Reorganize Repo

Author: simonzhekoff

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+indent_style = space
+indent_size = 2

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a bug report to help us improve.
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior including the relevant Terraform version number and any code snippets and module inputs you used.
+
+```hcl
+// paste code snippets here
+```
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Nice to have**
+- [ ] Terminal output
+- [ ] Screenshots
+- [ ] OS and Terraform versions
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,25 @@
+---
+name: Feature request
+about: Submit a feature request for this repo.
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+## Describe the solution you'd like
+
+<!-- A clear and concise description of what you want to happen and the expected benefits. -->
+
+## Describe alternatives you've considered
+
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
+
+## Additional context
+
+<!-- Add any other context or screenshots about the feature request here. -->
+
+## Checklist
+- [ ] I have checked if a similar feature request already exists.
+- [ ] I believe this feature would be beneficial to a wider audience and aligns with the project's goals.
+- [ ] I have considered potential downsides or challenges of implementing this feature.

.github/pull_request_template.md

@@ -0,0 +1,22 @@
+## Description
+
+<!-- Please, provide a brief description of the changes you've made in this pull request. -->
+
+## Related Issues
+
+<!-- Links to related issues, fixed issues or partially addressed by this PR. -->
+
+## Changes
+
+<!-- List the main changes or features introduced by this PR -->
+
+## Screenshots (if applicable)
+
+<!-- Add any relevant screenshots or GIFs to showcase the changes visually -->
+
+## Checklist
+
+- [ ] I have tested these changes thoroughly.
+- [ ] My code follows the project's coding style.
+- [ ] I have added appropriate comments to my code, especially in complex areas.
+- [ ] All new and existing tests passed locally.

.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+name: Continuous Integration
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  analyze:
+    name: Analyze the Terraform scripts
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - id: clone_repository
+        name: Clone repository
+        # actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+      - id: setup_terraform
+        name: Setup Terraform CLI
+        # hashicorp/setup-terraform@v3.0.0
+        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36
+
+      - id: run_terraform_init
+        name: Run Terraform init
+        run: terraform init
+
+      - id: run_terraform_fmt
+        name: Run Terraform format check
+        run: terraform fmt -check -recursive
+
+      - id: run_terraform_validate
+        name: Run Terraform validate check
+        run: terraform validate
+
+      - id: run_trivy_config
+        name: Run Trivy vulnerability scanner
+        # aquasecurity/trivy-action@v0.16.0
+        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601
+        with:
+          scan-type: config
+          trivy-config: trivy.yaml
+          hide-progress: false
+          format: sarif
+          output: trivy.sarif
+
+      - id: run_sarif_upload
+        name: Upload Trivy SARIF results
+        # github/codeql-action/upload-sarif@v2.22.9
+        uses: github/codeql-action/upload-sarif@382a50a0284c0de445104889a9d6003acb4b3c1d
+        timeout-minutes: 1
+        with:
+          sarif_file: trivy.sarif

.github/workflows/docs.yml

@@ -0,0 +1,29 @@
+name: "Continuous Integration: Terraform Docs"
+
+on:
+  pull_request:
+
+jobs:
+  docs:
+    name: Generate Terraform documentation
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - id: clone_repository
+        name: Clone repository
+        # actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - id: run_terraform_docs
+        name: Render terraform docs and push changes back to PR
+        # terraform-docs/gh-actions@1.0.0
+        uses: terraform-docs/gh-actions@f6d59f89a280fa0a3febf55ef68f146784b20ba0
+        with:
+          working-dir: .
+          output-file: README.md
+          config-file: terraform-docs.yml
+          output-method: inject
+          git-push: "true"
+          git-commit-message: "terraform-docs: updated markdown table"

.trivyignore

@@ -0,0 +1,3 @@
+AVD-GCP-0027
+AVD-GCP-0031
+

CHANGELOG.md

@@ -0,0 +1,3 @@
+## 0.1.0
+
+* Initial version for GraphDB GCP module

CODEOWNERS

@@ -0,0 +1 @@
+@Ontotext-AD/tes

CONTRIBUTING.md

@@ -0,0 +1,48 @@
+# Contributing to GraphDB GCP Terraform Module
+
+Here are a few guidelines to help you get started.
+
+## Getting Started
+
+1. Fork this repository.
+2. Clone your forked repository to your local machine.
+3. Create a new branch for your changes: `git checkout -b feature/my-new-feature`.
+4. Make your changes and test them thoroughly.
+5. Commit your changes: `git commit -m "Add some feature"`.
+6. Push your changes to your fork: `git push origin feature/my-new-feature`.
+7. Create a pull request from your branch to the main repository's `main` branch.
+
+## Code Style
+
+Make sure your code follows our and Terraform coding styles.
+
+## Tests
+
+If applicable, add or update tests to ensure your changes work as intended.
+
+## Documentation
+
+If your changes introduce new features, update the documentation to reflect those changes.
+
+## Commit Message Guidelines
+
+Please use meaningful commit messages. Follow the format:
+
+```
+[Type] Short description
+
+Longer description of the changes, especially whys.
+```
+
+Types: `[Feature]`, `[Fix]`, `[Docs]`, `[Refactor]`, `[Chore]`, `[Style]`
+
+## Pull Request Checklist
+
+- [ ] I have tested these changes thoroughly.
+- [ ] My code follows the project's coding style.
+- [ ] I have added appropriate comments to my code, especially in complex areas.
+- [ ] All new and existing tests passed locally.
+
+## Feedback
+
+Feedback and suggestions are welcome! Feel free to open an issue if you have any questions or ideas.

README.md

@@ -1,5 +1,89 @@
 # GraphDB deployment package on GCP
 
+This terraform module allows you to deploy GraphDB instance in Google Compute Engine.
+
+## Table of contents
+
+- [About GraphDB](#about-graphdb)
+- [Features](#features)
+- [Versioning](#versioning)
+- [Prerequisites](#prerequisites)
+- [Inputs](#inputs)
+- [Quick Start](#quickstart)
+- [Metadata](#metadata)
+- [Resources](#resources)
+- [Local Development](#local-development)
+- [Release History](#release-history)
+- [Contributing](#contributing)
+- [License](#license)
+
+## About GraphDB
+
+<p align="center">
+  <a href="https://www.ontotext.com/products/graphdb/">
+    <picture>
+      <img src="https://www.ontotext.com/wp-content/uploads/2022/09/Logo-GraphDB.svg" alt="GraphDB logo" title="GraphDB"
+      height="75">
+    </picture>
+  </a>
+</p>
+
+Ontotext GraphDB is a highly efficient, scalable and robust graph database with RDF and SPARQL support. With excellent
+enterprise features,
+integration with external search applications, compatibility with industry standards, and both community and commercial
+support, GraphDB is the
+preferred database choice of both small independent developers and big enterprises.
+
+## Features
+
+The module provides the building blocks of configuring, deploying and provisioning a single VM of GraphDB
+using Google Compute Engine. Key features of the module include:
+
+- Google Cloud Compute Engine Instance
+
+## Versioning
+
+The Terraform module follows the Semantic Versioning 2.0.0 rules and has a release lifecycle separate from the GraphDB
+versions. The next table shows the version compatability between GraphDB, and the Terraform module.
+
+| GraphDB Terraform                                                              | GraphDB                                                                              |
+|--------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
+| [Version 0.0.1](https://github.com/Ontotext-AD/terraform-gcp-graphdb/releases) | [Version 10.7.x](https://graphdb.ontotext.com/documentation/10.7/release-notes.html) |
+
+You can track the particular version updates of GraphDB in the [changelog](CHANGELOG.md).
+
+## Prerequisites
+
+Before you begin using this Terraform module, ensure you meet the following prerequisites:
+
+- **Google Cloud CLI**:
+  [Google Cloud CLI](https://cloud.google.com/sdk/docs/install)
+
+- **Terraform Installed**: You should have Terraform installed on your local machine. You can download Terraform from
+  the [https://developer.hashicorp.com/terraform/install?product_intent=terraform](Terraform website).
+
+- **Google Cloud Credentials**: Ensure that you have Google Cloud credentials configured on your machine. You can configure Google Cloud access
+  keys and secret keys using the [Google Cloud CLI](https://cloud.google.com/docs/authentication/gcloud).
+
+- **Terraform Google Cloud Provider Configuration**: Configure the Google Cloud provider in your Terraform project. You can add your Google Cloud
+  access and secret keys as environment variables or use other methods for provider configuration.
+
+<!-- BEGIN_TF_DOCS -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| source\_image | Defines the VM image passed from the GCP Marketplace | `string` | `"projects/graphdb-public/global/images/ontotext-graphdb-10-7-3-202409031355"` | no |
+| goog\_cm\_deployment\_name | Deployment name | `string` | `"graphdb"` | no |
+| project\_id | Project in which the VM will be created | `string` | n/a | yes |
+| zone | The zone where the VM will be created | `string` | `"us-central1-a"` | no |
+| machine\_type | Type of the VM that will be created | `string` | `"n2-highmem-8"` | no |
+| boot\_disk\_size | Boot disk size in GBs | `number` | `500` | no |
+| boot\_disk\_type | Type of the boot disk | `string` | `"pd-ssd"` | no |
+| network\_interface | The network interface to attach the VM to | `string` | `"default"` | no |
+| allowed\_ingress\_cidrs | CIDR blocks that are allowed to access the GraphDB port | `list(string)` | ```[ "0.0.0.0/0" ]``` | no |
+<!-- END_TF_DOCS -->
+
 ## Quickstart
 
 ```shell
@@ -33,3 +117,37 @@ cft blueprint metadata -v -p .
   - https://github.com/GoogleCloudPlatform/marketplace-tools/blob/master/examples/terraform/wordpress/metadata.display.yaml
   - https://github.com/g-awmalik/terraform-google-canonical-mp/blob/main/metadata.display.yaml
 - Blueprint reference https://pkg.go.dev/github.com/GoogleCloudPlatform/cloud-foundation-toolkit/cli/bpmetadata
+
+## Local Development
+
+Instead of using the module dependency, you can create a local variables file named `terraform.tfvars` and provide
+configuration overrides there.
+Here's an example of a `terraform.tfvars` file:
+
+```hcl
+
+project_id = "example-project-id"
+
+zone = "us-central1-a"
+
+machine_type = "n2-highmem-8"
+
+boot_disk_size = "500"
+
+boot_disk_type = "pd-ssd"
+
+allowed_ingress_cidrs = ["0.0.0.0/0"]
+
+```
+
+## Release History
+
+All notable changes between version are tracked and documented at [CHANGELOG.md](CHANGELOG.md).
+
+## Contributing
+
+Check out the contributors guide [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## License
+
+This code is released under the Apache 2.0 License. See [LICENSE](LICENSE) for more details.

main.tf

@@ -12,7 +12,7 @@ resource "google_compute_instance" "graphdb" {
       # The boot disk must be set to the variable declared in Producer Portal
       image = var.source_image
       size  = var.boot_disk_size
-      type = var.boot_disk_type
+      type  = var.boot_disk_type
     }
   }
 
@@ -24,6 +24,18 @@ resource "google_compute_instance" "graphdb" {
     }
   }
 
+  # Block the usage of project-level SSH keys
+  metadata = {
+    block-project-ssh-keys = true
+  }
+
+  # Enable VTPM module
+  shielded_instance_config {
+    enable_secure_boot          = true
+    enable_vtpm                 = true
+    enable_integrity_monitoring = true
+  }
+
   tags = [var.goog_cm_deployment_name]
 }