From 204d8731d5102a0af63f409780ae6811124df7d1 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:30:23 -0500
Subject: [PATCH 01/23] chore: configure renovate
---
.github/workflows/test-module.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/test-module.yml b/.github/workflows/test-module.yml
index 287d137..9643289 100644
--- a/.github/workflows/test-module.yml
+++ b/.github/workflows/test-module.yml
@@ -31,7 +31,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Configure AWS Credentials
- uses: aws-actions/configure-aws-credentials@v2
+ uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
with:
role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
role-session-name: ${{ github.event.client_payload.pull_request.head.sha || github.sha }}
From ddcd78608e1af66d1934164aeb4a0e494de6e915 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:34:42 -0500
Subject: [PATCH 02/23] bye uds-common-workflows
---
.github/workflows/test-module.yml | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/test-module.yml b/.github/workflows/test-module.yml
index 9643289..0366f6e 100644
--- a/.github/workflows/test-module.yml
+++ b/.github/workflows/test-module.yml
@@ -40,7 +40,20 @@ jobs:
# 1800 seconds == 30 minutes
role-duration-seconds: 1800
- - name: Run Shared Test workfow
- uses: defenseunicorns/uds-common-workflows/.github/actions/terraform-test@main
+ - name: Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ - name: Setup Go from go.mod
+ uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
- test_retry: 1
+ go-version-file: ./test/go.mod
+
+ - name: Install Go Dependencies
+ shell: bash
+ working-directory: test
+ run: go mod tidy
+
+ - name: Test with terratest
+ shell: bash
+ working-directory: test
+ run: go test -count 1 -timeout 30m -v .
From ebe9425f7e085bc4892702820bba629c5bd5d09c Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:47:07 -0500
Subject: [PATCH 03/23] gomod
---
.env | 6 +++---
.github/workflows/test-module.yml | 2 +-
Makefile | 2 +-
renovate.json | 21 +++++++++++++++++++++
4 files changed, 26 insertions(+), 5 deletions(-)
create mode 100644 renovate.json
diff --git a/.env b/.env
index 8602b6f..4223d79 100644
--- a/.env
+++ b/.env
@@ -1,3 +1,3 @@
-BUILD_HARNESS_REPO=ghcr.io/defenseunicorns/not-a-build-harness/not-a-build-harness
-# renovate: datasource=docker depName=ghcr.io/defenseunicorns/not-a-build-harness/not-a-build-harness versioning=docker
-BUILD_HARNESS_VERSION=0.0.23
+BUILD_HARNESS_REPO=ghcr.io/defenseunicorns/build-harness/build-harness
+# renovate: datasource=github-tags depName=defenseunicorns/build-harness
+BUILD_HARNESS_VERSION=2.0.29
diff --git a/.github/workflows/test-module.yml b/.github/workflows/test-module.yml
index 0366f6e..31133ee 100644
--- a/.github/workflows/test-module.yml
+++ b/.github/workflows/test-module.yml
@@ -46,7 +46,7 @@ jobs:
- name: Setup Go from go.mod
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
- go-version-file: ./test/go.mod
+ go-version-file: go.mod
- name: Install Go Dependencies
shell: bash
diff --git a/Makefile b/Makefile
index a6dce64..6fadeb1 100644
--- a/Makefile
+++ b/Makefile
@@ -63,7 +63,7 @@ _test-all: _create-folders
${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
bash -c 'git config --global --add safe.directory /app \
&& asdf install && cd examples/complete \
- && terraform init -upgrade=true \
+ && tofu init -upgrade=true \
&& cd ../../test/e2e \
&& go test -count 1 -v $(EXTRA_TEST_ARGS) .'
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..0aacf9a
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,21 @@
+{
+ "enabled": true,
+ "forkProcessing": "enabled",
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "github>defenseunicorns/uds-common//config/renovate.json5",
+ ":semanticPrefixFixDepsChoreOthers",
+ "config:base",
+ "group:all",
+ "replacements:all",
+ "workarounds:all"
+ ],
+ "packageRules": [
+ {
+ "matchManagers": ["terraform"],
+ "matchDepTypes": ["module"],
+ "matchDatasources": ["github-tags", "git-tags"],
+ "versioning": "loose"
+ }
+ ]
+ }
\ No newline at end of file
From 8c4d9584ed3a8fdb716a0529ab5fb9cc972b40e8 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:48:49 -0500
Subject: [PATCH 04/23] newline
---
renovate.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/renovate.json b/renovate.json
index 0aacf9a..ea39a8f 100644
--- a/renovate.json
+++ b/renovate.json
@@ -18,4 +18,4 @@
"versioning": "loose"
}
]
- }
\ No newline at end of file
+ }
From aaeb49df231b278993172009a43517aa61dfae22 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:50:09 -0500
Subject: [PATCH 05/23] refactor
---
.github/workflows/test-module.yml | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/test-module.yml b/.github/workflows/test-module.yml
index 31133ee..8b06db2 100644
--- a/.github/workflows/test-module.yml
+++ b/.github/workflows/test-module.yml
@@ -48,12 +48,9 @@ jobs:
with:
go-version-file: go.mod
- - name: Install Go Dependencies
+ - name: Install Go Dependencies and Test
shell: bash
working-directory: test
- run: go mod tidy
-
- - name: Test with terratest
- shell: bash
- working-directory: test
- run: go test -count 1 -timeout 30m -v .
+ run: |
+ go mod tidy
+ go test -count 1 -timeout 30m -v .
From 2fa022dba1767e169f7f3f52523dc84af493cf8c Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:53:27 -0500
Subject: [PATCH 06/23] bye makefile
---
.tool-versions | 20 --------
Makefile | 129 -------------------------------------------------
2 files changed, 149 deletions(-)
delete mode 100644 .tool-versions
delete mode 100644 Makefile
diff --git a/.tool-versions b/.tool-versions
deleted file mode 100644
index d1edc0a..0000000
--- a/.tool-versions
+++ /dev/null
@@ -1,20 +0,0 @@
-# renovate: datasource=github-tags depName=npryce/adr-tools
-adr-tools 3.0.0
-awscli 2.11.20
-# renovate: datasource=github-tags depName=bridgecrewio/checkov
-checkov 2.3.234
-golang 1.20.4
-# renovate: datasource=github-tags depName=golangci/golangci-lint
-golangci-lint 1.52.2
-make 4.4.1
-# renovate: datasource=github-tags depName=pre-commit/pre-commit
-pre-commit 3.3.2
-terraform 1.4.6
-# renovate: datasource=github-tags depName=terraform-docs/terraform-docs
-terraform-docs 0.16.0
-# renovate: datasource=github-tags depName=terraform-linters/tflint
-tflint 0.46.1
-# renovate: datasource=github-tags depName=aquasecurity/tfsec
-tfsec 1.28.1
-# renovate: datasource=github-tags depName=defenseunicorns/zarf
-zarf 0.26.4
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 6fadeb1..0000000
--- a/Makefile
+++ /dev/null
@@ -1,129 +0,0 @@
-include .env
-
-.DEFAULT_GOAL := help
-
-# Optionally add the "-it" flag for docker run commands if the env var "CI" is not set (meaning we are on a local machine and not in github actions)
-TTY_ARG :=
-ifndef CI
- TTY_ARG := -it
-endif
-
-# Silent mode by default. Run `make VERBOSE=1` to turn off silent mode.
-ifndef VERBOSE
-.SILENT:
-endif
-
-# Idiomatic way to force a target to always run, by having it depend on this dummy target
-FORCE:
-
-.PHONY: help
-help: ## Show a list of all targets
- grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) \
- | sed -n 's/^\(.*\): \(.*\)##\(.*\)/\1:\3/p' \
- | column -t -s ":"
-
-.PHONY: _create-folders
-_create-folders:
- mkdir -p .cache/docker
- mkdir -p .cache/pre-commit
- mkdir -p .cache/go
- mkdir -p .cache/go-build
- mkdir -p .cache/tmp
- mkdir -p .cache/.terraform.d/plugin-cache
- mkdir -p .cache/.zarf-cache
-
-.PHONY: _test-all
-_test-all: _create-folders
- echo "Running automated tests. This will take several minutes. At times it may not log anything to the console. If you interrupt the test run you will need to log into AWS console and manually delete any orphaned infrastructure."
- # Developer note: If sshuttle is to be used, --cap-add=NET_ADMIN and --cap-add=NET_RAW need to be added to the below docker run command
- docker run $(TTY_ARG) --rm \
- -v "${PWD}:/app" \
- -v "${PWD}/.cache/tmp:/tmp" \
- -v "${PWD}/.cache/go:/root/go" \
- -v "${PWD}/.cache/go-build:/root/.cache/go-build" \
- -v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \
- -v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \
- --workdir "/app" \
- -e TF_LOG_PATH \
- -e TF_LOG \
- -e GOPATH=/root/go \
- -e GOCACHE=/root/.cache/go-build \
- -e TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=true \
- -e TF_PLUGIN_CACHE_DIR=/root/.terraform.d/plugin-cache \
- -e AWS_REGION \
- -e AWS_DEFAULT_REGION \
- -e AWS_ACCESS_KEY_ID \
- -e AWS_SECRET_ACCESS_KEY \
- -e AWS_SESSION_TOKEN \
- -e AWS_SECURITY_TOKEN \
- -e AWS_SESSION_EXPIRATION \
- -e SKIP_SETUP \
- -e SKIP_TEST \
- -e SKIP_TEARDOWN \
- ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
- bash -c 'git config --global --add safe.directory /app \
- && asdf install && cd examples/complete \
- && tofu init -upgrade=true \
- && cd ../../test/e2e \
- && go test -count 1 -v $(EXTRA_TEST_ARGS) .'
-
-.PHONY: test
-test: ## Run all automated tests. Requires access to an AWS account. Costs real money.
- $(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 2h"
-
-# Example of how to run a single test only
-#.PHONY: test-complete-foo
-#test-complete-foo: ## Run one test (TestExamplesCompleteFoo). Requires access to an AWS account. Costs real money.
-# $(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 2h -run TestExamplesCompleteFoo"
-
-.PHONY: docker-save-build-harness
-docker-save-build-harness: _create-folders ## Pulls the build harness docker image and saves it to a tarball
- docker pull ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION}
- docker save -o .cache/docker/build-harness.tar ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION}
-
-.PHONY: docker-load-build-harness
-docker-load-build-harness: ## Loads the saved build harness docker image
- docker load -i .cache/docker/build-harness.tar
-
-.PHONY: _runhooks
-_runhooks: _create-folders
- docker run $(TTY_ARG) --rm \
- -v "${PWD}:/app" \
- -v "${PWD}/.cache/tmp:/tmp" \
- -v "${PWD}/.cache/go:/root/go" \
- -v "${PWD}/.cache/go-build:/root/.cache/go-build" \
- -v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \
- -v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \
- --workdir "/app" \
- -e GOPATH=/root/go \
- -e GOCACHE=/root/.cache/go-build \
- -e TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=true \
- -e TF_PLUGIN_CACHE_DIR=/root/.terraform.d/plugin-cache \
- -e "SKIP=$(SKIP)" \
- -e "PRE_COMMIT_HOME=/app/.cache/pre-commit" \
- ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
- bash -c 'git config --global --add safe.directory /app && asdf install && pre-commit run -a --show-diff-on-failure $(HOOK)'
-
-.PHONY: pre-commit-all
-pre-commit-all: ## Run all pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
- $(MAKE) _runhooks HOOK="" SKIP=""
-
-.PHONY: pre-commit-terraform
-pre-commit-terraform: ## Run the terraform pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
- $(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,end-of-file-fixer,fix-byte-order-marker,trailing-whitespace,check-yaml,fix-smartquotes,go-fmt,golangci-lint,renovate-config-validator"
-
-.PHONY: pre-commit-golang
-pre-commit-golang: ## Run the golang pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
- $(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,end-of-file-fixer,fix-byte-order-marker,trailing-whitespace,check-yaml,fix-smartquotes,terraform_fmt,terraform_docs,terraform_checkov,terraform_tflint,renovate-config-validator"
-
-.PHONY: pre-commit-renovate
-pre-commit-renovate: ## Run the renovate pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
- $(MAKE) _runhooks HOOK="renovate-config-validator" SKIP=""
-
-.PHONY: pre-commit-common
-pre-commit-common: ## Run the common pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
- $(MAKE) _runhooks HOOK="" SKIP="go-fmt,golangci-lint,terraform_fmt,terraform_docs,terraform_checkov,terraform_tflint,renovate-config-validator"
-
-.PHONY: fix-cache-permissions
-fix-cache-permissions: ## Fixes the permissions on the pre-commit cache
- docker run $(TTY_ARG) --rm -v "${PWD}:/app" --workdir "/app" -e "PRE_COMMIT_HOME=/app/.cache/pre-commit" ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} chmod -R a+rx .cache
From 49033ce451e96ed1d661dc0354bd1770b9b10605 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:54:05 -0500
Subject: [PATCH 07/23] bye env
---
.env | 3 ---
1 file changed, 3 deletions(-)
delete mode 100644 .env
diff --git a/.env b/.env
deleted file mode 100644
index 4223d79..0000000
--- a/.env
+++ /dev/null
@@ -1,3 +0,0 @@
-BUILD_HARNESS_REPO=ghcr.io/defenseunicorns/build-harness/build-harness
-# renovate: datasource=github-tags depName=defenseunicorns/build-harness
-BUILD_HARNESS_VERSION=2.0.29
From 84c5291076918752168c00da8027fbab20464609 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:06:32 -0500
Subject: [PATCH 08/23] bye stuff
---
.github/workflows/pre-commit-pr.yml | 114 ++++++++++++++++++++++++++--
1 file changed, 109 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index 9ae5d1e..101c5bc 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -4,8 +4,112 @@ on:
push:
jobs:
- scan-terraform:
- uses: defenseunicorns/uds-common-workflows/.github/workflows/terraform-scan.yaml@main
- with:
- soft-fail: true
- github-token: $GITHUB_TOKEN
+ tflint:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ - uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
+ with:
+ # renovate: datasource=github-tags depName=opentofu/opentofu versioning=semver
+ tofu_version: 1.6.3
+
+ - name: tofu init
+ run: tofu init
+
+ - name: tofu validate
+ run: tofu validate
+
+ - name: tofu fmt
+ run: tofu fmt -recursive
+
+ # - name: Set Diff Readme recursive
+ # id: find_readme
+ # run: |
+ # # Stash a list of all readmes found and their sha
+ # readme_list=$(find . -print|grep -v '.git'|grep -v .terraform|grep -v .config|grep README.md)
+ # echo README_LIST=$readme_list >> $GITHUB_ENV
+ # csv_found=''
+ # for readme in $readme_list; do
+ # # Finds only the Readme with .tf in the dir.
+ # directory_check=${readme:0:-9}
+ # has_tf=$(ls $directory_check | grep .tf | wc -l)
+ # if [ $has_tf -ge 0 ]; then
+ # echo "Readme found: $readme"
+ # csv_found+="$directory_check,"
+ # fi
+ # done;
+ # # removes final comma
+ # for j in ${csv_found[@]}; do echo "folder, $j"; done;
+ # echo "csv_readme=${csv_found%,}" >> $GITHUB_OUTPUT
+
+ - name: Update Tofu Docs
+ uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # v1.2.0
+ with:
+# working-dir: ${{ steps.find_readme.outputs.csv_readme }}
+ working-dir: .
+ output-method: inject
+ git-push: false
+ fails-on-diff: true
+
+ - name: Check for changed files
+ shell: bash
+ run: |
+ set -euo pipefail
+
+ if [ -z "$(git status -s README.md)" ]; then
+ echo "Success!"
+ exit 0
+ else
+ git diff README.md
+ exit 1
+ fi
+
+ - name: Setup TFLint
+ uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0
+ with:
+ # renovate: datasource=github-tags depName=terraform-linters/tflint versioning=semver
+ tflint_version: v0.46.1
+
+ - name: Show version
+ run: tflint --version
+
+ - name: Init TFLint
+ run: tflint --init
+ env:
+ # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+ GITHUB_TOKEN: $GITHUB_TOKEN
+
+ - name: Run TFLint
+ run: tflint -f compact --recursive
+
+ tfsec-scan:
+ needs: [tflint]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ - name: tfsec
+ uses: aquasecurity/tfsec-action@b466648d6e39e7c75324f25d83891162a721f2d6 # v1.0.3
+ with:
+ github_token: $GITHUB_TOKEN
+ soft_fail: true
+
+ regula:
+ needs: [tflint]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ - name: List Directories
+ run: ls -lsa
+
+ - name: Scan with Regula
+ uses: fugue/regula-action@e47ae38fae32dccedc5ef814acdb2081eb2a351d # v3.2.1
+ with:
+ input_path: .
+ input_type: tf
+ severity: high
From bac8ccc33fd70065e2b7ddf0118451d84e67a3ee Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:09:49 -0500
Subject: [PATCH 09/23] bye bash
---
.github/workflows/pre-commit-pr.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index 101c5bc..5e45514 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -54,7 +54,6 @@ jobs:
fails-on-diff: true
- name: Check for changed files
- shell: bash
run: |
set -euo pipefail
From 2c3a31071b107087ab9b8dfb65fe243dc5e2fb9d Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:11:10 -0500
Subject: [PATCH 10/23] bye pipefail
---
.github/workflows/pre-commit-pr.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index 5e45514..d9993fa 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -55,8 +55,6 @@ jobs:
- name: Check for changed files
run: |
- set -euo pipefail
-
if [ -z "$(git status -s README.md)" ]; then
echo "Success!"
exit 0
From 9f0b4c8e6b39656f477bf07167302ea24a3a5f8f Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:13:38 -0500
Subject: [PATCH 11/23] bye yaml separator
---
.github/workflows/pre-commit-pr.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index d9993fa..be89b40 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -1,4 +1,3 @@
----
name: Scan Terraform
on:
push:
From 6545b1c4eaca23c5cd243b3860c423d11521cca5 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:15:01 -0500
Subject: [PATCH 12/23] edited readme
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 7897915..8ce2f9d 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ UDS module for creating KMS keys.
cd test
go test -count 1 -v .
```
-
+ewyles
## Requirements
From d9ba1291a5ee0b280e3072dddf5c33224b775fac Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:15:44 -0500
Subject: [PATCH 13/23] edit readme
---
README.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 8ce2f9d..d9626e1 100644
--- a/README.md
+++ b/README.md
@@ -6,8 +6,9 @@ UDS module for creating KMS keys.
cd test
go test -count 1 -v .
```
-ewyles
+
+ewyles
## Requirements
| Name | Version |
From 6021bf84018f4b11f202d7d8645d1df229e10400 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:23:26 -0500
Subject: [PATCH 14/23] cat the README
---
.github/workflows/pre-commit-pr.yml | 2 ++
README.md | 5 ++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index be89b40..06dbc1a 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -54,6 +54,8 @@ jobs:
- name: Check for changed files
run: |
+ cat README.md
+
if [ -z "$(git status -s README.md)" ]; then
echo "Success!"
exit 0
diff --git a/README.md b/README.md
index d9626e1..4759bc5 100644
--- a/README.md
+++ b/README.md
@@ -8,9 +8,8 @@ go test -count 1 -v .
```
-ewyles
## Requirements
-
+eric was here
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
@@ -21,7 +20,7 @@ ewyles
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.42.0 |
+| [aws](#provider\_aws) | >= 4.62.0 |
## Modules
From 09182ece10c3bee1af51614f41732a173ce74a5f Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:24:40 -0500
Subject: [PATCH 15/23] fail-on-diff
---
.github/workflows/pre-commit-pr.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index 06dbc1a..b1fc7e6 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -50,12 +50,12 @@ jobs:
working-dir: .
output-method: inject
git-push: false
- fails-on-diff: true
+ fail-on-diff: true
- name: Check for changed files
run: |
cat README.md
-
+
if [ -z "$(git status -s README.md)" ]; then
echo "Success!"
exit 0
From b8aab9f9d525cd6e87654dc13d96cf11670da77a Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:25:55 -0500
Subject: [PATCH 16/23] let terraform-docs do what it does
---
.github/workflows/pre-commit-pr.yml | 13 -------------
README.md | 2 +-
2 files changed, 1 insertion(+), 14 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index b1fc7e6..d009e5d 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -46,24 +46,11 @@ jobs:
- name: Update Tofu Docs
uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # v1.2.0
with:
-# working-dir: ${{ steps.find_readme.outputs.csv_readme }}
working-dir: .
output-method: inject
git-push: false
fail-on-diff: true
- - name: Check for changed files
- run: |
- cat README.md
-
- if [ -z "$(git status -s README.md)" ]; then
- echo "Success!"
- exit 0
- else
- git diff README.md
- exit 1
- fi
-
- name: Setup TFLint
uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0
with:
diff --git a/README.md b/README.md
index 4759bc5..b7684e6 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ go test -count 1 -v .
## Requirements
-eric was here
+
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
From 933ac4ae40a29ddb805b324ba0592051cb636455 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:30:14 -0500
Subject: [PATCH 17/23] docs
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index b7684e6..af6e0e7 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ go test -count 1 -v .
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 4.62.0 |
+| [aws](#provider\_aws) | 5.62.0 |
## Modules
From c2cc5a479f180564d6423863f5de61141cbeb15c Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:43:23 -0500
Subject: [PATCH 18/23] stuff
---
.github/workflows/pre-commit-pr.yml | 41 +++++++++++++++--------------
Makefile | 19 +++++++++++++
2 files changed, 40 insertions(+), 20 deletions(-)
create mode 100644 Makefile
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index d009e5d..0d0f55b 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -1,6 +1,21 @@
name: Scan Terraform
on:
push:
+ branches:
+ - main
+ pull_request:
+ types:
+ - opened
+ - reopened
+ - synchronize
+ - ready_for_review
+ branches:
+ - main
+ paths:
+ - "**.tf"
+ - "**.go"
+ - ".github/**"
+ - "README.md"
jobs:
tflint:
@@ -23,26 +38,6 @@ jobs:
- name: tofu fmt
run: tofu fmt -recursive
- # - name: Set Diff Readme recursive
- # id: find_readme
- # run: |
- # # Stash a list of all readmes found and their sha
- # readme_list=$(find . -print|grep -v '.git'|grep -v .terraform|grep -v .config|grep README.md)
- # echo README_LIST=$readme_list >> $GITHUB_ENV
- # csv_found=''
- # for readme in $readme_list; do
- # # Finds only the Readme with .tf in the dir.
- # directory_check=${readme:0:-9}
- # has_tf=$(ls $directory_check | grep .tf | wc -l)
- # if [ $has_tf -ge 0 ]; then
- # echo "Readme found: $readme"
- # csv_found+="$directory_check,"
- # fi
- # done;
- # # removes final comma
- # for j in ${csv_found[@]}; do echo "folder, $j"; done;
- # echo "csv_readme=${csv_found%,}" >> $GITHUB_OUTPUT
-
- name: Update Tofu Docs
uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # v1.2.0
with:
@@ -98,3 +93,9 @@ jobs:
input_path: .
input_type: tf
severity: high
+
+ lintgo:
+ runs-on: ubuntu-latest
+ steps:
+ - name: lint-go
+ run: make lint-go
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..96e3d2f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,19 @@
+.PHONY: help
+help: ## Show a list of all targets
+ @grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) \
+ | sed -n 's/^\(.*\): \(.*\)##\(.*\)/\1:\3/p' \
+ | column -t -s ":"
+
+.PHONY: tfdocs
+tfdocs: ## update the terraform docs
+ tofu init
+ tofu validate
+ tofu fmt -recursive
+ terraform-docs markdown table --indent 2 --output-mode inject --output-file README.md .
+
+.PHONY: tflint
+tflint: ## tflint
+ tflint
+
+lint-go: ## Run golang-ci-lint to lint the go code (must `brew install golangci-lint` first)
+ golangci-lint run
\ No newline at end of file
From 6fe7461b81bf59f252570cf02bed368af5f0b082 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:46:50 -0500
Subject: [PATCH 19/23] more stuff
---
.github/workflows/pre-commit-pr.yml | 3 ++
.golangci.yml | 1 +
.pre-commit-config.yaml | 45 -----------------------------
3 files changed, 4 insertions(+), 45 deletions(-)
delete mode 100644 .pre-commit-config.yaml
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index 0d0f55b..fb22c74 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -97,5 +97,8 @@ jobs:
lintgo:
runs-on: ubuntu-latest
steps:
+ - name: Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
- name: lint-go
run: make lint-go
diff --git a/.golangci.yml b/.golangci.yml
index bb11561..468fe7f 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -13,6 +13,7 @@ linters:
- gomnd
- lll
- nlreturn
+ - perfsprint
- stylecheck
# - testpackage
- varnamelen
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
deleted file mode 100644
index ef1e261..0000000
--- a/.pre-commit-config.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-repos:
- - repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.4.0
- hooks:
- - id: check-added-large-files
- args: ["--maxkb=1024"]
- - id: check-merge-conflict
- - id: detect-aws-credentials
- args:
- - "--allow-missing-credentials"
- - id: detect-private-key
- - id: end-of-file-fixer
- - id: fix-byte-order-marker
- - id: trailing-whitespace
- args: [--markdown-linebreak-ext=md]
- - id: check-yaml
- args:
- - "--allow-multiple-documents"
- - repo: https://github.com/sirosen/fix-smartquotes
- rev: 0.2.0
- hooks:
- - id: fix-smartquotes
- - repo: https://github.com/dnephin/pre-commit-golang
- rev: v0.5.1
- hooks:
- - id: go-fmt
- - id: golangci-lint
- - repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.79.1
- hooks:
- - id: terraform_fmt
- - id: terraform_docs
- args:
- - --args=--lockfile=false
- - id: terraform_checkov
- verbose: true
- args:
- - --args=--config-file __GIT_WORKING_DIR__/.checkov.yml
- - id: terraform_tflint
- args:
- - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
- - repo: https://github.com/renovatebot/pre-commit-hooks
- rev: 35.95.1
- hooks:
- - id: renovate-config-validator
From c34cd3801066a4630cb90fab9118bd9f22a628f5 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:48:48 -0500
Subject: [PATCH 20/23] go lint stuff
---
.github/workflows/pre-commit-pr.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index fb22c74..e4c385a 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -100,5 +100,5 @@ jobs:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- - name: lint-go
- run: make lint-go
+ - name: Run golangci-lint
+ uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
From 7504ff0d0b7b085e9a328c27430d957979aef2ee Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:50:44 -0500
Subject: [PATCH 21/23] moar
---
.github/workflows/pre-commit-pr.yml | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index e4c385a..5bc39f1 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -17,6 +17,9 @@ on:
- ".github/**"
- "README.md"
+permissions:
+ contents: read
+
jobs:
tflint:
runs-on: ubuntu-latest
@@ -59,7 +62,7 @@ jobs:
run: tflint --init
env:
# https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
- GITHUB_TOKEN: $GITHUB_TOKEN
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run TFLint
run: tflint -f compact --recursive
@@ -74,7 +77,7 @@ jobs:
- name: tfsec
uses: aquasecurity/tfsec-action@b466648d6e39e7c75324f25d83891162a721f2d6 # v1.0.3
with:
- github_token: $GITHUB_TOKEN
+ github_token: ${{ secrets.GITHUB_TOKEN }}
soft_fail: true
regula:
From c79e5c5464810786600b12b6e28aa3f960a2e531 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:53:41 -0500
Subject: [PATCH 22/23] yet more
---
.github/workflows/pre-commit-pr.yml | 2 +-
.github/workflows/release-please.yml | 18 +++++++++++++-----
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index 5bc39f1..819c395 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -1,4 +1,4 @@
-name: Scan Terraform
+name: Scan
on:
push:
branches:
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 67317a3..745ce7f 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -11,8 +11,16 @@ permissions:
repository-projects: read
jobs:
- release-terraform:
- uses: defenseunicorns/uds-common-workflows/.github/workflows/release-terraform.yml@main
- with:
- command: manifest
- release-type: simple
+ release-please:
+ runs-on: ubuntu-latest
+ outputs:
+ release_created: ${{ steps.release-flag.outputs.release_created }}
+ steps:
+ - name: Create Release Tag
+ id: tag
+ uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
+ with:
+ command: ${{ inputs.command }}
+ release-type: ${{ inputs.release-type }}
+ - id: release-flag
+ run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
From 4bf44acfac809aeea9b8947ae199b3e27481b017 Mon Sep 17 00:00:00 2001
From: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:54:52 -0500
Subject: [PATCH 23/23] newline
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 96e3d2f..deca561 100644
--- a/Makefile
+++ b/Makefile
@@ -16,4 +16,4 @@ tflint: ## tflint
tflint
lint-go: ## Run golang-ci-lint to lint the go code (must `brew install golangci-lint` first)
- golangci-lint run
\ No newline at end of file
+ golangci-lint run