Alignment across repositories (#23)

Author: brettcurtis

.coderabbit.yaml

@@ -15,20 +15,20 @@ permissions:
   id-token: write
 
 jobs:
-  global_infra:
+  global:
     name: "Global"
     uses: osinfra-io/github-terraform-called-workflows/.github/workflows/plan-and-apply.yml@v0.2.1
     if: github.actor != 'osinfra-sa'
     with:
       checkout_ref: ${{ github.ref }}
       environment: non-production
-      github_environment: "Non-Production Infrastructure: Global"
+      github_environment: "Non-Production: Global"
       service_account: plt-lz-services-github@ptl-lz-terraform-tf05-nonprod.iam.gserviceaccount.com
       terraform_plan_args: -var-file=tfvars/non-production.tfvars
       terraform_state_bucket: plt-lz-services-3bfe-nonprod
       terraform_version: ${{ vars.TERRAFORM_VERSION }}
       terraform_workspace: global-non-production
-      working_directory: global/infra
+      working_directory: global
       workload_identity_provider: projects/992372365053/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
     secrets:
       gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
@@ -38,21 +38,21 @@ jobs:
         -var=datadog_api_key=${{ secrets.DATADOG_API_KEY }}
         -var=datadog_app_key=${{ secrets.DATADOG_APP_KEY }}
 
-  us_east1_infra:
-    name: "Infra: us-east1"
+  us_east1:
+    name: "Regional: us-east1"
     uses: osinfra-io/github-terraform-called-workflows/.github/workflows/plan-and-apply.yml@v0.2.1
     if: github.actor != 'dependabot[bot]'
-    needs: global_infra
+    needs: global
     with:
       checkout_ref: ${{ github.ref }}
       environment: us-east1-non-production
-      github_environment: "Non-Production Infrastructure: Regional - us-east1"
+      github_environment: "Non-Production: Regional - us-east1"
       service_account: plt-lz-services-github@ptl-lz-terraform-tf05-nonprod.iam.gserviceaccount.com
       terraform_plan_args: -var-file=tfvars/us-east1-non-production.tfvars
       terraform_state_bucket: plt-lz-services-3bfe-nonprod
       terraform_version: ${{ vars.TERRAFORM_VERSION }}
       terraform_workspace: us-east1-non-production
-      working_directory: regional/infra
+      working_directory: regional
       workload_identity_provider: projects/992372365053/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
     secrets:
       gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/non-production.yml

@@ -15,20 +15,20 @@ permissions:
   id-token: write
 
 jobs:
-  global_infra:
+  global:
     name: "Global"
     uses: osinfra-io/github-terraform-called-workflows/.github/workflows/plan-and-apply.yml@v0.2.1
     if: github.event.workflow_run.conclusion == 'success'
     with:
       checkout_ref: ${{ github.ref }}
       environment: production
-      github_environment: "Production Infrastructure: Global"
+      github_environment: "Production: Global"
       service_account: plt-lz-services-github@ptl-lz-terraform-tf62-prod.iam.gserviceaccount.com
       terraform_plan_args: -var-file=tfvars/production.tfvars
       terraform_state_bucket: plt-lz-services-e194-prod
       terraform_version: ${{ vars.TERRAFORM_VERSION }}
       terraform_workspace: global-production
-      working_directory: global/infra
+      working_directory: global
       workload_identity_provider: projects/134040294660/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
     secrets:
       gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
@@ -38,21 +38,21 @@ jobs:
         -var=datadog_api_key=${{ secrets.DATADOG_API_KEY }}
         -var=datadog_app_key=${{ secrets.DATADOG_APP_KEY }}
 
-  us_east1_infra:
-    name: "Infra: us-east1"
+  us_east1:
+    name: "Regional: us-east1"
     uses: osinfra-io/github-terraform-called-workflows/.github/workflows/plan-and-apply.yml@v0.2.1
     if: github.actor != 'dependabot[bot]'
-    needs: global_infra
+    needs: global
     with:
       checkout_ref: ${{ github.ref }}
       environment: us-east1-production
-      github_environment: "Production Infrastructure: Regional - us-east1"
+      github_environment: "Production: Regional - us-east1"
       service_account: plt-lz-services-github@ptl-lz-terraform-tf62-prod.iam.gserviceaccount.com
       terraform_plan_args: -var-file=tfvars/us-east1-production.tfvars
       terraform_state_bucket: plt-lz-services-e194-prod
       terraform_version: ${{ vars.TERRAFORM_VERSION }}
       terraform_workspace: us-east1-production
-      working_directory: regional/infra
+      working_directory: regional
       workload_identity_provider: projects/134040294660/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
     secrets:
       gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/production.yml

@@ -16,20 +16,20 @@ permissions:
   id-token: write
 
 jobs:
-  global_infra:
+  global:
     name: "Global"
     uses: osinfra-io/github-terraform-called-workflows/.github/workflows/plan-and-apply.yml@v0.2.1
     if: github.actor != 'dependabot[bot]'
     with:
       checkout_ref: ${{ github.ref }}
       environment: sandbox
-      github_environment: "Sandbox Infrastructure: Global"
+      github_environment: "Sandbox: Global"
       service_account: plt-lz-services-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com
       terraform_plan_args: -var-file=tfvars/sandbox.tfvars
       terraform_state_bucket: plt-lz-services-2c8b-sb
       terraform_version: ${{ vars.TERRAFORM_VERSION }}
       terraform_workspace: global-sandbox
-      working_directory: global/infra
+      working_directory: global
       workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
     secrets:
       gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
@@ -39,21 +39,21 @@ jobs:
         -var=datadog_api_key=${{ secrets.DATADOG_API_KEY }}
         -var=datadog_app_key=${{ secrets.DATADOG_APP_KEY }}
 
-  us_east1_infra:
-    name: "Infra: us-east1"
+  us_east1:
+    name: "Regional: us-east1"
     uses: osinfra-io/github-terraform-called-workflows/.github/workflows/plan-and-apply.yml@v0.2.1
     if: github.actor != 'dependabot[bot]'
-    needs: global_infra
+    needs: global
     with:
       checkout_ref: ${{ github.ref }}
       environment: us-east1-sandbox
-      github_environment: "Sandbox Infrastructure: Regional - us-east1"
+      github_environment: "Sandbox: Regional - us-east1"
       service_account: plt-lz-services-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com
       terraform_plan_args: -var-file=tfvars/us-east1-sandbox.tfvars
       terraform_state_bucket: plt-lz-services-2c8b-sb
       terraform_version: ${{ vars.TERRAFORM_VERSION }}
       terraform_workspace: us-east1-sandbox
-      working_directory: regional/infra
+      working_directory: regional
       workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
     secrets:
       gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/sandbox.yml

@@ -10,17 +10,8 @@ repos:
       - id: trailing-whitespace
       - id: check-symlinks
 
-  - repo: local
-    hooks:
-      - id: infracost_generate_config
-        name: Infracost generate config
-        entry: bash -c 'infracost generate config --repo-path=. --template-path=infracost.yml.tmpl --out-file=infracost.yml'
-        language: system
-        files: ^infracost\.yml\.tmpl$
-        verbose: false
-
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.0
+    rev: v1.88.4
     hooks:
       - id: terraform_fmt
 
@@ -37,8 +28,3 @@ repos:
           - --hook-config=--path-to-file=README.md
           - --hook-config=--add-to-exiting-file=true
           - --hook-config=--create-file-if-not-exist=false
-
-      - id: infracost_breakdown
-        args:
-          - --args=--config-file=infracost.yml
-          - --args=--sync-usage-file

.pre-commit-config.yaml

@@ -6,7 +6,9 @@
 
 **[Infracost](https://www.infracost.io):**
 
-[![infracost](https://img.shields.io/endpoint?url=https://dashboard.api.infracost.io/shields/json/cbeecfe3-576f-4553-984c-e451a575ee47/repos/cdfd3281-bb1c-425b-aad0-1a80a1512502/branch/62383c83-9bf4-4fa9-8b48-7b96987f6fc1)](https://dashboard.infracost.io/org/osinfra-io/repos/cdfd3281-bb1c-425b-aad0-1a80a1512502?tab=settings)
+[![infracost](https://img.shields.io/endpoint?url=https://dashboard.api.infracost.io/shields/json/cbeecfe3-576f-4553-984c-e451a575ee47/repos/a97cbc40-a50a-4371-9365-a89a1e4bb09a/branch/c27aeced-0f9b-4942-b28e-b03f70d107d6)](https://dashboard.infracost.io/org/osinfra-io/repos/a97cbc40-a50a-4371-9365-a89a1e4bb09a?tab=settings)
+
+💵 Monthly estimates based on Infracost baseline costs.
 
 ## Repository Description
 

README.md

@@ -13,7 +13,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_datadog"></a> [datadog](#module\_datadog) | github.com/osinfra-io/terraform-datadog-google-integration//global | v0.1.3 |
+| <a name="module_datadog"></a> [datadog](#module\_datadog) | github.com/osinfra-io/terraform-datadog-google-integration//global | v0.1.4 |
 | <a name="module_project"></a> [project](#module\_project) | github.com/osinfra-io/terraform-google-project//global | v0.1.9 |
 
 ## Resources

global/infra/.terraform.lock.hcl renamed to global/.terraform.lock.hcl

@@ -0,0 +1 @@
+../shared/backend.tf

global/infra/README.md renamed to global/README.md

@@ -0,0 +1,12 @@
+# Local Values
+# https://www.terraform.io/docs/language/values/locals.html
+
+locals {
+  labels = {
+    cost-center = "x001"
+    env         = var.environment
+    repository  = "google-cloud-services"
+    platform    = "google-cloud-landing-zone"
+    team        = "platform-google-cloud-landing-zone"
+  }
+}

global/backend.tf

@@ -37,16 +37,8 @@ module "datadog" {
   cost_center                  = "x001"
   enable_cloud_cost_management = var.enable_datadog_cloud_cost_management
   is_cspm_enabled              = true
-
-
-  labels = {
-    env        = var.environment
-    repository = "google-cloud-services"
-    platform   = "google-cloud-landing-zone"
-    team       = "platform-google-cloud-landing-zone"
-  }
-
-  project = module.project.project_id
+  labels                       = local.labels
+  project                      = module.project.project_id
 }
 
 # Google Project Module (osinfra.io)
@@ -61,15 +53,8 @@ module "project" {
   description                     = "services"
   environment                     = var.environment
   folder_id                       = var.folder_id
-
-  labels = {
-    env        = var.environment
-    repository = "google-cloud-services"
-    platform   = "google-cloud-landing-zone"
-    team       = "platform-google-cloud-landing-zone"
-  }
-
-  prefix = "plt-lz"
+  labels                          = local.labels
+  prefix                          = "plt-lz"
 
   services = [
     "artifactregistry.googleapis.com",

global/infra/backend.tf

@@ -0,0 +1,4 @@
+cis_2_2_logging_sink_project_id      = "plt-lz-audit01-tf92-sb"
+enable_datadog                       = true
+enable_datadog_cloud_cost_management = false
+folder_id                            = "44679921766"