getindata · jakubigla · Sep 26, 2023 · Sep 26, 2023 · Sep 26, 2023 · Sep 26, 2023
@@ -0,0 +1,40 @@
+version: 2
+updates:
+
+  # GitHub actions
+  - package-ecosystem: "github-actions"
+    directory: "/"  # For GitHub Actions "/" must be used for workflow files in ".github/workflows"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore: "
+    labels:
+      - "release/patch"
+
+  # Terraform
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore: "
+    labels:
+      - "release/patch"
+
+  - package-ecosystem: "terraform"
+    directory: "/examples/complete/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore: "
+    labels:
+      - "release/patch"
+
+  - package-ecosystem: "terraform"
+    directory: "/examples/simple/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore: "
+    labels:
+      - "release/patch"
@@ -9,42 +9,4 @@ on:
 
 jobs:
   main:
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      # Please look up the latest version from
-      # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v4
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          # Configure which types are allowed.
-          # Default: https://github.com/commitizen/conventional-commit-types
-          types: |
-            feat
-            fix
-            improvement
-            docs
-            refactor
-            test
-            ci
-            chore
-          # Configure that a scope must always be provided.
-          requireScope: false
-          # Configure additional validation for the subject based on a regex.
-          # This example ensures the subject starts with an uppercase character.
-          subjectPattern: ^[A-Z].+$
-          # If `subjectPattern` is configured, you can use this property to override
-          # the default error message that is shown when the pattern doesn't match.
-          # The variables `subject` and `title` can be used within the message.
-          subjectPatternError: |
-            The subject "{subject}" found in the pull request title "{title}"
-            didn't match the configured pattern. Please ensure that the subject
-            starts with an uppercase character.
-          # For work-in-progress PRs you can typically use draft pull requests
-          # from Github. However, private repositories on the free plan don't have
-          # this option and therefore this action allows you to opt-in to using the
-          # special "[WIP]" prefix to indicate this state. This will avoid the
-          # validation of the PR title and the pull request checks remain pending.
-          # Note that a second check will be reported if this is enabled.
-          wip: true
+    uses: getindata/github-workflows/.github/workflows/[email protected]
@@ -6,77 +6,6 @@ on:
       - main
       - master
 
-env:
-  TERRAFORM_DOCS_VERSION: v0.16.0
-
 jobs:
-  collectInputs:
-    name: Collect workflow inputs
-    runs-on: ubuntu-latest
-    outputs:
-      directories: ${{ steps.dirs.outputs.directories }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Get root directories
-        id: dirs
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-
-  preCommitMinVersions:
-    name: Min TF pre-commit
-    needs: collectInputs
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Terraform min/max versions
-        id: minMax
-        uses: clowdhaus/[email protected]
-        with:
-          directory: ${{ matrix.directory }}
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        # Run only validate pre-commit check on min version supported
-        if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        with:
-          terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          args: "terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*"
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        # Run only validate pre-commit check on min version supported
-        if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        with:
-          terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          args: "terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)"
-
-  preCommitMaxVersion:
-    name: Max TF pre-commit
-    runs-on: ubuntu-latest
-    needs: collectInputs
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-          repository: ${{github.event.pull_request.head.repo.full_name}}
-
-      - name: Terraform min/max versions
-        id: minMax
-        uses: clowdhaus/[email protected]
-
-        # Step required as tflint pre-commit hook requires module to be initialised
-      - run: terraform init
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        with:
-          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
-          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
-          # tflint-version: ${{ env.TFLINT_VERSION }} # use this version with "Invicton-Labs/deepmerge/null" module
+  main:
+    uses: getindata/github-workflows/.github/workflows/[email protected]
@@ -1,67 +1,9 @@
 name: Create new release with changelog
 
 on:
-  pull_request:
+  pull_request_target:
     types: [closed]
 
 jobs:
   release:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 100
-
-      - name: Check release label
-        id: release-label
-        uses: actions-ecosystem/action-release-label@v1
-        if: ${{ github.event.pull_request.merged == true }}
-
-      - name: Get latest tag
-        id: get-latest-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1
-        if: ${{ steps.release-label.outputs.level != null }}
-
-      - name: Bump semantic version
-        id: bump-semver
-        uses: actions-ecosystem/action-bump-semver@v1
-        if: ${{ steps.release-label.outputs.level != null }}
-        with:
-          current_version: ${{ steps.get-latest-tag.outputs.tag }}
-          level: ${{ steps.release-label.outputs.level }}
-
-      - name: Tag release
-        id: tag-relese
-        uses: actions-ecosystem/action-push-tag@v1
-        if: ${{ steps.release-label.outputs.level != null }}
-        with:
-          tag: ${{ steps.bump-semver.outputs.new_version }}
-          message: "${{ steps.bump-semver.outputs.new_version }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}"
-
-      - name: Generate new release with changelog
-        id: release-with-changelog
-        uses: fregante/release-with-changelog@v3
-        if: ${{ steps.bump-semver.outputs.new_version != null }}
-        with:
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          exclude: '^meta|^docs|^document|^lint|^ci|^refactor|readme|workflow|bump|dependencies|yml|^v?\d+\.\d+\.\d+'
-          tag: "${{ steps.bump-semver.outputs.new_version }}"
-          title: "Version ${{ steps.bump-semver.outputs.new_version }}"
-          commit-template: "- {title} ← {hash}"
-          skip-on-empty: true
-          template: |
-            ### Changelog
-
-            {commits}
-
-            {range}
-
-      - name: Comment PR
-        id: add-comment
-        uses: actions-ecosystem/action-create-comment@v1
-        if: ${{ steps.bump-semver.outputs.new_version != null }}
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          number: ${{ steps.get-merged-pull-request.outputs.number }}
-          body: |
-            The new version [${{ steps.bump-semver.outputs.new_version }}](https://github.com/${{ github.repository }}/releases/tag/${{ steps.bump-semver.outputs.new_version }}) has been released :tada:
+    uses: getindata/github-workflows/.github/workflows/[email protected]
@@ -1,28 +1,28 @@
 repos:
   - repo: https://github.com/gruntwork-io/pre-commit
-    rev: "v0.1.17" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
+    rev: "v0.1.22" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
     hooks:
+      - id: terraform-validate # It should be before tflint hook as it runs terraform init required by tflint
+      - id: terraform-fmt
       - id: tflint
         args:
           - --module
           - --config=.tflint.hcl
-      - id: terraform-validate
-      - id: terraform-fmt
 
   - repo: https://github.com/terraform-docs/terraform-docs
-    rev: "v0.16.0" # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+    rev: "v0.16.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
     hooks:
       - id: terraform-docs-go
         args: ["."]
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: "2.2.246" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
+    rev: "2.4.48" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
     hooks:
       - id: checkov
-        args: [--skip-check, "CKV2_GHA_1"] #Flase positive for top-level permissions
+        args: [--skip-check, "CKV2_GHA_1,CKV_TF_1"] #False positive for top-level permissions
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: "v4.3.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
+    rev: "v4.4.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer