Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Updates to CI configurations for pre-commit and GHA #154

Merged
merged 1 commit into from
Jul 24, 2024
Merged

feat: Updates to CI configurations for pre-commit and GHA #154

merged 1 commit into from
Jul 24, 2024

Conversation

henrykie
Copy link
Contributor

  • Added config directory for storing CLI tooling configuration files
  • Adjusted pre-commit to leverage config files for terraform-docs and checkov
  • Switched to using standard terraform-docs-go and checkov precommit hooks and GHA
  • Removed pre-commit CI. Will leverage GHA instead.
  • Added terraform docs GHA

Issue number:

NA

Summary

Maintenance of CI processes.

Changes

Please provide a summary of what's being changed

See above.

User experience

Please share what the user experience looks like before and after this change

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented
Is this a breaking change?

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created might not be successful.

@henrykie henrykie added the ci Related to project CI and GitHub Actions label Jul 24, 2024
@henrykie henrykie requested a review from a team as a code owner July 24, 2024 13:29
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 24, 2024
View reviewed changes
.github/workflows/terraform-docs.yml
@@ -0,0 +1,18 @@
name: Generate terraform docs

Check failure

Code scanning / checkov

Ensure top-level permissions are not set to write-all Error

Ensure top-level permissions are not set to write-all
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kylesomers checkov doing GHA scans as well. Doesn't like our top-level writes.

CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty."

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted. Impacts CI and not the project resources directly so approving. We can create an issue to get this addressed with input vars.

@henrykie
Copy link
Contributor Author

@kylesomers check this out.

@henrykie
feat: Updates to CI configurations for pre-commit and GHA
c3638d0 
- Added config directory for storing CLI tooling configuration files
- Adjusted pre-commit to leverage config files for terraform-docs and checkov
- Switched to using standard terraform-docs-go and checkov precommit hooks and GHA
- Removed pre-commit CI. Will leverage GHA instead.
- Added terraform docs GHA
kylesomers
kylesomers reviewed Jul 24, 2024
View reviewed changes
.config/.checkov.yml
output: cli
quiet: true
skip-check:
- CKV_AWS_91 # "Elastic Load Balancing | Ensure the ELBv2 (Application/Network) has access logging enabled"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • These should be configurable input vars for users. Add to backlog?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean? This config is used by pre-commit and our GHA - if end users don't want to leverage our checkov configuration they can simply remove the file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or are you suggesting that access logging is configurable? It is.

kylesomers
kylesomers approved these changes Jul 24, 2024
View reviewed changes
Copy link
Member

@kylesomers kylesomers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checkov findings should be addressed an input vars with relevant defaults which we can address in a separate PR. Approved.

@henrykie henrykie merged commit 6cbd8fb into main Jul 24, 2024
4 of 6 checks passed
@henrykie henrykie deleted the henrykie/ci branch August 9, 2024 15:02
jcwolfaws pushed a commit to jcwolfaws/cloud-game-development-toolkit that referenced this pull request Dec 10, 2024
@henrykie
feat: Updates to CI configurations for pre-commit and GHA (aws-games#154
2db0bd0 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylesomers kylesomers kylesomers approved these changes

Assignees
No one assigned
Labels
ci Related to project CI and GitHub Actions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@henrykie @kylesomers