ci(repo): Improve GitHub Action workflows (#5)

* ci(lint): Exclude releases from commit message linting The body and footer contain links to issues and pull requests, so they are too long. * ci(lint): Add updated lint and test workflow * style(lint): Apply trunk formatting fixes * ci(release): Bump get token version to 2 * ci(lint): Upgrade trunk * ci(repo): Add workflow_call * ci(repo): Change job name
3ware · Oct 5, 2022 · 1e26a90 · 1e26a90
1 parent 39307c7
commit 1e26a90
Show file tree

Hide file tree

Showing 16 changed files with 112 additions and 37 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,18 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Default settings
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+# Do not trim trailing whitespace on Markdown files as double space can be used
+# for a newline
+[*.md]
+trim_trailing_whitespace = false
diff --git a/.github/workflows/commit-lint.yaml b/.github/workflows/commit-lint.yaml
@@ -2,6 +2,7 @@ name: Conventional commits
 
 on:
   pull_request:
+  workflow_call:
 
 jobs:
   commit-lint:
@@ -10,12 +11,7 @@ jobs:
       pull-requests: read
       contents: read
     steps:
-      - name: Checkout repository for local testing
-        if: github.actor == 'nektos/act'
-        uses: actions/checkout@v3
-
       - name: Checkout repository
-        if: github.actor != 'nektos/act'
         uses: actions/checkout@v3
         with:
           fetch-depth: 0

diff --git a/.github/workflows/lint-and-test.yaml b/.github/workflows/lint-and-test.yaml
@@ -0,0 +1,26 @@
+name: Lint and test
+on: 
+  workflow_call:
+
+jobs:
+  lint-and-test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      checks: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.3
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Initialise Terraform
+        working-directory: ./terraform
+        run: terraform init
+
+      - name: Lint with trunk
+        uses: trunk-io/[email protected]
diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml
@@ -1,14 +1,15 @@
-name: Semantic PR title
+name: Validate PR title
 
 on:
   pull_request_target:
     types:
       - opened
       - edited
       - synchronize
+  workflow_call:
 
 jobs:
-  semantic-pr-title:
+  conventional-pr-title:
     permissions:
       pull-requests: read
     runs-on: ubuntu-latest

diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml
@@ -2,14 +2,15 @@ name: Semantic Release
 
 on:
   workflow_dispatch:
+  workflow_call:
   push:
     branches:
       - main
     paths:
       - "**/*.tftpl"
       - "**/*.tf"
       - "**/*.tfvars"
-      - ".github/workflows/semantic-release.yaml"
+      - ".github/workflows/*.yaml"
 
 jobs:
   semantic-release:
@@ -23,7 +24,7 @@ jobs:
       - name: Get GitHub authentication token
         if: ${{ ! env.ACT }}
         id: get_workflow_token
-        uses: peter-murray/workflow-application-token-action@v1
+        uses: peter-murray/workflow-application-token-action@v2
         with:
           application_id: ${{ secrets.APPLICATION_ID }}
           application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}

diff --git a/.github/workflows/tfsec-pr.yaml b/.github/workflows/tfsec-pr.yaml
@@ -1,11 +1,7 @@
 name: tfsec Code Analysis
 
 on:
-  pull_request:
-    paths:
-      - "**/*.tf"
-      - "**/*.tfvars"
-      - ".github/workflows/tfsec-pr.yaml"
+  workflow_call:
 
 jobs:
   tfsec-pr-commenter:
@@ -26,5 +22,5 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           working_directory: terraform
           #* Add tfsec_args - usually the path to tfvars files
-          tfsec_args: #>-
-            #--tfvars-file=
+          #tfsec_args:#>-
+          #--tfvars-file=
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,20 +7,18 @@ repos:
       - id: check-yaml
       - id: check-json
       - id: check-case-conflict
+      - id: check-merge-conflict
       - id: end-of-file-fixer
-        exclude_types:
-          - "gif"
-      - id: trailing-whitespace
 
   # gitleaks detects hard coded secrets
   - repo: https://github.com/zricethezav/gitleaks
-    rev: v8.8.12
+    rev: v8.13.0
     hooks:
       - id: gitleaks
 
   # actionlint is a static checker for GitHub Actions workflow files
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.6.15
+    rev: v1.6.19
     hooks:
       - id: actionlint
 
@@ -29,7 +27,7 @@ repos:
   # Module documentation is also generated with terraform-docs
   # tfsec performs static code analysis
   - repo: https://github.com/antonbabenko/pre-commit-terraform.git
-    rev: v1.74.1
+    rev: v1.75.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/.releaserc.json b/.releaserc.json
@@ -5,9 +5,10 @@
       "@semantic-release/commit-analyzer",
       {
         "preset": "conventionalcommits",
-        "releaseRules": [{ "type": "refactor", "release": "minor" },
-        { "type": "chore", "scope": "deps", "release": "patch" }
-      ]
+        "releaseRules": [
+          { "type": "refactor", "release": "minor" },
+          { "type": "chore", "scope": "deps", "release": "patch" }
+        ]
       }
     ],
     [
@@ -24,7 +25,7 @@
               "scope": "deps",
               "section": "Chores",
               "hidden": false
-            } 
+            }
           ]
         }
       }

diff --git a/.trunk/.gitignore b/.trunk/.gitignore
@@ -0,0 +1,7 @@
+*out
+*logs
+*actions
+*notifications
+plugins
+user_trunk.yaml
+user.yaml
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -0,0 +1,35 @@
+version: 0.1
+actions:
+  disabled:
+    - trunk-announce
+    - trunk-check-pre-push
+    - trunk-fmt-pre-commit
+  enabled:
+    - trunk-cache-prune
+    - trunk-upgrade-available
+runtimes:
+  enabled:
+    - [email protected]
+    - [email protected]
+lint:
+  enabled:
+    - [email protected]
+    - git-diff-check
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+
+  ignore:
+    #* Prevent checking CHANGELOG.md files generated by semantic-release
+    - linters: [prettier, markdownlint]
+      paths:
+        - CHANGELOG.md
+
+cli:
+  version: 0.18.1-beta
+plugins:
+  sources:
+    - id: trunk
+      ref: v0.0.4
+      uri: https://github.com/trunk-io/plugins
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
-# Terraform template repository
+# 3ware reusable workflows
 
-This repository is intended to be used as a template for the creation of other terraform repositories.
+This repository contain GitHub action workflows that can be reused in other repositories.
 
 [![semantic-release: conventionalcommits](https://img.shields.io/badge/semantic--release-conventionalcommits-blue?logo=semantic-release)](https://github.com/semantic-release/semantic-release) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-yellow?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
diff --git a/commitlint.config.js b/commitlint.config.js
@@ -31,7 +31,10 @@ module.exports = {
     ],
   },
   /*
-   * Ignore dependabot commit messages. They are usually too long
+   * Ignore dependabot and release commit messages. They are usually too long
    */
-  ignores: [(message) => message.includes("chore(deps):")],
+  ignores: [
+    (message) => message.startsWith("chore(deps):"),
+    (message) => message.startsWith("chore(release):"),
+  ],
 };
diff --git a/terraform/README.md b/terraform/README.md
diff --git a/terraform/main.tf b/terraform/main.tf
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
diff --git a/terraform/variables.tf b/terraform/variables.tf