diff --git a/.github/config.yml b/.github/config.yml deleted file mode 100644 index 1b968c4..0000000 --- a/.github/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -PR_TITLE_REGEX: /((?:[a-z][a-z]+))(-)(\d{4})(:).*/i -COMMIT_MESSAGE_REGEX: /^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\(.*\))(:).*/i diff --git a/.github/workflows/commit-message-validator.yaml b/.github/workflows/commit-message-validator.yaml new file mode 100644 index 0000000..19f9692 --- /dev/null +++ b/.github/workflows/commit-message-validator.yaml @@ -0,0 +1,12 @@ +name: Commit linter +on: + pull_request: + branches: [main, master] +jobs: + commitlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: wagoid/commitlint-github-action@v4 diff --git a/.gitignore b/.gitignore index 741750b..96a4948 100644 --- a/.gitignore +++ b/.gitignore @@ -38,6 +38,8 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc +.terraform.lock.hcl +.terraform # MacOS General .DS_Store @@ -369,10 +371,6 @@ node_modules/ *.dsw *.dsp -# Visual Studio 6 technical files -*.ncb -*.aps - # Visual Studio LightSwitch build output **/*.HTMLClient/GeneratedArtifacts **/*.DesktopClient/GeneratedArtifacts diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 289d222..de3deb4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,16 +34,20 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.62.0 hooks: - - id: terraform_validate - id: terraform_fmt - id: terraform_tflint - - id: terraform_tfsec - - id: checkov + args: + - --args=--enable-plugin=aws - id: terraform_docs args: - --hook-config=--path-to-file=README.md - --hook-config=--add-to-existing-file=true - --hook-config=--create-file-if-not-exist=true + - id: terraform_tfsec + - repo: https://github.com/Checkmarx/kics + rev: v1.5.4 + hooks: + - id: kics - repo: https://github.com/sirosen/check-jsonschema rev: 0.13.0 hooks: diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl deleted file mode 100644 index c70bb05..0000000 --- a/.terraform.lock.hcl +++ /dev/null @@ -1,22 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.5.0" - constraints = ">= 4.2.0" - hashes = [ - "h1:6y12cTFaxpFv4qyU3gkV9M15eSBBrgInoKY1iaHuhvg=", - "zh:0573de96ba316d808be9f8d6fc8e8e68e0e6b614ed4d707bd236c4f7b46ac8b1", - "zh:37560469042f5f43fdb961eb6e6b0a8f95057df68af2c1168d5b8c66ddcb1512", - "zh:44bb4f6bc1f58e19b8bf7041f981a2549a351762d17dd39654eb24d1fa7991c7", - "zh:53af6557b68e547ac5c02cfd0e47ef63c8e9edfacf46921ccc97d73c0cd362c9", - "zh:578a583f69a8e5947d66b2b9d6969690043b6887f6b574263be7ef05f82a82ad", - "zh:6c2d42f30db198a4e7badd7f8037ef9bd951cfd6cf40328c6a7eed96801a374e", - "zh:758f3fc4d833dbdda57a4db743cbbddc8fd8c0492df47771b848447ba7876ce5", - "zh:78241bd45e2f6102055787b3697849fee7e9c28a744ba59cad956639c1aca07b", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a3a7f4699c097c7b8364d05a5df9f3bd5d005fd5736c28ec5dc8f8c0ee340512", - "zh:bf875483bf2ad6cfb4029813328cdcd9ea40f50b9f1c265f4e742fe8cc456157", - "zh:f4722596e8b5f012013f87bf4d2b7d302c248a04a144de4563b3e3f754a30c51", - ] -} diff --git a/README.md b/README.md index 27d9595..eb0381e 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,17 @@ -# TERRAFORM-MODULE-TEMPLATE - [![Maintained](https://img.shields.io/badge/Maintained%20by-XOAP-success)](https://xoap.io) -[![Terraform](https://img.shields.io/badge/Terraform-%3E%3D1.0.0-blue)](https://terraform.io) +[![Terraform](https://img.shields.io/badge/Terraform-%3E%3D1.1.6-blue)](https://terraform.io) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -- [Table of Contents](#table-of-contents) - - [Introduction](#introduction) - - [Guidelines](#guidelines) - - [Requirements](#requirements) - - [Providers](#providers) - - [Modules](#modules) - - [Resources](#resources) - - [Inputs](#inputs) - - [Outputs](#outputs) +# Table of Contents + +- [Introduction](#introduction) +- [Guidelines](#guidelines) +- [Requirements](#requirements) +- [Providers](#providers) +- [Modules](#modules) +- [Resources](#resources) +- [Inputs](#inputs) +- [Outputs](#outputs) --- @@ -61,6 +60,43 @@ Naming Conventions for Terraform resources must be used. --- +## Usage + +### Installation + +For the first ime using this template necessary tools need to be installed. +A script for PowerShell Core is provided under ./build/init.ps1 + +This script will install following dependencies: + +- [pre-commit](https://github.com/pre-commit/pre-commit) +- [terraform-docs](https://github.com/terraform-docs/terraform-docs) +- [tflint](https://github.com/terraform-linters/tflint) +- [tfsec](https://github.com/aquasecurity/tfsec) +- [checkov](https://github.com/bridgecrewio/checkov) +- [terrascan](https://github.com/accurics/terrascan) +- [kics](https://github.com/Checkmarx/kics) + +This script configures: + +- global git template under ~/.git-template +- global pre-commit hooks for prepare-commit-msg and commit-msg under ~/.git-template/hooks +- github actions: + - linting and checks for pull requests from dev to master/main + - automatic tagging and release creation on pushes to master/main + - dependabot updates + +It currently supports the automated installation for macOS. Support for Windows and Linux will be available soon. + +### Synchronisation + +We provided a script under ./build/sync_template.ps1 to fetch the latest changes from this template repository. +Please be aware that this is mainly a copy operation which means all your current changes have to be committed first and after running the script you have to merge this changes into your codebase. + +### Configuration + +--- + @@ -69,7 +105,7 @@ Naming Conventions for Terraform resources must be used. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >=1.1.6 | -| [aws](#requirement\_aws) | >= 4.2.0 | +| [aws](#requirement\_aws) | >= 4.5.0 | ## Providers @@ -87,13 +123,11 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [context](#input\_context) | Default context for naming and tagging purpose |
object({
organization = string
environment = string
account = string
product = string
tags = map(string)
})
| n/a | yes | +| [tags](#input\_tags) | A list of Variables | `map(string)` | `{}` | no | ## Outputs -| Name | Description | -|------|-------------| -| [context](#output\_context) | Exported context from input variable | +No outputs. diff --git a/build/init.ps1 b/build/init.ps1 new file mode 100644 index 0000000..1b10fe4 --- /dev/null +++ b/build/init.ps1 @@ -0,0 +1,78 @@ +$brewPackages = @( + "pre-commit", + "gawk", + "terraform-docs", + "tflint", + "tfsec", + "coreutils", + "checkov", + "terrascan", + "golang", + "Checkmarx/tap/kics" + +) +function ReplaceAllStringsInFile($SearchString, $ReplaceString, $FullPathToFile) { + $content = [System.IO.File]::ReadAllText("$FullPathToFile").Replace("$SearchString", "$ReplaceString") + [System.IO.File]::WriteAllText("$FullPathToFile", $content) +} +function SetupPreCommit { + Write-host "Configuring pre-commit..." + $dir = Join-Path $env:HOME ".git-template" + if (Test-Path "$dir") { + Remove-item -Recurse -Force -Path "$dir" -Verbose + } + $globalHooks = Join-path $dir "hooks" + $localHooks = "$PSScriptRoot/../.git/hooks" + if (Test-Path "$localHooks") { + Remove-item -Recurse -Force -Path "$localHooks" -Verbose + } + + New-Item -ItemType Directory -Path $dir + git config --global init.templateDir $dir + git config --global core.hooksPath $dir/hooks + pre-commit init-templatedir -t pre-commit $dir + pre-commit init-templatedir -t prepare-commit-msg $dir + pre-commit init-templatedir -t commit-msg $dir + + Copy-Item $globalHooks -Destination $localHooks -Recurse -Verbose +} +function InstallMacDependencies { + foreach ($package in $brewPackages) { + Write-Host "Going to check for package $package" + brew install $package + } +} +function FixReadme { + $file = "$PSScriptRoot/../README.md" + $path = Get-Item "$PSScriptRoot/.." + ReplaceAllStringsInFile -SearchString "TERRAFORM-MODULE-TEMPLATE" -ReplaceString $path.Name.ToUpper() -FullPathToFile $file +} + +function PrintAdditionalNeededConfig { + Write-Host "Please add following statements to your .bashrc or .zshrc" + Write-host " +Optional: + export GOPATH=`$HOME/dev/go-workspace + export GOROOT=/usr/local/opt/go/libexec + export PATH=`$PATH:`$GOPATH/bin + export PATH=`$PATH:`$GOROOT/bin +Required: + export TF_PLUGIN_CACHE_DIR=~/.terraform-cache + export KICS_QUERIES_PATH=/usr/local/opt/kics/share/kics/assets/queries" +} + +if ($IsWindows) { + Write-Error "This script is currently not able to setup windows systems" + exit 1 +} +if ($IsLinux) { + Write-Error "This script is currently not able to setup linux systems" + exit 1 +} +if ($IsMacOS) { + InstallMacDependencies + PrintAdditionalNeededConfig +} + +SetupPreCommit +FixReadme diff --git a/build/sync_template.ps1 b/build/sync_template.ps1 new file mode 100644 index 0000000..27499ab --- /dev/null +++ b/build/sync_template.ps1 @@ -0,0 +1,27 @@ +$protectedFiles = @( + "main.tf", + "outputs.tf" + "variables.tf" +) +$ChangedFiles = $(git status --porcelain | Measure-Object | Select-Object -expand Count) +if ($ChangedFiles -gt 0) +{ + Write-Error "Found $ChangedFiles changed files. Please commit or stash them before using this script." + exit 0 +} + +$tempPath = Join-Path $([system.io.path]::GetTempPath()) "xoap-template" + +if(Test-path "$tempPath"){ + Write-Host "Removing old temporary files for xoap module template" + Remove-Item "$tempPath" -Recurse -Force -Verbose +} + +git clone https://github.com/xoap-io/terraform-module-template.git $tempPath + +$templateItems = Get-ChildItem $tempPath -File | Where-Object {$_.Name -notin $protectedFiles} + +foreach($item in $templateItems){ + $targetPath = $item.FullName.Replace($tempPath, "${PSScriptRoot}/..") + Copy-Item $item.FullName -Destination $targetPath -Force -Verbose +} diff --git a/kics.config b/kics.config new file mode 100644 index 0000000..bac9c2d --- /dev/null +++ b/kics.config @@ -0,0 +1,15 @@ +exclude-categories: +exclude-paths: + - ".terraform" + - "*/.terraform" +exclude-queries: + - e592a0c5-5bdb-414c-9066-5dba7cdea370 #IAM Access Analyzer Undefined - always disable +fail-on: + - high + - medium +minimal-ui: false +no-color: false +no-progress: true +preview-lines: 3 +silent: false +verbose: false diff --git a/outputs.tf b/outputs.tf index 0c04529..e69de29 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,4 +0,0 @@ -output "context" { - value = var.context - description = "Exported context from input variable" -} diff --git a/variables.tf b/variables.tf index 96c1e35..9551e9d 100644 --- a/variables.tf +++ b/variables.tf @@ -1,10 +1,5 @@ -variable "context" { - type = object({ - organization = string - environment = string - account = string - product = string - tags = map(string) - }) - description = "Default context for naming and tagging purpose" +variable "tags" { + type = map(string) + default = {} + description = "A list of Variables" } diff --git a/versions.tf b/versions.tf index 4de5b0c..bae0f13 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.2.0" + version = ">= 4.5.0" } } required_version = ">=1.1.6"