feat: renovate, aqua, tf-docs, TF workspaces

[oycyc]

• Adds Renovate configuration (along with documentation)
• Adds terraform-docs along with corresponding tools
• Adds example of using TF workspaces

Also let's come up with the new name for this template repo, and I'll adjust accordingly in the other dependent repos.

Summary by CodeRabbit

• New Features

  • Added configuration files for automated dependency updates and documentation generation tools.
  • Introduced environment-specific variable files for development and production.
  • Added a new input variable and output for the template root module to enhance customization and visibility.

• Improvements

  • Updated documentation for improved clarity, structure, and actionable guidance.
  • Enhanced module documentation with clearer requirements, usage instructions, and example commands.

• Updates

  • Upgraded versions of required tools, linters, and providers for better compatibility and security.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

.trunk/trunk.yaml (1)

23-31: Version skew with OpenTofu binary remains unresolved
[email protected] is still one minor ahead of the opentofu runtime pinned in aqua.yaml (v1.9.x). The mismatch can surface parsing errors on newer HCL constructs. Align both to the same minor stream (either bump the runtime or pin the linter down).

README.md (1)

1-5: Consolidate to a single H1 heading

The file still has three top-level headings, which violates MD025 and makes anchor links unpredictable. Keep only the canonical repository name as # … and demote the alternates.

-# infra-monorepo-template
-
-# iac-monorepo-template
-
-# terraform-monorepo-template
+# terraform-monorepo-template
+
+<!-- Alternate names historically used:
+infra-monorepo-template, iac-monorepo-template -->

🧹 Nitpick comments (6)

aqua.yaml (1)

13-15: Add a Renovate hint for the new terraform-docs package

Every other pinned dependency in this file carries a # renovate: comment so Renovate can bump versions automatically. Replicating that for terraform-docs keeps the file consistent and prevents manual updates.

   - name: terraform-docs/[email protected]
+    # renovate: depName=terraform-docs/terraform-docs

root-modules/template-root-module/variables.tf (1)

11-15: Add basic validation for prefix
An empty string (or all-whitespace) silently passes today and will later surface in resource names. A minimal validation guard is cheap insurance.

 variable "prefix" {
   description = "The prefix to prepend to the generated name"
   type        = string
   default     = "random"
+  validation {
+    condition     = length(trimspace(var.prefix)) > 0
+    error_message = "prefix must be a non-empty string."
+  }
 }

.github/renovate.json5 (1)

12-15: Trailing comma may confuse non-JSON5 parsers
While JSON5 tolerates trailing commas, some downstream tooling (e.g., GitHub’s code owners viewer or UI linters) still parses files with a strict JSON engine. If you hit parsing errors, just drop the comma after "components/**".

root-modules/template-root-module/README.md (1)

5-16: Clarify CLI examples & keep them tool-agnostic

The docs jump straight to tofu workspace … while many users will still invoke terraform.
To avoid copy-paste errors, consider presenting both commands or a short note such as “replace tofu with terraform if you’re not using OpenTofu”.

-# Set up a new workspace for `dev` -- only needs to be done once
-tofu workspace new dev
-# Select the workspace, this is how TF knows where the state file is stored
-tofu workspace select dev
-# Apply the configuration with the corresponding tfvars file
-tofu apply --var-file tfvars/dev.tfvars
+# Set up a new workspace for `dev` (run once)
+terraform workspace new dev   # or: tofu workspace new dev
+# Select the workspace so TF knows where the state file is stored
+terraform workspace select dev
+# Apply the configuration with the corresponding tfvars file
+terraform apply -var-file=tfvars/dev.tfvars

Minor, but improves portability and avoids support questions.

root-modules/template-root-module/tfvars/dev.tfvars (1)

1-1: Environment-specific tfvars looks fine, but consider committing only “*.tfvars.example” templates

Committing concrete values (even benign ones) makes cloning users think these are canonical. A common pattern is to version dev.tfvars.example/prod.tfvars.example with placeholder values and let pipelines or local copies provide the real files (often ignored via .gitignore). This avoids accidental drift between repo defaults and live deployments.

If you keep the concrete files under VCS, document clearly in the README how they’re used with workspaces (terraform workspace select dev && terraform apply -var-file=tfvars/dev.tfvars, etc.) so newcomers don’t mis-apply the wrong environment.

root-modules/template-root-module/tfvars/prod.tfvars (1)

1-1: Same remark as for dev.tfvars—consider shipping this as a .example or documenting its usage

Nothing technically wrong here; just repeating the suggestion to avoid committing live environment defaults unless that’s intentional.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 48f3773 and d2f9a74.

📒 Files selected for processing (12)

• .github/renovate.json5 (1 hunks)
• .terraform-docs.yaml (1 hunks)
• .trunk/trunk.yaml (1 hunks)
• README.md (5 hunks)
• aqua.yaml (1 hunks)
• root-modules/template-root-module/README.md (2 hunks)
• root-modules/template-root-module/main.tf (1 hunks)
• root-modules/template-root-module/outputs.tf (1 hunks)
• root-modules/template-root-module/tfvars/dev.tfvars (1 hunks)
• root-modules/template-root-module/tfvars/prod.tfvars (1 hunks)
• root-modules/template-root-module/variables.tf (1 hunks)
• root-modules/template-root-module/versions.tf (1 hunks)

🧰 Additional context used

🧠 Learnings (9)

📓 Common learnings

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

root-modules/template-root-module/tfvars/dev.tfvars (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

root-modules/template-root-module/outputs.tf (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

root-modules/template-root-module/versions.tf (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

root-modules/template-root-module/variables.tf (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

root-modules/template-root-module/tfvars/prod.tfvars (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

root-modules/template-root-module/main.tf (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

root-modules/template-root-module/README.md (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

README.md (1)

Learnt from: gberenice
PR: masterpointio/client-tf-templates#1
File: root-module/main.tf:25-31
Timestamp: 2024-12-11T17:35:43.671Z
Learning: In the `client-tf-templates` repository, the module `masterpointio/random/pet` used in `root-module/main.tf` is a dummy example and may not exist in the Terraform Registry. This is intentional and should not be flagged as an error in future reviews.

🪛 GitHub Check: Trunk Check

README.md

[notice] 5-5: markdownlint(MD025)
[new] Multiple top-level headings in the same document

---

[notice] 3-3: markdownlint(MD025)
[new] Multiple top-level headings in the same document

🔇 Additional comments (4)

.terraform-docs.yaml (1)

1-19: Configuration looks correct — good job integrating terraform-docs

The YAML is well-formed, options match the v0.20.x schema, and the inject template markers align with the pre-commit hook convention.
No action needed.

root-modules/template-root-module/outputs.tf (1)

1-4: Confirm that the sub-module actually exports random_pet_name

This output forwards module.random_pet.random_pet_name. Compilation will fail if the child module lacks a matching output "random_pet_name" block.

Please verify (or add) the output in modules/random_pet:

output "random_pet_name" {
  value = random_pet.this.id
}

root-modules/template-root-module/versions.tf (1)

2-8: LGTM – version bumps look sensible
No breaking-change flags detected for Terraform 1.10.x or random 3.7.x.

root-modules/template-root-module/main.tf (1)

11-13: Verify local module path correctness
The relative path ../../child-modules/random-pet assumes this root module is invoked from root-modules/template-root-module. Double-check that consumers (e.g., Terraform Cloud workspaces or CI pipelines) execute terraform from the expected directory; otherwise the path will break.

[Gowiem]

Overall, looks great @oycyc

Let's rename the repo via the mp-infra config once we've got this shipped 👍

[coderabbitai]

Walkthrough

This update introduces new configuration files for Renovate and terraform-docs, updates linter versions, and expands documentation throughout the repository. The root module template receives new variables, outputs, and tfvars files for environment-specific configuration. Module and provider versions are updated, and documentation is improved for clarity and automation guidance.

Changes

File(s)	Change Summary
.github/renovate.json5, .terraform-docs.yaml, aqua.yaml	Added new configuration files for Renovate, terraform-docs, and Aqua package for terraform-docs.
.trunk/trunk.yaml	Updated linter versions for tofu, checkov, tflint, trivy, and trufflehog.
README.md	Major documentation overhaul: renamed repo, improved structure, added Renovate and Aqua sections, updated links.
root-modules/template-root-module/README.md	Expanded documentation: added tfvars/workspaces usage, updated requirements, modules, inputs, outputs.
root-modules/template-root-module/main.tf	Changed local prefix logic, switched module source to local path, commented out registry source.
root-modules/template-root-module/variables.tf	Added prefix variable with default and description.
root-modules/template-root-module/outputs.tf	Added output for random_pet_name.
root-modules/template-root-module/versions.tf	Updated Terraform and provider version constraints.
root-modules/template-root-module/tfvars/dev.tfvars, root-modules/template-root-module/tfvars/prod.tfvars	Added environment-specific tfvars files for dev and prod.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Renovate Bot
    participant GitHub Repo

    User->>GitHub Repo: Pushes code/config changes
    Renovate Bot->>GitHub Repo: Runs on schedule (Mon before 5AM)
    Renovate Bot->>GitHub Repo: Opens PRs for Terraform dependency updates (excluding context.tf & components/)
    GitHub Repo->>User: Notifies of PRs with "auto-upgrade" label
    User->>GitHub Repo: Reviews and merges PRs

Loading

sequenceDiagram
    participant User
    participant Terraform
    participant tfvars File

    User->>Terraform: Selects workspace (e.g., dev/prod)
    User->>tfvars File: Provides environment-specific variables
    Terraform->>Terraform: Applies configuration with selected tfvars
    Terraform->>User: Outputs environment-specific resources and outputs

Loading

Estimated code review effort

2 (~15 minutes)

Poem

🐇
In burrows deep, configs bloom anew,
Renovate wakes before the dew.
Docs are clearer, modules grow,
Prefixes and pets in tidy rows.
Linters fresh, tfvars in tow—
This rabbit hops where changes flow!

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[gberenice]

Also let's come up with the new name for this template repo

If I'm not mistaken, we're referencing this repo in the audit docs and possibly elsewhere. @oycyc did you if we need to update the link/name?

[oycyc]

Also let's come up with the new name for this template repo

If I'm not mistaken, we're referencing this repo in the audit docs and possibly elsewhere. @oycyc did you if we need to update the link/name?

Ah this is good point. I just checked, looks like in GDrive, the only place it's been mentioned is in a previous audit reports, but not our audit boilerplate template. Also all good on Notion as well. (redacted screenshot since this is a public repo)

[oycyc]

@gberenice / @Gowiem can I get a final review on this?

[gberenice]

Looks great!