | Version | |------|---------| | [aws](#requirement\_aws) | 6.14.1 | +| [github](#requirement\_github) | ~> 6.6 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | 6.14.1 | -| [github](#provider\_github) | n/a | +| [github](#provider\_github) | ~> 6.6 | | [infisical](#provider\_infisical) | n/a | ## Modules @@ -24,9 +25,9 @@ No modules. | Name | Type | |------|------| | [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | -| [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | -| [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/hashicorp/github/latest/docs/resources/actions_secret) | resource | -| [github_repository.branch](https://registry.terraform.io/providers/hashicorp/github/latest/docs/data-sources/repository) | data source | +| [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | +| [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | +| [github_repository.branch](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source | | [infisical_secrets.github_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | | [infisical_secrets.infisical_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | From 447c866f4adf1da391acc155b648deb9f4022109 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 14:04:12 -0400 Subject: [PATCH 15/25] x --- infrastructure/aws/providers.tf | 4 ---- infrastructure/aws/secrets.tf | 23 ++++++++++++++++++++--- infrastructure/aws/variables.tf | 17 ----------------- 3 files changed, 20 insertions(+), 24 deletions(-) diff --git a/infrastructure/aws/providers.tf b/infrastructure/aws/providers.tf index 052fad8..3b19b70 100644 --- a/infrastructure/aws/providers.tf +++ b/infrastructure/aws/providers.tf @@ -18,10 +18,6 @@ provider "aws" { region = "us-east-2" } -provider "github" { - owner = "Code-4-Community" - token = data.infisical_secrets.github_folder.secrets["branch-gh-admin"].value -} provider "infisical" { host = "https://app.infisical.com" diff --git a/infrastructure/aws/secrets.tf b/infrastructure/aws/secrets.tf index 3ae4d5f..728a2f0 100644 --- a/infrastructure/aws/secrets.tf +++ b/infrastructure/aws/secrets.tf @@ -3,12 +3,19 @@ data "infisical_secrets" "github_folder" { workspace_id = var.infisical_workspace_id folder_path = "/github" } + data "infisical_secrets" "infisical_folder" { env_slug = "dev" workspace_id = var.infisical_workspace_id folder_path = "/infisical" } +data "infisical_secrets" "aws_folder" { + env_slug = "dev" + workspace_id = var.infisical_workspace_id + folder_path = "/aws/rds" +} + data "github_repository" "branch" { name = "branch" } @@ -24,10 +31,20 @@ resource "github_actions_secret" "infisical_client_secret" { plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-secret"].value } -variable "infisical_client_id" { - type = string + +resource "infisical_client_secret" "rds_username" { + secret_name = "RDS_USERNAME" + plaintext_value = data.infisical_secrets.infisical_folder.secrets["rds-username"].value +} +resource "infisical_client_secret" "rds_password" { + secret_name = "RDS_PASSWORD" + plaintext_value = data.infisical_secrets.infisical_folder.secrets["rds-password"].value } -variable "infisical_client_secret" { +variable "rds_username" { type = string } + +variable "rds_password" { + type = string +} \ No newline at end of file diff --git a/infrastructure/aws/variables.tf b/infrastructure/aws/variables.tf index 7ccb6b8..e69de29 100644 --- a/infrastructure/aws/variables.tf +++ b/infrastructure/aws/variables.tf @@ -1,17 +0,0 @@ -variable "infisical_workspace_id" { - type = string - default = "d1ee8b80-118c-4daf-ae84-31da43261b76" -} - -# RDS credentials passed from GitHub module -variable "rds_username" { - description = "RDS username" - type = string - sensitive = true -} - -variable "rds_password" { - description = "RDS password" - type = string - sensitive = true -} From c36a45dbd7178be68929acc8fb300e5a025209d7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 28 Sep 2025 18:04:35 +0000 Subject: [PATCH 16/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/aws/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md index f9a18af..2984790 100644 --- a/infrastructure/aws/README.md +++ b/infrastructure/aws/README.md @@ -27,7 +27,10 @@ No modules. | [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | | [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | | [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | +| [infisical_client_secret.rds_password](https://registry.terraform.io/providers/infisical/infisical/latest/docs/resources/client_secret) | resource | +| [infisical_client_secret.rds_username](https://registry.terraform.io/providers/infisical/infisical/latest/docs/resources/client_secret) | resource | | [github_repository.branch](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source | +| [infisical_secrets.aws_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | | [infisical_secrets.github_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | | [infisical_secrets.infisical_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | @@ -35,11 +38,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [infisical\_client\_id](#input\_infisical\_client\_id) | n/a | `string` | n/a | yes | -| [infisical\_client\_secret](#input\_infisical\_client\_secret) | n/a | `string` | n/a | yes | -| [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | n/a | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | -| [rds\_password](#input\_rds\_password) | RDS password | `string` | n/a | yes | -| [rds\_username](#input\_rds\_username) | RDS username | `string` | n/a | yes | +| [rds\_password](#input\_rds\_password) | n/a | `string` | n/a | yes | +| [rds\_username](#input\_rds\_username) | n/a | `string` | n/a | yes | ## Outputs From 36a4161a0c590061f99ec0596b23c1f029860dbd Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 14:20:58 -0400 Subject: [PATCH 17/25] try this --- infrastructure/aws/main.tf | 4 +-- infrastructure/aws/providers.tf | 4 --- infrastructure/aws/secrets.tf | 48 ++++---------------------------- infrastructure/aws/variables.tf | 4 +++ infrastructure/github/README.md | 6 +--- infrastructure/github/secrets.tf | 2 -- 6 files changed, 13 insertions(+), 55 deletions(-) diff --git a/infrastructure/aws/main.tf b/infrastructure/aws/main.tf index 634a812..6e80a36 100644 --- a/infrastructure/aws/main.tf +++ b/infrastructure/aws/main.tf @@ -4,8 +4,8 @@ resource "aws_db_instance" "branch_rds" { engine = "postgres" engine_version = "18.0" instance_class = "db.t3.micro" - username = var.rds_username - password = var.rds_password + username = data.infisical_secrets.rds_folder.secrets["username"].value + password = data.infisical_secrets.rds_folder.secrets["password"].value parameter_group_name = "default.postgres18.0" skip_final_snapshot = true } diff --git a/infrastructure/aws/providers.tf b/infrastructure/aws/providers.tf index 3b19b70..24b628b 100644 --- a/infrastructure/aws/providers.tf +++ b/infrastructure/aws/providers.tf @@ -4,10 +4,6 @@ terraform { source = "hashicorp/aws" version = "6.14.1" } - github = { - source = "integrations/github" - version = "~> 6.6" - } infisical = { source = "infisical/infisical" } diff --git a/infrastructure/aws/secrets.tf b/infrastructure/aws/secrets.tf index 728a2f0..3492ede 100644 --- a/infrastructure/aws/secrets.tf +++ b/infrastructure/aws/secrets.tf @@ -1,50 +1,14 @@ -data "infisical_secrets" "github_folder" { - env_slug = "dev" - workspace_id = var.infisical_workspace_id - folder_path = "/github" +variable "infisical_client_id" { + type = string } -data "infisical_secrets" "infisical_folder" { - env_slug = "dev" - workspace_id = var.infisical_workspace_id - folder_path = "/infisical" +variable "infisical_client_secret" { + type = string } -data "infisical_secrets" "aws_folder" { + +data "infisical_secrets" "rds_folder" { env_slug = "dev" workspace_id = var.infisical_workspace_id folder_path = "/aws/rds" } - -data "github_repository" "branch" { - name = "branch" -} -resource "github_actions_secret" "infisical_client_id" { - repository = data.github_repository.branch.name - secret_name = "INFISICAL_CLIENT_ID" - plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-id"].value -} - -resource "github_actions_secret" "infisical_client_secret" { - repository = data.github_repository.branch.name - secret_name = "INFISICAL_CLIENT_SECRET" - plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-secret"].value -} - - -resource "infisical_client_secret" "rds_username" { - secret_name = "RDS_USERNAME" - plaintext_value = data.infisical_secrets.infisical_folder.secrets["rds-username"].value -} -resource "infisical_client_secret" "rds_password" { - secret_name = "RDS_PASSWORD" - plaintext_value = data.infisical_secrets.infisical_folder.secrets["rds-password"].value -} - -variable "rds_username" { - type = string -} - -variable "rds_password" { - type = string -} \ No newline at end of file diff --git a/infrastructure/aws/variables.tf b/infrastructure/aws/variables.tf index e69de29..09cfdd9 100644 --- a/infrastructure/aws/variables.tf +++ b/infrastructure/aws/variables.tf @@ -0,0 +1,4 @@ +variable "infisical_workspace_id" { + type = string + default = "d1ee8b80-118c-4daf-ae84-31da43261b76" +} diff --git a/infrastructure/github/README.md b/infrastructure/github/README.md index cc2031d..866ca0a 100644 --- a/infrastructure/github/README.md +++ b/infrastructure/github/README.md @@ -45,9 +45,5 @@ No modules. ## Outputs -| Name | Description | -|------|-------------| -| [github\_repository\_name](#output\_github\_repository\_name) | Name of the GitHub repository | -| [rds\_password](#output\_rds\_password) | RDS password from Infisical | -| [rds\_username](#output\_rds\_username) | RDS username from Infisical | +No outputs. diff --git a/infrastructure/github/secrets.tf b/infrastructure/github/secrets.tf index e728384..3b03076 100644 --- a/infrastructure/github/secrets.tf +++ b/infrastructure/github/secrets.tf @@ -17,8 +17,6 @@ data "infisical_secrets" "infisical_folder" { } - - resource "github_actions_secret" "aws_access_key_id" { repository = github_repository.branch.name secret_name = "AWS_ACCESS_KEY_ID" From f8eb3d4e9d85ccbd58574393ff6315698c647a86 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 28 Sep 2025 18:21:22 +0000 Subject: [PATCH 18/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/aws/README.md | 16 ++++------------ infrastructure/github/README.md | 6 +++++- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/infrastructure/aws/README.md b/infrastructure/aws/README.md index 2984790..163d22c 100644 --- a/infrastructure/aws/README.md +++ b/infrastructure/aws/README.md @@ -6,14 +6,12 @@ | Name | Version | |------|---------| | [aws](#requirement\_aws) | 6.14.1 | -| [github](#requirement\_github) | ~> 6.6 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | 6.14.1 | -| [github](#provider\_github) | ~> 6.6 | | [infisical](#provider\_infisical) | n/a | ## Modules @@ -25,21 +23,15 @@ No modules. | Name | Type | |------|------| | [aws_db_instance.branch_rds](https://registry.terraform.io/providers/hashicorp/aws/6.14.1/docs/resources/db_instance) | resource | -| [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | -| [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | -| [infisical_client_secret.rds_password](https://registry.terraform.io/providers/infisical/infisical/latest/docs/resources/client_secret) | resource | -| [infisical_client_secret.rds_username](https://registry.terraform.io/providers/infisical/infisical/latest/docs/resources/client_secret) | resource | -| [github_repository.branch](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source | -| [infisical_secrets.aws_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | -| [infisical_secrets.github_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | -| [infisical_secrets.infisical_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | +| [infisical_secrets.rds_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [rds\_password](#input\_rds\_password) | n/a | `string` | n/a | yes | -| [rds\_username](#input\_rds\_username) | n/a | `string` | n/a | yes | +| [infisical\_client\_id](#input\_infisical\_client\_id) | n/a | `string` | n/a | yes | +| [infisical\_client\_secret](#input\_infisical\_client\_secret) | n/a | `string` | n/a | yes | +| [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | n/a | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | ## Outputs diff --git a/infrastructure/github/README.md b/infrastructure/github/README.md index 866ca0a..cc2031d 100644 --- a/infrastructure/github/README.md +++ b/infrastructure/github/README.md @@ -45,5 +45,9 @@ No modules. ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [github\_repository\_name](#output\_github\_repository\_name) | Name of the GitHub repository | +| [rds\_password](#output\_rds\_password) | RDS password from Infisical | +| [rds\_username](#output\_rds\_username) | RDS username from Infisical | From 25a5567d189f39ff25a19233be7f5b7a46be2fc1 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Sun, 28 Sep 2025 14:22:46 -0400 Subject: [PATCH 19/25] no output --- infrastructure/github/outputs.tf | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 infrastructure/github/outputs.tf diff --git a/infrastructure/github/outputs.tf b/infrastructure/github/outputs.tf deleted file mode 100644 index 15b5278..0000000 --- a/infrastructure/github/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Export RDS credentials from GitHub module -output "rds_username" { - description = "RDS username from Infisical" - value = data.infisical_secrets.aws_folder.secrets["rds-username"].value - sensitive = true -} - -output "rds_password" { - description = "RDS password from Infisical" - value = data.infisical_secrets.aws_folder.secrets["rds-password"].value - sensitive = true -} - -# Export other useful values -output "github_repository_name" { - description = "Name of the GitHub repository" - value = github_repository.branch.name -} - From 8bcbdd1bf83ba338868b7d698e9ce792f3b501f0 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Wed, 1 Oct 2025 14:24:23 -0400 Subject: [PATCH 20/25] formatting --- infrastructure/aws/backend.tf | 2 +- infrastructure/aws/main.tf | 2 +- infrastructure/aws/providers.tf | 3 +-- infrastructure/aws/secrets.tf | 3 +-- infrastructure/aws/variables.tf | 2 +- infrastructure/github/README.md | 1 + 6 files changed, 6 insertions(+), 7 deletions(-) diff --git a/infrastructure/aws/backend.tf b/infrastructure/aws/backend.tf index d995729..6a28c27 100644 --- a/infrastructure/aws/backend.tf +++ b/infrastructure/aws/backend.tf @@ -6,4 +6,4 @@ terraform { dynamodb_table = "terraform-state-lock" encrypt = true } -} +} \ No newline at end of file diff --git a/infrastructure/aws/main.tf b/infrastructure/aws/main.tf index 6e80a36..e649ee1 100644 --- a/infrastructure/aws/main.tf +++ b/infrastructure/aws/main.tf @@ -8,4 +8,4 @@ resource "aws_db_instance" "branch_rds" { password = data.infisical_secrets.rds_folder.secrets["password"].value parameter_group_name = "default.postgres18.0" skip_final_snapshot = true -} +} \ No newline at end of file diff --git a/infrastructure/aws/providers.tf b/infrastructure/aws/providers.tf index 24b628b..b73dae3 100644 --- a/infrastructure/aws/providers.tf +++ b/infrastructure/aws/providers.tf @@ -14,7 +14,6 @@ provider "aws" { region = "us-east-2" } - provider "infisical" { host = "https://app.infisical.com" auth = { @@ -23,4 +22,4 @@ provider "infisical" { client_secret = var.infisical_client_secret } } -} +} \ No newline at end of file diff --git a/infrastructure/aws/secrets.tf b/infrastructure/aws/secrets.tf index 3492ede..9ac70cf 100644 --- a/infrastructure/aws/secrets.tf +++ b/infrastructure/aws/secrets.tf @@ -6,9 +6,8 @@ variable "infisical_client_secret" { type = string } - data "infisical_secrets" "rds_folder" { env_slug = "dev" workspace_id = var.infisical_workspace_id folder_path = "/aws/rds" -} +} \ No newline at end of file diff --git a/infrastructure/aws/variables.tf b/infrastructure/aws/variables.tf index 09cfdd9..07d2fd5 100644 --- a/infrastructure/aws/variables.tf +++ b/infrastructure/aws/variables.tf @@ -1,4 +1,4 @@ variable "infisical_workspace_id" { type = string default = "d1ee8b80-118c-4daf-ae84-31da43261b76" -} +} \ No newline at end of file diff --git a/infrastructure/github/README.md b/infrastructure/github/README.md index cc2031d..1fd61fb 100644 --- a/infrastructure/github/README.md +++ b/infrastructure/github/README.md @@ -45,6 +45,7 @@ No modules. ## Outputs +No outputs. | Name | Description | |------|-------------| | [github\_repository\_name](#output\_github\_repository\_name) | Name of the GitHub repository | From 1fc1cf55da5e66f2b2aec31ba0dc0475fa4261f9 Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Wed, 8 Oct 2025 11:49:07 -0400 Subject: [PATCH 21/25] test variable --- infrastructure/github/secrets.tf | 1 + infrastructure/github/variables.tf | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/infrastructure/github/secrets.tf b/infrastructure/github/secrets.tf index 3b03076..36fada5 100644 --- a/infrastructure/github/secrets.tf +++ b/infrastructure/github/secrets.tf @@ -55,3 +55,4 @@ variable "infisical_workspace_id" { type = string default = "d1ee8b80-118c-4daf-ae84-31da43261b76" } + diff --git a/infrastructure/github/variables.tf b/infrastructure/github/variables.tf index 5bdb931..2b0bc6b 100644 --- a/infrastructure/github/variables.tf +++ b/infrastructure/github/variables.tf @@ -11,3 +11,8 @@ variable "repository_collaborators" { # } ] } + +variable "test_variable" { + type = string + default = "test" +} \ No newline at end of file From 14319b0da5b2be085171dcbdef55fd2e3c6a8075 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 8 Oct 2025 15:49:33 +0000 Subject: [PATCH 22/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/github/README.md | 6 +----- infrastructure/github/variables.tf | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/infrastructure/github/README.md b/infrastructure/github/README.md index 1fd61fb..0e11777 100644 --- a/infrastructure/github/README.md +++ b/infrastructure/github/README.md @@ -42,13 +42,9 @@ No modules. | [infisical\_client\_secret](#input\_infisical\_client\_secret) | n/a | `string` | n/a | yes | | [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | n/a | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | | [repository\_collaborators](#input\_repository\_collaborators) | List of GitHub users to add as collaborators | 
list(object({
    username   = string
    permission = string
  }))
| `[]` | no | +| [test\_variable](#input\_test\_variable) | n/a | `string` | `"test"` | no | ## Outputs No outputs. -| Name | Description | -|------|-------------| -| [github\_repository\_name](#output\_github\_repository\_name) | Name of the GitHub repository | -| [rds\_password](#output\_rds\_password) | RDS password from Infisical | -| [rds\_username](#output\_rds\_username) | RDS username from Infisical | diff --git a/infrastructure/github/variables.tf b/infrastructure/github/variables.tf index 2b0bc6b..184e2b0 100644 --- a/infrastructure/github/variables.tf +++ b/infrastructure/github/variables.tf @@ -13,6 +13,6 @@ variable "repository_collaborators" { } variable "test_variable" { - type = string + type = string default = "test" } \ No newline at end of file From c474027d0b2cd1526499fd4e156bcdf4faa9798b Mon Sep 17 00:00:00 2001 From: Dennis Wang <66754085+denniwang@users.noreply.github.com> Date: Thu, 9 Oct 2025 09:13:48 -0700 Subject: [PATCH 23/25] Update infrastructure/github/variables.tf Co-authored-by: Nour Shoreibah <168875317+nourshoreibah@users.noreply.github.com> --- infrastructure/github/variables.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/infrastructure/github/variables.tf b/infrastructure/github/variables.tf index 184e2b0..e17d6a6 100644 --- a/infrastructure/github/variables.tf +++ b/infrastructure/github/variables.tf @@ -10,9 +10,4 @@ variable "repository_collaborators" { # permission = "push" # } ] -} - -variable "test_variable" { - type = string - default = "test" } \ No newline at end of file From 17e2731030e109ac6d0bf69c8a7d74de501549ae Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 9 Oct 2025 16:15:24 +0000 Subject: [PATCH 24/25] chore: auto-format terraform and update documentation - Auto-formatted .tf files with terraform fmt - Updated README.md with terraform-docs Co-authored-by: denniwang --- infrastructure/github/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/infrastructure/github/README.md b/infrastructure/github/README.md index 0e11777..866ca0a 100644 --- a/infrastructure/github/README.md +++ b/infrastructure/github/README.md @@ -42,7 +42,6 @@ No modules. | [infisical\_client\_secret](#input\_infisical\_client\_secret) | n/a | `string` | n/a | yes | | [infisical\_workspace\_id](#input\_infisical\_workspace\_id) | n/a | `string` | `"d1ee8b80-118c-4daf-ae84-31da43261b76"` | no | | [repository\_collaborators](#input\_repository\_collaborators) | List of GitHub users to add as collaborators | 
list(object({
    username   = string
    permission = string
  }))
| `[]` | no | -| [test\_variable](#input\_test\_variable) | n/a | `string` | `"test"` | no | ## Outputs From ec4b9791b4f77782412300fb6bbbac05aedfb233 Mon Sep 17 00:00:00 2001 From: nourshoreibah Date: Thu, 9 Oct 2025 13:05:33 -0400 Subject: [PATCH 25/25] trigger ci