-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
161 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
name: Checkov | ||
on: | ||
pull_request: | ||
|
||
jobs: | ||
checkov: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: makandra/github-actions/checkov-terraform@main | ||
with: | ||
path: . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
name: Conventional Commits | ||
|
||
on: | ||
pull_request: | ||
|
||
jobs: | ||
conventional-commits: | ||
name: Conventional Commits | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: webiny/action-conventional-commits@v1.1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
name: pre-commit | ||
|
||
on: | ||
pull_request: | ||
|
||
jobs: | ||
pre-commit: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: makandra/github-actions/precommit@main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
name: "Semantic-Release" | ||
on: | ||
push: | ||
branches: | ||
- master | ||
- main | ||
|
||
jobs: | ||
release: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Semantic Release | ||
uses: cycjimmy/semantic-release-action@v3 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
name: Tflint | ||
on: | ||
pull_request: | ||
|
||
|
||
jobs: | ||
tflint: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
path: | ||
- . | ||
steps: | ||
- uses: makandra/github-actions/tflint@main | ||
with: | ||
path: ${{ matrix.path }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
repos: | ||
- repo: https://github.com/pre-commit/pre-commit-hooks | ||
rev: v4.2.0 | ||
hooks: | ||
- id: check-added-large-files | ||
- id: check-merge-conflict | ||
- id: check-vcs-permalinks | ||
- id: end-of-file-fixer | ||
- id: trailing-whitespace | ||
args: [--markdown-linebreak-ext=md] | ||
exclude: CHANGELOG.md | ||
- id: check-yaml | ||
- id: check-merge-conflict | ||
- id: check-executables-have-shebangs | ||
- id: check-case-conflict | ||
- id: mixed-line-ending | ||
args: [--fix=lf] | ||
- id: detect-aws-credentials | ||
args: ['--allow-missing-credentials'] | ||
- id: detect-private-key | ||
- repo: https://github.com/antonbabenko/pre-commit-terraform | ||
rev: v1.74.1 | ||
hooks: | ||
- id: terraform_fmt | ||
- id: terraform_docs | ||
args: | ||
- --hook-config=--path-to-file=README.md | ||
- --hook-config=--add-to-existing-file=true | ||
- --hook-config=--create-file-if-not-exist=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Terraform module template | ||
|
||
This is a template for terraform modules. It contains the required CI congiguration and `.gitignore`. | ||
|
||
# Contents | ||
|
||
## package.json | ||
|
||
The `package.json` is required for the [semantic-release](https://semantic-release.gitbook.io/semantic-release/). This is controlled via a Github Actions workflow. | ||
|
||
## pre-commit-config.yaml | ||
|
||
We rely on [pre-commit](https://pre-commit.com/) hooks to ensure the good code quality. This is also checked by a CI pipeline but recommended to use locally. It's also responsible for creating [terraform-docs](https://terraform-docs.io/). | ||
|
||
## .github/workflows | ||
|
||
We have several default workflows prepared. | ||
|
||
### checkov | ||
|
||
[checkov](https://www.checkov.io/) scans the terraform manifests for common misconfigurations. By default the root of the respository is scanned but if you have a repo with submodules (like for e.g. [makandra/terraform-aws-modules](https://github.com/makandra/terraform-aws-modules) you may want to alter the path of the github action. | ||
|
||
### conventional-commits | ||
|
||
We want to enforce [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) to ensure our `semantic-release` works correctly. | ||
|
||
### precommit | ||
|
||
We want to ensure that all our rules in the `pre-commit` configuration are applied. | ||
|
||
### semantic-release | ||
|
||
Whenever new commits are merged into the `main` branch we want a new release to be created. | ||
|
||
### tflint | ||
|
||
Terraform linter for finding possible errors, old syntax, unused declarations etc. Also it enforces best practices. See [tflint](https://github.com/terraform-linters/tflint). | ||
By default the root of the respository is scanned but if you have a repo with submodules (like for e.g. [makandra/terraform-aws-modules](https://github.com/makandra/terraform-aws-modules) you should add every submodule to the workflow matrix. | ||
|
||
# Recommended Repo configuration | ||
|
||
We recommend protecting the `main` branch and to allow new code pushes only via Pull Requests. This way it's ensured that all tests pass before a new release is pushed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ | ||
"name": "releasetest", | ||
"license": "MIT", | ||
"devDependencies": { | ||
"@semantic-release/github": "^8.0.7", | ||
"git-cz": "^4.9.0", | ||
"semantic-release": "^19.0.5" | ||
}, | ||
"plugins": [ | ||
"@semantic-release/commit-analyzer", | ||
"@semantic-release/release-notes-generator", | ||
"@semantic-release/github", | ||
"@semantic-release/npm", { | ||
"npmPublish": false | ||
} | ||
], | ||
"private": true, | ||
"release": { | ||
"branches": [ | ||
"main", "master" | ||
] | ||
} | ||
} |