diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 500d41d..c30af1f 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -1,11 +1,32 @@ -name: Checkov +name: checkov on: + push: + branches: [ "main"] pull_request: + branches: [ "main" ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +permissions: + contents: read + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results jobs: - checkov: + scan: runs-on: ubuntu-latest steps: - - uses: makandra/github-actions/checkov-terraform@main + - uses: actions/checkout@v3 + + - name: Checkov GitHub Action + uses: bridgecrewio/checkov-action@v12 + with: + output_format: cli,sarif + output_file_path: console,results.sarif + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + + if: success() || failure() with: - path: . + sarif_file: results.sarif diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml index 5685258..ca2c9a4 100644 --- a/.github/workflows/conventional-commits.yml +++ b/.github/workflows/conventional-commits.yml @@ -2,10 +2,14 @@ name: Conventional Commits on: pull_request: +permissions: + contents: read jobs: conventional-commits: name: Conventional Commits + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml deleted file mode 100644 index e46615f..0000000 --- a/.github/workflows/precommit.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: pre-commit - -on: - pull_request: - -jobs: - pre-commit: - runs-on: ubuntu-latest - steps: - - uses: makandra/github-actions/precommit@main diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index 4f677d0..0a06d10 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -2,8 +2,11 @@ name: "Semantic-Release" on: push: branches: - - master - main +permissions: + contents: write + issues: write + pull-requests: write jobs: release: diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index be25b97..d2e121b 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -1,10 +1,13 @@ name: Tflint on: pull_request: - +permissions: + contents: read jobs: tflint: + permissions: + contents: read runs-on: ubuntu-latest strategy: matrix: diff --git a/.releaserc.yaml b/.releaserc.yaml new file mode 100644 index 0000000..7bf05ec --- /dev/null +++ b/.releaserc.yaml @@ -0,0 +1,8 @@ +{ + "branches": ["main"], + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + "@semantic-release/github" + ] +} diff --git a/LICENSE b/LICENSE index 678d46b..1af7ca8 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2022 makandra +Copyright (c) 2024 makandra Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/package.json b/package.json deleted file mode 100644 index 56910c2..0000000 --- a/package.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "name": "", - "license": "MIT", - "devDependencies": { - "@semantic-release/github": "^8.0.7", - "git-cz": "^4.9.0", - "semantic-release": "^19.0.5" - }, - "private": true, - "release": { - "plugins": [ - "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator", - "@semantic-release/github", - [ - "@semantic-release/npm", - { - "npmPublish": false - } - ] - ], - "branches": [ - "main", - "master" - ] - } -}