diff --git a/.github/.templatesyncignore b/.github/.templatesyncignore new file mode 100644 index 0000000..775d81f --- /dev/null +++ b/.github/.templatesyncignore @@ -0,0 +1,9 @@ +README.md +.github/workflows/* +.terraform-docs.yml +docs/20-badges.md +docs/assets/logo.svg +*.tf +test/* +go.mod +go.sum diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..33587ce --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,32 @@ +--- +############################## +## Dependabot configuration ## +############################## + +# +# Documentation: +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates +# + +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 0 + + # Maintain dependencies for Terraform Providers + - package-ecosystem: "terraform" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 0 + + # Maintain dependencies for Golang + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 0 diff --git a/.github/labels.yaml b/.github/labels.yaml deleted file mode 100644 index bc0cd30..0000000 --- a/.github/labels.yaml +++ /dev/null @@ -1,34 +0,0 @@ -- name: 'bump:major' - color: ef6bb4 - description: 'Attach to PR to automatically bump major version on merge' - aliases: [ ] - -- name: 'bump:minor' - color: ef6bb4 - description: 'Attach to PR to automatically bump minor version on merge' - aliases: [ ] - -- name: 'bump:patch' - color: ef6bb4 - description: 'Attach to PR to automatically bump patch version on merge' - aliases: [ ] - -- name: 'automation' - color: 3ddd1b - description: 'Removing manual tasks by automating them' - aliases: [ ] - -- name: 'bug' - color: d73a4a - description: 'Something is not working' - aliases: [ ] - -- name: 'documentation' - color: 0075ca - description: 'Improvements or additions to documentation' - aliases: [ ] - -- name: 'enhancement' - color: a2eeef - description: 'New feature or request' - aliases: [ ] diff --git a/.github/pull_request-template.md b/.github/pull_request-template.md index 60761ad..3e2e50d 100644 --- a/.github/pull_request-template.md +++ b/.github/pull_request-template.md @@ -5,10 +5,6 @@ ... -## How this PR fixes it - -... - ## Readiness Checklist ### Author/Contributor diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9f31c92..a66b5c7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,7 +1,7 @@ --- -#################################### -## Draft releases on Push to main ## -#################################### +##################### +## Create releases ## +##################### # # Documentation: @@ -13,9 +13,8 @@ on: push: branches: [ main ] tags: [ 'v*.*.*' ] - -permissions: - contents: write + pull_request: + types: [ labeled ] ################# # Start the job # @@ -26,6 +25,7 @@ jobs: ############### create-release: name: Create Release + if: github.event.action != 'labeled' runs-on: ubuntu-latest timeout-minutes: 10 steps: @@ -75,3 +75,22 @@ jobs: tag_name: ${{ steps.tag.outputs.value }} draft: false prerelease: false + + ########################### + # Release preview comment # + ########################### + release-check: + if: github.event.action == 'labeled' + runs-on: ubuntu-latest + steps: + ############################ + # Checkout the source code # + ############################ + - name: Checkout Code + uses: actions/checkout@v3.1.0 + + ####################### + # Post status comment # + ####################### + - name: Post bumpr status comment + uses: haya14busa/action-bumpr@v1 diff --git a/.github/workflows/sync-templates.yaml b/.github/workflows/sync-templates.yaml index 30bdab5..dfa10ab 100644 --- a/.github/workflows/sync-templates.yaml +++ b/.github/workflows/sync-templates.yaml @@ -10,7 +10,9 @@ name: Sync templates on: - workflow_dispatch: + workflow_dispatch: # Trigger manually + schedule: + - cron: "0 0 1 * *" # Run at 00:00 on the first day of every month ########################## # Prevent duplicate jobs # @@ -36,7 +38,7 @@ jobs: - name: Sync labels uses: EndBug/label-sync@v2.3.1 with: - config-file: https://raw.githubusercontent.com/geekcell/template-terraform-module/main/.github/labels.yaml + config-file: https://gist.githubusercontent.com/Ic3w0lf/f5520c5f19d7098966f692c120f7a197/raw/75b134f76fbc55e2e64bd66f04e571d6d74b815e/terraform-aws-module-labels.yaml ####################### # Sync template files # @@ -50,33 +52,12 @@ jobs: ############################ - name: Checkout Code uses: actions/checkout@v3.1.0 - with: - token: ${{ secrets.GEEKCELL_PAT_WORKFLOWS }} - - ######################## - # Patch template files # - ######################## - - name: Force patching of template files - run: | - yes y | make setup/update-template - - #################### - # Update README.md # - #################### - - name: Terraform docs - uses: terraform-docs/gh-actions@v1.0.0 - with: - config-file: .terraform-docs.yml - git-push: false - ############# - # Create PR # - ############# - - name: Create PR - uses: peter-evans/create-pull-request@v4.2.0 + ####################### + # Sync template files # + ####################### + - name: actions-template-sync + uses: AndreasAugustin/actions-template-sync@v0.7.3 with: - token: ${{ secrets.GEEKCELL_PAT_WORKFLOWS }} - title: Updated template files - commit-message: Update template files from main repo - branch: update-template-files - delete-branch: true + github_token: ${{ secrets.GITHUB_TOKEN }} + source_repo_path: geekcell/terraform-aws-module-template diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ed82047..2052ee1 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,27 +1,41 @@ -name: Test +--- +############### +## Run tests ## +############### + +# +# Documentation: +# https://help.github.com/en/articles/workflow-syntax-for-github-actions +# +name: Test on: pull_request: - workflow_dispatch: push: branches: [ main ] +########################## +# Prevent duplicate jobs # +########################## +concurrency: + group: ${{ github.repository }} + cancel-in-progress: false + permissions: id-token: write contents: read -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: false - +############### +# Run the job # +############### jobs: - test: - name: Terraform Tests + terratest: + name: Terratest runs-on: ubuntu-latest - env: - AWS_REGION: ${{ vars.AWS_TESTING_REGION }} - AWS_TESTING_ACCOUNT_ID: ${{ vars.AWS_TESTING_ACCOUNT_ID }} steps: + ############################ + # Checkout the source code # + ############################ - name: Checkout uses: actions/checkout@v3 @@ -35,11 +49,18 @@ jobs: aws-region: ${{ vars.AWS_TESTING_REGION }} mask-aws-account-id: false + ################ + # Setup Golang # + ################ - name: Set up Go uses: actions/setup-go@v4 with: go-version-file: 'go.mod' + ############# + # Run tests # + ############# - name: Run Tests + timeout-minutes: 30 working-directory: test - run: go test -v -timeout 30m + run: go test -v diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e7c9291..d96a421 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,16 +1,18 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.76.0 + rev: v1.80.0 hooks: - id: terraform_docs - id: terraform_fmt - id: terraform_validate + args: + - --hook-config=--retry-once-with-cleanup=true exclude: '^[^/]+$' - id: terraform_tflint exclude: ^examples/ - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 + rev: v4.4.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer diff --git a/.terraform-docs.yml b/.terraform-docs.yml index e0f8f72..bc4eef7 100644 --- a/.terraform-docs.yml +++ b/.terraform-docs.yml @@ -1,10 +1,14 @@ formatter: "md table" header-from: main.tf +recursive: + # Enable this if your module has submodules + enabled: false + content: |- - {{ include "docs/logo.md" }} + {{ include "docs/10-header.md" }} - {{ include "docs/badges.md" }} + {{ include "docs/20-badges.md" }} {{ .Header }} @@ -24,7 +28,8 @@ content: |- ```hcl {{ include "examples/statements/main.tf" }} ``` - ### Templates + + ### Templates ```hcl {{ include "examples/templates/main.tf" }} ``` diff --git a/README.md b/README.md index 11ff96f..85083e5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/template-terraform-module/main/docs/assets/logo.svg)](https://www.geekcell.io/) +[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/) ### Code Quality [![License](https://img.shields.io/github/license/geekcell/terraform-aws-iam-policy)](https://github.com/geekcell/terraform-aws-iam-policy/blob/master/LICENSE) @@ -7,6 +7,7 @@ [![Release](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/release.yaml) [![Validate](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/validate.yaml) [![Lint](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/linter.yaml) +[![Test](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/test.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/test.yaml) ### Security [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-iam-policy/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=INFRASTRUCTURE+SECURITY) @@ -112,6 +113,7 @@ module "s3_policy" { ] } ``` + ### Templates ```hcl module "codedeploy_policy" { diff --git a/docs/10-header.md b/docs/10-header.md new file mode 100644 index 0000000..3843bbf --- /dev/null +++ b/docs/10-header.md @@ -0,0 +1 @@ +[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/) diff --git a/docs/badges.md b/docs/20-badges.md similarity index 96% rename from docs/badges.md rename to docs/20-badges.md index 67dec99..d5664f9 100644 --- a/docs/badges.md +++ b/docs/20-badges.md @@ -4,6 +4,7 @@ [![Release](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/release.yaml) [![Validate](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/validate.yaml) [![Lint](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/linter.yaml) +[![Test](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/test.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/test.yaml) ### Security [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-iam-policy/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=INFRASTRUCTURE+SECURITY) diff --git a/docs/logo.md b/docs/logo.md deleted file mode 100644 index 50e69d6..0000000 --- a/docs/logo.md +++ /dev/null @@ -1 +0,0 @@ -[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/template-terraform-module/main/docs/assets/logo.svg)](https://www.geekcell.io/)