From b088a616d5daf76e6ceeaa30f750c31dcd8f57fa Mon Sep 17 00:00:00 2001
From: Wouterdamman <58424695+TheIronRock95@users.noreply.github.com>
Date: Tue, 20 Aug 2024 22:00:31 +0200
Subject: [PATCH] chore: update pipelines (#14)

* chore: update pipelines

* terraform-docs: automated action

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 .github/workflows/code-testing.yml  | 42 +++++++----------------------
 .github/workflows/genarate-docs.yml | 14 +++++++++-
 .github/workflows/release.yml       |  6 +++++
 README.md                           |  2 +-
 4 files changed, 29 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/code-testing.yml b/.github/workflows/code-testing.yml
index 4af7dc7..cc5170c 100644
--- a/.github/workflows/code-testing.yml
+++ b/.github/workflows/code-testing.yml
@@ -6,6 +6,7 @@ on:
     - "main"
   pull_request:
 
+# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
 permissions:
   contents: read
 
@@ -25,8 +26,6 @@ jobs:
     # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v3
-      # with:
-      #   cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
     # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
     - name: Terraform Init
@@ -36,37 +35,14 @@ jobs:
     - name: Terraform Format
       run: terraform fmt -check
 
-    # Generates an execution plan for Terraform
-    # - name: Terraform Plan
-    #   run: terraform plan -input=false
-    
-    #   On push to "main", build or change infrastructure according to Terraform configuration files
-    #   Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
-    # - name: Terraform Apply
-    #   if: github.ref == 'refs/heads/"main"' && github.event_name == 'push'
-    #   run: terraform apply -auto-approve -input=false
-
-  checkov:
-    name: 'Checkov'
+  tfsec:
+    name: tfsec
     runs-on: ubuntu-latest
 
-    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
-    defaults:
-      run:
-        shell: bash
-
     steps:
-    # Checkout the repository to the GitHub Actions runner
-    - name: Checkout
-      uses: actions/checkout@v4
-      
-    - name: Run Checkov action
-      id: checkov
-      uses: bridgecrewio/checkov-action@master
-      with:
-        quiet: true 
-        framework: terraform 
-        output_format: sarif
-        download_external_modules: true 
-        log_level: WARNING
-        container_user: 1000
\ No newline at end of file
+      - name: Clone repo
+        uses: actions/checkout@master
+      - name: tfsec
+        uses: aquasecurity/tfsec-action@v1.0.0
+        with:
+          soft_fail: false
\ No newline at end of file
diff --git a/.github/workflows/genarate-docs.yml b/.github/workflows/genarate-docs.yml
index d7601bd..e250beb 100644
--- a/.github/workflows/genarate-docs.yml
+++ b/.github/workflows/genarate-docs.yml
@@ -5,17 +5,29 @@ on:
     branches-ignore:
       - main
 
+# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+permissions:
+  contents: write
+
 jobs:
   build:
     name: Documentations
     runs-on: ubuntu-latest
+
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
     steps:
+      
       - name: Checkout
         uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Git user
+        run: |
+          git config --global user.name 'GitHub Actions'
+          git config --global user.email 'actions@github.com'
 
       - name: Regenerate README.md
         uses: terraform-docs/gh-actions@main
@@ -23,4 +35,4 @@ jobs:
           working-dir: .
           output-file: README.md
           config-file: .terraform-docs.yml
-          git-push: true
\ No newline at end of file
+          git-push: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index df1c41c..8b85137 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,8 +1,14 @@
 name: 'Create release'
+
 on:
   push:
     branches:
       - main
+
+permissions:
+  contents: write
+  actions: write
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/README.md b/README.md
index f46ef93..bbec31e 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ No modules.
 |------|-------------|------|:--------:|
 | azure\_location | The Azure Region where the Resource Group should exist. Changing this forces a new Resource Group to be created. | `string` | yes |
 | resource\_group\_name | The Name which should be used for this Resource Group. Changing this forces a new Resource Group to be created. | `string` | yes |
-| resource\_group\_tags | A mapping of tags which should be assigned to the Resource Group. | `map(any)` | no |
+| resource\_group\_tags | A mapping of tags which should be assigned to the Resource Group. | `map(any)` | no |  
 
 ## Outputs