From b09fc7c2fccb4f05eb376ec6ecb2758b7b2c01b4 Mon Sep 17 00:00:00 2001
From: Martin Simango <martin.simango@dae.mn>
Date: Tue, 15 Jul 2025 10:10:41 +0200
Subject: [PATCH 1/3] feat(SD-4455)!: upgrade terraform required versions

---
 .github/workflows/pr.yaml      | 11 +++++++++++
 .github/workflows/release.yaml | 11 +++++++++++
 .gitignore                     |  1 +
 .pre-commit-config.yaml        | 17 +++++++++++++++++
 .releaserc.yaml                | 17 +++++++++++++++++
 30-bastion.tf                  |  5 +++--
 terraform.tf                   |  8 +++++++-
 7 files changed, 67 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/pr.yaml
 create mode 100644 .github/workflows/release.yaml
 create mode 100644 .gitignore
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 .releaserc.yaml

diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
new file mode 100644
index 0000000..26c6a42
--- /dev/null
+++ b/.github/workflows/pr.yaml
@@ -0,0 +1,11 @@
+name: PR Title Validator
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+
+jobs:
+  call_release:
+    uses: Daemon-Solutions/git-workflows/.github/workflows/pr_title_validator.yaml@v0.2.0
+    secrets: inherit
+
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..6b76add
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,11 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  call_release:
+    uses: Daemon-Solutions/git-workflows/.github/workflows/release.yaml@v0.2.0
+    secrets: inherit
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e79eb23
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.terraform*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..179ed09
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,17 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.99.4 
+    hooks:
+      - id: terraform_fmt
+        stages: [pre-commit]
+      - id: terraform_validate
+        stages: [pre-commit]
+  - repo: https://github.com/compilerla/conventional-pre-commit
+    rev: v4.2.0
+    hooks:
+    - id: conventional-pre-commit
+      stages: [commit-msg]
+  - repo: https://github.com/rhysd/actionlint
+    rev: v1.7.7
+    hooks:
+      - id: actionlint
diff --git a/.releaserc.yaml b/.releaserc.yaml
new file mode 100644
index 0000000..0ad19b4
--- /dev/null
+++ b/.releaserc.yaml
@@ -0,0 +1,17 @@
+branches:
+  - name: master
+    
+plugins:
+  - - "@semantic-release/commit-analyzer"
+    - preset: conventionalcommits
+  - - "@semantic-release/release-notes-generator"
+    - preset: conventionalcommits
+  - "@semantic-release/github"
+  - - "@semantic-release/changelog"
+    - assets:
+        - CHANGELOG.md
+  - - "@semantic-release/git"
+    - assets:
+        - CHANGELOG.md
+tagFormat: "v${version}"
+
diff --git a/30-bastion.tf b/30-bastion.tf
index 7251727..c83f792 100644
--- a/30-bastion.tf
+++ b/30-bastion.tf
@@ -1,5 +1,6 @@
 module "bastion" {
-  source = "git::ssh://git@gitlab.com/claranet-pcp/terraform/aws/tf-aws-asg.git?ref=v1.0.0"
+  source = "git::https://gitlab.com/claranet-pcp/terraform/aws/tf-aws-asg.git?ref=v2.0.0"
+  # "git@gitlab.com:claranet-pcp/terraform/aws/tf-aws-asg.git?ref=v1.0.0"
 
   name    = coalesce("${var.name}", "${var.envname}-${var.envtype}-bastion")
   envname = var.envname
@@ -25,7 +26,7 @@ module "bastion" {
 # output and the ASG resource that is created within `module.bastion`. Other
 # resources using the `asg_name` output (which uses this null resource) will
 # then be executed AFTER the ASG is created.
-resource "null_resource" bastion_asg {
+resource "null_resource" "bastion_asg" {
   depends_on = [module.bastion]
 
   triggers = {
diff --git a/terraform.tf b/terraform.tf
index c9549b0..dbb37e8 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -1,3 +1,9 @@
 terraform {
-  required_version = "> 0.12.0"
+  required_version = "> 1.0.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 6.0"
+    }
+  }
 }

From 01973a960bed581ba79424319cdd7366ddd38fa7 Mon Sep 17 00:00:00 2001
From: Martin Simango <martin.simango@dae.mn>
Date: Tue, 15 Jul 2025 10:54:32 +0200
Subject: [PATCH 2/3] chore(SD-4455): remove comment

---
 30-bastion.tf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/30-bastion.tf b/30-bastion.tf
index c83f792..f57583e 100644
--- a/30-bastion.tf
+++ b/30-bastion.tf
@@ -1,7 +1,5 @@
 module "bastion" {
-  source = "git::https://gitlab.com/claranet-pcp/terraform/aws/tf-aws-asg.git?ref=v2.0.0"
-  # "git@gitlab.com:claranet-pcp/terraform/aws/tf-aws-asg.git?ref=v1.0.0"
-
+  source  = "git::https://gitlab.com/claranet-pcp/terraform/aws/tf-aws-asg.git?ref=v2.0.0"
   name    = coalesce("${var.name}", "${var.envname}-${var.envtype}-bastion")
   envname = var.envname
   service = "bastion"

From b9998d3daedf8c5dfa78cfa6443fa74b18c5ab49 Mon Sep 17 00:00:00 2001
From: Martin Simango <martin.simango@dae.mn>
Date: Tue, 15 Jul 2025 10:56:45 +0200
Subject: [PATCH 3/3] chore(SD-4455): update README

---
 README.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/README.md b/README.md
index a772856..7ee5636 100644
--- a/README.md
+++ b/README.md
@@ -54,3 +54,67 @@ module "bastions" {
 ## Dependencies
 
 * [tf-aws-asg](https://git.bashton.net/Bashton/tf-aws-asg)
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | > 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 6.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 6.3.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.2.4 |
+| <a name="provider_template"></a> [template](#provider\_template) | 2.2.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_bastion"></a> [bastion](#module\_bastion) | git::https://gitlab.com/claranet-pcp/terraform/aws/tf-aws-asg.git | v2.0.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_security_group.bastion_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.bastion_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [null_resource.bastion_asg](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [aws_subnet.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
+| [aws_vpc.cidr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+| [template_file.bastion_userdata](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_allowed_bastion_cidrs"></a> [allowed\_bastion\_cidrs](#input\_allowed\_bastion\_cidrs) | n/a | `list(string)` | n/a | yes |
+| <a name="input_allowed_icmp_cidrs"></a> [allowed\_icmp\_cidrs](#input\_allowed\_icmp\_cidrs) | A list of CIDRs that are allowed to send ICMP traffic to the bastion. | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | n/a | `string` | `"eu-west-1"` | no |
+| <a name="input_bastion_ami"></a> [bastion\_ami](#input\_bastion\_ami) | n/a | `string` | `""` | no |
+| <a name="input_bastion_asg_max"></a> [bastion\_asg\_max](#input\_bastion\_asg\_max) | n/a | `number` | `1` | no |
+| <a name="input_bastion_asg_min"></a> [bastion\_asg\_min](#input\_bastion\_asg\_min) | n/a | `number` | `1` | no |
+| <a name="input_bastion_userdata"></a> [bastion\_userdata](#input\_bastion\_userdata) | Custom userdata for the bastion server. | `string` | `""` | no |
+| <a name="input_bastion_userdata_template"></a> [bastion\_userdata\_template](#input\_bastion\_userdata\_template) | Userdata template for the bastion server. Allowed: custom, puppet\_masterless\_mco | `string` | `"custom"` | no |
+| <a name="input_customer"></a> [customer](#input\_customer) | n/a | `any` | n/a | yes |
+| <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | `"eu-west-1.compute.internal"` | no |
+| <a name="input_envname"></a> [envname](#input\_envname) | n/a | `any` | n/a | yes |
+| <a name="input_envtype"></a> [envtype](#input\_envtype) | n/a | `any` | n/a | yes |
+| <a name="input_extra_tags"></a> [extra\_tags](#input\_extra\_tags) | Extra tags for the ASG | `list` | `[]` | no |
+| <a name="input_iam_instance_profile_id"></a> [iam\_instance\_profile\_id](#input\_iam\_instance\_profile\_id) | n/a | `string` | n/a | yes |
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | n/a | `string` | `"t2.micro"` | no |
+| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | n/a | `string` | `"bashton"` | no |
+| <a name="input_name"></a> [name](#input\_name) | n/a | `string` | `""` | no |
+| <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | n/a | `list(string)` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_asg_name"></a> [asg\_name](#output\_asg\_name) | n/a |
+| <a name="output_bastion_sg"></a> [bastion\_sg](#output\_bastion\_sg) | n/a |
+<!-- END_TF_DOCS -->
\ No newline at end of file