tf-starter 1.0.0

package/tf_starter/templates/gcp/environments/main.tf.j2

@@ -0,0 +1,58 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# ENVIRONMENT: {{ environment | upper }} — GCP
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+module "{{ project_name | replace('-', '_') }}" {
+  source = "../../"
+
+  environment = "{{ environment }}"
+  region      = "{{ region }}"
+  project_id  = var.project_id
+
+  {% if "compute" in services %}
+  {% if environment == "prod" %}
+  machine_type   = "e2-standard-4"
+  mig_min_replicas = 2
+  mig_max_replicas = 8
+  mig_target_size  = 4
+  {% else %}
+  machine_type   = "e2-medium"
+  mig_min_replicas = 1
+  mig_max_replicas = 2
+  mig_target_size  = 1
+  {% endif %}
+  {% endif %}
+
+  {% if "database" in services %}
+  {% if environment == "prod" %}
+  db_tier = "db-custom-4-15360"
+  {% else %}
+  db_tier = "db-custom-2-7680"
+  {% endif %}
+  db_name = "{{ project_name | replace('-', '_') }}_{{ environment }}"
+  db_user = var.db_user
+  {% endif %}
+
+  {% if "kubernetes" in services %}
+  {% if environment == "prod" %}
+  gke_node_machine_type = "e2-standard-8"
+  gke_node_count        = 3
+  gke_node_min_count    = 2
+  gke_node_max_count    = 10
+  {% else %}
+  gke_node_machine_type = "e2-standard-4"
+  gke_node_count        = 2
+  gke_node_min_count    = 1
+  gke_node_max_count    = 5
+  {% endif %}
+  {% endif %}
+
+  {% if "monitoring" in services %}
+  notification_email = var.notification_email
+  {% endif %}
+
+  {% if "storage" in services %}
+  gcs_enable_versioning = {{ (environment == "prod") | tf_bool }}
+  {% endif %}
+}

package/tf_starter/templates/gcp/environments/terraform.tfvars.j2

@@ -0,0 +1,12 @@
+# ENVIRONMENT TFVARS: {{ environment | upper }} — GCP
+# ### MUST EDIT THIS ###
+
+project_id = "your-gcp-project-id"
+
+{% if "database" in services %}
+db_user = "dbadmin"
+{% endif %}
+
+{% if "monitoring" in services %}
+notification_email = "alerts@example.com"
+{% endif %}

package/tf_starter/templates/gcp/environments/variables.tf.j2

@@ -0,0 +1,21 @@
+# ENVIRONMENT VARIABLES: {{ environment | upper }} — GCP
+
+variable "project_id" {
+  description = "GCP project ID"
+  type        = string
+  ### MUST EDIT THIS ###
+}
+
+{% if "database" in services %}
+variable "db_user" {
+  type      = string
+  sensitive = true
+}
+{% endif %}
+
+{% if "monitoring" in services %}
+variable "notification_email" {
+  type    = string
+  default = ""
+}
+{% endif %}

package/tf_starter/templates/gcp/github/terraform.yml.j2

@@ -0,0 +1,133 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# GitHub Actions — Terraform CI/CD
+# Project: {{ project_name }}
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+name: "Terraform"
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  TF_LOG: INFO
+  {% if provider == "aws" %}
+  AWS_REGION: {{ region }}
+  {% elif provider == "gcp" %}
+  GCP_REGION: {{ region }}
+  {% elif provider == "azure" %}
+  ARM_LOCATION: {{ region }}
+  {% endif %}
+
+jobs:
+  terraform-fmt:
+    name: "Terraform Format"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.6.0"
+
+      - name: Terraform Format Check
+        run: terraform fmt -check -recursive -diff
+
+  terraform-validate:
+    name: "Terraform Validate"
+    runs-on: ubuntu-latest
+    needs: terraform-fmt
+    strategy:
+      matrix:
+        environment: {{ environments | tf_list }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.6.0"
+
+      - name: Terraform Init
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform init -backend=false
+
+      - name: Terraform Validate
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform validate
+
+  terraform-lint:
+    name: "TFLint"
+    runs-on: ubuntu-latest
+    needs: terraform-fmt
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: latest
+
+      - name: Init TFLint
+        run: tflint --init
+
+      - name: Run TFLint
+        run: tflint --recursive --format compact
+
+  terraform-plan:
+    name: "Terraform Plan"
+    runs-on: ubuntu-latest
+    needs: [terraform-validate, terraform-lint]
+    if: github.event_name == 'pull_request'
+    strategy:
+      matrix:
+        environment: {{ environments | tf_list }}
+    {% if provider == "aws" %}
+    env:
+      ### MUST EDIT THIS ###
+      # Configure AWS credentials via GitHub Secrets
+      AWS_ACCESS_KEY_ID: ${{ '{{' }} secrets.AWS_ACCESS_KEY_ID {{ '}}' }}
+      AWS_SECRET_ACCESS_KEY: ${{ '{{' }} secrets.AWS_SECRET_ACCESS_KEY {{ '}}' }}
+    {% elif provider == "gcp" %}
+    env:
+      ### MUST EDIT THIS ###
+      GOOGLE_CREDENTIALS: ${{ '{{' }} secrets.GCP_CREDENTIALS {{ '}}' }}
+    {% elif provider == "azure" %}
+    env:
+      ### MUST EDIT THIS ###
+      ARM_CLIENT_ID: ${{ '{{' }} secrets.ARM_CLIENT_ID {{ '}}' }}
+      ARM_CLIENT_SECRET: ${{ '{{' }} secrets.ARM_CLIENT_SECRET {{ '}}' }}
+      ARM_SUBSCRIPTION_ID: ${{ '{{' }} secrets.ARM_SUBSCRIPTION_ID {{ '}}' }}
+      ARM_TENANT_ID: ${{ '{{' }} secrets.ARM_TENANT_ID {{ '}}' }}
+    {% endif %}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.6.0"
+
+      - name: Terraform Init
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform init
+
+      - name: Terraform Plan
+        working-directory: environments/${{ '{{' }} matrix.environment {{ '}}' }}
+        run: terraform plan -var-file=terraform.tfvars -no-color
+        continue-on-error: true

package/tf_starter/templates/gcp/misc/Makefile.j2

@@ -0,0 +1,60 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Makefile for {{ project_name }}
+# Provider: {{ provider | upper }}
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+.PHONY: init plan apply destroy validate fmt clean help
+
+ENV ?= dev
+TF_DIR = environments/$(ENV)
+
+help: ## Show this help
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | \
+		awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-15s\033[0m %s\n", $$1, $$2}'
+
+init: ## Initialize Terraform (ENV=dev|staging|prod)
+	@echo "Initializing Terraform for environment: $(ENV)"
+	cd $(TF_DIR) && terraform init
+
+plan: ## Show execution plan (ENV=dev|staging|prod)
+	@echo "Planning Terraform for environment: $(ENV)"
+	cd $(TF_DIR) && terraform plan -var-file=terraform.tfvars
+
+apply: ## Apply infrastructure changes (ENV=dev|staging|prod)
+	@echo "Applying Terraform for environment: $(ENV)"
+	cd $(TF_DIR) && terraform apply -var-file=terraform.tfvars
+
+destroy: ## Destroy infrastructure (ENV=dev|staging|prod)
+	@echo "WARNING: Destroying infrastructure for environment: $(ENV)"
+	cd $(TF_DIR) && terraform destroy -var-file=terraform.tfvars
+
+validate: ## Validate Terraform configuration
+	@echo "Validating Terraform configuration..."
+	terraform fmt -check -recursive
+	@for dir in environments/*/; do \
+		echo "Validating $$dir..."; \
+		cd $$dir && terraform init -backend=false > /dev/null 2>&1 && terraform validate && cd ../..; \
+	done
+	@echo "All configurations valid."
+
+fmt: ## Format Terraform files
+	@echo "Formatting Terraform files..."
+	terraform fmt -recursive
+	@echo "Done."
+
+clean: ## Remove .terraform directories and lock files
+	@echo "Cleaning Terraform cache..."
+	find . -type d -name ".terraform" -exec rm -rf {} + 2>/dev/null || true
+	find . -name ".terraform.lock.hcl" -delete 2>/dev/null || true
+	@echo "Done."
+
+output: ## Show Terraform outputs (ENV=dev|staging|prod)
+	cd $(TF_DIR) && terraform output
+
+state-list: ## List resources in state (ENV=dev|staging|prod)
+	cd $(TF_DIR) && terraform state list
+
+cost: ## Estimate cost using infracost (requires infracost CLI)
+	@command -v infracost >/dev/null 2>&1 || { echo "infracost not installed"; exit 1; }
+	cd $(TF_DIR) && infracost breakdown --path .

package/tf_starter/templates/gcp/misc/README.md.j2

@@ -0,0 +1,426 @@
+# {{ project_name }}
+
+> Infrastructure-as-Code project generated by **tf-starter** for **{{ provider | upper }}**
+
+---
+
+## Architecture
+
+{% if provider == "aws" %}
+```
+{% if "kubernetes" in services %}
+                    Internet
+                       |
+               +---------------+
+               |   Route 53    |
+               +---------------+
+                       |
+               +---------------+
+{% if "compute" in services %}
+               |      ALB      |
+               +---------------+
+                       |
+          +------------+------------+
+          |                         |
+  +-------+--------+    +----------+-------+
+  |   EKS Cluster  |    | Auto Scaling EC2 |
+  +-------+--------+    +----------+-------+
+{% else %}
+               |      ALB      |
+               +---------------+
+                       |
+               +---------------+
+               |  EKS Cluster  |
+               +---------------+
+{% endif %}
+{% elif "compute" in services %}
+                    Internet
+                       |
+               +---------------+
+               |      ALB      |
+               +---------------+
+                       |
+               +---------------+
+               | Auto Scaling  |
+               |    EC2        |
+               +---------------+
+{% else %}
+                    Internet
+                       |
+               +---------------+
+               |     VPC       |
+               +---------------+
+{% endif %}
+{% if "database" in services %}
+                       |
+               +---------------+
+               | RDS PostgreSQL|
+               |  (Multi-AZ)  |
+               +---------------+
+{% endif %}
+{% if "messaging" in services %}
+                       |
+               +---------------+
+               |   SQS Queue   |
+               +---------------+
+{% endif %}
+{% if "storage" in services %}
+                       |
+               +---------------+
+               |   S3 Bucket   |
+               +---------------+
+{% endif %}
+```
+{% elif provider == "gcp" %}
+```
+                    Internet
+                       |
+{% if "apigateway" in services %}
+               +------------------+
+               |  API Gateway     |
+               +------------------+
+                       |
+               +------------------+
+               | Cloud Functions  |
+               +------------------+
+{% elif "kubernetes" in services %}
+               +------------------+
+               |  Cloud Load Bal. |
+               +------------------+
+                       |
+               +------------------+
+               |   GKE Cluster    |
+               +------------------+
+{% elif "compute" in services %}
+               +------------------+
+               |  Cloud Load Bal. |
+               +------------------+
+                       |
+               +------------------+
+               |  Managed Inst.   |
+               |     Group        |
+               +------------------+
+{% elif "lambda" in services %}
+               +------------------+
+               | Cloud Functions  |
+               +------------------+
+{% else %}
+               +------------------+
+               |    VPC Network   |
+               +------------------+
+{% endif %}
+{% if "database" in services %}
+                       |
+               +------------------+
+               |  Cloud SQL       |
+               |  PostgreSQL      |
+               +------------------+
+{% endif %}
+{% if "messaging" in services %}
+                       |
+               +------------------+
+               |   Pub/Sub        |
+               +------------------+
+{% endif %}
+{% if "storage" in services %}
+                       |
+               +------------------+
+               |   GCS Bucket     |
+               +------------------+
+{% endif %}
+```
+{% elif provider == "azure" %}
+```
+{% if "kubernetes" in services %}
+                    Internet
+                       |
+               +------------------+
+               |  App Gateway     |
+               +------------------+
+                       |
+               +------------------+
+               |   AKS Cluster    |
+               +------------------+
+{% elif "compute" in services %}
+                    Internet
+                       |
+               +------------------+
+               |  App Gateway     |
+               +------------------+
+                       |
+               +------------------+
+               |      VMSS        |
+               +------------------+
+{% else %}
+                    Internet
+                       |
+               +------------------+
+               |      VNet        |
+               +------------------+
+{% endif %}
+{% if "database" in services %}
+                       |
+               +------------------+
+               | Azure PostgreSQL |
+               | Flexible Server  |
+               +------------------+
+{% endif %}
+{% if "messaging" in services %}
+                       |
+               +------------------+
+               |   Service Bus    |
+               +------------------+
+{% endif %}
+{% if "storage" in services %}
+                       |
+               +------------------+
+               | Storage Account  |
+               +------------------+
+{% endif %}
+```
+{% endif %}
+
+---
+
+## Project Overview
+
+This project provisions cloud infrastructure on **{{ provider | upper }}** using Terraform.
+It was generated using the `tf-starter` CLI tool and follows enterprise-grade
+infrastructure-as-code best practices.
+
+### Enabled Services
+
+| Service | Status |
+|---------|--------|
+| Network | Enabled (always) |
+{% for svc in services %}
+{% if svc != "network" %}
+| {{ svc | capitalize }} | Enabled |
+{% endif %}
+{% endfor %}
+
+---
+
+## Folder Structure
+
+```
+{{ project_name }}/
+├── environments/           # Per-environment configurations
+{% for env in environments %}
+│   ├── {{ env }}/
+│   │   ├── main.tf
+│   │   ├── variables.tf
+│   │   ├── terraform.tfvars
+{% if enable_backend %}
+│   │   └── backend.tf
+{% endif %}
+{% endfor %}
+├── modules/                # Reusable Terraform modules
+{% for svc in services %}
+│   ├── {{ svc }}/
+{% endfor %}
+├── main.tf                 # Root module composition
+├── providers.tf            # Provider configuration
+├── variables.tf            # Input variables
+├── outputs.tf              # Output values
+├── versions.tf             # Terraform & provider versions
+{% if enable_backend %}
+├── backend.tf              # Remote state backend
+{% endif %}
+├── Makefile                # Automation targets
+├── init.sh                 # Bootstrap script
+└── README.md               # This file
+```
+
+---
+
+## Environments
+
+| Environment | Description |
+|-------------|-------------|
+{% for env in environments %}
+{% if env == "prod" %}
+| **{{ env }}** | Production — HA enabled, deletion protection on, extended backups |
+{% elif env == "staging" %}
+| **{{ env }}** | Staging — mirrors production at reduced scale for pre-release testing |
+{% elif env == "dev" %}
+| **{{ env }}** | Development — minimal resources, fast iteration |
+{% else %}
+| **{{ env }}** | Custom environment |
+{% endif %}
+{% endfor %}
+
+Each environment has its own `terraform.tfvars` file. Edit these to customize
+resource sizing, networking CIDRs, and service-specific parameters.
+
+---
+
+{% if enable_backend %}
+## Remote Backend
+
+This project uses a remote backend for Terraform state:
+
+{% if provider == "aws" %}
+- **State storage:** S3 bucket (`{{ project_name }}-terraform-state`)
+- **State locking:** DynamoDB table (`{{ project_name }}-terraform-lock`)
+{% elif provider == "gcp" %}
+- **State storage:** GCS bucket (`{{ project_name }}-terraform-state`)
+{% elif provider == "azure" %}
+- **State storage:** Azure Storage Account
+{% endif %}
+
+> **Important:** You must create the backend resources before running `terraform init`.
+> Use the `init.sh` script to bootstrap them.
+
+---
+{% endif %}
+
+## Deployment
+
+### Prerequisites
+
+- [Terraform](https://www.terraform.io/downloads) >= 1.6.0
+{% if provider == "aws" %}
+- [AWS CLI](https://aws.amazon.com/cli/) configured with credentials
+{% elif provider == "gcp" %}
+- [Google Cloud SDK](https://cloud.google.com/sdk) with `gcloud auth application-default login`
+{% elif provider == "azure" %}
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/) with `az login`
+{% endif %}
+
+### Quick Start
+
+```bash
+# 1. Navigate to your target environment
+cd environments/dev
+
+# 2. Initialize Terraform
+terraform init
+
+# 3. Review the execution plan
+terraform plan
+
+# 4. Apply the changes
+terraform apply
+```
+
+### Using the Makefile
+
+```bash
+# Initialize
+make init
+
+# Plan changes
+make plan
+
+# Apply changes
+make apply
+
+# Format code
+make fmt
+
+# Validate configuration
+make validate
+
+# Destroy infrastructure
+make destroy
+```
+
+---
+
+## Destroy Instructions
+
+```bash
+# Review what will be destroyed
+terraform plan -destroy
+
+# Destroy all resources
+terraform destroy
+
+# Or use Makefile
+make destroy
+```
+
+> **Warning:** Destroying production infrastructure is irreversible. Ensure you
+> have backups and have communicated with your team before proceeding.
+
+---
+
+## Security Considerations
+
+- All data-at-rest is encrypted
+{% if "database" in services %}
+- Database credentials are managed via Terraform (consider using Vault or Secrets Manager)
+- Database is deployed in private subnets only
+{% endif %}
+{% if "storage" in services %}
+- S3/GCS/Blob public access is blocked by default
+{% endif %}
+- Security groups follow the principle of least privilege
+- All resources are tagged for cost allocation and ownership tracking
+{% if enable_backend %}
+- Terraform state is encrypted at rest
+{% endif %}
+
+---
+
+## Scaling
+
+{% if "compute" in services %}
+### Compute
+Adjust `asg_min_size`, `asg_max_size`, and `asg_desired_capacity` in
+your environment's `terraform.tfvars` to scale horizontally.
+{% endif %}
+
+{% if "kubernetes" in services %}
+### Kubernetes
+Adjust `eks_node_min_size`, `eks_node_max_size`, and `eks_node_desired_size`
+to control the cluster node pool. Consider enabling Cluster Autoscaler.
+{% endif %}
+
+{% if "database" in services %}
+### Database
+- Vertical scaling: change `db_instance_class`
+- Storage auto-scaling is enabled (up to 2x allocated storage)
+- Production uses Multi-AZ for high availability
+{% endif %}
+
+---
+
+## Adding New Modules
+
+1. Create a new directory under `modules/`:
+   ```bash
+   mkdir -p modules/my-module
+   ```
+
+2. Add `main.tf`, `variables.tf`, and `outputs.tf` inside it.
+
+3. Reference it in the root `main.tf`:
+   ```hcl
+   module "my_module" {
+     source = "./modules/my-module"
+     # pass variables
+   }
+   ```
+
+4. Add corresponding variables to `variables.tf` and outputs to `outputs.tf`.
+
+---
+
+## Customizing Variables
+
+1. Open the relevant environment's `terraform.tfvars` file.
+2. Override any variable defined in `variables.tf`.
+3. Run `terraform plan` to preview changes.
+4. Run `terraform apply` to apply.
+
+For sensitive values, use environment variables:
+```bash
+export TF_VAR_db_username="admin"
+terraform plan
+```
+
+---
+
+*Generated by [tf-starter](https://github.com/tf-starter) v1.0.0*