diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 00000000..2509343b --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,17 @@ +version: 2 + +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: feat + + - package-ecosystem: "terraform" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: feat diff --git a/.github/workflows/branch-name-check.yaml b/.github/workflows/branch-name-check.yaml new file mode 100644 index 00000000..396e83c2 --- /dev/null +++ b/.github/workflows/branch-name-check.yaml @@ -0,0 +1,14 @@ +name: 'Branch Naming Check' +on: pull_request + +jobs: + branch-naming-rules: + runs-on: ubuntu-latest + steps: + - uses: deepakputhraya/action-branch-name@master + with: + regex: 'DMVP-[0-9]*' # Regex the branch should match. This example enforces grouping + allowed_prefixes: 'DMVP-' # All branches should start with the given prefix + ignore: master,develop # Ignore exactly matching branch names from convention + min_length: 5 # Min length of the branch name + max_length: 30 # Max length of the branch name diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml index 8de2baf6..960e52f7 100644 --- a/.github/workflows/checkov.yaml +++ b/.github/workflows/checkov.yaml @@ -16,68 +16,11 @@ jobs: strategy: matrix: path: - - modules/api-gateway - - modules/alb-logs-to-s3-to-cloudwatch - - modules/api-gateway-account-settings - - modules/aws-alb-to-cloudwatch-lambda - - modules/aws-cloudfront-security-headers - - modules/aws-cloudwatch-prometheus-metrics - - modules/aws-iam-user - - modules/aws-load-balancer-controller - - modules/aws-multi-vpc-peering - - modules/aws-network - - modules/aws-rds-postgres - - modules/aws-vpc-peering - - modules/aws-vpn-vpnendpoint - - modules/budgets - - modules/cloudfront-ssl-hsts - - modules/cloudfront-to-s3-to-cloudwatch - - modules/cloudfront - - modules/cloudtrail-s3-to-cloudwatch - - modules/cloudtrail - - modules/cloudwatch-alarm-notify - - modules/cloudwatch-cross-account-share - - modules/cloudwatch-log-metric - - modules/cloudwatch-metrics - - modules/cloudwatch - - modules/cognito-identitiy-pool - - modules/cognito-identity-pool-final - - modules/cognito-identity - - modules/cognito-user-pool - - modules/complete-eks-cluster - - modules/ecr - - modules/eks-iam-user-constrain - - modules/eks - - modules/elastic-search - - modules/external-secret-store - - modules/external-secrets - - modules/fluent-bit-logs-s3-to-cloudwatch - - modules/fluent-bit-to-s3 - - modules/fluent-bit - - modules/goldilocks - - modules/iam-account-password-policy - - modules/iam-group - - modules/ingress - - modules/metric-filter - - modules/metrics-filter-multiple - - modules/metrics-server - - modules/mongodb-atlas - - modules/mongodb - - modules/rabbitmq - - modules/rds - - modules/route53-alerts-notify - - modules/s3 - - modules/secret - - modules/service-alerts - - modules/sns-cronjob - - modules/sqs - - modules/ssl-certificate - - modules/vpc-flow-logs-to-s3-to-cloudwatch - - modules/vpc - - modules/waf - + - / + steps: - uses: dasmeta/reusable-actions-workflows/checkov@4.2.0 with: fetch-depth: 0 directory: ${{ matrix.path }} + continue-on-error: true diff --git a/.github/workflows/pr-title-checker.yaml b/.github/workflows/pr-title-checker.yaml new file mode 100644 index 00000000..0ad09fb7 --- /dev/null +++ b/.github/workflows/pr-title-checker.yaml @@ -0,0 +1,16 @@ +name: 'PR Title Checker' +on: + pull_request: + types: [edited, opened, synchronize, reopened] + +jobs: + title-check: + runs-on: ubuntu-latest + steps: + - uses: deepakputhraya/action-pr-title@v1.0.2 + with: + regex: 'DMVP-[0-9]*:' # Regex the title should match. + allowed_prefixes: 'DMVP-' # title should start with the given prefix + prefix_case_sensitive: false # title prefix are case insensitive + min_length: 5 # Min length of the title + max_length: -1 # Max length of the title diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 6804fb9f..f43ab25d 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -17,4 +17,7 @@ jobs: uses: dasmeta/reusable-actions-workflows/pre-commit@4.2.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - path: modules/ + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + path: modules/${{ matrix.path }} + continue-on-error: true diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml index 7138ce32..d6ce9131 100644 --- a/.github/workflows/semantic-release.yaml +++ b/.github/workflows/semantic-release.yaml @@ -9,15 +9,14 @@ jobs: discussions: write pull-requests: write id-token: write - steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@v1 + uses: actions/setup-node@v3 with: node-version: 16 - name: Semantic Release - uses: cycjimmy/semantic-release-action@v3 + uses: cycjimmy/semantic-release-action@v4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/terraform-test.yaml b/.github/workflows/terraform-test.yaml index 2b70e0cc..8a0f0092 100644 --- a/.github/workflows/terraform-test.yaml +++ b/.github/workflows/terraform-test.yaml @@ -15,65 +15,8 @@ jobs: strategy: matrix: path: - - modules/api-gateway - - modules/alb-logs-to-s3-to-cloudwatch - - modules/api-gateway-account-settings - - modules/aws-alb-to-cloudwatch-lambda - - modules/aws-cloudfront-security-headers - - modules/aws-cloudwatch-prometheus-metrics - - modules/aws-iam-user - - modules/aws-load-balancer-controller - - modules/aws-multi-vpc-peering - - modules/aws-network - - modules/aws-rds-postgres - - modules/aws-vpc-peering - - modules/aws-vpn-vpnendpoint - - modules/budgets - - modules/cloudfront-ssl-hsts - - modules/cloudfront-to-s3-to-cloudwatch - - modules/cloudfront - - modules/cloudtrail-s3-to-cloudwatch - - modules/cloudtrail - - modules/cloudwatch-alarm-notify - - modules/cloudwatch-cross-account-share - - modules/cloudwatch-log-metric - - modules/cloudwatch-metrics - - modules/cloudwatch - - modules/cognito-identitiy-pool - - modules/cognito-identity-pool-final - - modules/cognito-identity - - modules/cognito-user-pool - - modules/complete-eks-cluster - - modules/ecr - - modules/eks-iam-user-constrain - - modules/eks - - modules/elastic-search - - modules/external-secret-store - - modules/external-secrets - - modules/fluent-bit-logs-s3-to-cloudwatch - - modules/fluent-bit-to-s3 - - modules/fluent-bit - - modules/goldilocks - - modules/iam-account-password-policy - - modules/iam-group - - modules/ingress - - modules/metric-filter - - modules/metrics-filter-multiple - - modules/metrics-server - - modules/mongodb-atlas - - modules/mongodb - - modules/rabbitmq - - modules/rds - - modules/route53-alerts-notify - - modules/s3 - - modules/secret - - modules/service-alerts - - modules/sns-cronjob - - modules/sqs - - modules/ssl-certificate - - modules/vpc-flow-logs-to-s3-to-cloudwatch - - modules/vpc - - modules/waf + - / + steps: - uses: dasmeta/reusable-actions-workflows/terraform-test@4.2.0 with: @@ -81,3 +24,4 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} path: ${{ matrix.path }} + continue-on-error: true diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml index 524c74b1..78eb241a 100644 --- a/.github/workflows/tflint.yaml +++ b/.github/workflows/tflint.yaml @@ -17,67 +17,14 @@ jobs: strategy: matrix: path: - - modules/api-gateway - - modules/alb-logs-to-s3-to-cloudwatch - - modules/api-gateway-account-settings - - modules/aws-alb-to-cloudwatch-lambda - - modules/aws-cloudfront-security-headers - - modules/aws-cloudwatch-prometheus-metrics - - modules/aws-iam-user - - modules/aws-load-balancer-controller - - modules/aws-multi-vpc-peering - - modules/aws-network - - modules/aws-rds-postgres - - modules/aws-vpc-peering - - modules/aws-vpn-vpnendpoint - - modules/budgets - - modules/cloudfront-ssl-hsts - - modules/cloudfront-to-s3-to-cloudwatch - - modules/cloudfront - - modules/cloudtrail-s3-to-cloudwatch - - modules/cloudtrail - - modules/cloudwatch-alarm-notify - - modules/cloudwatch-cross-account-share - - modules/cloudwatch-log-metric - - modules/cloudwatch-metrics - - modules/cloudwatch - - modules/cognito-identitiy-pool - - modules/cognito-identity-pool-final - - modules/cognito-identity - - modules/cognito-user-pool - - modules/complete-eks-cluster - - modules/ecr - - modules/eks-iam-user-constrain - - modules/eks - - modules/elastic-search - - modules/external-secret-store - - modules/external-secrets - - modules/fluent-bit-logs-s3-to-cloudwatch - - modules/fluent-bit-to-s3 - - modules/fluent-bit - - modules/goldilocks - - modules/iam-account-password-policy - - modules/iam-group - - modules/ingress - - modules/metric-filter - - modules/metrics-filter-multiple - - modules/metrics-server - - modules/mongodb-atlas - - modules/mongodb - - modules/rabbitmq - - modules/rds - - modules/route53-alerts-notify - - modules/s3 - - modules/secret - - modules/service-alerts - - modules/sns-cronjob - - modules/sqs - - modules/ssl-certificate - - modules/vpc-flow-logs-to-s3-to-cloudwatch - - modules/vpc - - modules/waf + - / + steps: - uses: dasmeta/reusable-actions-workflows/tflint@4.2.0 with: + aws-region: ${{ secrets.AWS_REGION}} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} path: ${{ matrix.path }} repo-token: ${{ secrets.GITHUB_TOKEN }} + continue-on-error: true diff --git a/.github/workflows/tfsec.yaml b/.github/workflows/tfsec.yaml index e5275df6..3f9ad3b1 100644 --- a/.github/workflows/tfsec.yaml +++ b/.github/workflows/tfsec.yaml @@ -17,3 +17,4 @@ jobs: - uses: dasmeta/reusable-actions-workflows/tfsec@4.2.0 with: fetch-depth: 0 + continue-on-error: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d3ab8e2d..cd2b6faa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,6 +9,7 @@ repos: - id: trailing-whitespace args: [--markdown-linebreak-ext=md] exclude: CHANGELOG.md + - id: check-yaml - id: check-merge-conflict - id: check-case-conflict - id: mixed-line-ending