generated from getindata/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from getindata/chore/updates-and-workflows
chore: Update workflows and pre-commit hooks
- Loading branch information
Showing
7 changed files
with
83 additions
and
227 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
version: 2 | ||
updates: | ||
|
||
# GitHub actions | ||
- package-ecosystem: "github-actions" | ||
directory: "/" # For GitHub Actions "/" must be used for workflow files in ".github/workflows" | ||
schedule: | ||
interval: "weekly" | ||
commit-message: | ||
prefix: "chore: " | ||
labels: | ||
- "release/patch" | ||
|
||
# Terraform | ||
- package-ecosystem: "terraform" | ||
directory: "/" | ||
schedule: | ||
interval: "weekly" | ||
commit-message: | ||
prefix: "chore: " | ||
labels: | ||
- "release/patch" | ||
|
||
- package-ecosystem: "terraform" | ||
directory: "/examples/complete/" | ||
schedule: | ||
interval: "weekly" | ||
commit-message: | ||
prefix: "chore: " | ||
labels: | ||
- "release/patch" | ||
|
||
- package-ecosystem: "terraform" | ||
directory: "/examples/simple/" | ||
schedule: | ||
interval: "weekly" | ||
commit-message: | ||
prefix: "chore: " | ||
labels: | ||
- "release/patch" |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,82 +1,18 @@ | ||
name: Pre-Commit | ||
name: TF Pre-Commit | ||
|
||
permissions: | ||
contents: read | ||
|
||
on: | ||
pull_request: | ||
branches: | ||
- main | ||
- master | ||
|
||
env: | ||
TERRAFORM_DOCS_VERSION: v0.16.0 | ||
|
||
jobs: | ||
collectInputs: | ||
name: Collect workflow inputs | ||
runs-on: ubuntu-latest | ||
outputs: | ||
directories: ${{ steps.dirs.outputs.directories }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Get root directories | ||
id: dirs | ||
uses: clowdhaus/terraform-composite-actions/[email protected] | ||
|
||
preCommitMinVersions: | ||
name: Min TF pre-commit | ||
needs: collectInputs | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Terraform min/max versions | ||
id: minMax | ||
uses: clowdhaus/[email protected] | ||
with: | ||
directory: ${{ matrix.directory }} | ||
|
||
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} | ||
# Run only validate pre-commit check on min version supported | ||
if: ${{ matrix.directory != '.' }} | ||
uses: clowdhaus/terraform-composite-actions/[email protected] | ||
with: | ||
terraform-version: ${{ steps.minMax.outputs.minVersion }} | ||
args: "terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*" | ||
|
||
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} | ||
# Run only validate pre-commit check on min version supported | ||
if: ${{ matrix.directory == '.' }} | ||
uses: clowdhaus/terraform-composite-actions/[email protected] | ||
with: | ||
terraform-version: ${{ steps.minMax.outputs.minVersion }} | ||
args: "terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)" | ||
|
||
preCommitMaxVersion: | ||
name: Max TF pre-commit | ||
runs-on: ubuntu-latest | ||
needs: collectInputs | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
ref: ${{ github.event.pull_request.head.ref }} | ||
repository: ${{github.event.pull_request.head.repo.full_name}} | ||
|
||
- name: Terraform min/max versions | ||
id: minMax | ||
uses: clowdhaus/[email protected] | ||
|
||
# Step required as tflint pre-commit hook requires module to be initialised | ||
- run: terraform init | ||
|
||
- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} | ||
uses: clowdhaus/terraform-composite-actions/[email protected] | ||
with: | ||
terraform-version: ${{ steps.minMax.outputs.maxVersion }} | ||
terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} | ||
# tflint-version: ${{ env.TFLINT_VERSION }} # use this version with "Invicton-Labs/deepmerge/null" module | ||
main: | ||
uses: getindata/github-workflows/.github/workflows/tf-pre-commit.yml@v1 | ||
with: | ||
# tflint v0.46.0 is the latest version we can use with pre-commit v0.1.20 | ||
# See .pre-commit-config.yaml for more details. | ||
tflint-version: v0.46.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,67 +1,13 @@ | ||
name: Create new release with changelog | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
|
||
on: | ||
pull_request: | ||
pull_request_target: | ||
types: [closed] | ||
|
||
jobs: | ||
release: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 100 | ||
|
||
- name: Check release label | ||
id: release-label | ||
uses: actions-ecosystem/action-release-label@v1 | ||
if: ${{ github.event.pull_request.merged == true }} | ||
|
||
- name: Get latest tag | ||
id: get-latest-tag | ||
uses: actions-ecosystem/action-get-latest-tag@v1 | ||
if: ${{ steps.release-label.outputs.level != null }} | ||
|
||
- name: Bump semantic version | ||
id: bump-semver | ||
uses: actions-ecosystem/action-bump-semver@v1 | ||
if: ${{ steps.release-label.outputs.level != null }} | ||
with: | ||
current_version: ${{ steps.get-latest-tag.outputs.tag }} | ||
level: ${{ steps.release-label.outputs.level }} | ||
|
||
- name: Tag release | ||
id: tag-relese | ||
uses: actions-ecosystem/action-push-tag@v1 | ||
if: ${{ steps.release-label.outputs.level != null }} | ||
with: | ||
tag: ${{ steps.bump-semver.outputs.new_version }} | ||
message: "${{ steps.bump-semver.outputs.new_version }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}" | ||
|
||
- name: Generate new release with changelog | ||
id: release-with-changelog | ||
uses: fregante/release-with-changelog@v3 | ||
if: ${{ steps.bump-semver.outputs.new_version != null }} | ||
with: | ||
token: "${{ secrets.GITHUB_TOKEN }}" | ||
exclude: '^meta|^docs|^document|^lint|^ci|^refactor|readme|workflow|bump|dependencies|yml|^v?\d+\.\d+\.\d+' | ||
tag: "${{ steps.bump-semver.outputs.new_version }}" | ||
title: "Version ${{ steps.bump-semver.outputs.new_version }}" | ||
commit-template: "- {title} ← {hash}" | ||
skip-on-empty: true | ||
template: | | ||
### Changelog | ||
{commits} | ||
{range} | ||
- name: Comment PR | ||
id: add-comment | ||
uses: actions-ecosystem/action-create-comment@v1 | ||
if: ${{ steps.bump-semver.outputs.new_version != null }} | ||
with: | ||
github_token: ${{ secrets.GITHUB_TOKEN }} | ||
number: ${{ steps.get-merged-pull-request.outputs.number }} | ||
body: | | ||
The new version [${{ steps.bump-semver.outputs.new_version }}](https://github.com/${{ github.repository }}/releases/tag/${{ steps.bump-semver.outputs.new_version }}) has been released :tada: | ||
uses: getindata/github-workflows/.github/workflows/gh-create-release.yml@v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,35 @@ | ||
repos: | ||
- repo: https://github.com/gruntwork-io/pre-commit | ||
rev: "v0.1.17" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases | ||
# Stick to v0.1.20 until this bug is fixed: https://github.com/gruntwork-io/pre-commit/issues/102 | ||
# When updating, also check if tflint version in pre-commit workflow can be updated. | ||
rev: "v0.1.20" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases | ||
hooks: | ||
- id: terraform-validate # It should be the first step as it runs terraform init required by tflint | ||
- id: terraform-fmt | ||
- id: tflint | ||
args: | ||
- --module | ||
- --config=.tflint.hcl | ||
- id: terraform-validate | ||
- id: terraform-fmt | ||
|
||
- repo: https://github.com/terraform-docs/terraform-docs | ||
rev: "v0.16.0" # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases | ||
rev: "v0.16.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases | ||
hooks: | ||
- id: terraform-docs-go | ||
args: ["."] | ||
|
||
- repo: https://github.com/bridgecrewio/checkov.git | ||
rev: "2.2.246" # Get the latest from: https://github.com/bridgecrewio/checkov/releases | ||
rev: "2.5.13" # Get the latest from: https://github.com/bridgecrewio/checkov/releases | ||
hooks: | ||
- id: checkov | ||
args: [--skip-check, "CKV2_GHA_1"] #Flase positive for top-level permissions | ||
args: [--skip-check, "CKV_TF_1"] # Terraform module sources do not use a git url with a commit hash revision | ||
|
||
- repo: https://github.com/pre-commit/pre-commit-hooks | ||
rev: "v4.3.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases | ||
rev: "v4.5.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases | ||
hooks: | ||
- id: check-merge-conflict | ||
args: ["--assume-in-merge"] | ||
- id: mixed-line-ending | ||
args: ["--fix=no"] | ||
- id: end-of-file-fixer | ||
- id: check-case-conflict | ||
- id: check-yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters