Rebase #1
Open
Rebase #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…1.0 (#495) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
….0.0-alpha.6 (#498) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## [1.77.2](v1.77.1...v1.77.2) (2023-04-09) ### Bug Fixes * Fixed spacing in `terraform_wrapper_module_for_each` hook ([#503](#503)) ([ddc0d81](ddc0d81))
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#500) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#507) * Docker doesn't provide possibilities for avoiding trash There is no possibility to exclude part of the "pre-installed" files from COPY steps like moby/buildkit#2853 And copy-paste mostly all `site-packages` without it is not worth it
## [1.77.3](v1.77.2...v1.77.3) (2023-04-21) ### Bug Fixes * Updates all dependencies used in Dockerfile and fix Docker image ([#507](#507)) ([dc177fe](dc177fe))
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Maksym Vlasov <MaxymVlasov@users.noreply.github.com>
## [1.77.4](v1.77.3...v1.77.4) (2023-04-28) ### Bug Fixes * Speed up x2 TFLint hook execution in dirs with violations ([#514](#514)) ([49974ab](49974ab))
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build ARM images * Fix GH API rate limits * `docker buildx` currently does not support `load` and multi-arch at the same time. And used Github Action does not support output=type=oci --------- Co-authored-by: Maksym Vlasov <MaxymVlasov@users.noreply.github.com> Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua>
# [1.78.0](v1.77.4...v1.78.0) (2023-04-28) ### Features * **ci:** Build multi-arch Docker images (`amd64`, `arm64`) ([#496](#496)) ([923c2c6](923c2c6))
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ivate GitHub repos (#517)
…dir` (#512) Co-authored-by: Maksym Vlasov <MaxymVlasov@users.noreply.github.com>
# [1.79.0](v1.78.0...v1.79.0) (2023-05-08) ### Features * TFLint: Add `--hook-config=--delegate-chdir` to use `tflint -chdir` ([#512](#512)) ([1e9debc](1e9debc))
## [1.79.1](v1.79.0...v1.79.1) (2023-05-09) ### Bug Fixes * Fix `terraform_providers_lock` hook broken in v1.79.0 ([#521](#521)) ([6bfc5bf](6bfc5bf))
…#523) --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Maksym Vlasov <MaxymVlasov@users.noreply.github.com>
* docs: Simplify lists maintenance and fix language * Return ordering
…revious workflow (#528) Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua>
# [1.80.0](v1.79.1...v1.80.0) (2023-05-30) ### Features * **`terraform_providers_lock`:** Add `--mode` option and deprecate previous workflow ([#528](#528)) ([2426b52](2426b52))
… checking is `.terraform/` is valid (#524)
# [1.81.0](v1.80.0...v1.81.0) (2023-06-12) ### Features * Speedup `terraform_validate` - firstly try run validate without checking is `.terraform/` is valid ([#524](#524)) ([d0d08ac](d0d08ac))
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#535) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Security Fixes ### Add Dependency Review Workflow The Dependency Review Workflow enforces dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. - [Github Guide about Dependency Review](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) - [Github Guide for Configuring Dependency Review Action](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#using-inline-configuration-to-set-up-the-dependency-review-action) Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
…781) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
### Add OpenSSF Scorecard Workflow
OpenSSF Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project.
Scorecard workflow also allows maintainers to display a Scorecard badge on their repository to show off their hard work.
- [The Open Source Security Foundation (OpenSSF) Scorecard](https://github.com/ossf/scorecard)
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
### Description of your changes Deal with ``` ERROR: invalid tag "ghcr.io/MaxymVlasov/pre-commit-terraform-712:latest": repository name must be lowercase ``` Found during testing changes for OSSF score improvement - as I need to test all workflows without disrupting main repo --------- Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua>
--------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
## Security Fixes ### Detect Vulnerabilities with SAST Workflow Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review (also known as clear-box testing) and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within ‘static’ (non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis. - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#sast) - [OWASP Static Code Analysis](https://owasp.org/www-community/controls/Static_Code_Analysis) - [Github Guide For Code Scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository) --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
--------- Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <webknjaz@redhat.com>
This is emitted by `pytest-cov` [[1]] and is turned into an error by the default `-Werror` passed to Python, not the `filterwarnings` setting within the `pytest`. The patch selectively suppresses the warning so there's nothing to turn into an error in the first place. Insufficient coverage still marks the test session as failed as it's supposed to. [1]: pytest-dev/pytest-cov#675
…mits (#799) The value of /sys/fs/cgroup/cpu/cpu.cfs_quota_us is not in milliseconds and cannot be simply divided by 1000 to determine the CPU limit. As per kernel documentation[^1], the cpu limit can be determined by dividing that value by /sys/fs/cgroup/cpu/cpu.cfs_period_us. [^1]: https://docs.kernel.org/scheduler/sched-bwc.html --------- Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua> Co-authored-by: MaxymVlasov <MaxymVlasov@users.noreply.github.com>
## [1.97.1](v1.97.0...v1.97.1) (2025-02-01) ### Bug Fixes * Parallelism CPU calculation inside Kubernetes and Docker with limits ([#799](#799)) ([58a89a1](58a89a1))
…m-docs.yaml` config file (#796)
## [1.97.2](v1.97.1...v1.97.2) (2025-02-03) ### Bug Fixes * **`terraform_docs`:** Allow having whitespaces in path to `.terraform-docs.yaml` config file ([#796](#796)) ([7d83911](7d83911))
* Fix bug introduced via #796 by passing config file only when it is defined * While here make array declarations in `common::parse_cmdline` in `hooks/_common.sh` compliant with Bash v3 * While here suppress error outputs from `grep` for non-existing config file in `hooks/terraform_docs.sh` where error output makes no sense
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Put an
xinto the box if that apply:Description of your changes
How can we test changes