Merge pull request #15 from dasmeta/DMVP-tf-init

DMVP-0000: Initial PR
dasmeta · Sep 5, 2024 · 32417f7 · 32417f7
2 parents ed2fc32 + 34d3930
commit 32417f7
Show file tree

Hide file tree

Showing 11 changed files with 99 additions and 51 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -1,8 +1,17 @@
 version: 2
 
 updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: feat
+
   - package-ecosystem: "terraform"
-    directory:
-      - "/"
+    directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      prefix: feat
diff --git a/.github/workflows/branch-name-check.yaml b/.github/workflows/branch-name-check.yaml
@@ -0,0 +1,14 @@
+name: 'Branch Naming Check'
+on: pull_request
+
+jobs:
+  branch-naming-rules:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: deepakputhraya/action-branch-name@master
+        with:
+          regex: 'DMVP-[0-9]*' # Regex the branch should match. This example enforces grouping
+          allowed_prefixes: 'DMVP-' # All branches should start with the given prefix
+          ignore: master,develop # Ignore exactly matching branch names from convention
+          min_length: 5 # Min length of the branch name
+          max_length: 30 # Max length of the branch name
diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml
@@ -17,9 +17,9 @@ jobs:
       matrix:
         path:
           - /
-
+     
     steps:
-    - uses: dasmeta/reusable-actions-workflows/checkov@main
+    - uses: dasmeta/reusable-actions-workflows/checkov@4.2.0
       with:
         fetch-depth: 0
         directory: ${{ matrix.path }}

diff --git a/.github/workflows/pr-title-checker.yaml b/.github/workflows/pr-title-checker.yaml
@@ -0,0 +1,16 @@
+name: 'PR Title Checker'
+on:
+  pull_request:
+    types: [edited, opened, synchronize, reopened]
+
+jobs:
+  title-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: deepakputhraya/[email protected]
+        with:
+          regex: 'DMVP-[0-9]*:' # Regex the title should match.
+          allowed_prefixes: 'DMVP-' # title should start with the given prefix
+          prefix_case_sensitive: false # title prefix are case insensitive
+          min_length: 5 # Min length of the title
+          max_length: -1 # Max length of the title
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -14,7 +14,7 @@ jobs:
       id-token: write
     steps:
     - name: Pre-Commit
-      uses: dasmeta/reusable-actions-workflows/pre-commit@main
+      uses: dasmeta/reusable-actions-workflows/pre-commit@4.2.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}

diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml
@@ -0,0 +1,22 @@
+name:  Semantic-Release
+on: [pull_request, push]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/terraform-test.yaml b/.github/workflows/terraform-test.yaml
@@ -16,9 +16,9 @@ jobs:
       matrix:
         path:
           - /
-
+     
     steps:
-    - uses: dasmeta/reusable-actions-workflows/terraform-test@main
+    - uses: dasmeta/reusable-actions-workflows/terraform-test@4.2.0
       with:
         aws-region: ${{ secrets.AWS_REGION}}
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}

diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml
@@ -18,9 +18,9 @@ jobs:
       matrix:
         path:
           - /
-
+     
     steps:
-    - uses: dasmeta/reusable-actions-workflows/tflint@main
+    - uses: dasmeta/reusable-actions-workflows/tflint@4.2.0
       with:
         aws-region: ${{ secrets.AWS_REGION}}
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}

diff --git a/.github/workflows/tfsec.yaml b/.github/workflows/tfsec.yaml
@@ -14,7 +14,7 @@ jobs:
       id-token: write
       security-events: write
     steps:
-    - uses: dasmeta/reusable-actions-workflows/tfsec@main
+    - uses: dasmeta/reusable-actions-workflows/tfsec@4.2.0
       with:
         fetch-depth: 0
     continue-on-error: true
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -26,3 +26,11 @@ repos:
           - --hook-config=--path-to-file=README.md
           - --hook-config=--add-to-existing-file=true
           - --hook-config=--create-file-if-not-exist=true
+  - repo: https://github.com/qoomon/git-conventional-commits
+    rev: v2.4.0
+    hooks:
+      - id: conventional-commits
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.12.0
+    hooks:
+      - id: gitleaks
diff --git a/githooks/commit-msg b/githooks/commit-msg
@@ -1,41 +1,20 @@
-{
-  "convention" : {
-    "commitTypes": [
-      "feat",
-      "fix",
-      "perf",
-      "refactor",
-      "style",
-      "test",
-      "build",
-      "ops",
-      "docs",
-      "merge",
-      "chore"
-    ],
-    "commitScopes": [],
-    "releaseTagGlobPattern":  "v[0-9]*.[0-9]*.[0-9]*",
-    "issueRegexPattern": "(^|\\s)#\\d+(\\s|$)"
-  },
-  "changelog" : {
-    "commitTypes": [
-      "feat",
-      "fix",
-      "perf",
-      "merge"
-    ],
-    "includeInvalidCommits": true,
-    "commitScopes": [],
-    "commitIgnoreRegexPattern": "^WIP ",
-    "headlines": {
-      "feat": "Features",
-      "fix": "Bug Fixes",
-      "perf": "Performance Improvements",
-      "merge": "Merged Branches",
-      "breakingChange": "BREAKING CHANGES"
-    },
-    "commitUrl": "https://github.com/ACCOUNT/REPOSITORY/commit/%commit%",
-    "commitRangeUrl": "https://github.com/ACCOUNT/REPOSITORY/compare/%from%...%to%?diff=split",
-    "issueUrl": "https://github.com/ACCOUNT/REPOSITORY/issues/%issue%"
-  }
-}
+#!/usr/bin/env bash
+# File generated by pre-commit: https://pre-commit.com
+# ID: 138fd403232d2ddd5efb44317e38bf03
+
+# start templated
+INSTALL_PYTHON=/usr/bin/python3
+ARGS=(hook-impl --config=.pre-commit-config.yaml --hook-type=commit-msg)
+# end templated
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+ARGS+=(--hook-dir "$HERE" -- "$@")
+
+if command -v pre-commit > /dev/null; then
+    exec pre-commit "${ARGS[@]}"
+elif [ -x "$INSTALL_PYTHON" ]; then
+    exec "$INSTALL_PYTHON" -mpre_commit "${ARGS[@]}"
+else
+    echo '`pre-commit` not found.  Did you forget to activate your virtualenv?' 1>&2
+    exit 1
+fi