First version (ported from internal infra)

Author: brainsik

.github/workflows/main.yml

@@ -0,0 +1,45 @@
+name: validate
+on: [push, pull_request]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: pip cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('ci/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: pre-commit cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.cache/pre-commit
+          key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pre-commit-
+
+      - name: ~/bin cache
+        uses: actions/cache@v3
+        with:
+          path: ~/bin
+          key: ${{ runner.os }}-homebin-${{ hashFiles('ci/versions.sh') }}
+          restore-keys: |
+            ${{ runner.os }}-homebin-
+
+      - name: Install pre-commit
+        run: python3 -m pip install --disable-pip-version-check -r ci/requirements.txt
+
+      - name: Install terraform-docs
+        run: ci/install-binary.sh terraform-docs
+
+      - name: Install tflint
+        run: ci/install-binary.sh tflint
+
+      - name: Run pre-commit tests
+        run: PATH="~/bin:$PATH" pre-commit run --all-files

.markdownlintrc

@@ -0,0 +1,5 @@
+{
+  "default": true,
+  "line_length": false,
+  "no-inline-html": false
+}

.pre-commit-config.yaml

@@ -0,0 +1,35 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-yaml
+      - id: detect-private-key
+      - id: end-of-file-fixer
+      - id: pretty-format-json
+        args:
+          - --autofix
+      - id: trailing-whitespace
+
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.41.0
+    hooks:
+      - id: markdownlint
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.93.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_tflint
+
+  - repo: https://github.com/terraform-docs/terraform-docs
+    rev: v0.18.0
+    hooks:
+      - id: terraform-docs-go
+        args: ["--output-file", "README.md", "."]
+
+  - repo: https://github.com/detailyang/pre-commit-shell
+    rev: 1.0.5
+    hooks:
+      - id: shell-lint

.shellcheckrc

@@ -0,0 +1 @@
+external-sources=true

.terraform-docs.yml

@@ -0,0 +1,8 @@
+formatter: "markdown table"
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->

CODE_OF_CONDUCT.md

@@ -0,0 +1,133 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+`tf-modules@theory.org`. All complaints will be reviewed and investigated
+promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 jeremy avnet
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,74 @@
+# terraform-cloudflare-dns-https
+
+Create ServiceMode [DNS HTTPS records](https://kalfeher.com/https-records-simple/) in Cloudflare.
+
+The Zone ID can be found on the Cloudflare overview page for the domain you
+want to add records to.
+
+## Usage
+
+To create an HTTPS record saying `example.com` is available via http/2 over TLS:
+
+```hcl
+module "tea_sh_https" {
+  source  = "brainsik/dns-https/cloudflare"
+  zone_id = "313372600deadcodebea5751993defc0"
+  name    = "example.com"
+
+  alpn = "h2"
+}
+```
+
+To create an HTTPS record saying `example.com` is available via http/3 or http/2 over TLS with IPs to use for initially establishing a connection:
+
+```hcl
+module "tea_sh_https" {
+  source  = "brainsik/dns-https/cloudflare"
+  zone_id = "313372600deadcodebea5751993defc0"
+  name    = "example.com"
+
+  alpn     = "h3,h2"
+  ipv4hint = "192.0.2.1"
+  ipv6hint = "2001:db8::1,2001:db8::2"
+}
+```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_cloudflare"></a> [cloudflare](#requirement\_cloudflare) | >= 4.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_cloudflare"></a> [cloudflare](#provider\_cloudflare) | >= 4.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [cloudflare_record.https](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/record) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alpn"></a> [alpn](#input\_alpn) | A comma separated list of short form ALPN identifiers (e.g., "h2" or "h3,h2") | `string` | n/a | yes |
+| <a name="input_ipv4hint"></a> [ipv4hint](#input\_ipv4hint) | A comma separated list of IPs | `string` | `""` | no |
+| <a name="input_ipv6hint"></a> [ipv6hint](#input\_ipv6hint) | A comma separated list of IPs | `string` | `""` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the record | `string` | n/a | yes |
+| <a name="input_priority"></a> [priority](#input\_priority) | Resource record priority | `number` | `1` | no |
+| <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | The Cloudflare DNS zone ID to add the record to | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

ci/install-binary.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+set -eu -o pipefail
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+# shellcheck source=ci/versions.sh
+source "$SCRIPT_DIR/versions.sh"
+
+bin_name=$1
+case "$bin_name" in
+    terraform-docs)
+        bin_name_ver="$bin_name-$TERRAFORM_DOCS_VER"
+        bin_dl_file="terraform-docs-$TERRAFORM_DOCS_VER-linux-amd64.tar.gz"
+        bin_dl_url="https://github.com/terraform-docs/terraform-docs/releases/download/$TERRAFORM_DOCS_VER/$bin_dl_file"
+        ;;
+    tflint)
+        bin_name_ver="$bin_name-$TFLINT_VER"
+        bin_dl_file="tflint_linux_amd64.zip"
+        bin_dl_url="https://github.com/terraform-linters/tflint/releases/download/$TFLINT_VER/$bin_dl_file"
+        ;;
+esac
+bin_path="$HOME/bin/$bin_name_ver"
+
+# Bail out if we already have this version installed
+if [[ -x "$bin_path" ]]; then
+    echo "✨ Found $bin_path"
+    exit 0
+fi
+
+# Ensure ~/bin exists
+mkdir -p "$HOME/bin"
+
+# Grab the archive from GitHub releases
+pushd "$(mktemp -d -t "$bin_name.XXXXXXXX")" >/dev/null
+curl --fail -# -L -o "$bin_dl_file" "$bin_dl_url"
+if echo "$bin_dl_file" | grep -q '\.tar\.gz$'; then
+    tar -xzf "$bin_dl_file"
+elif echo "$bin_dl_file" | grep -q '\.zip$'; then
+    unzip -u "$bin_dl_file"
+else
+    echo "🚨 Unrecognized extension in $bin_dl_file"
+    exit 1
+fi
+chmod +x "$bin_name"
+mv "$bin_name" "$bin_path"
+popd >/dev/null
+
+# Move binary to ~/bin and symlink
+pushd "$HOME/bin" >/dev/null
+rm -f "$bin_name"
+ln -s "$bin_path" "$bin_name"
+popd >/dev/null

ci/requirements.txt

@@ -0,0 +1 @@
+pre-commit==3.8.0