diff --git a/scripts/ensure-tf-boilerplate.sh b/scripts/ensure-tf-boilerplate.sh index 6b5e7d2..a1d019c 100755 --- a/scripts/ensure-tf-boilerplate.sh +++ b/scripts/ensure-tf-boilerplate.sh @@ -67,3 +67,18 @@ provider "aws" { EOF echo "Generated providers.tf (project=${REPO_NAME}, team=${TEAM})" fi + +# --- Generate .gitignore if missing --- +if [ ! -f "$TF_ROOT/.gitignore" ]; then + cat > "$TF_ROOT/.gitignore" <<'EOF' +# Terraform working files — never commit these +.terraform/ +.terraform.lock.hcl +*.tfstate +*.tfstate.backup +*.tfplan +override.tf +override.tf.json +EOF + echo "Generated .gitignore" +fi diff --git a/scripts/expand-modules.py b/scripts/expand-modules.py index 763a5aa..6a03259 100644 --- a/scripts/expand-modules.py +++ b/scripts/expand-modules.py @@ -29,7 +29,7 @@ sys.path.insert(0, os.path.dirname(os.path.abspath(__file__))) from registry import ( REGISTRY, PROJECT, DOMAIN, - BACKEND_TEMPLATE, PROVIDERS_TEMPLATE, OUTPUTS_TEMPLATE, + BACKEND_TEMPLATE, PROVIDERS_TEMPLATE, OUTPUTS_TEMPLATE, GITIGNORE_TEMPLATE, ) GENERATED_MARKER = "# GENERATED FROM app.yaml — do not edit, changes will be overwritten" @@ -678,6 +678,11 @@ def main(): os.path.join(tf_root, "outputs.tf"), OUTPUTS_TEMPLATE.format(host=app_host), ) + # Ensure .gitignore exists so tfstate/working files never get committed + gitignore_path = os.path.join(tf_root, ".gitignore") + if not os.path.exists(gitignore_path): + with open(gitignore_path, "w") as f: + f.write(GITIGNORE_TEMPLATE) # -- Write expanded module files -- for filename, content in file_contents.items(): diff --git a/scripts/registry.py b/scripts/registry.py index a0267f4..03aea58 100644 --- a/scripts/registry.py +++ b/scripts/registry.py @@ -388,6 +388,17 @@ }} """ +GITIGNORE_TEMPLATE = """\ +# Terraform working files — never commit these +.terraform/ +.terraform.lock.hcl +*.tfstate +*.tfstate.backup +*.tfplan +override.tf +override.tf.json +""" + OUTPUTS_TEMPLATE = """\ # GENERATED FROM app.yaml — do not edit, changes will be overwritten output "service_url" {{