Merge pull request #1 from dasmeta/DMVP-5181

DMVP-5181-create mediaconverter queue

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+
+updates:
+  - package-ecosystem: "terraform"
+    directory:
+      - "/"
+    schedule:
+      interval: "daily"

.github/workflows/checkov.yaml

@@ -0,0 +1,26 @@
+name: Checkov
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      security-events: write
+      id-token: write
+    strategy:
+      matrix:
+        path:
+          - /
+
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/[email protected]
+      with:
+        fetch-depth: 0
+        directory: ${{ matrix.path }}
+      continue-on-error: true

.github/workflows/pre-commit.yaml

@@ -0,0 +1,23 @@
+name: Pre-Commit
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+    steps:
+    - name: Pre-Commit
+      uses: dasmeta/reusable-actions-workflows/[email protected]
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: modules/${{ matrix.path }}
+      continue-on-error: true

.github/workflows/semantic-release.yaml

@@ -0,0 +1,22 @@
+name:  Semantic-Release
+on: [pull_request, push]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 16
+      - name: Semantic Release
+        uses: cycjimmy/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/terraform-test.yaml

@@ -0,0 +1,27 @@
+name: Terraform Test
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - /
+
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/[email protected]
+      with:
+        aws-region: ${{ secrets.AWS_REGION}}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: ${{ matrix.path }}
+      continue-on-error: true

.github/workflows/tflint.yaml

@@ -0,0 +1,30 @@
+name: Tflint
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+
+jobs:
+  terraform-validate:
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+      security-events: write
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - /
+
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/[email protected]
+      with:
+        aws-region: ${{ secrets.AWS_REGION}}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: ${{ matrix.path }}
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+      continue-on-error: true

.github/workflows/tfsec.yaml

@@ -0,0 +1,20 @@
+name: TFSEC
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-tfsec:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+      security-events: write
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/[email protected]
+      with:
+        fetch-depth: 0
+    continue-on-error: true

.gitignore

@@ -8,10 +8,11 @@
 # Crash log files
 crash.log
 crash.*.log
+**/.terraform.lock.hcl
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json

.pre-commit-config.yaml

@@ -0,0 +1,36 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-vcs-permalinks
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+        exclude: CHANGELOG.md
+      - id: check-yaml
+      - id: check-merge-conflict
+      - id: check-case-conflict
+      - id: mixed-line-ending
+        args: [--fix=lf]
+      - id: detect-aws-credentials
+        args: ['--allow-missing-credentials']
+      - id: detect-private-key
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.64.1
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+          - --hook-config=--path-to-file=README.md
+          - --hook-config=--add-to-existing-file=true
+          - --hook-config=--create-file-if-not-exist=true
+  - repo: https://github.com/qoomon/git-conventional-commits
+    rev: v2.4.0
+    hooks:
+      - id: conventional-commits
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.12.0
+    hooks:
+      - id: gitleaks

README.md

@@ -0,0 +1,75 @@
+# terraform-aws-media-converter
+This module allows creating a media converter queue alongside with related sqs queue and EventBrdige bus to connect media converter events to sqs queue.
+
+
+# Simple example
+```hcl
+module "mediaconverter" {
+  source = "dasmeta/mediaconverter_flow/aws"
+
+  queue_name = "test-queue"
+
+}
+
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | terraform-aws-modules/eventbridge/aws | 3.13.0 |
+| <a name="module_iam_role"></a> [iam\_role](#module\_iam\_role) | dasmeta/iam/aws//modules/role | 1.2.1 |
+| <a name="module_sqs"></a> [sqs](#module\_sqs) | dasmeta/modules/aws//modules/sqs | 2.18.2 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_media_convert_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/media_convert_queue) | resource |
+| [aws_sqs_queue_policy.eventbridge_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.eventbridge_to_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_bus_name"></a> [bus\_name](#input\_bus\_name) | name of the eventbridge bus | `string` | `"default"` | no |
+| <a name="input_create_bus"></a> [create\_bus](#input\_create\_bus) | boolean flag to create a new flag | `bool` | `false` | no |
+| <a name="input_queue_name"></a> [queue\_name](#input\_queue\_name) | queue name | `string` | `"simple-queue-name"` | no |
+| <a name="input_queue_pricing_plan"></a> [queue\_pricing\_plan](#input\_queue\_pricing\_plan) | pricing method of the plan. Valid values are ON\_DEMAND or RESERVED | `string` | `"ON_DEMAND"` | no |
+| <a name="input_rules_targets"></a> [rules\_targets](#input\_rules\_targets) | event patterns for eventbridge rules | `list(map(any))` | `[]` | no |
+| <a name="input_s3_arns"></a> [s3\_arns](#input\_s3\_arns) | list of s3 bucket arns which mediaconverter will need access | `list(string)` | <pre>[<br/>  "*"<br/>]</pre> | no |
+| <a name="input_s3_iam_actions"></a> [s3\_iam\_actions](#input\_s3\_iam\_actions) | list of actions to be attached to iam role for mediaconverter | `list(string)` | <pre>[<br/>  "s3:*",<br/>  "s3-object-lambda:*"<br/>]</pre> | no |
+| <a name="input_status"></a> [status](#input\_status) | A status of the queue. Valid values are ACTIVE or RESERVED. | `string` | `"ACTIVE"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_eventbrdige_bus"></a> [eventbrdige\_bus](#output\_eventbrdige\_bus) | eventbridge bus |
+| <a name="output_eventbridge_bus_arn"></a> [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | eventbrige bus arn |
+| <a name="output_eventbridge_rules"></a> [eventbridge\_rules](#output\_eventbridge\_rules) | rules for eventbridge bus |
+| <a name="output_eventbridge_targets"></a> [eventbridge\_targets](#output\_eventbridge\_targets) | targets for eventbridge bus |
+| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | mediaconverter iam role arn |
+| <a name="output_iam_role_id"></a> [iam\_role\_id](#output\_iam\_role\_id) | mediaconverter iam role id |
+| <a name="output_iam_role_policy"></a> [iam\_role\_policy](#output\_iam\_role\_policy) | role policy |
+| <a name="output_mediaconvert_queue_arn"></a> [mediaconvert\_queue\_arn](#output\_mediaconvert\_queue\_arn) | mediaconverter queue arn |
+| <a name="output_mediaconvert_queue_id"></a> [mediaconvert\_queue\_id](#output\_mediaconvert\_queue\_id) | mediaconverter queue id |
+| <a name="output_sqs_arn"></a> [sqs\_arn](#output\_sqs\_arn) | ARN of the created SQS queue |
+| <a name="output_sqs_id"></a> [sqs\_id](#output\_sqs\_id) | sqs id |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

commitlint.config.js

@@ -0,0 +1,5 @@
+module.exports = {
+    extends: [
+        "@commitlint/config-conventional"
+    ]
+}

git-conventional-commits.json

@@ -0,0 +1,41 @@
+{
+  "convention" : {
+    "commitTypes": [
+      "feat",
+      "fix",
+      "perf",
+      "refactor",
+      "style",
+      "test",
+      "build",
+      "ops",
+      "docs",
+      "merge",
+      "chore"
+    ],
+    "commitScopes": [],
+    "releaseTagGlobPattern":  "v[0-9]*.[0-9]*.[0-9]*",
+    "issueRegexPattern": "(^|\\s)#\\d+(\\s|$)"
+  },
+  "changelog" : {
+    "commitTypes": [
+      "feat",
+      "fix",
+      "perf",
+      "merge"
+    ],
+    "includeInvalidCommits": true,
+    "commitScopes": [],
+    "commitIgnoreRegexPattern": "^WIP ",
+    "headlines": {
+      "feat": "Features",
+      "fix": "Bug Fixes",
+      "perf": "Performance Improvements",
+      "merge": "Merged Branches",
+      "breakingChange": "BREAKING CHANGES"
+    },
+    "commitUrl": "https://github.com/ACCOUNT/REPOSITORY/commit/%commit%",
+    "commitRangeUrl": "https://github.com/ACCOUNT/REPOSITORY/compare/%from%...%to%?diff=split",
+    "issueUrl": "https://github.com/ACCOUNT/REPOSITORY/issues/%issue%"
+  }
+}

githooks/commit-msg

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# File generated by pre-commit: https://pre-commit.com
+# ID: 138fd403232d2ddd5efb44317e38bf03
+
+# start templated
+INSTALL_PYTHON=/usr/bin/python3
+ARGS=(hook-impl --config=.pre-commit-config.yaml --hook-type=commit-msg)
+# end templated
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+ARGS+=(--hook-dir "$HERE" -- "$@")
+
+if command -v pre-commit > /dev/null; then
+    exec pre-commit "${ARGS[@]}"
+elif [ -x "$INSTALL_PYTHON" ]; then
+    exec "$INSTALL_PYTHON" -mpre_commit "${ARGS[@]}"
+else
+    echo '`pre-commit` not found.  Did you forget to activate your virtualenv?' 1>&2
+    exit 1
+fi

githooks/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+set -e
+pre-commit run --show-diff-on-failure --color=always --all-files