feat: generated docs, and original workflows

.github/configs/labeler.yml

@@ -0,0 +1,7 @@
+####
+## This is managed via https://github.com/internal-GlueOps/github-shared-files-sync . Any changes to this file may be overridden by our automation
+####
+
+include-in-release-notes:
+  - changed-files:
+      - any-glob-to-any-file: '**'

.github/release.yml

@@ -0,0 +1,32 @@
+####
+## This is managed via https://github.com/internal-GlueOps/github-shared-files-sync . Any changes to this file may be overridden by our automation
+####
+
+changelog:
+  exclude:
+    labels:
+      - 'ignore'
+    # authors:
+    #   - 'glueops-terraform-svc-account'
+    #   - 'glueops-svc-account'
+    #   - 'glueops-renovatebot'
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - 'major'
+        - 'breaking-change'
+    - title: Enhancements 🎉
+      labels:
+        - 'minor'
+        - 'enhancement'
+        - 'new-feature'
+    - title: Other 🐛
+      labels:
+        - 'auto-update'
+        - 'patch'
+        - 'fix'
+        - 'bugfix'
+        - 'bug'
+        - 'hotfix'
+        - 'dependencies'
+        - 'include-in-release-notes'

.github/workflows/docker-publish.yml

@@ -0,0 +1,101 @@
+name: Docker Publish
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=tag
+            type=ref,event=branch
+            type=raw,value=latest
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

terraform-provider-autoglue/Makefile

@@ -1,23 +1,71 @@
+# ---- Provider build/dev settings ----
 BIN ?= terraform-provider-autoglue
 VER ?= 0.0.1
 OS  ?= $(shell uname -s | tr '[:upper:]' '[:lower:]')
 ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/;s/arm64/arm64/')
+PROVIDER_SRC ?= glueops/autoglue/autoglue
 
-.PHONY: build tidy dev clean
+# ---- tfplugindocs settings ----
+# Where Go places binaries
+BIN_DIR := $(shell go env GOBIN)
+ifeq ($(BIN_DIR),)
+BIN_DIR := $(shell go env GOPATH)/bin
+endif
+DOCS_BIN := $(BIN_DIR)/tfplugindocs
+DOCS_DIR ?= docs
 
+.PHONY: build tidy dev clean tools docs docs-validate docs-clean docs-readme
+
+# Build the provider binary in the repo root
 build:
 	go build -o $(BIN) .
 
+# Tidy module deps
 tidy:
 	go mod tidy
 
+# Install the provider locally for Terraform/OpenTofu as a dev provider
 dev:
 	@echo "Installing dev provider v$(VER) for $(OS)_$(ARCH)..."
-	@DST="$${HOME}/.terraform.d/plugins/glueops/autoglue/autoglue/$(VER)/$(OS)_$(ARCH)"; \
+	@DST="$${HOME}/.terraform.d/plugins/$(PROVIDER_SRC)/$(VER)/$(OS)_$(ARCH)"; \
 	mkdir -p "$$DST"; \
 	go build -o "$$DST/terraform-provider-autoglue_v$(VER)" .; \
 	echo "Provider installed to $$DST"; \
 	echo "Run: terraform init -upgrade"
 
+# Remove build artifacts (and optionally generated docs if desired)
 clean:
 	rm -f $(BIN)
+
+# ---------- Docs via tfplugindocs ----------
+
+# Ensure tfplugindocs is available; install if missing
+tools:
+	@set -e; \
+	if [ ! -x "$(DOCS_BIN)" ]; then \
+		echo "tfplugindocs not found. Installing..."; \
+		go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest; \
+		echo "Installed tfplugindocs to $(DOCS_BIN)"; \
+	else \
+		echo "tfplugindocs found at $(DOCS_BIN)"; \
+	fi
+
+# Generate docs from your Go schemas into ./docs
+docs: tools
+	@echo "Generating provider docs into ./$(DOCS_DIR)..."
+	@$(DOCS_BIN)
+	@echo "Done. See ./$(DOCS_DIR)"
+
+# Validate docs are up-to-date (useful in CI)
+docs-validate: tools
+	@$(DOCS_BIN) validate
+
+# Clean generated docs
+docs-clean:
+	@rm -rf $(DOCS_DIR)
+
+# OPTIONAL: copy the generated landing page to README.md
+docs-readme: docs
+	@[ -f "$(DOCS_DIR)/index.md" ] && cp "$(DOCS_DIR)/index.md" README.md || \
+	  (echo "$(DOCS_DIR)/index.md not found. Did doc generation run?"; exit 1)
+	@echo "README.md updated from $(DOCS_DIR)/index.md"

terraform-provider-autoglue/README.md

@@ -0,0 +1,24 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue Provider"
+description: |-
+  
+---
+
+# autoglue Provider
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `addr` (String) Base URL to the autoglue API (e.g. https://autoglue.example.com/api/v1). Defaults to http://localhost:8080/api/v1.
+- `api_key` (String, Sensitive) User API key for key-only auth.
+- `bearer` (String, Sensitive) Bearer token (user access token).
+- `org_id` (String) Organization ID (UUID). Required for user/bearer and user API key auth unless single-org membership. Omitted for org key/secret (derived server-side).
+- `org_key` (String, Sensitive) Org-scoped key for machine auth.
+- `org_secret` (String, Sensitive) Org-scoped secret for machine auth.

terraform-provider-autoglue/docs/data-sources/annotations.md

@@ -0,0 +1,33 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_annotations Data Source - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  List annotations for the organization (org-scoped).
+---
+
+# autoglue_annotations (Data Source)
+
+List annotations for the organization (org-scoped).
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `items` (Attributes List) Annotations returned by the API. (see [below for nested schema](#nestedatt--items))
+
+<a id="nestedatt--items"></a>
+### Nested Schema for `items`
+
+Read-Only:
+
+- `created_at` (String) RFC3339, UTC.
+- `id` (String) Taint ID (UUID).
+- `key` (String)
+- `organization_id` (String)
+- `raw` (String) Full JSON for the item.
+- `updated_at` (String) RFC3339, UTC.
+- `value` (String)

terraform-provider-autoglue/docs/data-sources/labels.md

@@ -0,0 +1,33 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_labels Data Source - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  List labels for the organization (org-scoped).
+---
+
+# autoglue_labels (Data Source)
+
+List labels for the organization (org-scoped).
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `items` (Attributes List) Labels returned by the API. (see [below for nested schema](#nestedatt--items))
+
+<a id="nestedatt--items"></a>
+### Nested Schema for `items`
+
+Read-Only:
+
+- `created_at` (String) RFC3339, UTC.
+- `id` (String) Taint ID (UUID).
+- `key` (String)
+- `organization_id` (String)
+- `raw` (String) Full JSON for the item.
+- `updated_at` (String) RFC3339, UTC.
+- `value` (String)

terraform-provider-autoglue/docs/data-sources/servers.md

@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_servers Data Source - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  List servers for the organization (org-scoped).
+---
+
+# autoglue_servers (Data Source)
+
+List servers for the organization (org-scoped).
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `role` (String) Filter by role.
+- `status` (String) Filter by status (pending|provisioning|ready|failed).
+
+### Read-Only
+
+- `items` (Attributes List) Servers returned by the API. (see [below for nested schema](#nestedatt--items))
+
+<a id="nestedatt--items"></a>
+### Nested Schema for `items`
+
+Read-Only:
+
+- `created_at` (String) RFC3339, UTC.
+- `hostname` (String)
+- `id` (String) Server ID (UUID).
+- `organization_id` (String)
+- `private_ip_address` (String)
+- `public_ip_address` (String)
+- `raw` (String) Full JSON for the item.
+- `role` (String)
+- `ssh_key_id` (String)
+- `ssh_user` (String)
+- `status` (String)
+- `updated_at` (String) RFC3339, UTC.

terraform-provider-autoglue/docs/data-sources/ssh_keys.md

@@ -0,0 +1,37 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_ssh_keys Data Source - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  
+---
+
+# autoglue_ssh_keys (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `fingerprint` (String) Filter by exact fingerprint (client-side).
+- `name_contains` (String) Filter by substring of name (client-side).
+
+### Read-Only
+
+- `keys` (Attributes List) SSH keys (see [below for nested schema](#nestedatt--keys))
+
+<a id="nestedatt--keys"></a>
+### Nested Schema for `keys`
+
+Read-Only:
+
+- `created_at` (String)
+- `fingerprint` (String)
+- `id` (String)
+- `name` (String)
+- `public_key` (String)
+- `updated_at` (String)

terraform-provider-autoglue/docs/data-sources/taints.md

@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_taints Data Source - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  List taints for the organization (org-scoped).
+---
+
+# autoglue_taints (Data Source)
+
+List taints for the organization (org-scoped).
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `items` (Attributes List) Taints returned by the API. (see [below for nested schema](#nestedatt--items))
+
+<a id="nestedatt--items"></a>
+### Nested Schema for `items`
+
+Read-Only:
+
+- `created_at` (String) RFC3339, UTC.
+- `effect` (String)
+- `id` (String) Taint ID (UUID).
+- `key` (String)
+- `organization_id` (String)
+- `raw` (String) Full JSON for the item.
+- `updated_at` (String) RFC3339, UTC.
+- `value` (String)

terraform-provider-autoglue/docs/index.md

@@ -0,0 +1,24 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue Provider"
+description: |-
+  
+---
+
+# autoglue Provider
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `addr` (String) Base URL to the autoglue API (e.g. https://autoglue.example.com/api/v1). Defaults to http://localhost:8080/api/v1.
+- `api_key` (String, Sensitive) User API key for key-only auth.
+- `bearer` (String, Sensitive) Bearer token (user access token).
+- `org_id` (String) Organization ID (UUID). Required for user/bearer and user API key auth unless single-org membership. Omitted for org key/secret (derived server-side).
+- `org_key` (String, Sensitive) Org-scoped key for machine auth.
+- `org_secret` (String, Sensitive) Org-scoped secret for machine auth.

terraform-provider-autoglue/docs/index.md.tmpl

@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "{{ .ProviderName }} Provider"
+description: |-x
+  {{ .ProviderDescription }}
+---
+
+# {{ .ProviderName }} Provider
+
+${{ .ProviderDescription }}
+
+## Quick Start
+
+~~{hul}hcl
+terraform {
+  required_providers {
+    {{ .ProviderName }} = {
+      source  = "{{ .ProviderSource }}"
+      # version = ">= 0.0.1"
+    }
+  }
+}
+
+provider "{{ .ProviderName }}" {
+  # addr     = "https://api.example.com/api/v1"
+  # api_key    = "angykey"
+  # bearer     = "accesstoken"
+  # org_id     = "..."
+  # org_key    = "---"
+  # org_secret = "---"
+}
+~~{hul}
+
+## Resources
+{{- if .Resources }}
+{{- range .Resources }}
+- [{+ .Name }](./resources/{{ .FileName }})
+{{- end }}
+{{- else }}
+_No resources yet._
+{{- end }}
+
+## Data Sources
+{{- if .DataSources }}
+{{- range .DataSources }}
+- [{+.Name }(./data-sources/{{ .FileName }})
+{{- end }}
+{{- else }}
+_No data sources yet._
+{{- end }}
+
+<-- schema generated by tfplugindocs --=

terraform-provider-autoglue/docs/resources/annotation.md

@@ -0,0 +1,29 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_annotation Resource - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  Create and manage a annotation (org-scoped).
+---
+
+# autoglue_annotation (Resource)
+
+Create and manage a annotation (org-scoped).
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `key` (String) Key.
+- `value` (String) Value.
+
+### Read-Only
+
+- `created_at` (String)
+- `id` (String) ID (UUID).
+- `organization_id` (String)
+- `raw` (String) Full server JSON from API.
+- `updated_at` (String)

terraform-provider-autoglue/docs/resources/label.md

@@ -0,0 +1,29 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_label Resource - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  Create and manage a label (org-scoped).
+---
+
+# autoglue_label (Resource)
+
+Create and manage a label (org-scoped).
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `key` (String) Key.
+- `value` (String) Value.
+
+### Read-Only
+
+- `created_at` (String)
+- `id` (String) Server ID (UUID).
+- `organization_id` (String)
+- `raw` (String) Full server JSON from API.
+- `updated_at` (String)

terraform-provider-autoglue/docs/resources/server.md

@@ -0,0 +1,37 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_server Resource - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  Create and manage a server (org-scoped). Mirrors API validation for role/status/ssh_key_id.
+---
+
+# autoglue_server (Resource)
+
+Create and manage a server (org-scoped). Mirrors API validation for role/status/ssh_key_id.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `hostname` (String) Hostname.
+- `private_ip_address` (String) Private IP address (required).
+- `role` (String) Server role (e.g., agent/manager/bastion). Lowercased by the provider.
+- `ssh_key_id` (String) SSH key ID (UUID) that belongs to the org.
+- `ssh_user` (String) SSH username (required).
+
+### Optional
+
+- `public_ip_address` (String) Public IP address (required when role = bastion).
+- `status` (String) Status (pending|provisioning|ready|failed). Lowercased by the provider.
+
+### Read-Only
+
+- `created_at` (String)
+- `id` (String) Server ID (UUID).
+- `organization_id` (String)
+- `raw` (String) Full server JSON from API.
+- `updated_at` (String)

terraform-provider-autoglue/docs/resources/ssh_key.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_ssh_key Resource - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  
+---
+
+# autoglue_ssh_key (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `comment` (String) Comment appended to authorized key
+- `name` (String) Display name
+
+### Optional
+
+- `bits` (Number) RSA key size (2048/3072/4096). Ignored for ed25519.
+- `type` (String) Key type: rsa or ed25519 (default rsa)
+
+### Read-Only
+
+- `created_at` (String) Creation time (RFC3339, UTC)
+- `fingerprint` (String) SHA256 fingerprint
+- `id` (String) SSH key ID (UUID)
+- `private_key_pem` (String, Sensitive) Private key PEM (resource doesn’t reveal; stays empty).
+- `public_key` (String) OpenSSH authorized key
+- `updated_at` (String) Update time (RFC3339, UTC)

terraform-provider-autoglue/docs/resources/taint.md

@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "autoglue_taint Resource - terraform-provider-autoglue"
+subcategory: ""
+description: |-
+  Create and manage a taint (org-scoped).
+---
+
+# autoglue_taint (Resource)
+
+Create and manage a taint (org-scoped).
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `effect` (String) Effect.
+- `key` (String) Key.
+- `value` (String) Value.
+
+### Read-Only
+
+- `created_at` (String)
+- `id` (String) Server ID (UUID).
+- `organization_id` (String)
+- `raw` (String) Full server JSON from API.
+- `updated_at` (String)