GitHub Actions Code Formatter workflow

.devcontainer/devcontainer-lock.json

@@ -21,4 +21,4 @@
       "integrity": "sha256:6343878231decb72427ea2d59d98d0c4bb6f15931d86800330f7c84df8320f6c"
     }
   }
-}
+}

terraform/environments/delius-core/fargate_graceful_retirement.tf

@@ -3,5 +3,5 @@ module "fargate_graceful_retirement" {
   source                  = "../../modules/fargate_graceful_retirement"
   restart_time            = "22:00"
   restart_day_of_the_week = "WEDNESDAY"
-  debug_logging           =  true
+  debug_logging           = true
 }

terraform/environments/delius-mis/locals_environments_all.tf

@@ -40,29 +40,29 @@ locals {
 
   domain_join_ports = [
     { protocol = "tcp", from_port = 25, to_port = 25 },
-    { protocol = "tcp", from_port = 53, to_port = 53 },  # DNS
+    { protocol = "tcp", from_port = 53, to_port = 53 }, # DNS
     { protocol = "udp", from_port = 53, to_port = 53 },
     { protocol = "udp", from_port = 67, to_port = 67 },
-    { protocol = "tcp", from_port = 88, to_port = 88 },  # Kerberos
+    { protocol = "tcp", from_port = 88, to_port = 88 }, # Kerberos
     { protocol = "udp", from_port = 88, to_port = 88 },
     { protocol = "udp", from_port = 123, to_port = 123 }, # NTP
-    { protocol = "tcp", from_port = 135, to_port = 135 },  # RPC
-    { protocol = "udp", from_port = 137, to_port = 138 },  # NetBIOS
-    { protocol = "tcp", from_port = 139, to_port = 139 },  # NetBIOS
-    { protocol = "tcp", from_port = 389, to_port = 389 },  # LDAP
+    { protocol = "tcp", from_port = 135, to_port = 135 }, # RPC
+    { protocol = "udp", from_port = 137, to_port = 138 }, # NetBIOS
+    { protocol = "tcp", from_port = 139, to_port = 139 }, # NetBIOS
+    { protocol = "tcp", from_port = 389, to_port = 389 }, # LDAP
     { protocol = "udp", from_port = 389, to_port = 389 },
-    { protocol = "tcp", from_port = 445, to_port = 445 },  # SMB
+    { protocol = "tcp", from_port = 445, to_port = 445 }, # SMB
     { protocol = "udp", from_port = 445, to_port = 445 },
-    { protocol = "tcp", from_port = 464, to_port = 464 },  # Kerberos password change
+    { protocol = "tcp", from_port = 464, to_port = 464 }, # Kerberos password change
     { protocol = "udp", from_port = 464, to_port = 464 },
-    { protocol = "tcp", from_port = 636, to_port = 636 },   # LDAPS
+    { protocol = "tcp", from_port = 636, to_port = 636 }, # LDAPS
     { protocol = "tcp", from_port = 1025, to_port = 5000 },
     { protocol = "udp", from_port = 2535, to_port = 2535 },
     { protocol = "tcp", from_port = 3268, to_port = 3269 },
     { protocol = "tcp", from_port = 5722, to_port = 5722 },
     { protocol = "tcp", from_port = 9389, to_port = 9389 },
     { protocol = "tcp", from_port = 49152, to_port = 65535 },
-    { protocol = "icmp", from_port = -1, to_port = -1 }  # ICMP
+    { protocol = "icmp", from_port = -1, to_port = -1 } # ICMP
   ]
 
 }

terraform/environments/performance-hub/module/ecs/main.tf

@@ -99,7 +99,7 @@ resource "aws_security_group" "cluster_ec2" {
 # so that the autoscaling group creates new ones using the new launch template
 
 resource "aws_launch_template" "ec2-launch-template" {
-  name_prefix = "${var.app_name}-ec2-launch-template"
+  name_prefix   = "${var.app_name}-ec2-launch-template"
   image_id      = "resolve:ssm:/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-ECS_Optimized/image_id"
   instance_type = var.instance_type
   key_name      = var.key_name

terraform/environments/ppud/alb_external.tf

@@ -10,11 +10,11 @@ resource "aws_lb" "PPUD-ALB" {
   load_balancer_type = "application"
   security_groups    = [aws_security_group.PPUD-ALB.id]
   subnets            = [data.aws_subnet.public_subnets_b.id, data.aws_subnet.public_subnets_c.id]
-     access_logs {
-      bucket  = aws_s3_bucket.moj-log-files-dev[0].id
-      prefix  = "alb-logs"
-      enabled = true
-     }
+  access_logs {
+    bucket  = aws_s3_bucket.moj-log-files-dev[0].id
+    prefix  = "alb-logs"
+    enabled = true
+  }
 
   enable_deletion_protection = true
   drop_invalid_header_fields = true
@@ -91,11 +91,11 @@ resource "aws_lb" "WAM-ALB" {
   load_balancer_type = "application"
   security_groups    = [aws_security_group.WAM-ALB.id]
   subnets            = [data.aws_subnet.public_subnets_a.id, data.aws_subnet.public_subnets_b.id]
-#  access_logs {
-#    bucket  = aws_s3_bucket.moj-log-files-dev[0].id
-#    prefix  = "alb-logs"
-#    enabled = true
-#  }
+  #  access_logs {
+  #    bucket  = aws_s3_bucket.moj-log-files-dev[0].id
+  #    prefix  = "alb-logs"
+  #    enabled = true
+  #  }
 
   enable_deletion_protection = true
   drop_invalid_header_fields = true

terraform/environments/ppud/alb_internal.tf

@@ -11,12 +11,12 @@ resource "aws_lb" "PPUD-internal-ALB" {
   load_balancer_type = "application"
   security_groups    = [aws_security_group.PPUD-ALB.id]
   subnets            = [data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
-#  access_logs {
-#    bucket  = aws_s3_bucket.moj-log-files-uat[0].id
-#    prefix  = "alb-logs"
-#    enabled = true
-#  }
- 
+  #  access_logs {
+  #    bucket  = aws_s3_bucket.moj-log-files-uat[0].id
+  #    prefix  = "alb-logs"
+  #    enabled = true
+  #  }
+
   enable_deletion_protection = true
   drop_invalid_header_fields = true
 

terraform/environments/ppud/certificate_mgmt.tf

@@ -24,8 +24,8 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_dev" {
   runtime                        = "python3.8"
   timeout                        = 30
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f"
-  depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_dev]
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f"
+  depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_dev]
   environment {
     variables = {
       EXPIRY_DAYS   = "45",
@@ -102,8 +102,8 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_uat" {
   runtime                        = "python3.8"
   timeout                        = 30
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6"
-  depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_uat]
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6"
+  depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_uat]
   environment {
     variables = {
       EXPIRY_DAYS   = "45",
@@ -180,8 +180,8 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_prod" {
   runtime                        = "python3.8"
   timeout                        = 30
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
-  depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_prod]
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
+  depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_prod]
   environment {
     variables = {
       EXPIRY_DAYS   = "45",

terraform/environments/ppud/lambda.tf

@@ -30,7 +30,7 @@ resource "aws_lambda_function" "terraform_lambda_func_stop" {
   runtime                        = "python3.9"
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_to_lambda_role]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_prod[0].arn
   }
@@ -49,7 +49,7 @@ resource "aws_lambda_function" "terraform_lambda_func_start" {
   runtime                        = "python3.9"
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_to_lambda_role]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_prod[0].arn
   }
@@ -200,7 +200,7 @@ resource "aws_lambda_function" "terraform_lambda_disable_cpu_alarm" {
   runtime                        = "python3.12"
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_alarm_suppression_to_lambda_role_alarm_suppression]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_prod[0].arn
   }
@@ -221,7 +221,7 @@ resource "aws_lambda_function" "terraform_lambda_enable_cpu_alarm" {
   runtime                        = "python3.12"
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_alarm_suppression_to_lambda_role_alarm_suppression]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_prod[0].arn
   }
@@ -254,7 +254,7 @@ resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_dev"
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_dev]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_dev[0].arn
   }
@@ -296,7 +296,7 @@ resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_uat"
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_uat]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_uat[0].arn
   }
@@ -338,7 +338,7 @@ resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_prod
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_prod]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_prod[0].arn
   }
@@ -380,7 +380,7 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_notification_dev"
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_dev]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_dev[0].arn
   }
@@ -422,7 +422,7 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_notification_uat"
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_uat]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_uat[0].arn
   }
@@ -464,7 +464,7 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_notification_prod
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_prod]
   reserved_concurrent_executions = 5
-# code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1"
   dead_letter_config {
     target_arn = aws_sqs_queue.lambda_queue_prod[0].arn
   }

terraform/environments/ppud/s3.tf

@@ -885,7 +885,7 @@ resource "aws_s3_bucket_policy" "moj-log-files-dev" {
           "arn:aws:s3:::moj-log-files-dev/*"
         ]
         "Principal" : {
-          "AWS": "arn:aws:iam::652711504416:root" # This ID is the elb-account-id for eu-west-2 obtained from https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html
+          "AWS" : "arn:aws:iam::652711504416:root" # This ID is the elb-account-id for eu-west-2 obtained from https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html
         }
       }
     ]

terraform/environments/ppud/sns.tf

@@ -108,7 +108,7 @@ data "aws_iam_policy_document" "sns_topic_policy_s3_notifications_prod" {
       "SNS:Publish"
     ]
 
-     condition {
+    condition {
       test     = "ArnLike"
       variable = "AWS:SourceArn"
       values   = ["arn:aws:s3:::moj-log-files-prod"]
@@ -155,7 +155,7 @@ data "aws_iam_policy_document" "sns_topic_policy_s3_notifications_uat" {
       "SNS:Publish"
     ]
 
-     condition {
+    condition {
       test     = "ArnLike"
       variable = "AWS:SourceArn"
       values   = ["arn:aws:s3:::moj-log-files-uat"]
@@ -182,7 +182,7 @@ resource "aws_sns_topic_policy" "s3_bucket_notifications_dev" {
 }
 
 resource "aws_sns_topic_subscription" "s3_bucket_notifications_dev_subscription" {
-  count = local.is-development == true ? 1 : 0
+  count     = local.is-development == true ? 1 : 0
   topic_arn = aws_sns_topic.s3_bucket_notifications_dev[0].arn
   protocol  = "email"
   endpoint  = "[email protected]"
@@ -202,7 +202,7 @@ data "aws_iam_policy_document" "sns_topic_policy_s3_notifications_dev" {
       "SNS:Publish"
     ]
 
-     condition {
+    condition {
       test     = "ArnLike"
       variable = "AWS:SourceArn"
       values   = ["arn:aws:s3:::moj-log-files-dev"]

terraform/environments/tribunals/main.tf

@@ -733,11 +733,11 @@ module "nginx" {
 }
 
 module "nginx_load_balancer" {
-  count                         = local.is-production ? 1 : 0
-  source                        = "./modules/nginx_load_balancer"
-  nginx_lb_sg_id                = aws_security_group.nginx_lb_sg[0].id
-  nginx_instance_ids            = module.nginx[0].instance_ids
-  subnets_shared_public_ids     = data.aws_subnets.shared-public.ids
-  vpc_shared_id                 = data.aws_vpc.shared.id
-  external_acm_cert_arn         = aws_acm_certificate.external.arn
+  count                     = local.is-production ? 1 : 0
+  source                    = "./modules/nginx_load_balancer"
+  nginx_lb_sg_id            = aws_security_group.nginx_lb_sg[0].id
+  nginx_instance_ids        = module.nginx[0].instance_ids
+  subnets_shared_public_ids = data.aws_subnets.shared-public.ids
+  vpc_shared_id             = data.aws_vpc.shared.id
+  external_acm_cert_arn     = aws_acm_certificate.external.arn
 }

terraform/environments/tribunals/modules/nginx_ec2_pair/main.tf

@@ -23,7 +23,7 @@ variable "environment" {
 
 data "aws_ami" "latest_linux" {
   most_recent = true
-  owners = ["amazon"]
+  owners      = ["amazon"]
   filter {
     name   = "name"
     values = ["amzn2-ami-hvm-*-x86_64-gp2"]
@@ -43,7 +43,7 @@ resource "aws_instance" "nginx" {
   }
   vpc_security_group_ids = [aws_security_group.allow_ssm.id]
   iam_instance_profile   = aws_iam_instance_profile.nginx_profile.name
-    user_data = <<-EOF
+  user_data              = <<-EOF
               #!/bin/bash
 
               echo "installing Nginx"
@@ -73,9 +73,9 @@ resource "aws_security_group" "allow_ssm" {
   vpc_id      = var.vpc_shared_id
 
   ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
     security_groups = [
       var.nginx_lb_sg_id
     ]
@@ -100,15 +100,15 @@ resource "aws_s3_object" "sites_available" {
   key    = "sites-available/${each.value}"
   source = "${path.module}/sites-available/${each.value}"
   # Use md5 to detect changes in the sites-available folder
-  etag   = filemd5("${path.module}/sites-available/${each.value}")
+  etag = filemd5("${path.module}/sites-available/${each.value}")
 }
 
 resource "aws_s3_object" "nginx_conf" {
   bucket = aws_s3_bucket.nginx_config.id
   key    = "nginx.conf"
   source = "${path.module}/nginx-conf/nginx.conf"
   # Use md5 to detect changes in the nginx.conf file
-  etag   = filemd5("${path.module}/nginx-conf/nginx.conf")
+  etag = filemd5("${path.module}/nginx-conf/nginx.conf")
 }
 
 resource "aws_iam_role_policy_attachment" "s3_policy_attachment" {

terraform/environments/tribunals/modules/nginx_load_balancer/main.tf

@@ -44,7 +44,7 @@ variable "external_acm_cert_arn" {
 }
 
 resource "aws_lb_target_group_attachment" "nginx_lb_tg_attachment" {
-  for_each         = var.nginx_instance_ids
+  for_each = var.nginx_instance_ids
 
   target_group_arn = aws_lb_target_group.nginx_lb_tg.arn
   target_id        = each.value

terraform/modules/fargate_graceful_retirement/README.md

@@ -20,7 +20,7 @@ and then uses the wait state to wait until that time before calling another lamb
 reccomended steps to gracefully replace the tasks.
 
 This is functionally equivalent to the manual steps outlined in the AWS documentation here:
-https://docs.aws.amazon.com/AmazonECS/latest/developerguide/prepare-task-retirement.html#prepare-task-retirement-change-time
+<https://docs.aws.amazon.com/AmazonECS/latest/developerguide/prepare-task-retirement.html#prepare-task-retirement-change-time>
 
 ## Usage
 

terraform/modules/fargate_graceful_retirement/required_providers.tf

@@ -1,8 +1,8 @@
 terraform {
   required_providers {
     aws = {
-      source                = "hashicorp/aws"
-      version               = "~> 5.0"
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
     }
   }
   required_version = "~> 1.5"