Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
niroz89 authored Dec 15, 2023
0 parents commit b4d950c
Show file tree
Hide file tree
Showing 9 changed files with 230 additions and 0 deletions.
37 changes: 37 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# This is a comment.
# Each line is a file pattern followed by one or more owners.

# These owners will be the default owners for everything in
# the repo. Unless a later match takes precedence,
# @global-owner1 and @global-owner2 will be requested for
# review when someone opens a pull request.
#* @SPHTech/devops

# Order is important; the last matching pattern takes the most
# precedence. When someone opens a pull request that only
# modifies JS files, only @js-owner and not the global
# owner(s) will be requested for a review.
#*.js @js-owner

# You can also use email addresses if you prefer. They'll be
# used to look up users just like we do for commit author
# emails.
#*.go [email protected]

# In this example, @doctocat owns any files in the build/logs
# directory at the root of the repository and any of its
# subdirectories.
#/build/logs/ @doctocat

# The `docs/*` pattern will match files like
# `docs/getting-started.md` but not further nested files like
# `docs/build-app/troubleshooting.md`.
#docs/* [email protected]

# In this example, @octocat owns any file in an apps directory
# anywhere in your repository.
#apps/ @octocat

# In this example, @doctocat owns any file in the `/docs`
# directory in the root of your repository.
#/docs/ @doctocat
14 changes: 14 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: terraform-ci
on:
pull_request:
permissions:
actions: read
checks: read
contents: read
pull-requests: write
security-events: write
jobs:
ci:
uses: SPHTech-Platform/reusable-workflows/.github/workflows/terraform.yaml@v2
with:
upload_sarif: false
37 changes: 37 additions & 0 deletions .github/workflows/precommit-autoupdate.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Pre-commit auto-update

on:
# every sunday at midnight
schedule:
- cron: "0 0 * * 0"
# on demand
workflow_dispatch:

permissions:
actions: read
checks: read
contents: write #require this to write to repo
pull-requests: write #require this to create PR

jobs:
auto-update:
runs-on:
- self-hosted
- platform-eng-ent
steps:
- uses: actions/checkout@v2

- uses: actions/setup-python@v2

- name: Install pre-commit and run autoupdate
run: |
pip install pre-commit
pre-commit autoupdate
- uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: update/pre-commit-hooks
title: Update pre-commit hooks
commit-message: "chore: update pre-commit hooks"
body: Update versions of pre-commit hooks to latest version.
39 changes: 39 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
### Terraform ###
# Local .terraform directories
**/.terraform/*

# Terraform lockfile
.terraform.lock.hcl

# .tfstate files
*.tfstate
*.tfstate.*
*.tfplan

# Crash log files
crash.log
crash.*.log

# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
#
*.tfvars

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
example: *tfplan*

# Ignore CLI configuration files
.terraformrc
terraform.rc
53 changes: 53 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
repos:
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.22
hooks:
- id: shellcheck

- repo: https://github.com/tcort/markdown-link-check
rev: v3.11.2
hooks:
- id: markdown-link-check
args:
- "--config=mlc_config.json"

- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.81.2
hooks:
- id: terraform_fmt
- id: terraform_providers_lock
args:
- --args=-platform=linux_amd64
- id: terraform_validate
- id: terraform_tflint
args:
- --args=--module
- --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
- id: terraform_docs
args:
- --hook-config=--path-to-file=README.md
- --hook-config=--add-to-existing-file=true
- --hook-config=--recursive=true
- id: terraform_tfsec
args:
- --args=--exclude-downloaded-modules
- id: terraform_checkov

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
# Git style
- id: check-added-large-files
- id: check-merge-conflict
- id: check-merge-conflict
- id: no-commit-to-branch

# Common errors
- id: end-of-file-fixer
- id: trailing-whitespace
- id: check-yaml

# Security
- id: detect-aws-credentials
args: ['--allow-missing-credentials']
- id: detect-private-key
49 changes: 49 additions & 0 deletions .tflint.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
plugin "aws" {
enabled = true
version = "0.24.3"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}

rule "terraform_deprecated_interpolation" {
enabled = true
}

rule "terraform_documented_outputs" {
enabled = true
}

rule "terraform_documented_variables" {
enabled = true
}

rule "terraform_module_pinned_source" {
enabled = true
}

rule "terraform_typed_variables" {
enabled = true
}

rule "terraform_required_version" {
enabled = false
}

rule "terraform_required_providers" {
enabled = true
}

rule "terraform_standard_module_structure" {
enabled = false
}

rule "terraform_unused_declarations" {
enabled = true
}

rule "terraform_unused_required_providers" {
enabled = true
}

rule "terraform_naming_convention" {
enabled = true
}
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Terraform Modules Template
Empty file added docs/.gitkeep
Empty file.
Empty file added modules/.gitkeep
Empty file.

0 comments on commit b4d950c

Please sign in to comment.