Skip to content

Commit

Permalink
Merge pull request #2 from getindata/chore/updates-and-workflows
Browse files Browse the repository at this point in the history
chore: Update workflows and pre-commit hooks
  • Loading branch information
kacpermuda authored Oct 20, 2023
2 parents 8b8d3d2 + ab6e3e6 commit bb85824
Show file tree
Hide file tree
Showing 7 changed files with 83 additions and 227 deletions.
40 changes: 40 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
version: 2
updates:

# GitHub actions
- package-ecosystem: "github-actions"
directory: "/" # For GitHub Actions "/" must be used for workflow files in ".github/workflows"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"

# Terraform
- package-ecosystem: "terraform"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"

- package-ecosystem: "terraform"
directory: "/examples/complete/"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"

- package-ecosystem: "terraform"
directory: "/examples/simple/"
schedule:
interval: "weekly"
commit-message:
prefix: "chore: "
labels:
- "release/patch"
17 changes: 0 additions & 17 deletions .github/workflows/documentation.yml

This file was deleted.

46 changes: 6 additions & 40 deletions .github/workflows/pr-title.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
name: 'Validate PR title'
name: Validate PR title

permissions:
pull-requests: read
statuses: write

on:
pull_request_target:
Expand All @@ -9,42 +13,4 @@ on:

jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- uses: amannn/action-semantic-pull-request@v4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Configure which types are allowed.
# Default: https://github.com/commitizen/conventional-commit-types
types: |
feat
fix
improvement
docs
refactor
test
ci
chore
# Configure that a scope must always be provided.
requireScope: false
# Configure additional validation for the subject based on a regex.
# This example ensures the subject starts with an uppercase character.
subjectPattern: ^[A-Z].+$
# If `subjectPattern` is configured, you can use this property to override
# the default error message that is shown when the pattern doesn't match.
# The variables `subject` and `title` can be used within the message.
subjectPatternError: |
The subject "{subject}" found in the pull request title "{title}"
didn't match the configured pattern. Please ensure that the subject
starts with an uppercase character.
# For work-in-progress PRs you can typically use draft pull requests
# from Github. However, private repositories on the free plan don't have
# this option and therefore this action allows you to opt-in to using the
# special "[WIP]" prefix to indicate this state. This will avoid the
# validation of the PR title and the pull request checks remain pending.
# Note that a second check will be reported if this is enabled.
wip: true
uses: getindata/github-workflows/.github/workflows/gh-validate-pr-title.yml@v1
84 changes: 10 additions & 74 deletions .github/workflows/pre-commit.yml
Original file line number Diff line number Diff line change
@@ -1,82 +1,18 @@
name: Pre-Commit
name: TF Pre-Commit

permissions:
contents: read

on:
pull_request:
branches:
- main
- master

env:
TERRAFORM_DOCS_VERSION: v0.16.0

jobs:
collectInputs:
name: Collect workflow inputs
runs-on: ubuntu-latest
outputs:
directories: ${{ steps.dirs.outputs.directories }}
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Get root directories
id: dirs
uses: clowdhaus/terraform-composite-actions/[email protected]

preCommitMinVersions:
name: Min TF pre-commit
needs: collectInputs
runs-on: ubuntu-latest
strategy:
matrix:
directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/[email protected]
with:
directory: ${{ matrix.directory }}

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
uses: clowdhaus/terraform-composite-actions/[email protected]
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: "terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*"

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
uses: clowdhaus/terraform-composite-actions/[email protected]
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: "terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)"

preCommitMaxVersion:
name: Max TF pre-commit
runs-on: ubuntu-latest
needs: collectInputs
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{github.event.pull_request.head.repo.full_name}}

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/[email protected]

# Step required as tflint pre-commit hook requires module to be initialised
- run: terraform init

- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
uses: clowdhaus/terraform-composite-actions/[email protected]
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
# tflint-version: ${{ env.TFLINT_VERSION }} # use this version with "Invicton-Labs/deepmerge/null" module
main:
uses: getindata/github-workflows/.github/workflows/tf-pre-commit.yml@v1
with:
# tflint v0.46.0 is the latest version we can use with pre-commit v0.1.20
# See .pre-commit-config.yaml for more details.
tflint-version: v0.46.0
66 changes: 6 additions & 60 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,67 +1,13 @@
name: Create new release with changelog

permissions:
contents: write
pull-requests: write

on:
pull_request:
pull_request_target:
types: [closed]

jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 100

- name: Check release label
id: release-label
uses: actions-ecosystem/action-release-label@v1
if: ${{ github.event.pull_request.merged == true }}

- name: Get latest tag
id: get-latest-tag
uses: actions-ecosystem/action-get-latest-tag@v1
if: ${{ steps.release-label.outputs.level != null }}

- name: Bump semantic version
id: bump-semver
uses: actions-ecosystem/action-bump-semver@v1
if: ${{ steps.release-label.outputs.level != null }}
with:
current_version: ${{ steps.get-latest-tag.outputs.tag }}
level: ${{ steps.release-label.outputs.level }}

- name: Tag release
id: tag-relese
uses: actions-ecosystem/action-push-tag@v1
if: ${{ steps.release-label.outputs.level != null }}
with:
tag: ${{ steps.bump-semver.outputs.new_version }}
message: "${{ steps.bump-semver.outputs.new_version }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}"

- name: Generate new release with changelog
id: release-with-changelog
uses: fregante/release-with-changelog@v3
if: ${{ steps.bump-semver.outputs.new_version != null }}
with:
token: "${{ secrets.GITHUB_TOKEN }}"
exclude: '^meta|^docs|^document|^lint|^ci|^refactor|readme|workflow|bump|dependencies|yml|^v?\d+\.\d+\.\d+'
tag: "${{ steps.bump-semver.outputs.new_version }}"
title: "Version ${{ steps.bump-semver.outputs.new_version }}"
commit-template: "- {title} ← {hash}"
skip-on-empty: true
template: |
### Changelog
{commits}
{range}
- name: Comment PR
id: add-comment
uses: actions-ecosystem/action-create-comment@v1
if: ${{ steps.bump-semver.outputs.new_version != null }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
number: ${{ steps.get-merged-pull-request.outputs.number }}
body: |
The new version [${{ steps.bump-semver.outputs.new_version }}](https://github.com/${{ github.repository }}/releases/tag/${{ steps.bump-semver.outputs.new_version }}) has been released :tada:
uses: getindata/github-workflows/.github/workflows/gh-create-release.yml@v1
21 changes: 14 additions & 7 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,28 +1,35 @@
repos:
- repo: https://github.com/gruntwork-io/pre-commit
rev: "v0.1.17" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
# Stick to v0.1.20 until this bug is fixed: https://github.com/gruntwork-io/pre-commit/issues/102
# When updating, also check if tflint version in pre-commit workflow can be updated.
rev: "v0.1.20" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
hooks:
- id: terraform-validate # It should be the first step as it runs terraform init required by tflint
- id: terraform-fmt
- id: tflint
args:
- --module
- --config=.tflint.hcl
- id: terraform-validate
- id: terraform-fmt

- repo: https://github.com/terraform-docs/terraform-docs
rev: "v0.16.0" # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
rev: "v0.16.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
hooks:
- id: terraform-docs-go
args: ["."]

- repo: https://github.com/bridgecrewio/checkov.git
rev: "2.2.246" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
rev: "2.5.13" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
hooks:
- id: checkov
args: [--skip-check, "CKV2_GHA_1"] #Flase positive for top-level permissions
args: [--skip-check, "CKV_TF_1"] # Terraform module sources do not use a git url with a commit hash revision

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: "v4.3.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
rev: "v4.5.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
hooks:
- id: check-merge-conflict
args: ["--assume-in-merge"]
- id: mixed-line-ending
args: ["--fix=no"]
- id: end-of-file-fixer
- id: check-case-conflict
- id: check-yaml
36 changes: 7 additions & 29 deletions .tflint.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -4,35 +4,13 @@ config {
}
}

rule "terraform_deprecated_interpolation" {
enabled = true
plugin "terraform" {
enabled = true
version = "0.5.0"
source = "github.com/terraform-linters/tflint-ruleset-terraform"
preset = "all"
}

rule "terraform_documented_outputs" {
enabled = true
}

rule "terraform_documented_variables" {
enabled = true
}

rule "terraform_typed_variables" {
enabled = true
}

rule "terraform_required_version" {
enabled = true
}

rule "terraform_required_providers" {
enabled = true
}

rule "terraform_unused_required_providers" {
enabled = true
}

rule "terraform_naming_convention" {
enabled = true
format = "snake_case"
rule "terraform_standard_module_structure" {
enabled = false # Fails on context.tf
}

0 comments on commit bb85824

Please sign in to comment.