From bb809cda2be0e9be1d677d2f5a1332f7254c3246 Mon Sep 17 00:00:00 2001 From: imjoseangel Date: Wed, 26 Jan 2022 23:04:01 +0100 Subject: [PATCH] fix linters --- .github/dependabot.yml | 1 + .github/linters/.yamllint | 55 +++++++++++++++ .github/linters/linters/.yamllint | 55 +++++++++++++++ .github/workflows/terraform-release.yml | 67 +++++++++--------- .github/workflows/terraform.yml | 94 ++++++++++++++----------- 5 files changed, 198 insertions(+), 74 deletions(-) create mode 100644 .github/linters/.yamllint create mode 100644 .github/linters/linters/.yamllint diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 329d92f..888129b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,3 +1,4 @@ +--- # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: diff --git a/.github/linters/.yamllint b/.github/linters/.yamllint new file mode 100644 index 0000000..0bae10a --- /dev/null +++ b/.github/linters/.yamllint @@ -0,0 +1,55 @@ +--- +########################################### +# These are the rules used for # +# linting all the yaml files in the stack # +# NOTE: # +# You can disable line with: # +# # yamllint disable-line # +########################################### +rules: + braces: + level: warning + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: 1 + max-spaces-inside-empty: 5 + brackets: + level: warning + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: 1 + max-spaces-inside-empty: 5 + colons: + level: warning + max-spaces-before: 0 + max-spaces-after: 1 + commas: + level: warning + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: disable + comments-indentation: disable + document-end: disable + document-start: + level: warning + present: true + empty-lines: + level: warning + max: 2 + max-start: 0 + max-end: 0 + hyphens: + level: warning + max-spaces-after: 1 + indentation: + level: warning + spaces: consistent + indent-sequences: true + check-multi-line-strings: false + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable diff --git a/.github/linters/linters/.yamllint b/.github/linters/linters/.yamllint new file mode 100644 index 0000000..0bae10a --- /dev/null +++ b/.github/linters/linters/.yamllint @@ -0,0 +1,55 @@ +--- +########################################### +# These are the rules used for # +# linting all the yaml files in the stack # +# NOTE: # +# You can disable line with: # +# # yamllint disable-line # +########################################### +rules: + braces: + level: warning + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: 1 + max-spaces-inside-empty: 5 + brackets: + level: warning + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: 1 + max-spaces-inside-empty: 5 + colons: + level: warning + max-spaces-before: 0 + max-spaces-after: 1 + commas: + level: warning + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: disable + comments-indentation: disable + document-end: disable + document-start: + level: warning + present: true + empty-lines: + level: warning + max: 2 + max-start: 0 + max-end: 0 + hyphens: + level: warning + max-spaces-after: 1 + indentation: + level: warning + spaces: consistent + indent-sequences: true + check-multi-line-strings: false + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable diff --git a/.github/workflows/terraform-release.yml b/.github/workflows/terraform-release.yml index c55ca90..0688eaf 100644 --- a/.github/workflows/terraform-release.yml +++ b/.github/workflows/terraform-release.yml @@ -1,3 +1,4 @@ +--- on: push: # Sequence of patterns matched against refs/tags @@ -12,46 +13,46 @@ jobs: name: Create Release runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 - - name: Get current tag - id: currenttag - run: echo ::set-output name=tag::"${GITHUB_REF#refs/*/}" + - name: Get current tag + id: currenttag + run: echo ::set-output name=tag::"${GITHUB_REF#refs/*/}" - - name: Create Release - id: create_release - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - tag: ${{ steps.currenttag.outputs.tag }} - name: Release ${{ steps.currenttag.outputs.tag }} - body: | - # Terraform Module - Azurerm App Service Plan + - name: Create Release + id: create_release + uses: ncipollo/release-action@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + tag: ${{ steps.currenttag.outputs.tag }} + name: Release ${{ steps.currenttag.outputs.tag }} + body: | + # Terraform Module - Azurerm App Service Plan - [![Terraform](https://github.com/imjoseangel/terraform-azurerm-appserviceplan/actions/workflows/terraform.yml/badge.svg)](https://github.com/imjoseangel/terraform-azurerm-appserviceplan/actions/workflows/terraform.yml) + [![Terraform](https://github.com/imjoseangel/terraform-azurerm-appserviceplan/actions/workflows/terraform.yml/badge.svg)](https://github.com/imjoseangel/terraform-azurerm-appserviceplan/actions/workflows/terraform.yml) - A [Terraform][2] module to deploys a App Service Plan. + A [Terraform][2] module to deploys a App Service Plan. - By [imjoseangel][3] + By [imjoseangel][3] - Use with: - ```bash - export ARM_CLIENT_ID="" - export ARM_CLIENT_SECRET="" - export ARM_SUBSCRIPTION_ID="" - export ARM_TENANT_ID="" + Use with: + ```bash + export ARM_CLIENT_ID="" + export ARM_CLIENT_SECRET="" + export ARM_SUBSCRIPTION_ID="" + export ARM_TENANT_ID="" - terraform init - terraform apply - ``` + terraform init + terraform apply + ``` - ## License + ## License - Licensed under [the MIT License][1]. + Licensed under [the MIT License][1]. - [1]: https://github.com/imjoseangel/terraform-azurerm-appserviceplan/blob/devel/LICENSE - [2]: https://www.terraform.io/ - [3]: https://imjoseangel.eu/ - draft: false - prerelease: false + [1]: https://github.com/imjoseangel/terraform-azurerm-appserviceplan/blob/devel/LICENSE + [2]: https://www.terraform.io/ + [3]: https://imjoseangel.eu/ + draft: false + prerelease: false diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 33ced57..9cc7f1b 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,9 +1,10 @@ +--- name: 'Terraform' on: push: branches: - - devel + - devel pull_request: jobs: @@ -17,50 +18,61 @@ jobs: shell: bash steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v2 + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v2 - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - - name: Setup Terraform - id: setup - uses: hashicorp/setup-terraform@v1 + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + id: setup + uses: hashicorp/setup-terraform@v1 - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - id: init - run: terraform init + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + id: init + run: terraform init - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - id: fmt - run: terraform fmt -check + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + id: fmt + run: terraform fmt -check - # Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc. - - name: Terraform Validate - id: validate - run: terraform validate + # Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc. + - name: Terraform Validate + id: validate + run: terraform validate - # Run the tfsec sarif check. Uses static analysis of your terraform templates to spot potential security issues. - - name: Terraform Security Analysis - id: tfsec - uses: tfsec/tfsec-sarif-action@master - with: - sarif_file: tfsec.sarif + # Run the tfsec sarif check. Uses static analysis of your terraform templates to spot potential security issues. + - name: Terraform Security Analysis + id: tfsec + uses: tfsec/tfsec-sarif-action@master + with: + sarif_file: tfsec.sarif - # # Uploads results.sarif to GitHub repository using the upload-sarif action - # - name: Terraform Security Report - # id: tfsarif - # uses: github/codeql-action/upload-sarif@v1 - # with: - # sarif_file: tfsec.sarif + # Uploads results.sarif to GitHub repository using the upload-sarif action + - name: Terraform Security Report + id: tfsarif + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: tfsec.sarif - # CStatic code analyzer for Infrastructure as Code with terrascan. - - name: Terraform Scan Code Base - uses: github/super-linter@v4 - env: - VALIDATE_ALL_CODEBASE: true - DEFAULT_BRANCH: devel - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - VALIDATE_TERRAFORM: true - VALIDATE_TERRAFORM_TERRASCAN: true + # Static code analyzer for Infrastructure as Code + - name: Lint Code Base + id: superlinter + uses: github/super-linter@v4 + env: + VALIDATE_ALL_CODEBASE: true + DEFAULT_BRANCH: devel + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VALIDATE_TERRAFORM: true + YAML_CONFIG_FILE: .yamllint + + # Static code analyzer for Terrascan + - name: Terraform Scan Code Base + id: terrascan + uses: accurics/terrascan-action@v1 + with: + iac_type: terraform + iac_version: v14 + policy_type: azure + only_warn: false