chore: add release please and checks

opzkit · Jan 24, 2025 · 6258fcf · 6258fcf
1 parent 179958e
commit 6258fcf
Show file tree

Hide file tree

Showing 17 changed files with 204 additions and 18 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,13 +1,9 @@
 version: 2
 updates:
   - package-ecosystem: terraform
-    directory: "/"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
-
-  - package-ecosystem: terraform
-    directory: "/examples"
+    directories:
+      - "/"
+      - "**/*"
     schedule:
       interval: "daily"
     open-pull-requests-limit: 10

diff --git a/.github/release-please.yml b/.github/release-please.yml
@@ -0,0 +1,2 @@
+handleGHRelease: true
+manifest: true
diff --git a/.github/semantic.yml b/.github/semantic.yml
@@ -0,0 +1,4 @@
+# Always validate the PR title AND all the commits
+titleAndCommits: true
+# Disallows use of Merge commits
+allowMergeCommits: false
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -2,6 +2,8 @@ name: Build
 
 on: [ push, workflow_dispatch ]
 
+permissions: read-all
+
 jobs:
   examples:
     runs-on: ubuntu-latest
@@ -12,7 +14,7 @@ jobs:
         tf-version: [ 1.1.9, 1.2.9, 1.3.2 ]
     steps:
       - name: Start LocalStack
-        uses: LocalStack/[email protected]
+        uses: LocalStack/setup-localstack@a9b3e54ee0052a2f40a4eb4ca8b39dfd3bc2bc65 #v0.2.3
         with:
           image-tag: 'latest'
 
@@ -23,7 +25,7 @@ jobs:
           sudo mv terraform /usr/local/bin
           rm *
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Validate examples terraform v${{ matrix.tf-version }}
         run: make examples
   build:

diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -1,14 +1,19 @@
 name: Lint Commit Messages
 
-on: [pull_request]
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions: read-all
 
 jobs:
   commitlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v6
+      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1
         with:
           configFile: "./.github/commitlint.config.mjs"
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,18 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions: read-all
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+      - uses: terraform-linters/setup-tflint@8093687ecc9dcbfa88d07c103ad4176739a7287e # v4.1.0
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
diff --git a/.github/workflows/terrascan.yaml b/.github/workflows/terrascan.yaml
@@ -1,16 +1,24 @@
-name: Terrascan
-on: [ pull_request ]
 # https://github.com/marketplace/actions/terrascan-iac-scanner
+name: Terrascan
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+
+permissions: read-all
+
 jobs:
   terrascan:
     runs-on: ubuntu-latest
     name: terrascan
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Run Terrascan
         id: terrascan
-        uses: tenable/terrascan-action@main
+        uses: tenable/terrascan-action@a4b0f7ec5fb3c4c66b8e76d824d958002f6ce12c # main
         with:
           iac_type: 'terraform'
           iac_version: 'v14'
@@ -25,6 +33,6 @@ jobs:
           #webhook_url:
           #webhook_token:
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4
         with:
           sarif_file: terrascan.sarif
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,27 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+        args:
+          - --allow-multiple-documents
+      - id: check-added-large-files
+  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
+    rev: v9.11.0
+    hooks:
+      - id: commitlint
+        stages: [ commit-msg ]
+        additional_dependencies: [ '@commitlint/config-conventional' ]
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.86.0
+    hooks:
+      - id: terraform_tflint
+      - id: terraform_fmt
+      - id: terraform_checkov
+        language: docker_image
+        entry: --tty bridgecrew/checkov:3.2.354 --config-file checkov.yaml
+        pass_filenames: false
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+  ".": "0.1.0"
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,31 @@
+# Changelog
+
+## [0.1.0](https://github.com/opzkit/terraform-aws-k8s-network/compare/v0.0.10...v0.1.0) (2025-01-24)
+
+
+### Bug Fixes
+
+* commitlint config ([4b6a286](https://github.com/opzkit/terraform-aws-k8s-network/commit/4b6a286bc855acb76f35a00990e7da9fd436c949))
+* commitlint config ([bf2366d](https://github.com/opzkit/terraform-aws-k8s-network/commit/bf2366d9480ea2c1d95e254de7dd14cdb3d122d7))
+
+
+### Miscellaneous Chores
+
+* correct release version ([#27](https://github.com/opzkit/terraform-aws-k8s-network/issues/27)) ([b064b09](https://github.com/opzkit/terraform-aws-k8s-network/commit/b064b098618f016d7026f069d2c0cd000669cd2f))
+* **deps:** bump actions/checkout from 3 to 4 ([d044664](https://github.com/opzkit/terraform-aws-k8s-network/commit/d044664031859bb5848815d79b4efa04c0cdb1e5))
+* **deps:** bump actions/checkout from 3 to 4 ([2540788](https://github.com/opzkit/terraform-aws-k8s-network/commit/25407886c3cf2204b7482515949a7296b5cdf841))
+* **deps:** bump github/codeql-action from 2 to 3 ([d138771](https://github.com/opzkit/terraform-aws-k8s-network/commit/d138771c8411029ab878ae8303a41cddb63a0ac1))
+* **deps:** bump github/codeql-action from 2 to 3 ([5dbad2c](https://github.com/opzkit/terraform-aws-k8s-network/commit/5dbad2cbe6bd008b9f9df4e8bc5e26837130b939))
+* **deps:** bump github/codeql-action from 3.28.2 to 3.28.4 ([524c93a](https://github.com/opzkit/terraform-aws-k8s-network/commit/524c93a0bafec69b30ef242e01aa98fc4f017caa))
+* **deps:** bump github/codeql-action from 3.28.2 to 3.28.4 ([9625107](https://github.com/opzkit/terraform-aws-k8s-network/commit/9625107088f50508c722c4632e444a5abf71f876))
+* **deps:** bump HarshCasper/setup-localstack from 0.1.2 to 0.2.1 ([658825c](https://github.com/opzkit/terraform-aws-k8s-network/commit/658825c91d3e70ac0c00bdb9c540c635c865ba97))
+* **deps:** bump HarshCasper/setup-localstack from 0.1.2 to 0.2.1 ([b9f6e98](https://github.com/opzkit/terraform-aws-k8s-network/commit/b9f6e982a2649eb1d79edaf0e1bfcaac19025b53))
+* **deps:** bump LocalStack/setup-localstack from 0.2.1 to 0.2.2 ([6c188b9](https://github.com/opzkit/terraform-aws-k8s-network/commit/6c188b9441feb8391135fcd7d5b8b76f47ecb4a6))
+* **deps:** bump LocalStack/setup-localstack from 0.2.1 to 0.2.2 ([05e49b9](https://github.com/opzkit/terraform-aws-k8s-network/commit/05e49b90a9d6f7b6885811c61c9283b387fd6d1f))
+* **deps:** bump LocalStack/setup-localstack from 0.2.2 to 0.2.3 ([179958e](https://github.com/opzkit/terraform-aws-k8s-network/commit/179958e9b3e74a53b98ad4437be80a8541413a11))
+* **deps:** bump LocalStack/setup-localstack from 0.2.2 to 0.2.3 ([84ded83](https://github.com/opzkit/terraform-aws-k8s-network/commit/84ded830fe24ef54da344942b63663966fac3869))
+* **deps:** bump wagoid/commitlint-github-action from 5 to 6 ([197c3ab](https://github.com/opzkit/terraform-aws-k8s-network/commit/197c3ab67ec5394456ef0efb6039c27dfb482eef))
+* **deps:** bump wagoid/commitlint-github-action from 5 to 6 ([1968ce5](https://github.com/opzkit/terraform-aws-k8s-network/commit/1968ce55b4afd5190679b1d0c2f12a2e489df682))
+* fix pre-commit errors and checkov warninggs ([dd52ab1](https://github.com/opzkit/terraform-aws-k8s-network/commit/dd52ab1605715bff3c1a60719f00a7e93fe9c259))
+* release-please and checks ([70e3661](https://github.com/opzkit/terraform-aws-k8s-network/commit/70e366158156d3694d88c83c039323df744e51e5))
+* release-please and checks ([8fa8d80](https://github.com/opzkit/terraform-aws-k8s-network/commit/8fa8d805df94558dd996aae7e6f94fee6baf4524))
diff --git a/Makefile b/Makefile
@@ -12,4 +12,3 @@ example/%:
 	@terraform -chdir=$* init
 	@terraform -chdir=$* validate
 	@terraform -chdir=$* plan
-
diff --git a/checkov.yaml b/checkov.yaml
@@ -0,0 +1,17 @@
+block-list-secret-scan: [ ]
+branch: master
+custom-tool-name: Checkov
+compact: true
+directory:
+  - .
+download-external-modules: true
+evaluate-variables: true
+external-modules-download-path: .external_modules
+framework:
+  - - terraform,terraform_plan,yaml,json,github_configuration,github_actions
+hard-fail-on: MEDIUM
+mask: [ ]
+quiet: true
+secrets-history-timeout: 12h
+secrets-scan-file-type: [ ]
+summary-position: top
diff --git a/examples/basic/provider.tf b/examples/basic/provider.tf
@@ -33,3 +33,13 @@ provider "aws" {
     sts            = "http://localhost:4566"
   }
 }
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/examples/override/provider.tf b/examples/override/provider.tf
@@ -33,3 +33,13 @@ provider "aws" {
     sts            = "http://localhost:4566"
   }
 }
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/examples/public/provider.tf b/examples/public/provider.tf
@@ -33,3 +33,13 @@ provider "aws" {
     sts            = "http://localhost:4566"
   }
 }
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    null = {
+      source  = "hashicorp/null"
+      version = "3.2.3"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.1"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/release-please-config.json b/release-please-config.json
@@ -0,0 +1,30 @@
+{
+  "packages": {
+    ".": {
+      "changelog-path": "CHANGELOG.md",
+      "release-type": "terraform-module",
+      "bump-minor-pre-major": false,
+      "bump-patch-for-minor-pre-major": false,
+      "draft": false,
+      "prerelease": false,
+      "changelog-sections": [
+        { "type": "feat", "section": "Features" },
+        { "type": "feature", "section": "Features" },
+        { "type": "fix", "section": "Bug Fixes" },
+        { "type": "perf", "section": "Performance Improvements" },
+        { "type": "revert", "section": "Reverts" },
+        { "type": "docs", "section": "Documentation" },
+        { "type": "style", "section": "Styles" },
+        { "type": "chore", "section": "Miscellaneous Chores" },
+        { "type": "refactor", "section": "Code Refactoring" },
+        { "type": "test", "section": "Tests" },
+        { "type": "build", "section": "Build System" },
+        { "type": "ci", "section": "Continuous Integration" }
+      ],
+      "extra-files": [
+          "locals.tf"
+      ]
+    }
+  },
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -12,4 +12,3 @@ example/%:
		@terraform -chdir=$* init
		@terraform -chdir=$* validate
		@terraform -chdir=$* plan