From 06485c73749f40126733a37ed2f488c430af5ac3 Mon Sep 17 00:00:00 2001 From: Sinisa Sokolic Date: Wed, 23 Feb 2022 10:46:17 +0100 Subject: [PATCH 01/12] Initial commit --- .github/dependabot.yml | 19 +++++ .github/workflows/dependabot.yaml | 27 ++++++ .github/workflows/megalinter.yaml | 34 ++++++++ .github/workflows/tagging.yaml | 29 +++++++ .gitignore | 21 +++++ .pre-commit-config.yaml | 53 ++++++++++++ CHANGELOG.md | 27 ++++++ CODEOWNERS.md | 0 CONTRIBUTING.md | 132 ++++++++++++++++++++++++++++++ LICENSE | 21 +++++ README.md | 53 ++++++++++++ build/build.ps1 | 1 + docs/BEST-PRACTICES.md | 97 ++++++++++++++++++++++ docs/BUG_REPORT.md | 68 +++++++++++++++ docs/FEATURE_REQUEST.md | 59 +++++++++++++ docs/PR_TEMPLATE.md | 88 ++++++++++++++++++++ docs/VERSIONING.md | 0 main.tf | 0 outputs.tf | 4 + variables.tf | 10 +++ versions.tf | 9 ++ 21 files changed, 752 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot.yaml create mode 100644 .github/workflows/megalinter.yaml create mode 100644 .github/workflows/tagging.yaml create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 CHANGELOG.md create mode 100644 CODEOWNERS.md create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE create mode 100644 README.md create mode 100644 build/build.ps1 create mode 100644 docs/BEST-PRACTICES.md create mode 100644 docs/BUG_REPORT.md create mode 100644 docs/FEATURE_REQUEST.md create mode 100644 docs/PR_TEMPLATE.md create mode 100644 docs/VERSIONING.md create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 variables.tf create mode 100644 versions.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..766c1a4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,19 @@ +--- +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + target-branch: dev + schedule: + interval: daily + labels: + - github-actions + - dependencies + - package-ecosystem: terraform + directory: / + target-branch: dev + schedule: + interval: daily + labels: + - terraform + - dependencies diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml new file mode 100644 index 0000000..3e8a4d8 --- /dev/null +++ b/.github/workflows/dependabot.yaml @@ -0,0 +1,27 @@ +--- +name: Dependabot Pull Request Approve and Merge +on: pull_request_target +permissions: + pull-requests: write + contents: write +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.2.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Enable auto-merge for Dependabot PRs + if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml new file mode 100644 index 0000000..c3945b4 --- /dev/null +++ b/.github/workflows/megalinter.yaml @@ -0,0 +1,34 @@ +--- +name: Linting files +on: + pull_request: + branches: [main, master] +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true +jobs: + build: + name: MegaLinter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 + - name: MegaLinter + id: ml + uses: megalinter/megalinter/flavors/terraform@v5 + env: + VALIDATE_ALL_CODEBASE: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DISABLE: COPYPASTE,SPELL + DISABLE_LINTERS: TERRAFORM_TERRASCAN + - name: Archive production artifacts + if: ${{ success() }} || ${{ failure() }} + uses: actions/upload-artifact@v2 + with: + name: MegaLinter reports + path: | + report + mega-linter.log diff --git a/.github/workflows/tagging.yaml b/.github/workflows/tagging.yaml new file mode 100644 index 0000000..2a89990 --- /dev/null +++ b/.github/workflows/tagging.yaml @@ -0,0 +1,29 @@ +--- +name: Create tag and release + +on: + push: + branches: + - master + - main + +jobs: + tag: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 + - name: Bump version and push tag + id: tag_version + uses: mathieudutour/github-tag-action@v6.0 + with: + github_token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + - name: Create a GitHub release + uses: ncipollo/release-action@v1 + with: + tag: ${{ steps.tag_version.outputs.new_tag }} + name: Release ${{ steps.tag_version.outputs.new_tag }} + body: ${{ steps.tag_version.outputs.changelog }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b0d92b9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,21 @@ +**/.terraform/* +*.tfstate +*.tfstate.* +terraform.rc +.terraformrc +override.tf +override.tf.json +*_override.tf +*_override.tf.json +**/*.tfvars +**/**.tfvars.json +cache/** + +crash.log + + + + +**/.DS_STORE +report/** +mega-linter.log diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..5cd2118 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,53 @@ +--- +repos: + - repo: https://github.com/compilerla/conventional-pre-commit + rev: v1.2.0 + hooks: + - id: conventional-pre-commit + stages: [commit-msg] + args: [] + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.1.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-added-large-files + - id: check-builtin-literals + - id: check-byte-order-marker + - id: check-json + - id: check-xml + - id: check-yaml + - id: check-merge-conflict + - id: check-shebang-scripts-are-executable + - id: check-symlinks + - id: mixed-line-ending + - id: detect-private-key + - id: pretty-format-json + - id: detect-aws-credentials + - id: no-commit-to-branch + args: + - -b master + - id: no-commit-to-branch + args: + - -b main + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.62.0 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - --hook-config=--path-to-file=README.md + - --hook-config=--add-to-existing-file=true + - --hook-config=--create-file-if-not-exist=true + - id: terraform_tfsec + - id: checkov + - repo: https://github.com/sirosen/check-jsonschema + rev: 0.13.0 + hooks: + - id: check-github-workflows + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v2.5.1 + hooks: + - id: prettier + stages: [commit] diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..6fa6dc7 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,27 @@ +# [Unreleased] + +## [0.0.1] - 2022-01-01 + +### Added + +- new features + +### Changed + +- changes in existing functionality + +### Depracted + +- soon to be removed features + +### Removed + +- removed features + +### Fixed + +- bug fixes + +### Security + +- in case of vulnerabilities diff --git a/CODEOWNERS.md b/CODEOWNERS.md new file mode 100644 index 0000000..e69de29 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..88c4db8 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,132 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[INSERT CONTACT METHOD]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][mozilla coc]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][faq]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[mozilla coc]: https://github.com/mozilla/diversity +[faq]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..df9ff8c --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 xoap.io + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..d91a53d --- /dev/null +++ b/README.md @@ -0,0 +1,53 @@ +# Table of Contents + +- [Table of Contents](#table-of-contents) + - [Usage](#usage) + - [Requirements](#requirements) + - [Providers](#providers) + - [Modules](#modules) + - [Resources](#resources) + - [Inputs](#inputs) + - [Outputs](#outputs) + +## Usage + +various commands + +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](code_of_conduct.md) + + + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.1.6 | +| [aws](#requirement\_aws) | >=4.0.0 | + +## Providers + +No providers. + +## Modules + +No modules. + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [context](#input\_context) | Default context for naming and tagging purpose | 
object({
    organization = string
    environment  = string
    account      = string
    product      = string
    tags         = map(string)
  })
| n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [context](#output\_context) | Exported context from input variable | + + + diff --git a/build/build.ps1 b/build/build.ps1 new file mode 100644 index 0000000..1d7783b --- /dev/null +++ b/build/build.ps1 @@ -0,0 +1 @@ +https://github.com/psake/psake diff --git a/docs/BEST-PRACTICES.md b/docs/BEST-PRACTICES.md new file mode 100644 index 0000000..f2be2d6 --- /dev/null +++ b/docs/BEST-PRACTICES.md @@ -0,0 +1,97 @@ +# Best practices + +## Module naming + +terraform-- eg. terraform-aws-ec2 + +## Release Tags + +Must be a semantic version. For example v1.0.4. The v prefix is mandatory. + +## Repository description + +This is mandatory within the README.md and can be a simple sentence that explains the module. + +## Readme + +README. The root module and any nested modules should have README files. This file should be named README or README.md. The latter will be treated as markdown. + +## License file + +The license under which this module is available. If you are publishing a module publicly, many organizations will not adopt a module unless a clear license is present. +We recommend always having a license file, even if it is not an open source license. + +## Files + + + +├── README.md +├── main.tf +├── variables.tf +├── outputs.tf + +For a simple module, this may be where all the resources are created. +For a complex module, resource creation may be split into multiple files but any nested module calls should be in the main file. +variables.tf and outputs.tf should contain the declarations for variables and outputs, respectively. + +## Variables and Outputs + +Must have subscriptions and type declarations. + +## Nested modules + +Nested modules should exist under the modules/ subdirectory. Any nested module with a README.md is considered usable by an external user. If a README doesn't exist, it is considered for internal use only. + +## Examples + +Examples of using the module should exist under the examples/ subdirectory at the root of the repository. Each example may have a README to explain the goal and usage of the example. + +## Providers + +Although provider configurations are shared between modules, each module must declare its own provider requirements, so that Terraform can ensure that there is a single version of the provider that is +compatible with all modules in the configuration and to specify the source address that serves as the global (module-agnostic) identifier for a provider. + +terraform { +required_providers { +aws = { +source = "hashicorp/aws" +version = ">= 2.7.0" +configuration_aliases = [ aws.alternate ] +} +} +} + +When child modules each need a different configuration of a particular provider, or where the child module requires a different provider configuration than its parent, +you can use the providers argument within a module block to explicitly define which provider configurations are available to the child module. For example: + +### The default "aws" configuration is used for AWS resources in the root + +### module where no explicit provider instance is selected + +provider "aws" { +region = "us-west-1" +} + +### An alternate configuration is also defined for a different + +### region, using the alias "usw2" + +provider "aws" { +alias = "usw2" +region = "us-west-2" +} + +### An example child module is instantiated with the alternate configuration + +### so any AWS resources it defines will use the us-west-2 region + +module "example" { +source = "./example" +providers = { +aws = aws.usw2 +} +} + +## Formatting and linting + +Use terraform fmt to reformat your configuration in the standard style. diff --git a/docs/BUG_REPORT.md b/docs/BUG_REPORT.md new file mode 100644 index 0000000..5d89a19 --- /dev/null +++ b/docs/BUG_REPORT.md @@ -0,0 +1,68 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "" +labels: "" +assignees: "" +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: + +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Environment (please complete the following information):** + +- OS: [e.g. Windows, macOS, Linux] +- Rover Version [e.g. ] + +**Additional context** +Add any other context about the problem here. + +--- + +name: Bug report +about: Create a bug report to help us improve. +title: '' +labels: bug +assignees: '' + +--- + + + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior including the relevant Terraform/Terragrunt/Packer version number and any code snippets and module inputs you used. + +```hcl +// paste code snippets here +``` + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Nice to have** + +- [ ] Terminal output +- [ ] Screenshots + +**Additional context** +Add any other context about the problem here. diff --git a/docs/FEATURE_REQUEST.md b/docs/FEATURE_REQUEST.md new file mode 100644 index 0000000..5259c47 --- /dev/null +++ b/docs/FEATURE_REQUEST.md @@ -0,0 +1,59 @@ +--- +name: Feature request +about: Submit a feature request for this repo. +title: "" +labels: enhancement +assignees: "" +--- + + + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. + +--- + +name: Feature Request +about: Suggest an idea for this project +title: '' +labels: 'feature request' +assignees: '' + +--- + +Have a question? Please checkout our [Slack Community](https://slack.cloudposse.com) or visit our [Slack Archive](https://archive.sweetops.com/). + +[![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + +## Describe the Feature + +A clear and concise description of what the bug is. + +## Expected Behavior + +A clear and concise description of what you expected to happen. + +## Use Case + +Is your feature request related to a problem/challenge you are trying to solve? Please provide some additional context of why this feature or capability will be valuable. + +## Describe Ideal Solution + +A clear and concise description of what you want to happen. If you don't know, that's okay. + +## Alternatives Considered + +Explain what alternative solutions or features you've considered. + +## Additional Context + +Add any other context or screenshots about the feature request here. diff --git a/docs/PR_TEMPLATE.md b/docs/PR_TEMPLATE.md new file mode 100644 index 0000000..9a96807 --- /dev/null +++ b/docs/PR_TEMPLATE.md @@ -0,0 +1,88 @@ +# [Issue-id](https://github.com/Azure/caf-terraform-landingzones-starter/issues/ISSUE-ID-GOES-HERE) + +## PR Checklist + +--- + + + +- [ ] I have updated the documentation accordingly. +- [ ] I have added tests to cover my changes. +- [ ] All new and existing tests passed. +- [ ] My code follows the code style of this project. +- [ ] I ran lint checks locally prior to submission. +- [ ] Have you checked to ensure there aren't other open Pull Requests for the same update/change? + +## Description + + + +## Does this introduce a breaking change + +- [ ] YES +- [ ] NO + + + +## Testing + + + + + +## Description + + + +### Documentation + + + + + +## TODOs + +Please ensure all of these TODOs are completed before asking for a review. + +- [ ] Ensure the branch is named correctly with the issue number. e.g: `feature/new-vpc-endpoints-955` or `bug/missing-count-param-434`. +- [ ] Update the docs. +- [ ] Keep the changes backward compatible where possible. +- [ ] Run the pre-commit checks successfully. +- [ ] Run the relevant tests successfully. +- [ ] Ensure any 3rd party code adheres with our [license policy](https://www.notion.so/gruntwork/Gruntwork-licenses-and-open-source-usage-policy-f7dece1f780341c7b69c1763f22b1378) or delete this line if its not applicable. + +## Related Issues + + + +## what + +- Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +- Use bullet points to be concise and to the point. + +## why + +- Provide the justifications for the changes (e.g. business case). +- Describe why these changes were made (e.g. why do these commits fix the problem?) +- Use bullet points to be concise and to the point. + +## references + +- Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). +- Use `closes #123`, if this PR closes a GitHub issue `#123` diff --git a/docs/VERSIONING.md b/docs/VERSIONING.md new file mode 100644 index 0000000..e69de29 diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..0c04529 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,4 @@ +output "context" { + value = var.context + description = "Exported context from input variable" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..96c1e35 --- /dev/null +++ b/variables.tf @@ -0,0 +1,10 @@ +variable "context" { + type = object({ + organization = string + environment = string + account = string + product = string + tags = map(string) + }) + description = "Default context for naming and tagging purpose" +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..ff0d5d4 --- /dev/null +++ b/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.1.6" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">=4.0.0" + } + } +} From 0f3707f40be8a4fc89eb08f02daea3a0c3f9b112 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Mar 2022 15:32:19 +0000 Subject: [PATCH 02/12] Bump dependabot/fetch-metadata from 1.2.1 to 1.3.0 (#1) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.2.1 to 1.3.0. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.2.1...v1.3.0) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependabot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml index 3e8a4d8..9e2b846 100644 --- a/.github/workflows/dependabot.yaml +++ b/.github/workflows/dependabot.yaml @@ -11,7 +11,7 @@ jobs: steps: - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.2.1 + uses: dependabot/fetch-metadata@v1.3.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Approve a PR From 924b265510dbb82140e664091c5bf3b903cc990b Mon Sep 17 00:00:00 2001 From: bbrauneck Date: Tue, 29 Mar 2022 15:06:16 +0200 Subject: [PATCH 03/12] build: Updated from template repo --- .../workflows/commit-message-validator.yaml | 12 + .github/workflows/megalinter.yaml | 2 +- .github/workflows/tagging.yaml | 2 +- .gitignore | 461 +++++++++++++++++- .pre-commit-config.yaml | 8 +- CODE_OF_CONDUCT.md | 132 +++++ README.md | 106 +++- build/init.ps1 | 78 +++ build/sync_template.ps1 | 27 + docs/BEST-PRACTICES.md | 16 +- docs/BUG_REPORT.md | 80 ++- docs/FEATURE_REQUEST.md | 57 +-- docs/PR_TEMPLATE.md | 99 ++-- kics.config | 15 + versions.tf | 4 +- 15 files changed, 909 insertions(+), 190 deletions(-) create mode 100644 .github/workflows/commit-message-validator.yaml create mode 100644 CODE_OF_CONDUCT.md create mode 100644 build/init.ps1 create mode 100644 build/sync_template.ps1 create mode 100644 kics.config diff --git a/.github/workflows/commit-message-validator.yaml b/.github/workflows/commit-message-validator.yaml new file mode 100644 index 0000000..19f9692 --- /dev/null +++ b/.github/workflows/commit-message-validator.yaml @@ -0,0 +1,12 @@ +name: Commit linter +on: + pull_request: + branches: [main, master] +jobs: + commitlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: wagoid/commitlint-github-action@v4 diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml index c3945b4..f902125 100644 --- a/.github/workflows/megalinter.yaml +++ b/.github/workflows/megalinter.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/tagging.yaml b/.github/workflows/tagging.yaml index 2a89990..816de24 100644 --- a/.github/workflows/tagging.yaml +++ b/.github/workflows/tagging.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.gitignore b/.gitignore index b0d92b9..96a4948 100644 --- a/.gitignore +++ b/.gitignore @@ -1,21 +1,464 @@ +# Misc +mega-linter.log +.idea + +# Local .terraform directories **/.terraform/* + +# .tfstate files *.tfstate *.tfstate.* -terraform.rc -.terraformrc + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json +**/*.tfvars +**/**.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in override.tf override.tf.json *_override.tf *_override.tf.json -**/*.tfvars -**/**.tfvars.json -cache/** -crash.log +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl +.terraform +# MacOS General +.DS_Store +.AppleDouble +.LSOverride +# Icon must end with two \r +Icon +# Thumbnails +._* -**/.DS_STORE -report/** -mega-linter.log +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5cd2118..de3deb4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -35,13 +35,19 @@ repos: rev: v1.62.0 hooks: - id: terraform_fmt + - id: terraform_tflint + args: + - --args=--enable-plugin=aws - id: terraform_docs args: - --hook-config=--path-to-file=README.md - --hook-config=--add-to-existing-file=true - --hook-config=--create-file-if-not-exist=true - id: terraform_tfsec - - id: checkov + - repo: https://github.com/Checkmarx/kics + rev: v1.5.4 + hooks: + - id: kics - repo: https://github.com/sirosen/check-jsonschema rev: 0.13.0 hooks: diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..88c4db8 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,132 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[INSERT CONTACT METHOD]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][mozilla coc]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][faq]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[mozilla coc]: https://github.com/mozilla/diversity +[faq]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/README.md b/README.md index d91a53d..4e673aa 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,101 @@ +[![Maintained](https://img.shields.io/badge/Maintained%20by-XOAP-success)](https://xoap.io) +[![Terraform](https://img.shields.io/badge/Terraform-%3E%3D1.1.6-blue)](https://terraform.io) +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) + # Table of Contents -- [Table of Contents](#table-of-contents) - - [Usage](#usage) - - [Requirements](#requirements) - - [Providers](#providers) - - [Modules](#modules) - - [Resources](#resources) - - [Inputs](#inputs) - - [Outputs](#outputs) +- [Introduction](#introduction) +- [Guidelines](#guidelines) +- [Requirements](#requirements) +- [Providers](#providers) +- [Modules](#modules) +- [Resources](#resources) +- [Inputs](#inputs) +- [Outputs](#outputs) + +--- + +## Introduction + +This is a template for Terraform modules. + +It is part of our XOAP Automation Forces Open Source community library to give you a quick start into Infrastructure as Code deployments with Terraform. + +We have a lot of Terraform modules that are Open Source and maintained by the XOAP staff. + +Please check the links for more info, including usage information and full documentation: + +- [XOAP Website](https://xoap.io) +- [XOAP Documentation](https://docs.xoap.io) +- [Twitter](https://twitter.com/xoap_io) +- [LinkedIn](https://www.linkedin.com/company/xoap_io) + +--- + +## Guidelines + +We are using the following guidelines to write code and make it easier for everyone to follow a destinctive guideline. Please check these links before starting to work on changes. + +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](CODE_OF_CONDUCT.md) + +Git Naming Conventions are an important part of the development process. They descrtibe how Branched, Commit Messages, Pull Requests and Tags should look like to make the easily understandebla for everybody in the development chain. + +[Git Naming Conventions](https://namingconvention.org/git/) + +he Conventional Commits specification is a lightweight convention on top of commit messages. It provides an easy set of rules for creating an explicit commit history; which makes it easier to write automated tools on top of. + +[Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) + +The better a Pull Request description is, the better a review can understand and decide on how to review the changes. This improves implementation speed and reduces communication between the requester and the reviewer resulting in much less overhead. + +[Wiriting A Great Pull Request Description](https://www.pullrequest.com/blog/writing-a-great-pull-request-description/) + +Versioning is a crucial part for Terraform Stacks and Modules. Without version tags you cannot clearly create a stable environment and be sure that your latest changes won't crash your production environment (sure it still can happen, but we are trying our best to implement everything that we can to reduce the risk) + +[Semantic Versioning](https://semver.org) + +Naming Conventions for Terraform resources must be used. + +[Terraform Naming Conventions](https://www.terraform-best-practices.com/naming) + +--- ## Usage -various commands +### Installation + +For the first ime using this template necessary tools need to be installed. +A script for PowerShell Core is provided under ./build/init.ps1 + +This script will install following dependencies: + +- [pre-commit](https://github.com/pre-commit/pre-commit) +- [terraform-docs](https://github.com/terraform-docs/terraform-docs) +- [tflint](https://github.com/terraform-linters/tflint) +- [tfsec](https://github.com/aquasecurity/tfsec) +- [checkov](https://github.com/bridgecrewio/checkov) +- [terrascan](https://github.com/accurics/terrascan) +- [kics](https://github.com/Checkmarx/kics) + +This script configures: + +- global git template under ~/.git-template +- global pre-commit hooks for prepare-commit-msg and commit-msg under ~/.git-template/hooks +- github actions: + - linting and checks for pull requests from dev to master/main + - automatic tagging and release creation on pushes to master/main + - dependabot updates + +It currently supports the automated installation for macOS. Support for Windows and Linux will be available soon. + +### Synchronisation + +We provided a script under ./build/sync_template.ps1 to fetch the latest changes from this template repository. +Please be aware that this is mainly a copy operation which means all your current changes have to be committed first and after running the script you have to merge this changes into your codebase. + +### Configuration -[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](code_of_conduct.md) +--- @@ -22,8 +104,8 @@ various commands | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.1.6 | -| [aws](#requirement\_aws) | >=4.0.0 | +| [terraform](#requirement\_terraform) | >=1.1.6 | +| [aws](#requirement\_aws) | >= 4.8.0 | ## Providers diff --git a/build/init.ps1 b/build/init.ps1 new file mode 100644 index 0000000..1b10fe4 --- /dev/null +++ b/build/init.ps1 @@ -0,0 +1,78 @@ +$brewPackages = @( + "pre-commit", + "gawk", + "terraform-docs", + "tflint", + "tfsec", + "coreutils", + "checkov", + "terrascan", + "golang", + "Checkmarx/tap/kics" + +) +function ReplaceAllStringsInFile($SearchString, $ReplaceString, $FullPathToFile) { + $content = [System.IO.File]::ReadAllText("$FullPathToFile").Replace("$SearchString", "$ReplaceString") + [System.IO.File]::WriteAllText("$FullPathToFile", $content) +} +function SetupPreCommit { + Write-host "Configuring pre-commit..." + $dir = Join-Path $env:HOME ".git-template" + if (Test-Path "$dir") { + Remove-item -Recurse -Force -Path "$dir" -Verbose + } + $globalHooks = Join-path $dir "hooks" + $localHooks = "$PSScriptRoot/../.git/hooks" + if (Test-Path "$localHooks") { + Remove-item -Recurse -Force -Path "$localHooks" -Verbose + } + + New-Item -ItemType Directory -Path $dir + git config --global init.templateDir $dir + git config --global core.hooksPath $dir/hooks + pre-commit init-templatedir -t pre-commit $dir + pre-commit init-templatedir -t prepare-commit-msg $dir + pre-commit init-templatedir -t commit-msg $dir + + Copy-Item $globalHooks -Destination $localHooks -Recurse -Verbose +} +function InstallMacDependencies { + foreach ($package in $brewPackages) { + Write-Host "Going to check for package $package" + brew install $package + } +} +function FixReadme { + $file = "$PSScriptRoot/../README.md" + $path = Get-Item "$PSScriptRoot/.." + ReplaceAllStringsInFile -SearchString "TERRAFORM-MODULE-TEMPLATE" -ReplaceString $path.Name.ToUpper() -FullPathToFile $file +} + +function PrintAdditionalNeededConfig { + Write-Host "Please add following statements to your .bashrc or .zshrc" + Write-host " +Optional: + export GOPATH=`$HOME/dev/go-workspace + export GOROOT=/usr/local/opt/go/libexec + export PATH=`$PATH:`$GOPATH/bin + export PATH=`$PATH:`$GOROOT/bin +Required: + export TF_PLUGIN_CACHE_DIR=~/.terraform-cache + export KICS_QUERIES_PATH=/usr/local/opt/kics/share/kics/assets/queries" +} + +if ($IsWindows) { + Write-Error "This script is currently not able to setup windows systems" + exit 1 +} +if ($IsLinux) { + Write-Error "This script is currently not able to setup linux systems" + exit 1 +} +if ($IsMacOS) { + InstallMacDependencies + PrintAdditionalNeededConfig +} + +SetupPreCommit +FixReadme diff --git a/build/sync_template.ps1 b/build/sync_template.ps1 new file mode 100644 index 0000000..27499ab --- /dev/null +++ b/build/sync_template.ps1 @@ -0,0 +1,27 @@ +$protectedFiles = @( + "main.tf", + "outputs.tf" + "variables.tf" +) +$ChangedFiles = $(git status --porcelain | Measure-Object | Select-Object -expand Count) +if ($ChangedFiles -gt 0) +{ + Write-Error "Found $ChangedFiles changed files. Please commit or stash them before using this script." + exit 0 +} + +$tempPath = Join-Path $([system.io.path]::GetTempPath()) "xoap-template" + +if(Test-path "$tempPath"){ + Write-Host "Removing old temporary files for xoap module template" + Remove-Item "$tempPath" -Recurse -Force -Verbose +} + +git clone https://github.com/xoap-io/terraform-module-template.git $tempPath + +$templateItems = Get-ChildItem $tempPath -File | Where-Object {$_.Name -notin $protectedFiles} + +foreach($item in $templateItems){ + $targetPath = $item.FullName.Replace($tempPath, "${PSScriptRoot}/..") + Copy-Item $item.FullName -Destination $targetPath -Force -Verbose +} diff --git a/docs/BEST-PRACTICES.md b/docs/BEST-PRACTICES.md index f2be2d6..9ca37b7 100644 --- a/docs/BEST-PRACTICES.md +++ b/docs/BEST-PRACTICES.md @@ -2,7 +2,7 @@ ## Module naming -terraform-- eg. terraform-aws-ec2 +terraform-PROVIDER-NAME eg. terraform-aws-ec2 ## Release Tags @@ -23,12 +23,12 @@ We recommend always having a license file, even if it is not an open source lice ## Files - +### MODULENAME -├── README.md -├── main.tf -├── variables.tf -├── outputs.tf +- README.md +- main.tf +- variables.tf +- outputs.tf For a simple module, this may be where all the resources are created. For a complex module, resource creation may be split into multiple files but any nested module calls should be in the main file. @@ -40,11 +40,11 @@ Must have subscriptions and type declarations. ## Nested modules -Nested modules should exist under the modules/ subdirectory. Any nested module with a README.md is considered usable by an external user. If a README doesn't exist, it is considered for internal use only. +Nested modules should exist under the modules/ subdirectory. Any nested module with a README.md is considered usable by an external user. If a README.md doesn't exist, it is considered for internal use only. ## Examples -Examples of using the module should exist under the examples/ subdirectory at the root of the repository. Each example may have a README to explain the goal and usage of the example. +Examples of using the module should exist under the examples/subdirectory at the root of the repository. Each example may have a README.md to explain the goal and usage of the example. ## Providers diff --git a/docs/BUG_REPORT.md b/docs/BUG_REPORT.md index 5d89a19..abd4621 100644 --- a/docs/BUG_REPORT.md +++ b/docs/BUG_REPORT.md @@ -1,15 +1,11 @@ ---- -name: Bug report -about: Create a report to help us improve -title: "" -labels: "" -assignees: "" ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** +# Bug Report + +This guideline should help you in reporting bugs. + +## Describe the bug + +Describe in detail what happens when. Add as much information as you can. + Steps to reproduce the behavior: 1. Go to '...' @@ -17,52 +13,34 @@ Steps to reproduce the behavior: 3. Scroll down to '....' 4. See error -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Environment (please complete the following information):** - -- OS: [e.g. Windows, macOS, Linux] -- Rover Version [e.g. ] - -**Additional context** -Add any other context about the problem here. +Add code if needed. ---- - -name: Bug report -about: Create a bug report to help us improve. -title: '' -labels: bug -assignees: '' +```hcl +// paste code snippets here +``` ---- +## Expected behavior - +A description of what you expected to happen. -**Describe the bug** -A clear and concise description of what the bug is. +## Screenshots -**To Reproduce** -Steps to reproduce the behavior including the relevant Terraform/Terragrunt/Packer version number and any code snippets and module inputs you used. +Add as much screenshots as necessary to explain the bug. Alternatively add a video. -```hcl -// paste code snippets here -``` +## Environment -**Expected behavior** -A clear and concise description of what you expected to happen. +- Operating System +- Build and language +- Terraform version +- DSC Module version +- ... -**Nice to have** +## Additional resources -- [ ] Terminal output -- [ ] Screenshots +Add anything else that might help us understand the problem. -**Additional context** -Add any other context about the problem here. +- Screenshots +- Links +- Videos +- logs +- Terminal outputs diff --git a/docs/FEATURE_REQUEST.md b/docs/FEATURE_REQUEST.md index 5259c47..f396728 100644 --- a/docs/FEATURE_REQUEST.md +++ b/docs/FEATURE_REQUEST.md @@ -1,59 +1,28 @@ ---- -name: Feature request -about: Submit a feature request for this repo. -title: "" -labels: enhancement -assignees: "" ---- +# Feature Request - +This guideline should help you in the creation process of a feature request. -**Describe the solution you'd like** -A clear and concise description of what you want to happen. +## Feature -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. - ---- - -name: Feature Request -about: Suggest an idea for this project -title: '' -labels: 'feature request' -assignees: '' - ---- - -Have a question? Please checkout our [Slack Community](https://slack.cloudposse.com) or visit our [Slack Archive](https://archive.sweetops.com/). - -[![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) - -## Describe the Feature - -A clear and concise description of what the bug is. +A clear and detailed description of what feature you are missing or what is not working as expected. ## Expected Behavior -A clear and concise description of what you expected to happen. +What should happen by implementing your feature request. ## Use Case -Is your feature request related to a problem/challenge you are trying to solve? Please provide some additional context of why this feature or capability will be valuable. +Is your feature request related to a problem? Please provide additional context of why this feature or capability will be valuable. +Add external references to further describe the use case. -## Describe Ideal Solution +## Describe Solution -A clear and concise description of what you want to happen. If you don't know, that's okay. +What would be the best case by implementing the feature request? -## Alternatives Considered +## Alternatives -Explain what alternative solutions or features you've considered. +Is there another way of implementing the feature request. What else did you think of? -## Additional Context +## Additional resources -Add any other context or screenshots about the feature request here. +Add all resources here that make your request clearer or that describe it better (links, blogs, articles or pictures). diff --git a/docs/PR_TEMPLATE.md b/docs/PR_TEMPLATE.md index 9a96807..b0e17e1 100644 --- a/docs/PR_TEMPLATE.md +++ b/docs/PR_TEMPLATE.md @@ -1,88 +1,65 @@ -# [Issue-id](https://github.com/Azure/caf-terraform-landingzones-starter/issues/ISSUE-ID-GOES-HERE) +# PR Checklist -## PR Checklist +Use the check list below to ensure your branch is ready for PR. ---- +- You have updated the documentation accordingly +- You have added tests to cover your changes +- All new and existing tests passed +- Your code follows the code style guidlines of this project +- You ran lint checks locally +- You checked to ensure there aren't other open Pull Requests for the same change? - +## Summary -- [ ] I have updated the documentation accordingly. -- [ ] I have added tests to cover my changes. -- [ ] All new and existing tests passed. -- [ ] My code follows the code style of this project. -- [ ] I ran lint checks locally prior to submission. -- [ ] Have you checked to ensure there aren't other open Pull Requests for the same update/change? +Please create a detailed description of the feature, fix or that is being added -## Description +- Provide the justifications for the changes (e.g. business case). +- Describe why these changes were made (e.g. why do these commits fix the problem?) +- Use bullet points to be concise and to the point. - +### Example -## Does this introduce a breaking change +#### What? -- [ ] YES -- [ ] NO +I've added support for authentication to implement Key Result 2 of OKR1. It includes +model, table, controller and test. For more background, see ticket #AZD-123. - +#### Why? -## Testing +These changes complete the user login and account creation experience. +See #AZD-123 for more information. - +#### How? - +This includes a migration, model and controller for user authentication. I'm using Devise to do the heavy lifting. I ran Devise migrations and those are included here. + +## Testing + +Please add detailed instructions for testing and validation of your code. Are there any prerequisites a tester must take care of? ## Description - +Please add a short description of the changes introduced by your change. If you cahnged UI sepcific things please attach screenshots. ### Documentation - +- Update any references for the documentation. +- Create a stub for documentation including bullet points for how to use the feature with code snippets and everything else that is needed to create a full documentation - +Important: Did you make any backward incompatible changes? If yes, then you must write a migration guide! ## TODOs -Please ensure all of these TODOs are completed before asking for a review. +Ensure all of these TODOs are completed before asking for a review. -- [ ] Ensure the branch is named correctly with the issue number. e.g: `feature/new-vpc-endpoints-955` or `bug/missing-count-param-434`. -- [ ] Update the docs. -- [ ] Keep the changes backward compatible where possible. -- [ ] Run the pre-commit checks successfully. -- [ ] Run the relevant tests successfully. -- [ ] Ensure any 3rd party code adheres with our [license policy](https://www.notion.so/gruntwork/Gruntwork-licenses-and-open-source-usage-policy-f7dece1f780341c7b69c1763f22b1378) or delete this line if its not applicable. +- Ensure the branch is named correctly with the issue number (see developer guidelines for guidance) +- Update the documentation +- Keep the changes backward compatible where possible +- Run the pre-commit checks until everything passes successfully +- Run the relevant tests until everything runs successfully ## Related Issues - - -## what - -- Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) -- Use bullet points to be concise and to the point. - -## why - -- Provide the justifications for the changes (e.g. business case). -- Describe why these changes were made (e.g. why do these commits fix the problem?) -- Use bullet points to be concise and to the point. - -## references - -- Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). -- Use `closes #123`, if this PR closes a GitHub issue `#123` +Link to any supporting GitHub issues or helpful documentation to add some context (e.g. stackoverflow). diff --git a/kics.config b/kics.config new file mode 100644 index 0000000..bac9c2d --- /dev/null +++ b/kics.config @@ -0,0 +1,15 @@ +exclude-categories: +exclude-paths: + - ".terraform" + - "*/.terraform" +exclude-queries: + - e592a0c5-5bdb-414c-9066-5dba7cdea370 #IAM Access Analyzer Undefined - always disable +fail-on: + - high + - medium +minimal-ui: false +no-color: false +no-progress: true +preview-lines: 3 +silent: false +verbose: false diff --git a/versions.tf b/versions.tf index ff0d5d4..edad960 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,9 @@ terraform { - required_version = ">= 1.1.6" required_providers { aws = { source = "hashicorp/aws" - version = ">=4.0.0" + version = ">= 4.8.0" } } + required_version = ">=1.1.6" } From c2c825525586f941cd3ab08fcf10be18e882a11e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Apr 2022 16:42:07 +0100 Subject: [PATCH 04/12] build(deps): Bump dependabot/fetch-metadata from 1.3.0 to 1.3.1 (#4) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependabot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml index 9e2b846..e996327 100644 --- a/.github/workflows/dependabot.yaml +++ b/.github/workflows/dependabot.yaml @@ -11,7 +11,7 @@ jobs: steps: - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.3.0 + uses: dependabot/fetch-metadata@v1.3.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Approve a PR From eddee782eb50004b5fe19fa4365ac58a54fcd6f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Jul 2022 16:27:45 +0100 Subject: [PATCH 05/12] build(deps): Bump dependabot/fetch-metadata from 1.3.1 to 1.3.2 (#7) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependabot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml index e996327..1cf1d22 100644 --- a/.github/workflows/dependabot.yaml +++ b/.github/workflows/dependabot.yaml @@ -11,7 +11,7 @@ jobs: steps: - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.3.1 + uses: dependabot/fetch-metadata@v1.3.2 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Approve a PR From f3f361e0328875b66b57517fd70732b8b3b582b6 Mon Sep 17 00:00:00 2001 From: landry tchandji Date: Wed, 17 Aug 2022 09:02:57 +0200 Subject: [PATCH 06/12] feat: initial commit --- .gitignore | 3 +++ .pre-commit-config.yaml | 26 ++++---------------------- main.tf | 4 ++++ outputs.tf | 13 +++++++++++++ variables.tf | 14 ++++++++++++++ 5 files changed, 38 insertions(+), 22 deletions(-) diff --git a/.gitignore b/.gitignore index 96a4948..142b8fb 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,9 @@ mega-linter.log .idea +# Local .tfsec directory +.tfsec/ + # Local .terraform directories **/.terraform/* diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index de3deb4..9f532d3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,13 @@ --- repos: - repo: https://github.com/compilerla/conventional-pre-commit - rev: v1.2.0 + rev: v1.3.0 hooks: - id: conventional-pre-commit stages: [commit-msg] args: [] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.1.0 + rev: v4.2.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -24,36 +24,18 @@ repos: - id: mixed-line-ending - id: detect-private-key - id: pretty-format-json - - id: detect-aws-credentials - id: no-commit-to-branch args: - -b master - id: no-commit-to-branch args: - -b main - - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.62.0 - hooks: - - id: terraform_fmt - - id: terraform_tflint - args: - - --args=--enable-plugin=aws - - id: terraform_docs - args: - - --hook-config=--path-to-file=README.md - - --hook-config=--add-to-existing-file=true - - --hook-config=--create-file-if-not-exist=true - - id: terraform_tfsec - - repo: https://github.com/Checkmarx/kics - rev: v1.5.4 - hooks: - - id: kics - repo: https://github.com/sirosen/check-jsonschema - rev: 0.13.0 + rev: 0.15.1 hooks: - id: check-github-workflows - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.5.1 + rev: v2.6.2 hooks: - id: prettier stages: [commit] diff --git a/main.tf b/main.tf index e69de29..54cccb6 100644 --- a/main.tf +++ b/main.tf @@ -0,0 +1,4 @@ +resource "aws_s3_bucket_policy" "this" { + bucket = var.bucket + policy = var.policy +} diff --git a/outputs.tf b/outputs.tf index 0c04529..a8ce6ae 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,3 +1,16 @@ +output "bucket" { + value = aws_s3_bucket_policy.this.bucket + description = "(Required) The name of the bucket to which to apply the policy." +} + +output "policy" { + value = aws_s3_bucket_policy.this.policy + description = < Date: Wed, 17 Aug 2022 09:11:10 +0200 Subject: [PATCH 07/12] feat: initial commit --- outputs.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/outputs.tf b/outputs.tf index a8ce6ae..fb9c0bc 100644 --- a/outputs.tf +++ b/outputs.tf @@ -11,6 +11,7 @@ output "policy" { Note: Bucket policies are limited to 20 KB in size." DOC } + output "context" { value = var.context description = "Exported context from input variable" From c6c33aee349181bc3ed102438f04ff7e37a98e60 Mon Sep 17 00:00:00 2001 From: Igor Miler Date: Wed, 21 Feb 2024 15:01:02 +0100 Subject: [PATCH 08/12] adding required files for new ruleset --- .github/labeler.yml | 19 +++++++++++++ .github/pull_request_template.md | 33 ++++++++++++++++++++++ .github/reviewers.yml | 4 +++ .github/workflows/labelling.yaml | 47 ++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+) create mode 100644 .github/labeler.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/reviewers.yml create mode 100644 .github/workflows/labelling.yaml diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..1b3251f --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,19 @@ +Feature: + - head-branch: ['^feature', 'feature'] +Hotfix: + - head-branch: ['^hotfix', 'hotfix'] +Documentation: +- changed-files: + - any-glob-to-any-file: '**/*.md' +CICD: +- changed-files: + - any-glob-to-any-file: '.github/**' + +typescript: +- changed-files: + - any-glob-to-any-file: '**/*.ts' +css: +- changed-files: + - any-glob-to-any-file: '**/*.css' + + diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..ccf23da --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,33 @@ +# Description + +Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change. + +Fixes # (issue) + +## Type of change + +Please delete options that are not relevant. + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] This change requires a documentation update + +# How Has This Been Tested? + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +- [ ] Test A +- [ ] Test B + + +# Checklist: + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests or screenshots that prove my fix is effective or that my feature works +- [ ] Any dependent changes have been merged and published in downstream modules + diff --git a/.github/reviewers.yml b/.github/reviewers.yml new file mode 100644 index 0000000..0e371d2 --- /dev/null +++ b/.github/reviewers.yml @@ -0,0 +1,4 @@ +reviewers: + defaults: + - repository-owners + - bbrauneck \ No newline at end of file diff --git a/.github/workflows/labelling.yaml b/.github/workflows/labelling.yaml new file mode 100644 index 0000000..205e046 --- /dev/null +++ b/.github/workflows/labelling.yaml @@ -0,0 +1,47 @@ +name: label PRs +on: + pull_request: + branches: [dev, master] +jobs: + size-label: + needs: pr-reviewer + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: size-label + uses: "pascalgn/size-label-action@v0.5.0" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + sizes: > + { + "0": "XS", + "20": "S", + "50": "M", + "200": "L", + "800": "XL", + "2000": "XXL" + } + - name: general-labels + uses: actions/labeler@v5 + with: + sync-labels: true + pr-reviewer: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 + - name: Request review and assign + uses: necojackarc/auto-request-review@v0.13.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + config: .github/reviewers.yml + use_local: true From b7f1e55fd29beb98fd2e569d69494869871f1cc5 Mon Sep 17 00:00:00 2001 From: Benedikt Brauneck Date: Mon, 13 May 2024 18:30:40 +0200 Subject: [PATCH 09/12] build: update dependencies --- .pre-commit-config.yaml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9f532d3..0bee4c3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,13 @@ --- repos: - repo: https://github.com/compilerla/conventional-pre-commit - rev: v1.3.0 + rev: v3.2.0 hooks: - id: conventional-pre-commit stages: [commit-msg] args: [] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.2.0 + rev: v4.6.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -30,12 +30,21 @@ repos: - id: no-commit-to-branch args: - -b main + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.89.1 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - --hook-config=--path-to-file=README.md + - --hook-config=--add-to-existing-file=true + - --hook-config=--create-file-if-not-exist=true - repo: https://github.com/sirosen/check-jsonschema - rev: 0.15.1 + rev: 0.28.3 hooks: - id: check-github-workflows - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.6.2 + rev: v4.0.0-alpha.8 hooks: - id: prettier stages: [commit] From 055ad922fece8cdf8bfc0c629190da7518d64ab8 Mon Sep 17 00:00:00 2001 From: Benedikt Brauneck Date: Mon, 13 May 2024 18:48:29 +0200 Subject: [PATCH 10/12] build: update dependencies --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0bee4c3..bb5c949 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,6 +24,7 @@ repos: - id: mixed-line-ending - id: detect-private-key - id: pretty-format-json + - id: detect-aws-credentials - id: no-commit-to-branch args: - -b master From bc0cbbde953a7185e387c1e8981a60b010f865cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jul 2024 15:48:09 +0000 Subject: [PATCH 11/12] Bump dependabot/fetch-metadata from 1.3.2 to 2.2.0 Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.2 to 2.2.0. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.2...v2.2.0) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dependabot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml index 1cf1d22..ecbd70f 100644 --- a/.github/workflows/dependabot.yaml +++ b/.github/workflows/dependabot.yaml @@ -11,7 +11,7 @@ jobs: steps: - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.3.2 + uses: dependabot/fetch-metadata@v2.2.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Approve a PR From 3039e2a4d70245602d41795c86743aa73de5762a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 15:24:03 +0000 Subject: [PATCH 12/12] Bump pascalgn/size-label-action from 0.5.0 to 0.5.2 (#37) Bumps [pascalgn/size-label-action](https://github.com/pascalgn/size-label-action) from 0.5.0 to 0.5.2. - [Release notes](https://github.com/pascalgn/size-label-action/releases) - [Commits](https://github.com/pascalgn/size-label-action/compare/v0.5.0...v0.5.2) --- updated-dependencies: - dependency-name: pascalgn/size-label-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/labelling.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/labelling.yaml b/.github/workflows/labelling.yaml index 205e046..50f22d6 100644 --- a/.github/workflows/labelling.yaml +++ b/.github/workflows/labelling.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: size-label - uses: "pascalgn/size-label-action@v0.5.0" + uses: "pascalgn/size-label-action@v0.5.2" env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" with: