diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..098e8f2 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,18 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Default settings +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +# Do not trim trailing whitespace on Markdown files as double space can be used +# for a newline +[*.md] +trim_trailing_whitespace = false diff --git a/.github/workflows/commit-lint.yaml b/.github/workflows/commit-lint.yaml index 934c763..1aee98e 100644 --- a/.github/workflows/commit-lint.yaml +++ b/.github/workflows/commit-lint.yaml @@ -2,6 +2,7 @@ name: Conventional commits on: pull_request: + workflow_call: jobs: commit-lint: @@ -10,12 +11,7 @@ jobs: pull-requests: read contents: read steps: - - name: Checkout repository for local testing - if: github.actor == 'nektos/act' - uses: actions/checkout@v3 - - name: Checkout repository - if: github.actor != 'nektos/act' uses: actions/checkout@v3 with: fetch-depth: 0 diff --git a/.github/workflows/lint-and-test.yaml b/.github/workflows/lint-and-test.yaml new file mode 100644 index 0000000..2532e09 --- /dev/null +++ b/.github/workflows/lint-and-test.yaml @@ -0,0 +1,26 @@ +name: Lint and test +on: + workflow_call: + +jobs: + lint-and-test: + runs-on: ubuntu-latest + permissions: + contents: read + checks: write + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.3 + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Initialise Terraform + working-directory: ./terraform + run: terraform init + + - name: Lint with trunk + uses: trunk-io/trunk-action@v1.0.4 diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml index 7967b7a..4bcb6d8 100644 --- a/.github/workflows/pr-title.yaml +++ b/.github/workflows/pr-title.yaml @@ -1,4 +1,4 @@ -name: Semantic PR title +name: Validate PR title on: pull_request_target: @@ -6,9 +6,10 @@ on: - opened - edited - synchronize + workflow_call: jobs: - semantic-pr-title: + conventional-pr-title: permissions: pull-requests: read runs-on: ubuntu-latest diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml index 10f77fc..ab13af5 100644 --- a/.github/workflows/semantic-release.yaml +++ b/.github/workflows/semantic-release.yaml @@ -2,6 +2,7 @@ name: Semantic Release on: workflow_dispatch: + workflow_call: push: branches: - main @@ -9,7 +10,7 @@ on: - "**/*.tftpl" - "**/*.tf" - "**/*.tfvars" - - ".github/workflows/semantic-release.yaml" + - ".github/workflows/*.yaml" jobs: semantic-release: @@ -23,7 +24,7 @@ jobs: - name: Get GitHub authentication token if: ${{ ! env.ACT }} id: get_workflow_token - uses: peter-murray/workflow-application-token-action@v1 + uses: peter-murray/workflow-application-token-action@v2 with: application_id: ${{ secrets.APPLICATION_ID }} application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} diff --git a/.github/workflows/tfsec-pr.yaml b/.github/workflows/tfsec-pr.yaml index e3b67f8..b7364e3 100644 --- a/.github/workflows/tfsec-pr.yaml +++ b/.github/workflows/tfsec-pr.yaml @@ -1,11 +1,7 @@ name: tfsec Code Analysis on: - pull_request: - paths: - - "**/*.tf" - - "**/*.tfvars" - - ".github/workflows/tfsec-pr.yaml" + workflow_call: jobs: tfsec-pr-commenter: @@ -26,5 +22,5 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} working_directory: terraform #* Add tfsec_args - usually the path to tfvars files - tfsec_args: #>- - #--tfvars-file= + #tfsec_args:#>- + #--tfvars-file= diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 684485c..3f93e15 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,20 +7,18 @@ repos: - id: check-yaml - id: check-json - id: check-case-conflict + - id: check-merge-conflict - id: end-of-file-fixer - exclude_types: - - "gif" - - id: trailing-whitespace # gitleaks detects hard coded secrets - repo: https://github.com/zricethezav/gitleaks - rev: v8.8.12 + rev: v8.13.0 hooks: - id: gitleaks # actionlint is a static checker for GitHub Actions workflow files - repo: https://github.com/rhysd/actionlint - rev: v1.6.15 + rev: v1.6.19 hooks: - id: actionlint @@ -29,7 +27,7 @@ repos: # Module documentation is also generated with terraform-docs # tfsec performs static code analysis - repo: https://github.com/antonbabenko/pre-commit-terraform.git - rev: v1.74.1 + rev: v1.75.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/.releaserc.json b/.releaserc.json index c7cfe6f..47bda2a 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -5,9 +5,10 @@ "@semantic-release/commit-analyzer", { "preset": "conventionalcommits", - "releaseRules": [{ "type": "refactor", "release": "minor" }, - { "type": "chore", "scope": "deps", "release": "patch" } - ] + "releaseRules": [ + { "type": "refactor", "release": "minor" }, + { "type": "chore", "scope": "deps", "release": "patch" } + ] } ], [ @@ -24,7 +25,7 @@ "scope": "deps", "section": "Chores", "hidden": false - } + } ] } } diff --git a/.trunk/.gitignore b/.trunk/.gitignore new file mode 100644 index 0000000..cf2f254 --- /dev/null +++ b/.trunk/.gitignore @@ -0,0 +1,7 @@ +*out +*logs +*actions +*notifications +plugins +user_trunk.yaml +user.yaml diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml new file mode 100644 index 0000000..fe29fc1 --- /dev/null +++ b/.trunk/trunk.yaml @@ -0,0 +1,35 @@ +version: 0.1 +actions: + disabled: + - trunk-announce + - trunk-check-pre-push + - trunk-fmt-pre-commit + enabled: + - trunk-cache-prune + - trunk-upgrade-available +runtimes: + enabled: + - go@1.18.3 + - node@16.14.2 +lint: + enabled: + - actionlint@1.6.20 + - git-diff-check + - gitleaks@8.13.0 + - markdownlint@0.32.2 + - prettier@2.7.1 + - tflint@0.41.0 + + ignore: + #* Prevent checking CHANGELOG.md files generated by semantic-release + - linters: [prettier, markdownlint] + paths: + - CHANGELOG.md + +cli: + version: 0.18.1-beta +plugins: + sources: + - id: trunk + ref: v0.0.4 + uri: https://github.com/trunk-io/plugins diff --git a/README.md b/README.md index 0963542..f69cb0e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Terraform template repository +# 3ware reusable workflows -This repository is intended to be used as a template for the creation of other terraform repositories. +This repository contain GitHub action workflows that can be reused in other repositories. [![semantic-release: conventionalcommits](https://img.shields.io/badge/semantic--release-conventionalcommits-blue?logo=semantic-release)](https://github.com/semantic-release/semantic-release) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-yellow?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit) diff --git a/commitlint.config.js b/commitlint.config.js index d4bb809..9b925da 100644 --- a/commitlint.config.js +++ b/commitlint.config.js @@ -31,7 +31,10 @@ module.exports = { ], }, /* - * Ignore dependabot commit messages. They are usually too long + * Ignore dependabot and release commit messages. They are usually too long */ - ignores: [(message) => message.includes("chore(deps):")], + ignores: [ + (message) => message.startsWith("chore(deps):"), + (message) => message.startsWith("chore(release):"), + ], }; diff --git a/terraform/README.md b/terraform/README.md deleted file mode 100644 index 217bd0c..0000000 --- a/terraform/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Insert title here - -Add a description - - - - \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index e69de29..0000000 diff --git a/terraform/outputs.tf b/terraform/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/terraform/variables.tf b/terraform/variables.tf deleted file mode 100644 index e69de29..0000000