Merge pull request #18 from nosportugal/d-costa/update

Merge remote-tracking branch 'upstream/main'
nosportugal · Jul 16, 2024 · ab3def7 · ab3def7
2 parents e4b1f50 + be29b57
commit ab3def7
Show file tree

Hide file tree

Showing 25 changed files with 234 additions and 129 deletions.
diff --git a/.github/labeler.yaml b/.github/labeler.yaml
@@ -0,0 +1,20 @@
+github-actions:
+  - changed-files:
+      - any-glob-to-any-file:
+        - '.github/**'
+
+documentation:
+  - changed-files:
+      - any-glob-to-any-file:
+        - 'README.md'
+        - '**/*.md'
+
+legal:
+  - changed-files:
+      - any-glob-to-any-file:
+        - 'LICENSE'
+
+examples:
+  - changed-files:
+      - any-glob-to-any-file:
+        - 'example/**'
diff --git a/.github/stale.yaml b/.github/stale.yaml
@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 30
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 14
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,68 @@
+name: ci
+on:
+  - pull_request
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+      # Setup dependencies
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      # Run a couple of native Terraform checks
+      - uses: hashicorp/setup-terraform@v3
+      - run: terraform init
+      - run: terraform fmt -recursive -check
+      - run: terraform validate
+
+      # Checkov
+      - uses: bridgecrewio/checkov-action@v12
+        with:
+          directory: .
+          quiet: true
+          skip_check: CKV_TF_1,CKV_GCP_32,CKV_GCP_34,CKV2_GCP_18,CKV_TF_2
+          framework: terraform
+
+      # Terraform-docs
+      - uses: terraform-docs/[email protected]
+        id: terraform-docs
+        with:
+          working-dir: .
+          output-file: README.md
+          output-method: inject
+          fail-on-diff: true
+          args: --lockfile=false
+          git-push: 'false'
+
+      # Push Terraform-docs changes
+      - uses: planetscale/[email protected]
+        # Run this step even if previous steps fails (there are changes to commit)
+        # but skip when on forks
+        if: ${{ !cancelled() && github.repository_owner == 'runatlantis' }}
+        with:
+          commit_message: "terraform-docs: automated action"
+          repo: ${{ github.repository }}
+          branch: ${{ github.head_ref || github.ref_name }}
+          file_pattern: 'README.md'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Print instructions to run terraform-docs locally if changes are needed and workflow is running on fork
+      - if: ${{ !cancelled() && github.repository_owner != 'runatlantis' && steps.terraform-docs.outputs.num_changed > 0 }}
+        run: |
+          echo '### Please run terraform-docs locally and commit the changes:' >> $GITHUB_STEP_SUMMARY
+          echo '' >> $GITHUB_STEP_SUMMARY
+          echo '```sh' >> $GITHUB_STEP_SUMMARY
+          echo 'docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs:0.17.0 markdown --output-file README.md --output-mode inject /terraform-docs' >> $GITHUB_STEP_SUMMARY
+          echo 'git add README.md' >> $GITHUB_STEP_SUMMARY
+          echo 'git commit --amend --no-edit' >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          echo '' >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
diff --git a/.github/workflows/triage-ci.yaml b/.github/workflows/triage-ci.yaml
@@ -0,0 +1,14 @@
+name: "Triage PRs"
+on:
+- pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5
+      with:
+        configuration-path: .github/labeler.yaml
diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml
@@ -0,0 +1,18 @@
+name: Label issues
+on:
+  issues:
+    types:
+      - reopened
+      - opened
+jobs:
+  label_issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - run: gh issue edit "$NUMBER" --add-label "$LABELS"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+          NUMBER: ${{ github.event.issue.number }}
+          LABELS: needs-triage
diff --git a/.gitignore b/.gitignore
@@ -30,3 +30,8 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+# Checkov files
+checkov-problem-matcher-softfail.json
+checkov-problem-matcher.json
+results.sarif
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1 @@
+* @runatlantis/terraform-contributors