feat: inital version (#1)

## what

- This introduces a new GitHub Action for testing Terraform and OpenTofu
modules.
- This supports optional AWS integration via OIDC.
- See README for more details.

## why

- Make our TF test workflow reusable.

## references

-
https://masterpoint.slack.com/archives/C04MUCKUDKK/p1746028171707949?thread_ts=1746027819.488189&cid=C04MUCKUDKK


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Introduced a GitHub Action for automated testing of Terraform or
OpenTofu modules with AWS authentication support.
- Added configuration files for Trunk CLI, markdown and YAML linting,
and repository code ownership.
- Implemented automated workflows for linting, release management, and
monthly Trunk upgrades.
- **Documentation**
- Expanded and detailed README with usage instructions, input
parameters, dependencies, contribution guidelines, and organizational
information.
  - Added a pull request template to standardize PR submissions.
- **Chores**
- Updated .gitignore to exclude unnecessary files from version control.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: gberenice

.coderabbit.yaml

@@ -0,0 +1,90 @@
+# Docs: https://docs.coderabbit.ai/configure-coderabbit
+# Schema: https://coderabbit.ai/integrations/schema.v2.json
+# Support: https://discord.gg/GsXnASn26c
+
+language: en
+
+tone_instructions: |
+  You’re a GitHub Actions expert.
+  Provide concise, friendly, professional feedback focused only on
+  significant workflow optimization, security, and best practices.
+
+early_access: true
+
+knowledge_base:
+  # The scope of learnings to use for the knowledge base.
+  # `local` uses the repository's learnings,
+  # `global` uses the organization's learnings,
+  # `auto` uses repository's learnings for public repositories and organization's learnings for private repositories.
+  # Default value: `auto`
+  learnings:
+    scope: global
+  issues:
+    scope: global
+  pull_requests:
+    scope: global
+
+reviews:
+  profile: chill
+  auto_review:
+    # Disable incremental code review on each push
+    auto_incremental_review: false
+    # The keywords are case-insensitive
+    ignore_title_keywords:
+      - wip
+      - draft
+      - test
+  commit_status: false
+  changed_files_summary: false
+  poem: false
+  # Don't post review details on each review.
+  review_status: false
+  sequence_diagrams: false
+  tools:
+    # By default, all tools are enabled.
+    # Masterpoint uses Trunk (https://trunk.io) so we do not need a lot of this feedback due to overlap.
+    actionlint:
+      enabled: true
+    shellcheck:
+      enabled: true
+    yamllint:
+      enabled: true
+    gitleaks:
+      enabled: true
+    # Disable other tools as they're not relevant for GitHub Actions
+    ruff:
+      enabled: false
+    markdownlint:
+      enabled: false
+    github-checks:
+      enabled: false
+    languagetool:
+      enabled: false
+    biome:
+      enabled: false
+    hadolint:
+      enabled: false
+    swiftlint:
+      enabled: false
+    phpstan:
+      enabled: false
+    golangci-lint:
+      enabled: false
+    checkov:
+      enabled: false
+    detekt:
+      enabled: false
+    eslint:
+      enabled: false
+    rubocop:
+      enabled: false
+    buf:
+      enabled: false
+    regal:
+      enabled: false
+    pmd:
+      enabled: false
+    cppcheck:
+      enabled: false
+    circleci:
+      enabled: false

.editorconfig

@@ -0,0 +1,14 @@
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+max_line_length = 0
+
+[COMMIT_EDITMSG]
+max_line_length = 0

.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# Use this file to define individuals or teams that are responsible for code in a repository.
+# Read more: <https://help.github.com/articles/about-codeowners/>
+#
+# Order is important: the last matching pattern takes the most precedence
+
+# These owners will be the default owners for everything
+*             @masterpointio/masterpoint-open-source

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+## what
+
+- Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
+- Use bullet points to be concise and to the point.
+
+## why
+
+- Provide the justifications for the changes (e.g. business case).
+- Describe why these changes were made (e.g. why do these commits fix the problem?)
+- Use bullet points to be concise and to the point.
+
+## references
+
+- Link to any supporting GitHub issues or helpful documentation to add some context (e.g. Stackoverflow).
+- Use `closes #123`, if this PR closes a GitHub issue `#123`

.github/renovate.json5

@@ -0,0 +1,27 @@
+{
+  "extends": [
+    "config:best-practices",
+    "github>aquaproj/aqua-renovate-config#2.7.5",
+    "helpers:pinGitHubActionDigests"
+  ],
+  "schedule": [
+    "after 9am on the first day of the month"
+  ],
+  "assigneesFromCodeOwners": true,
+  "dependencyDashboardAutoclose": true,
+  "addLabels": [
+    "auto-upgrade"
+  ],
+  "enabledManagers": [
+    "github-actions"
+  ],
+  "packageRules": [
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "automerge": true,
+      "groupName": "GitHub Actions",
+      "groupSlug": "github-actions"
+    }
+  ]
+}

.github/workflows/lint.yaml

@@ -0,0 +1,18 @@
+name: Lint
+
+on: pull_request
+
+permissions:
+  actions: read
+  checks: write
+  contents: read
+  pull-requests: read
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out Git repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Trunk Check
+        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19

.github/workflows/release-please.yaml

@@ -0,0 +1,19 @@
+name: Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f #v4.1.3
+        with:
+          release-type: simple

.github/workflows/trunk-upgrade.yaml

@@ -0,0 +1,34 @@
+name: Trunk Upgrade
+
+on:
+  schedule:
+    # On the first day of every month @ 8am
+    - cron: 0 8 1 * *
+  workflow_dispatch: {}
+
+permissions: read-all
+
+jobs:
+  trunk-upgrade:
+    runs-on: ubuntu-latest
+    permissions:
+      # For trunk to create PRs
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Create Token for MasterpointBot App
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
+        id: generate-token
+        with:
+          app_id: ${{ secrets.MP_BOT_APP_ID }}
+          private_key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
+
+      - name: Upgrade
+        uses: trunk-io/trunk-action/upgrade@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          reviewers: "@masterpointio/masterpoint-internal"
+          prefix: "chore: "

.trunk/.gitignore

@@ -0,0 +1,9 @@
+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml
+tmp

.trunk/configs/.markdownlint.yaml

@@ -0,0 +1,19 @@
+# Autoformatter friendly markdownlint config (all formatting rules disabled)
+default: true
+blank_lines: false
+bullet: false
+html: false
+indentation: false
+line_length: false
+spaces: false
+url: false
+whitespace: false
+
+# Ignore MD041/first-line-heading/first-line-h1
+# Error: First line in a file should be a top-level heading
+MD041: false
+
+# Ignore MD013/line-length
+MD013:
+  strict: false
+  line_length: 350