Implement container registry token module (#1)

* Implement container registry token

* Point at released scope_map module

Author: chris11-taylor-nttd

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/release-drafter.yml

@@ -0,0 +1,49 @@
+---
+name-template: "$RESOLVED_VERSION"
+tag-template: "$RESOLVED_VERSION"
+template: |
+  # Changelog
+
+  $CHANGES
+
+  ---
+
+  See details of [all code changes](https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION) since previous release.
+
+categories:
+  - title: ":warning: Breaking Changes"
+    labels:
+      - "major"
+  - title: "🚀 Features"
+    labels:
+      - "minor"
+  - title: "🔧 Fixes"
+    collapse-after: 3
+    labels:
+      - "patch"
+
+autolabeler:
+  - label: "major"
+    branch:
+      - '/(patch|bug|fix|feature|chore)!\/.+/'
+  - label: "minor"
+    branch:
+      - '/feature\/.+/'
+  - label: "patch"
+    branch:
+      - '/(patch|bug|fix|chore)\/.+/'
+
+change-template: "- $TITLE @$AUTHOR (#$NUMBER)"
+
+version-resolver:
+  major:
+    labels:
+      - "major"
+  minor:
+    labels:
+      - "minor"
+  patch:
+    labels:
+      - "patch"
+      - "dependencies"
+  default: patch

.github/workflows/pull-request-label.yml

@@ -0,0 +1,15 @@
+name: Label Pull Request
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  check:
+    name: "Label Pull Request"
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/reusable-pr-label-by-branch.yml@0.10.0
+    secrets: inherit # pragma: allowlist secret

.github/workflows/pull-request-terraform-check.yml

@@ -0,0 +1,19 @@
+name: Check Azure Terraform Code
+
+on:
+  pull_request:
+    types: [ opened, reopened, synchronize, ready_for_review ]
+    branches: [ main ]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  check:
+    name: "Check Azure Terraform Code"
+    permissions:
+      contents: read
+      id-token: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terraform-check-azure.yml@0.10.0
+    secrets: inherit # pragma: allowlist secret

.github/workflows/release-publish.yml

@@ -0,0 +1,18 @@
+name: Publish Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  release-on-merge:
+    name: "Create and Publish Release on Merge"
+    permissions:
+      contents: write
+      pull-requests: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/reusable-release-on-merge.yml@0.10.0
+    secrets: inherit # pragma: allowlist secret

.gitignore

@@ -0,0 +1,65 @@
+terraform.*
+.repo/
+components/
+.semverbot.toml
+.tflint.hcl
+.golangci.yaml
+
+.idea
+!examples/*.tfvars
+
+# We don't want to commit the test run lock files
+.terraform.lock.hcl
+
+# Don't include the .test-data directory created by Terratest's test-structure module
+**/.test-data/*
+
+# Local .terraform directories
+**/.terraform/*
+
+# Local .terragrunt directories
+**/.terragrunt/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars.json
+*.auto.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+provider.tf
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Files from common modules
+azure_env.sh
+.releaserc.json
+.tflint.hcl
+
+# Pre-commit hook
+.pre-commit-config.yaml
+
+# VS Code
+.vscode/

.secrets.baseline

@@ -0,0 +1,109 @@
+{
+  "version": "1.2.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2025-08-21T14:53:53Z"
+}

.terraform-docs.yml

@@ -0,0 +1,12 @@
+formatter: "markdown"
+
+output:
+  file: "README.md"
+  mode: "inject"
+
+sort:
+  enabled: false
+
+sections:
+  hide:
+    - providers

.tool-versions

@@ -0,0 +1,8 @@
+conftest 0.56.0
+golang 1.24.2
+golangci-lint 2.2.1
+pre-commit 4.2.0
+regula 3.2.1 # https://github.com/launchbynttdata/asdf-regula
+terraform 1.10.3
+terraform-docs 0.20.0
+tflint 0.57.0