chore: replace references pointing to npalm/ by cattle-ops/ (#798)

## Description

This PR removes all references pointing at `npalm/` resources with
`cattle-ops/` as the repository was moved some time ago and everything
should point to the new destination.

Author: kayman-mk

.cspell.json

@@ -9,6 +9,8 @@
     "awscli",
     "backports",
     "blockquotes",
+    "boto",
+    "botocore",
     "certdir",
     "checkmarx",
     "codeowners",
@@ -19,28 +21,41 @@
     "endfor",
     "formatlist",
     "gitter",
+    "godotenv",
+    "golangci",
+    "gruntwork",
     "instancelifecycle",
     "kics",
+    "joho",
     "jsonencode",
     "markdownlint",
+    "mypy",
     "Niek",
     "noexec",
+    "nolint",
     "npalm",
     "oxsecurity",
+    "pylint",
+    "pylintrc",
+    "pyright",
     "shuf",
     "signoff",
     "signum",
+    "stretchr",
     "substr",
     "templatefile",
     "terrascan",
+    "terratest",
     "tfenv",
     "tflint",
     "tftpl",
     "tfsec",
     "tfvars",
     "tmpfs",
     "trivy",
-    "userdata"
+    "typecheck",
+    "userdata",
+    "xanzy"
   ],
   "flagWords": []
 }

.flake8

@@ -0,0 +1,2 @@
+[flake8]
+max-line-length = 132

.github/workflows/ci.yml

@@ -91,7 +91,6 @@ jobs:
           APPLY_FIXES: all
           APPLY_FIXES_EVENT: pull_request
           APPLY_FIXES_MODE: commit
-
       # Upload MegaLinter artifacts
       - name: Archive production artifacts
         if: ${{ success() }} || ${{ failure() }}

.gitignore

@@ -37,7 +37,8 @@ builds/
 .vscode/
 
 # Python
+.mypy_cache/
 venv/
 
 # Terraform rendered templates
-debug/
+debug/

.mega-linter.yml

@@ -12,3 +12,15 @@ DISABLE_LINTERS:
   - MARKDOWN_MARKDOWN_TABLE_FORMATTER
   # CSpell does a great job. No need for a second linter.
   - SPELL_MISSPELL
+  # DevSkim as it has issues ignoring files/directories, e.g. .mypy_cache
+  - REPOSITORY_DEVSKIM
+
+PYTHON_PYLINT_PRE_COMMANDS:
+  # find all Python requirements and install them
+  - command: find . -name requirements.txt -exec pip install -r {} \;
+    cwd: root
+
+PYTHON_PYRIGHT_PRE_COMMANDS:
+  # find all Python requirements and install them
+  - command: find . -name requirements.txt -exec pip install -r {} \;
+    cwd: root

.pylintrc

@@ -0,0 +1,5 @@
+[MASTER]
+init-hook="import sys; sys.path.insert(0, '/usr/local/lib/python3.11/site-packages/')"
+
+[FORMAT]
+max-line-length=132

.ruff.toml

@@ -0,0 +1 @@
+line-length = 132

README.md

@@ -1,3 +1,5 @@
+<!-- First line should be a H1: Badges on top please! -->
+<!-- markdownlint-disable MD041 -->
 [![Terraform registry](https://img.shields.io/github/v/release/cattle-ops/terraform-aws-gitlab-runner?label=Terraform%20Registry)](https://registry.terraform.io/modules/cattle-ops/gitlab-runner/aws/)
 [![Gitter](https://badges.gitter.im/terraform-aws-gitlab-runner/Lobby.svg)](https://gitter.im/terraform-aws-gitlab-runner/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 [![Actions](https://github.com/cattle-ops/terraform-aws-gitlab-runner/workflows/CI/badge.svg)](https://github.com/cattle-ops/terraform-aws-gitlab-runner/actions)
@@ -24,7 +26,7 @@ The original setup of the module is based on the blog post: [Auto scale GitLab C
 
 > 💥 BREAKING CHANGE: Due to various problems of the GitLab docker+machine driver (especially with spot instances),
 > the driver is switched to the version provided by [CKI](https://gitlab.com/cki-project/docker-machine).
-> For more details see [PR](https://github.com/npalm/terraform-aws-gitlab-runner/pull/697).
+> For more details see [PR](https://github.com/cattle-ops/terraform-aws-gitlab-runner/pull/697).
 <!-- there is no blank line in between. These are two separate quotes! -->
 <!-- markdownlint-disable MD028 -->
 > 🚚 CHANGE AHEAD: We have decided to move this repository to a dedicated org soon. No user impact expected, current
@@ -60,22 +62,22 @@ In this scenario the runner agent is running on a single EC2 node and runners ar
 using spot instances. Runners will scale automatically based on the configuration. The module creates a S3 cache by default,
 which is shared across runners (spot instances).
 
-![runners-default](https://github.com/npalm/assets/raw/main/images/terraform-aws-gitlab-runner/runner-default.png)
+![runners-default](https://github.com/cattle-ops/terraform-aws-gitlab-runner/raw/main/assets/images/runner-default.png)
 
 ### GitLab CI docker-machine runner - multiple runner agents
 
 In this scenario the multiple runner agents can be created with different configuration by instantiating the module multiple times.
 Runners will scale automatically based on the configuration. The S3 cache can be shared across runners by managing the cache
 outside of the module.
 
-![runners-cache](https://github.com/npalm/assets/raw/main/images/terraform-aws-gitlab-runner/runner-cache.png)
+![runners-cache](https://github.com/cattle-ops/terraform-aws-gitlab-runner/raw/main/assets/images/runner-cache.png)
 
 ### GitLab Ci docker runner
 
 In this scenario _not_ docker machine is used but docker to schedule the builds. Builds will run on the same EC2 instance as the
 agent. No auto scaling is supported.
 
-![runners-docker](https://github.com/npalm/assets/raw/main/images/terraform-aws-gitlab-runner/runner-docker.png)
+![runners-docker](https://github.com/cattle-ops/terraform-aws-gitlab-runner/raw/main/assets/images/runner-docker.png)
 
 ## Prerequisites
 
@@ -136,7 +138,7 @@ resource "aws_iam_service_linked_role" "autoscaling" {
 
 If a KMS key is set via `kms_key_id`, make sure that you also give proper access to the key. Otherwise, you might
 get errors, e.g. the build cache can't be decrypted or logging via CloudWatch is not possible. For a CloudWatch
-example checkout [kms-policy.json](https://github.com/npalm/terraform-aws-gitlab-runner/blob/main/policies/kms-policy.json)
+example checkout [kms-policy.json](https://github.com/cattle-ops/terraform-aws-gitlab-runner/blob/main/policies/kms-policy.json)
 
 ### GitLab runner token configuration
 
@@ -233,8 +235,8 @@ policy on the bucket.
 
 Creation of the bucket can be disabled and managed outside this module. A good use case is for sharing the cache across multiple
 runners. For this purpose the cache is implemented as a sub module. For more details see the
-[cache module](https://github.com/npalm/terraform-aws-gitlab-runner/tree/main/modules/cache). An example implementation of this use
-case can be found in the [runner-public](https://github.com/npalm/terraform-aws-gitlab-runner/tree/main/examples/runner-public)
+[cache module](https://github.com/cattle-ops/terraform-aws-gitlab-runner/tree/main/modules/cache). An example implementation of
+this use case can be found in the [runner-public](https://github.com/cattle-ops/terraform-aws-gitlab-runner/tree/main/examples/runner-public)
 example.
 
 In case you enable the access logging for the S3 cache bucket, you have to add the following statement to your S3 logging bucket
@@ -286,12 +288,12 @@ AMI. Setting the filter to `amzn2-ami-hvm-2.0.20200207.1-x86_64-ebs` will allow
 
 ### Scenario: Basic usage
 
-Below is a basic examples of usages of the module. Regarding the dependencies such as a VPC, have a look at the [default example](https://github.com/npalm/terraform-aws-gitlab-runner/tree/main/examples/runner-default).
+Below is a basic examples of usages of the module. Regarding the dependencies such as a VPC, have a look at the [default example](https://github.com/cattle-ops/terraform-aws-gitlab-runner/tree/main/examples/runner-default).
 
 ```hcl
 module "runner" {
-  # https://registry.terraform.io/modules/npalm/gitlab-runner/aws/
-  source  = "npalm/gitlab-runner/aws"
+  # https://registry.terraform.io/modules/cattle-ops/gitlab-runner/aws/
+  source  = "cattle-ops/gitlab-runner/aws"
 
   aws_region  = "eu-west-1"
   environment = "spot-runners"
@@ -339,8 +341,8 @@ map. A simple example for this would be to set _region-specific-prefix_ to the A
 
 ```hcl
 module "runner" {
-  # https://registry.terraform.io/modules/npalm/gitlab-runner/aws/
-  source  = "npalm/gitlab-runner/aws"
+  # https://registry.terraform.io/modules/cattle-ops/gitlab-runner/aws/
+  source  = "cattle-ops/gitlab-runner/aws"
 
   aws_region  = "eu-west-1"
   environment = "spot-runners"
@@ -371,7 +373,7 @@ module "runner" {
 
 ## Examples
 
-A few [examples](https://github.com/npalm/terraform-aws-gitlab-runner/tree/main/examples/) are provided. Use the
+A few [examples](https://github.com/cattle-ops/terraform-aws-gitlab-runner/tree/main/examples/) are provided. Use the
 following steps to deploy. Ensure your AWS and Terraform environment is set up correctly. All commands below should be
 run from the `terraform-aws-gitlab-runner/examples/<example-dir>` directory. Don't forget to remove the runners
 manually from your Gitlab instance as soon as your are done.
@@ -413,9 +415,9 @@ This project exists thanks to all the people who contribute.
 
 <!-- this is the only option to integrate the contributors list in the README.md -->
 <!-- markdownlint-disable MD033 -->
-<a href="https://github.com/npalm/terraform-aws-gitlab-runner/graphs/contributors">
+<a href="https://github.com/cattle-ops/terraform-aws-gitlab-runner/graphs/contributors">
   <!-- markdownlint-disable MD033 -->
-  <img src="https://contrib.rocks/image?repo=npalm/terraform-aws-gitlab-runner" />
+  <img src="https://contrib.rocks/image?repo=cattle-ops/terraform-aws-gitlab-runner" />
 </a>
 
 Made with [contributors-img](https://contrib.rocks).

examples/runner-certificates/README.md

@@ -2,21 +2,27 @@
 
 In this scenario the runner agent is running on a single EC2 node.
 
-The example is intended to show how the runner can be configured for self-hosted Gitlab environments with certificates signed by a custom CA.
+The example is intended to show how the runner can be configured for self-hosted Gitlab environments with certificates
+signed by a custom CA.
 
-> This currently only works with the `docker` executor. Support for the `docker+machine` executor is not yet implemented. Contributions are welcome.
+> This currently only works with the `docker` executor. Support for the `docker+machine` executor is not yet
+> implemented. Contributions are welcome.
 
 ## Prerequisites
 
-The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version.
+The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please
+check `.terraform-version` for the tested version.
 
 Before configuring certificates, it is important to review the [Gitlab documentation](https://docs.gitlab.com/runner/configuration/tls-self-signed.html).
 
 In particular, note the following docker images are involved:
 
-> - The **Runner helper image**, which is used to handle Git, artifacts, and cache operations. In this scenario, the user only needs to make a certificate file available at a specific location (for example, /etc/gitlab-runner/certs/ca.crt), and the Docker container will automatically install it for the user.
-
-> - The **user image**, which is used to run the user script. In this scenario, the user must take ownership regarding how to install a certificate, since this is highly dependent on the image itself, and the Runner has no way of knowing how to install a certificate in each possible scenario.
+- The **Runner helper image**, which is used to handle Git, artifacts, and cache operations. In this scenario, the
+  user only needs to make a certificate file available at a specific location (for example 
+  /etc/gitlab-runner/certs/ca.crt), and the Docker container will automatically install it for the user.
+- The **user image**, which is used to run the user script. In this scenario, the user must take ownership regarding
+  how to install a certificate, since this is highly dependent on the image itself, and the Runner has no way of
+  knowing how to install a certificate in each possible scenario.
 
 ### Certificates for the runner-helper image
 
@@ -49,72 +55,76 @@ For **user images**, you must:
 
 1. Mount the certificates from the EC2 host into all user images.
 
-The runner module can be configured to do this step. Configure the module like so:
-
-```terraform
-module {
-  # ...
+    The runner module can be configured to do this step. Configure the module like so:
+    
+    ```terraform
+    module {
+      # ...
+      
+      # Mount EC2 host certs in docker so all user docker images can reference them.
+      runners_additional_volumes = ["/etc/gitlab-runner/certs/:/etc/gitlab-runner/certs:ro"]
+      
+        # ...
+      }
+      ```
+      
+2. Trust the certificates from within the user image.
   
-  # Mount EC2 host certs in docker so all user docker images can reference them.
-  runners_additional_volumes = ["/etc/gitlab-runner/certs/:/etc/gitlab-runner/certs:ro"]
+    Each user image will need to execute commands to copy the certificates into the correct place and trust them.
+    
+    The below examples some ways to do this, assuming user images with the Ubuntu OS or similar.
+    For Alpine OS user images, the specific commands may differ.
+    
+    **Option 1:** Build a custom user image and update your `Dockerfile`:
+    ```docker
+      FROM python:3 # Some base image
+    
+      RUN apt-get -y update
+      RUN apt-get -y upgrade
+    
+      RUN apt-get install -y ca-certificates
+      RUN cp /etc/gitlab-runner/certs/* /usr/local/share/ca-certificates/
+      RUN update-ca-certificates
+      ...
+    ```
+    
+    **Option 2:** Add a section to each pipeline using `before_script`:
+    
+    This change would need to be added to every pipeline file which requires certificates.
+    It could be customized depending on the OS of the pipeline user image.
+    
+    ```yaml
+    default:
+      before_script:
+        # Install certificates into user image
+        - apt-get install -y ca-certificates
+        - cp /etc/gitlab-runner/certs/* /usr/local/share/ca-certificates/
+        - update-ca-certificates
+    ```
+    
+    **Option 3:** Add the script from Option 2 into `runners_pre_build_script` variable:
+    
+    This avoids maintaining the script in each pipeline file, but expects that all user images use the same OS.
+    
+    ```terraform
+    module {
+      # ...
+    
+      runners_pre_build_script = <<EOT
+      '''
+      apt-get install -y ca-certificates
+      cp /etc/gitlab-runner/certs/* /usr/local/share/ca-certificates/
+      update-ca-certificates
+      '''
+      EOT
+    
+      # ...
+    }
+    ```
   
-  # ...
-}
-```
-
-2. Trust the certificates from within the user image.
-
-Each user image will need to execute commands to copy the certificates into the correct place and trust them.
-
-The below examples some ways to do this, assuming user images with the Ubuntu OS or similar.
-For Alpine OS user images, the specific commands may differ.
-
-**Option 1:** Build a custom user image and update your `Dockerfile`:
-```docker
-  FROM python:3 # Some base image
-
-  RUN apt-get -y update
-  RUN apt-get -y upgrade
-
-  RUN apt-get install -y ca-certificates
-  RUN cp /etc/gitlab-runner/certs/* /usr/local/share/ca-certificates/
-  RUN update-ca-certificates
-  ...
-```
-
-**Option 2:** Add a section to each pipeline using `before_script`:
-
-This change would need to be added to every pipeline file which requires certificates.
-It could be customised depending on the OS of the pipeline user image.
-
-```yaml
-default:
-  before_script:
-    # Install certificates into user image
-    - apt-get install -y ca-certificates
-    - cp /etc/gitlab-runner/certs/* /usr/local/share/ca-certificates/
-    - update-ca-certificates
-```
-
-**Option 3:** Add the script from Option 2 into `runners_pre_build_script` variable:
-
-This avoids maintaining the script in each pipeline file, but expects that all user images use the same OS.
-
-```terraform
-module {
-  # ...
-
-  runners_pre_build_script = <<EOT
-  '''
-  apt-get install -y ca-certificates
-  cp /etc/gitlab-runner/certs/* /usr/local/share/ca-certificates/
-  update-ca-certificates
-  '''
-  EOT
-
-  # ...
-}
-```
+<!-- markdownlint-disable -->
+<!-- cSpell:disable -->
+<!-- markdown-link-check-disable -->
 
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
@@ -160,4 +170,4 @@ module {
 ## Outputs
 
 No outputs.
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->