bump modules to be supported by tf 0.13+

grupoboticario · May 15, 2024 · f7a3146 · f7a3146
1 parent af2f557
commit f7a3146
Show file tree

Hide file tree

Showing 37 changed files with 135 additions and 125 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @grupoboticario/sq-devops-dea-ped
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+version: 2
+
+registries:
+ github-grupoboticario:
+ type: git
+ url: https://github.com
+ username: x-access-token
+ password: ${{ secrets.GB_TERRAFORM_API_TOKEN }}
+
+updates:
+ - package-ecosystem: github-actions
+ directory: /
+ open-pull-requests-limit: 10
+ schedule:
+ interval: weekly
+
+updates:
diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml
@@ -0,0 +1,22 @@
+name: Update Dependabot Config File
+
+on:
+ - pull_request
+
+permissions:
+ contents: write
+ pull-requests: read
+ deployments: write
+
+jobs:
+ updateDependabotCfgFile:
+ runs-on: [self-hosted, core-shr]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ github.event.pull_request.head.ref }}
+ - name: Update Dependabot Config File
+ uses: grupoboticario/actions-tf-dependabot@v1
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/devsecops.yml b/.github/workflows/devsecops.yml
@@ -0,0 +1,13 @@
+run-name: DevSecOps
+name: DevSecOps
+on:
+ workflow_dispatch:
+ push:
+ branches:
+ - main
+ pull_request:
+ types: [opened, synchronize, reopened]
+
+jobs:
+ devsecops:
+ uses: grupoboticario/actions-devsecops-workflows/.github/workflows/devsecops.yml@v0
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -1,78 +1,16 @@
-name: Pre-Commit
+name: pre-commit
 
 on:
  pull_request:
- branches:
- - main
- - master
-
-env:
- TERRAFORM_DOCS_VERSION: v0.16.0
+ branches: [main]
+ push:
+ branches: [main]
 
 jobs:
- collectInputs:
- name: Collect workflow inputs
- runs-on: ubuntu-latest
- outputs:
- directories: ${{ steps.dirs.outputs.directories }}
+ pre-commit:
+ runs-on: [self-hosted, core-shr]
  steps:
  - name: Checkout
- uses: actions/checkout@v2
-
- - name: Get root directories
- id: dirs
- uses: clowdhaus/terraform-composite-actions/[email protected]
-
- preCommitMinVersions:
- name: Min TF pre-commit
- needs: collectInputs
- runs-on: ubuntu-latest
- strategy:
- matrix:
- directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
- steps:
- - name: Checkout
- uses: actions/checkout@v2
-
- - name: Terraform min/max versions
- id: minMax
- uses: clowdhaus/[email protected]
- with:
- directory: ${{ matrix.directory }}
-
- - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
- # Run only validate pre-commit check on min version supported
- if: ${{ matrix.directory != '.' }}
- uses: clowdhaus/terraform-composite-actions/[email protected]
- with:
- terraform-version: ${{ steps.minMax.outputs.minVersion }}
- args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
-
- - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
- # Run only validate pre-commit check on min version supported
- if: ${{ matrix.directory == '.' }}
- uses: clowdhaus/terraform-composite-actions/[email protected]
- with:
- terraform-version: ${{ steps.minMax.outputs.minVersion }}
- args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
-
- preCommitMaxVersion:
- name: Max TF pre-commit
- runs-on: ubuntu-latest
- needs: collectInputs
- steps:
- - name: Checkout
- uses: actions/checkout@v2
- with:
- ref: ${{ github.event.pull_request.head.ref }}
- repository: ${{github.event.pull_request.head.repo.full_name}}
-
- - name: Terraform min/max versions
- id: minMax
- uses: clowdhaus/[email protected]
-
- - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
- uses: clowdhaus/terraform-composite-actions/[email protected]
- with:
- terraform-version: ${{ steps.minMax.outputs.maxVersion }}
- terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+ uses: actions/checkout@v4
+ - name: pre-commit
+ uses: grupoboticario/actions-tf-pre-commit@v1
diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,4 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+.terraform.lock.hcl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,29 +1,32 @@
 repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.64.0
+ rev: v1.89.0
  hooks:
- - id: terraform_fmt
- - id: terraform_validate
- - id: terraform_docs
+ - id: terraform_checkov
  args:
- - '--args=--lockfile=false'
+ - --args=--skip-check CKV_AWS_23
+ - --args=--skip-check CKV_AWS_18
+ - --args=--skip-check CKV_AWS_109
+ - --args=--skip-check CKV_AWS_111
+ - --args=--skip-check CKV_AWS_144
+ - --args=--skip-check CKV_AWS_145
+ - --args=--skip-check CKV_AWS_149
+ - --args=--skip-check CKV_AWS_274
+ - --args=--skip-check CKV_AWS_356
+ - --args=--skip-check CKV2_AWS_5
+ - --args=--skip-check CKV2_AWS_57
+ - --args=--skip-check CKV2_AWS_61
+ - --args=--skip-check CKV2_AWS_62
+ - --args=--skip-check CKV2_AWS_65
+ - --args=--skip-check CKV_TF_1
+ - --args=--skip-check CKV2_GHA_1
+ - id: terraform_docs
+ - id: terraform_docs_without_aggregate_type_defaults
+ - id: terraform_fmt
  - id: terraform_tflint
- args:
- - '--args=--only=terraform_deprecated_interpolation'
- - '--args=--only=terraform_deprecated_index'
- - '--args=--only=terraform_unused_declarations'
- - '--args=--only=terraform_comment_syntax'
- - '--args=--only=terraform_documented_outputs'
- - '--args=--only=terraform_documented_variables'
- - '--args=--only=terraform_typed_variables'
- - '--args=--only=terraform_module_pinned_source'
- - '--args=--only=terraform_naming_convention'
- - '--args=--only=terraform_required_version'
- - '--args=--only=terraform_required_providers'
- - '--args=--only=terraform_standard_module_structure'
- - '--args=--only=terraform_workspace_remote'
- - repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.1.0
- hooks:
- - id: check-merge-conflict
- - id: end-of-file-fixer
+ - id: terraform_trivy
+ # - id: terraform_validate
+ # - id: terrascan
+ # args:
+ # - --args=--non-recursive
+ # - --args=--skip-rules="AC_AWS_0500"
diff --git a/README.md b/README.md
@@ -201,6 +201,7 @@ Users have the ability to:
 1. This module does not create RDS security group. Use [terraform-aws-security-group](https://github.com/terraform-aws-modules/terraform-aws-security-group) module for this.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/complete-mssql/README.md b/examples/complete-mssql/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/complete-mssql/versions.tf b/examples/complete-mssql/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/complete-mysql/README.md b/examples/complete-mysql/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/complete-mysql/versions.tf b/examples/complete-mysql/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/complete-oracle/README.md b/examples/complete-oracle/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/complete-oracle/versions.tf b/examples/complete-oracle/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/complete-postgres/README.md b/examples/complete-postgres/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/complete-postgres/versions.tf b/examples/complete-postgres/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/cross-region-replica-postgres/README.md b/examples/cross-region-replica-postgres/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/cross-region-replica-postgres/versions.tf b/examples/cross-region-replica-postgres/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/enhanced-monitoring/README.md b/examples/enhanced-monitoring/README.md
@@ -17,6 +17,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/enhanced-monitoring/versions.tf b/examples/enhanced-monitoring/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/groups/README.md b/examples/groups/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/groups/versions.tf b/examples/groups/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/replica-mysql/README.md b/examples/replica-mysql/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

diff --git a/examples/replica-mysql/versions.tf b/examples/replica-mysql/versions.tf
@@ -1,10 +1,10 @@
 terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4"
  }
  }
 }
diff --git a/examples/replica-postgres/README.md b/examples/replica-postgres/README.md
@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |