Merge pull request #14 from dasmeta/best-practice

fix(best-practices): add all best practices

Author: mrdntgrn

.github/workflows/checkov.yaml

@@ -0,0 +1,26 @@
+name: Checkov
+on:
+ pull_request:
+ push:
+ branches: [main, master]
+jobs:
+ terraform-validate:
+ runs-on: ubuntu-latest
+ permissions:
+ actions: write
+ contents: write
+ discussions: write
+ pull-requests: write
+ security-events: write
+ id-token: write
+ strategy:
+ matrix:
+ path:
+ - /
+
+ steps:
+ - uses: dasmeta/reusable-actions-workflows/checkov@main
+ with:
+ fetch-depth: 0
+ directory: ${{ matrix.path }}
+ continue-on-error: true

.github/workflows/pre-commit.yaml

@@ -0,0 +1,23 @@
+name: Pre-Commit
+on:
+ pull_request:
+ push:
+ branches: [main, master]
+jobs:
+ terraform-validate:
+ runs-on: ubuntu-latest
+ permissions:
+ actions: write
+ contents: write
+ discussions: write
+ pull-requests: write
+ id-token: write
+ steps:
+ - name: Pre-Commit
+ uses: dasmeta/reusable-actions-workflows/pre-commit@main
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ path: modules/${{ matrix.path }}
+ continue-on-error: true

.github/workflows/semantic.yaml

@@ -0,0 +1,22 @@
+name: Semantic-Release
+on: [pull_request, push]
+jobs:
+ publish:
+ runs-on: ubuntu-latest
+ permissions:
+ actions: write
+ contents: write
+ discussions: write
+ pull-requests: write
+ id-token: write
+ steps:
+ - uses: actions/checkout@v2
+ - name: Setup Node.js
+ uses: actions/setup-node@v1
+ with:
+ node-version: 16
+ - name: Semantic Release
+ uses: cycjimmy/semantic-release-action@v3
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/terraform-test.yaml

@@ -0,0 +1,27 @@
+name: Terraform Test
+on:
+ pull_request:
+ push:
+ branches: [main, master]
+jobs:
+ terraform-validate:
+ permissions:
+ actions: write
+ contents: write
+ discussions: write
+ pull-requests: write
+ id-token: write
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ path:
+ - /
+ 
+ steps:
+ - uses: dasmeta/reusable-actions-workflows/terraform-test@main
+ with:
+ aws-region: ${{ secrets.AWS_REGION}}
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ path: ${{ matrix.path }}
+ continue-on-error: true

.github/workflows/tflint.yaml

@@ -0,0 +1,30 @@
+name: Tflint
+on:
+ pull_request:
+ push:
+ branches: [main, master]
+
+jobs:
+ terraform-validate:
+ permissions:
+ actions: write
+ contents: write
+ discussions: write
+ pull-requests: write
+ id-token: write
+ security-events: write
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ path:
+ - /
+
+ steps:
+ - uses: dasmeta/reusable-actions-workflows/tflint@main
+ with:
+ aws-region: ${{ secrets.AWS_REGION}}
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ path: ${{ matrix.path }}
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ continue-on-error: true

.github/workflows/tfsec.yaml

@@ -0,0 +1,20 @@
+name: TFSEC
+on:
+ pull_request:
+ push:
+ branches: [main, master]
+jobs:
+ terraform-tfsec:
+ runs-on: ubuntu-latest
+ permissions:
+ actions: write
+ contents: write
+ discussions: write
+ pull-requests: write
+ id-token: write
+ security-events: write
+ steps:
+ - uses: dasmeta/reusable-actions-workflows/tfsec@main
+ with:
+ fetch-depth: 0
+ continue-on-error: true

.pre-commit-config.yaml

@@ -0,0 +1,28 @@
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.3.0
+ hooks:
+ - id: check-added-large-files
+ - id: check-merge-conflict
+ - id: check-vcs-permalinks
+ - id: end-of-file-fixer
+ - id: trailing-whitespace
+ args: [--markdown-linebreak-ext=md]
+ exclude: CHANGELOG.md
+ - id: check-yaml
+ - id: check-merge-conflict
+ - id: check-case-conflict
+ - id: mixed-line-ending
+ args: [--fix=lf]
+ - id: detect-aws-credentials
+ args: ['--allow-missing-credentials']
+ - id: detect-private-key
+ - repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.64.1
+ hooks:
+ - id: terraform_fmt
+ - id: terraform_docs
+ args:
+ - --hook-config=--path-to-file=README.md
+ - --hook-config=--add-to-existing-file=true
+ - --hook-config=--create-file-if-not-exist=true

commitlint.config.js

@@ -0,0 +1,5 @@
+module.exports = {
+ extends: [
+ "@commitlint/config-conventional"
+ ]
+}

git-conventional-commits.json

@@ -0,0 +1,41 @@
+{
+ "convention" : {
+ "commitTypes": [
+ "feat",
+ "fix",
+ "perf",
+ "refactor",
+ "style",
+ "test",
+ "build",
+ "ops",
+ "docs",
+ "merge",
+ "chore"
+ ],
+ "commitScopes": [],
+ "releaseTagGlobPattern": "v[0-9]*.[0-9]*.[0-9]*",
+ "issueRegexPattern": "(^|\\s)#\\d+(\\s|$)"
+ },
+ "changelog" : {
+ "commitTypes": [
+ "feat",
+ "fix",
+ "perf",
+ "merge"
+ ],
+ "includeInvalidCommits": true,
+ "commitScopes": [],
+ "commitIgnoreRegexPattern": "^WIP ",
+ "headlines": {
+ "feat": "Features",
+ "fix": "Bug Fixes",
+ "perf": "Performance Improvements",
+ "merge": "Merged Branches",
+ "breakingChange": "BREAKING CHANGES"
+ },
+ "commitUrl": "https://github.com/ACCOUNT/REPOSITORY/commit/%commit%",
+ "commitRangeUrl": "https://github.com/ACCOUNT/REPOSITORY/compare/%from%...%to%?diff=split",
+ "issueUrl": "https://github.com/ACCOUNT/REPOSITORY/issues/%issue%"
+ }
+}

githooks/commit-msg

@@ -0,0 +1,41 @@
+{
+ "convention" : {
+ "commitTypes": [
+ "feat",
+ "fix",
+ "perf",
+ "refactor",
+ "style",
+ "test",
+ "build",
+ "ops",
+ "docs",
+ "merge",
+ "chore"
+ ],
+ "commitScopes": [],
+ "releaseTagGlobPattern": "v[0-9]*.[0-9]*.[0-9]*",
+ "issueRegexPattern": "(^|\\s)#\\d+(\\s|$)"
+ },
+ "changelog" : {
+ "commitTypes": [
+ "feat",
+ "fix",
+ "perf",
+ "merge"
+ ],
+ "includeInvalidCommits": true,
+ "commitScopes": [],
+ "commitIgnoreRegexPattern": "^WIP ",
+ "headlines": {
+ "feat": "Features",
+ "fix": "Bug Fixes",
+ "perf": "Performance Improvements",
+ "merge": "Merged Branches",
+ "breakingChange": "BREAKING CHANGES"
+ },
+ "commitUrl": "https://github.com/ACCOUNT/REPOSITORY/commit/%commit%",
+ "commitRangeUrl": "https://github.com/ACCOUNT/REPOSITORY/compare/%from%...%to%?diff=split",
+ "issueUrl": "https://github.com/ACCOUNT/REPOSITORY/issues/%issue%"
+ }
+}