MITLibraries · cabutlermit · Aug 15, 2025 · Aug 13, 2025 · Aug 14, 2025
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: "v1.99.3"
+    rev: "v1.100.0"
     hooks:
       - id: terraform_fmt
         args:
@@ -12,8 +12,7 @@ repos:
       - id: terraform-docs-go
         args: ["markdown", "table", "--config", "./.terraform-docs.yaml", "--recursive", "--output-file", "README.md", "./"]
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.437'
+    rev: '3.2.461'
     hooks:
       - id: checkov
-        language_version: python3.12
         verbose: false
@@ -112,6 +112,9 @@ This is a core infrastructure repository that defines infrastructure related to
   * [ETD](https://github.com/MITLibraries/mitlib-tf-workloads-etd)
 * [HRQB](https://github.com/MITLibraries/mitlib-tf-workloads-hrqb-loader)
   * [HRQB Client](https://github.com/MITLibraries/hrqb-client)
+* [marimo notebooks](https://github.com/MITLibraries/mitlib-tf-workloads-notebooks)
+  * [marimo-launcher](https://github.com/MITLibraries/marimo-launcher)
+  * [marimo-helloworld](https://github.com/MITLibraries/marimo-helloworld)
 * [Matomo](https://github.com/MITLibraries/mitlib-tf-workloads-matomo)
   * [Matomo Application Container](https://github.com/MITLibraries/docker-matomo)
 * [PPOD](https://github.com/MITLibraries/mitlib-tf-workloads-ppod)
@@ -134,7 +137,7 @@ This is a core infrastructure repository that defines infrastructure related to
 
 * Owner: See [CODEOWNERS](./.github/CODEOWNERS)
 * Team: See [CODEOWNERS](./.github/CODEOWNERS)
-* Last Maintenance: 2025-06
+* Last Maintenance: 2025-08
 
 ## TF markdown is automatically inserted at the bottom of this file, nothing should be written beyond this point
 
@@ -150,7 +153,7 @@ This is a core infrastructure repository that defines infrastructure related to
 
 | Name | Version |
 |------|---------|
-| aws | 5.62.0 |
+| aws | 5.100.0 |
 
 ## Modules
 
@@ -168,6 +171,7 @@ This is a core infrastructure repository that defines infrastructure related to
 | ecr\_dsc | ./modules/ecr | n/a |
 | ecr\_dss | ./modules/ecr | n/a |
 | ecr\_hrqb\_client | ./modules/ecr | n/a |
+| ecr\_marimo | ./modules/ecr | n/a |
 | ecr\_matomo | ./modules/ecr | n/a |
 | ecr\_oaiharvester | ./modules/ecr | n/a |
 | ecr\_patronload | ./modules/ecr | n/a |
@@ -256,6 +260,10 @@ This is a core infrastructure repository that defines infrastructure related to
 | hrqb\_client\_fargate\_makefile | Full contents of the Makefile for the hrqb-client repo (allows devs to push to Dev account only) |
 | hrqb\_client\_fargate\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the hrqb-client repo |
 | hrqb\_client\_fargate\_stage\_build\_workflow | Full contents of the stage-build.yml for the hrqb-client repo |
+| marimo\_fargate\_dev\_build\_workflow | Full contents of the dev-build.yml for the marimo-launcher repo |
+| marimo\_fargate\_makefile | Full contents of the Makefile for the marimo-launcher repo (allows devs to push to Dev account only) |
+| marimo\_fargate\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the marimo-launcher repo |
+| marimo\_fargate\_stage\_build\_workflow | Full contents of the stage-build.yml for the marimo-launcher repo |
 | matomo\_fargate\_dev\_build\_workflow | Full contents of the dev-build.yml for the matomo repo |
 | matomo\_fargate\_makefile | Full contents of the Makefile for the matomo repo (allows devs to push to Dev account only) |
 | matomo\_fargate\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the matomo repo |

@@ -0,0 +1,67 @@
+
+# marimo-launcher containers
+# This is a standard ECR for an ECS with a Fargate launch type
+locals {
+  ecr_marimo = "marimo-${var.environment}"
+}
+module "ecr_marimo" {
+  source            = "./modules/ecr"
+  repo_name         = "marimo-launcher"
+  login_policy_arn  = aws_iam_policy.login.arn
+  oidc_arn          = data.aws_ssm_parameter.oidc_arn.value
+  environment       = var.environment
+  tfoutput_ssm_path = var.tfoutput_ssm_path
+  tags = {
+    app-repo = "marimo-launcher"
+  }
+}
+
+## Outputs to Terraform Cloud for devs ##
+
+## For marimo-launcher application repo and ECR repository
+# Outputs in dev
+output "marimo_fargate_dev_build_workflow" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
+    region   = var.aws_region
+    role     = module.ecr_marimo.gha_role
+    ecr      = module.ecr_marimo.repository_name
+    function = ""
+    }
+  )
+  description = "Full contents of the dev-build.yml for the marimo-launcher repo"
+}
+output "marimo_fargate_makefile" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/makefile.tpl", {
+    ecr_name = module.ecr_marimo.repository_name
+    ecr_url  = module.ecr_marimo.repository_url
+    function = ""
+    }
+  )
+  description = "Full contents of the Makefile for the marimo-launcher repo (allows devs to push to Dev account only)"
+}
+
+# Outputs in stage
+output "marimo_fargate_stage_build_workflow" {
+  value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
+    region   = var.aws_region
+    role     = module.ecr_marimo.gha_role
+    ecr      = module.ecr_marimo.repository_name
+    function = ""
+    }
+  )
+  description = "Full contents of the stage-build.yml for the marimo-launcher repo"
+}
+
+# Outputs after promotion to prod
+output "marimo_fargate_prod_promote_workflow" {
+  value = var.environment == "stage" || var.environment == "dev" ? null : templatefile("${path.module}/files/prod-promote.tpl", {
+    region     = var.aws_region
+    role_stage = "${module.ecr_marimo.repo_name}-gha-stage"
+    role_prod  = "${module.ecr_marimo.repo_name}-gha-prod"
+    ecr_stage  = "${module.ecr_marimo.repo_name}-stage"
+    ecr_prod   = "${module.ecr_marimo.repo_name}-prod"
+    function   = ""
+    }
+  )
+  description = "Full contents of the prod-promote.yml for the marimo-launcher repo"
+}