Skip to content

Commit

Permalink
chore: Update workflows and pre-commit hooks (#14)
Browse files Browse the repository at this point in the history 
* chore: Update pre-commit repos to the latest versions

* chore: Add Dependabot configuration file (github-actions and terraform)

* chore: Remove tf-docs workflow

* ci: Change all workflows to call reusable workflows from getindata/github-workflows repository

* chore: Format yaml file

* chore: Skip checkov check CKV_TF_1

* chore: Change order of pre-commit hooks

* chore: Add comment to pre-commit hooks.
  • Loading branch information
@kacpermuda
kacpermuda authored Sep 26, 2023
1 parent 61b48f6 commit ffb3e64
Show file tree
Hide file tree
Showing 6 changed files with 52 additions and 196 deletions.
40 changes: 40 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
version: 2
updates:

# GitHub actions
- package-ecosystem: "github-actions"
directory: "/" # For GitHub Actions "/" must be used for workflow files in ".github/workflows"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"

# Terraform
- package-ecosystem: "terraform"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"

- package-ecosystem: "terraform"
directory: "/examples/complete/"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"

- package-ecosystem: "terraform"
directory: "/examples/simple/"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"
17 changes: 0 additions & 17 deletions .github/workflows/documentation.yml
View file

This file was deleted.

40 changes: 1 addition & 39 deletions .github/workflows/pr-title.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,42 +9,4 @@ on:

jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- uses: amannn/action-semantic-pull-request@v4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Configure which types are allowed.
# Default: https://github.com/commitizen/conventional-commit-types
types: |
feat
fix
improvement
docs
refactor
test
ci
chore
# Configure that a scope must always be provided.
requireScope: false
# Configure additional validation for the subject based on a regex.
# This example ensures the subject starts with an uppercase character.
subjectPattern: ^[A-Z].+$
# If `subjectPattern` is configured, you can use this property to override
# the default error message that is shown when the pattern doesn't match.
# The variables `subject` and `title` can be used within the message.
subjectPatternError: |
The subject "{subject}" found in the pull request title "{title}"
didn't match the configured pattern. Please ensure that the subject
starts with an uppercase character.
# For work-in-progress PRs you can typically use draft pull requests
# from Github. However, private repositories on the free plan don't have
# this option and therefore this action allows you to opt-in to using the
# special "[WIP]" prefix to indicate this state. This will avoid the
# validation of the PR title and the pull request checks remain pending.
# Note that a second check will be reported if this is enabled.
wip: true
uses: getindata/github-workflows/.github/workflows/[email protected]
75 changes: 2 additions & 73 deletions .github/workflows/pre-commit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,77 +6,6 @@ on:
- main
- master

env:
TERRAFORM_DOCS_VERSION: v0.16.0

jobs:
collectInputs:
name: Collect workflow inputs
runs-on: ubuntu-latest
outputs:
directories: ${{ steps.dirs.outputs.directories }}
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Get root directories
id: dirs
uses: clowdhaus/terraform-composite-actions/[email protected]

preCommitMinVersions:
name: Min TF pre-commit
needs: collectInputs
runs-on: ubuntu-latest
strategy:
matrix:
directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/[email protected]
with:
directory: ${{ matrix.directory }}

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
uses: clowdhaus/terraform-composite-actions/[email protected]
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: "terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*"

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
uses: clowdhaus/terraform-composite-actions/[email protected]
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: "terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)"

preCommitMaxVersion:
name: Max TF pre-commit
runs-on: ubuntu-latest
needs: collectInputs
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{github.event.pull_request.head.repo.full_name}}

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/[email protected]

# Step required as tflint pre-commit hook requires module to be initialised
- run: terraform init

- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
uses: clowdhaus/terraform-composite-actions/[email protected]
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
# tflint-version: ${{ env.TFLINT_VERSION }} # use this version with "Invicton-Labs/deepmerge/null" module
main:
uses: getindata/github-workflows/.github/workflows/[email protected]
62 changes: 2 additions & 60 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -1,67 +1,9 @@
name: Create new release with changelog

on:
pull_request:
pull_request_target:
types: [closed]

jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 100

- name: Check release label
id: release-label
uses: actions-ecosystem/action-release-label@v1
if: ${{ github.event.pull_request.merged == true }}

- name: Get latest tag
id: get-latest-tag
uses: actions-ecosystem/action-get-latest-tag@v1
if: ${{ steps.release-label.outputs.level != null }}

- name: Bump semantic version
id: bump-semver
uses: actions-ecosystem/action-bump-semver@v1
if: ${{ steps.release-label.outputs.level != null }}
with:
current_version: ${{ steps.get-latest-tag.outputs.tag }}
level: ${{ steps.release-label.outputs.level }}

- name: Tag release
id: tag-relese
uses: actions-ecosystem/action-push-tag@v1
if: ${{ steps.release-label.outputs.level != null }}
with:
tag: ${{ steps.bump-semver.outputs.new_version }}
message: "${{ steps.bump-semver.outputs.new_version }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}"

- name: Generate new release with changelog
id: release-with-changelog
uses: fregante/release-with-changelog@v3
if: ${{ steps.bump-semver.outputs.new_version != null }}
with:
token: "${{ secrets.GITHUB_TOKEN }}"
exclude: '^meta|^docs|^document|^lint|^ci|^refactor|readme|workflow|bump|dependencies|yml|^v?\d+\.\d+\.\d+'
tag: "${{ steps.bump-semver.outputs.new_version }}"
title: "Version ${{ steps.bump-semver.outputs.new_version }}"
commit-template: "- {title} ← {hash}"
skip-on-empty: true
template: |
### Changelog
{commits}
{range}
- name: Comment PR
id: add-comment
uses: actions-ecosystem/action-create-comment@v1
if: ${{ steps.bump-semver.outputs.new_version != null }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
number: ${{ steps.get-merged-pull-request.outputs.number }}
body: |
The new version [${{ steps.bump-semver.outputs.new_version }}](https://github.com/${{ github.repository }}/releases/tag/${{ steps.bump-semver.outputs.new_version }}) has been released :tada:
uses: getindata/github-workflows/.github/workflows/[email protected]
14 changes: 7 additions & 7 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,28 @@
repos:
- repo: https://github.com/gruntwork-io/pre-commit
rev: "v0.1.17" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
rev: "v0.1.22" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
hooks:
- id: terraform-validate # It should be before tflint hook as it runs terraform init required by tflint
- id: terraform-fmt
- id: tflint
args:
- --module
- --config=.tflint.hcl
- id: terraform-validate
- id: terraform-fmt

- repo: https://github.com/terraform-docs/terraform-docs
rev: "v0.16.0" # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
rev: "v0.16.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
hooks:
- id: terraform-docs-go
args: ["."]

- repo: https://github.com/bridgecrewio/checkov.git
rev: "2.2.246" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
rev: "2.4.48" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
hooks:
- id: checkov
args: [--skip-check, "CKV2_GHA_1"] #Flase positive for top-level permissions
args: [--skip-check, "CKV2_GHA_1,CKV_TF_1"] #False positive for top-level permissions

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: "v4.3.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
rev: "v4.4.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer

0 comments on commit ffb3e64

Please sign in to comment.