-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit b4d950c
Showing
9 changed files
with
230 additions
and
0 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# This is a comment. | ||
# Each line is a file pattern followed by one or more owners. | ||
|
||
# These owners will be the default owners for everything in | ||
# the repo. Unless a later match takes precedence, | ||
# @global-owner1 and @global-owner2 will be requested for | ||
# review when someone opens a pull request. | ||
#* @SPHTech/devops | ||
|
||
# Order is important; the last matching pattern takes the most | ||
# precedence. When someone opens a pull request that only | ||
# modifies JS files, only @js-owner and not the global | ||
# owner(s) will be requested for a review. | ||
#*.js @js-owner | ||
|
||
# You can also use email addresses if you prefer. They'll be | ||
# used to look up users just like we do for commit author | ||
# emails. | ||
#*.go [email protected] | ||
|
||
# In this example, @doctocat owns any files in the build/logs | ||
# directory at the root of the repository and any of its | ||
# subdirectories. | ||
#/build/logs/ @doctocat | ||
|
||
# The `docs/*` pattern will match files like | ||
# `docs/getting-started.md` but not further nested files like | ||
# `docs/build-app/troubleshooting.md`. | ||
#docs/* [email protected] | ||
|
||
# In this example, @octocat owns any file in an apps directory | ||
# anywhere in your repository. | ||
#apps/ @octocat | ||
|
||
# In this example, @doctocat owns any file in the `/docs` | ||
# directory in the root of your repository. | ||
#/docs/ @doctocat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
name: terraform-ci | ||
on: | ||
pull_request: | ||
permissions: | ||
actions: read | ||
checks: read | ||
contents: read | ||
pull-requests: write | ||
security-events: write | ||
jobs: | ||
ci: | ||
uses: SPHTech-Platform/reusable-workflows/.github/workflows/terraform.yaml@v2 | ||
with: | ||
upload_sarif: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
name: Pre-commit auto-update | ||
|
||
on: | ||
# every sunday at midnight | ||
schedule: | ||
- cron: "0 0 * * 0" | ||
# on demand | ||
workflow_dispatch: | ||
|
||
permissions: | ||
actions: read | ||
checks: read | ||
contents: write #require this to write to repo | ||
pull-requests: write #require this to create PR | ||
|
||
jobs: | ||
auto-update: | ||
runs-on: | ||
- self-hosted | ||
- platform-eng-ent | ||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- uses: actions/setup-python@v2 | ||
|
||
- name: Install pre-commit and run autoupdate | ||
run: | | ||
pip install pre-commit | ||
pre-commit autoupdate | ||
- uses: peter-evans/create-pull-request@v3 | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
branch: update/pre-commit-hooks | ||
title: Update pre-commit hooks | ||
commit-message: "chore: update pre-commit hooks" | ||
body: Update versions of pre-commit hooks to latest version. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
### Terraform ### | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# Terraform lockfile | ||
.terraform.lock.hcl | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
*.tfplan | ||
|
||
# Crash log files | ||
crash.log | ||
crash.*.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
# | ||
*.tfvars | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Include override files you do wish to add to version control using negated pattern | ||
# !example_override.tf | ||
|
||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
example: *tfplan* | ||
|
||
# Ignore CLI configuration files | ||
.terraformrc | ||
terraform.rc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
repos: | ||
- repo: https://github.com/gruntwork-io/pre-commit | ||
rev: v0.1.22 | ||
hooks: | ||
- id: shellcheck | ||
|
||
- repo: https://github.com/tcort/markdown-link-check | ||
rev: v3.11.2 | ||
hooks: | ||
- id: markdown-link-check | ||
args: | ||
- "--config=mlc_config.json" | ||
|
||
- repo: https://github.com/antonbabenko/pre-commit-terraform | ||
rev: v1.81.2 | ||
hooks: | ||
- id: terraform_fmt | ||
- id: terraform_providers_lock | ||
args: | ||
- --args=-platform=linux_amd64 | ||
- id: terraform_validate | ||
- id: terraform_tflint | ||
args: | ||
- --args=--module | ||
- --args=--config=__GIT_WORKING_DIR__/.tflint.hcl | ||
- id: terraform_docs | ||
args: | ||
- --hook-config=--path-to-file=README.md | ||
- --hook-config=--add-to-existing-file=true | ||
- --hook-config=--recursive=true | ||
- id: terraform_tfsec | ||
args: | ||
- --args=--exclude-downloaded-modules | ||
- id: terraform_checkov | ||
|
||
- repo: https://github.com/pre-commit/pre-commit-hooks | ||
rev: v4.4.0 | ||
hooks: | ||
# Git style | ||
- id: check-added-large-files | ||
- id: check-merge-conflict | ||
- id: check-merge-conflict | ||
- id: no-commit-to-branch | ||
|
||
# Common errors | ||
- id: end-of-file-fixer | ||
- id: trailing-whitespace | ||
- id: check-yaml | ||
|
||
# Security | ||
- id: detect-aws-credentials | ||
args: ['--allow-missing-credentials'] | ||
- id: detect-private-key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
plugin "aws" { | ||
enabled = true | ||
version = "0.24.3" | ||
source = "github.com/terraform-linters/tflint-ruleset-aws" | ||
} | ||
|
||
rule "terraform_deprecated_interpolation" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_documented_outputs" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_documented_variables" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_module_pinned_source" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_typed_variables" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_required_version" { | ||
enabled = false | ||
} | ||
|
||
rule "terraform_required_providers" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_standard_module_structure" { | ||
enabled = false | ||
} | ||
|
||
rule "terraform_unused_declarations" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_unused_required_providers" { | ||
enabled = true | ||
} | ||
|
||
rule "terraform_naming_convention" { | ||
enabled = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# Terraform Modules Template |
Empty file.
Empty file.