Merge pull request #17 from lablabs/feat/template-alignment

feat: align addon with latest template

Author: jaygridley

.github/RELEASE_DRAFTER.yml

@@ -7,11 +7,25 @@ categories:
       - 'enhancement'
   - title: 'Bug Fixes'
     labels:
-      - 'fix'
-      - 'bugfix'
       - 'bug'
   - title: 'Documentation'
     label: 'documentation'
+  - title: 'CI'
+    label: 'ci'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'feature'
+      - 'enhancement'
+  patch:
+    labels:
+      - 'ci'
+      - 'bug'
+      - 'documentation'
+  default: patch
 change-template: '- $TITLE, by @$AUTHOR (#$NUMBER)'
 template: |
   # What's changed

.github/workflows/pre-commit.yml

@@ -1,5 +1,8 @@
 name: pre-commit
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   pull_request:
@@ -8,36 +11,42 @@ on:
       - master
 
 env:
+  PYTHON_VERSION: "3.10"
   TERRAFORM_DOCS_VERSION: "v0.16.0"
-  TFLINT_VERSION: "v0.36.2"
+  TFLINT_VERSION: "v0.40.1"
 
 jobs:
   pre-commit:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-python@v2
-
-    - name: Install additional pre-commit hooks
-      shell: bash
-      run: |
-        echo "########### Install Checkov ####################"
-        pip install checkov
-
-        echo "########### Install Terraform-docs #############"
-        wget https://github.com/terraform-docs/terraform-docs/releases/download/${{ env.TERRAFORM_DOCS_VERSION }}/terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
-        tar xvzf terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
-        mkdir -p ~/terraform-docs/bin/
-        install terraform-docs ~/terraform-docs/bin/
-        echo '~/terraform-docs/bin/' >> $GITHUB_PATH
-
-        echo "########### Install Terraform-linters ##########"
-        wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip
-        unzip tflint_linux_amd64.zip
-        mkdir -p ~/tflint/bin/
-        echo '~/tflint/bin/' >> $GITHUB_PATH
-        install tflint ~/tflint/bin/
-        ~/tflint/bin/tflint --init
-
-    - name: Run pre-commit
-      uses: pre-commit/[email protected]
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: pip
+
+      - name: Install Python dependencies
+        run: pip install -r requirements.txt
+
+      - name: Install terraform-docs
+        uses: jaxxstorm/[email protected]
+        with:
+          repo: terraform-docs/terraform-docs
+          tag: ${{ env.TERRAFORM_DOCS_VERSION }}
+          cache: enable
+
+      - name: TFLint cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ runner.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+      - name: Install TFLint
+        uses: terraform-linters/setup-tflint@v2
+        with:
+          tflint_version: ${{ env.TFLINT_VERSION }}
+
+      - name: Run pre-commit
+        uses: pre-commit/[email protected]

.github/workflows/release-drafter.yml

@@ -15,7 +15,7 @@ on:
 
 jobs:
   update_release_draft:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: release-drafter/release-drafter@v5
         with:

.github/workflows/validate.yaml

@@ -1,5 +1,8 @@
 name: Terraform validate
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   pull_request:
@@ -10,11 +13,11 @@ on:
 jobs:
   versionExtract:
     name: Extract min/max Terraform versions
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Extract Terraform min/max versions
         id: minMax
@@ -26,7 +29,7 @@ jobs:
       maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
   terraform-validate:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: versionExtract
     strategy:
       matrix:
@@ -35,7 +38,7 @@ jobs:
           - ${{ needs.versionExtract.outputs.maxVersion }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: hashicorp/setup-terraform@v2
       with:
         terraform_version: ${{ matrix.tf_ver }}

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.2.0
+    rev: v4.3.0
     hooks:
       - id: trailing-whitespace
       - id: check-merge-conflict
@@ -10,23 +10,18 @@ repos:
       - id: end-of-file-fixer
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.71.0
+    rev: v1.75.0
     hooks:
-    - id: terraform_fmt
-    - id: terraform_tflint
-    - id: terraform_validate
-    - id: terraform_checkov
-    - id: terraform_docs
-      args:
-        - '--args=--hide providers --sort-by required'
-
-  - repo: https://github.com/pecigonzalo/pre-commit-terraform-vars
-    rev: v1.0.0
-    hooks:
-    - id: terraform-vars
+      - id: terraform_fmt
+      - id: terraform_tflint
+      - id: terraform_validate
+      - id: terraform_checkov
+      - id: terraform_docs
+        args:
+          - '--args=--config=.terraform-docs.yml'
 
   - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.2.0
+    rev: v1.3.0
     hooks:
       - id: detect-secrets
         args: ['--baseline', '.secrets.baseline']

.secrets.baseline

@@ -1,20 +1,18 @@
 {
-  "custom_plugin_paths": [],
-  "exclude": {
-    "files": null,
-    "lines": null
-  },
-  "generated_at": "2020-09-21T15:31:24Z",
+  "version": "1.3.0",
   "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
     {
       "name": "AWSKeyDetector"
     },
     {
-      "name": "ArtifactoryDetector"
+      "name": "AzureStorageKeyDetector"
     },
     {
-      "base64_limit": 4.5,
-      "name": "Base64HighEntropyString"
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
     },
     {
       "name": "BasicAuthDetector"
@@ -23,8 +21,11 @@
       "name": "CloudantDetector"
     },
     {
-      "hex_limit": 3,
-      "name": "HexHighEntropyString"
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
     },
     {
       "name": "IbmCloudIamDetector"
@@ -36,32 +37,77 @@
       "name": "JwtTokenDetector"
     },
     {
-      "keyword_exclude": null,
-      "name": "KeywordDetector"
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
     },
     {
       "name": "MailchimpDetector"
     },
+    {
+      "name": "NpmDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
+    {
+      "name": "SendGridDetector"
+    },
     {
       "name": "SlackDetector"
     },
     {
       "name": "SoftlayerDetector"
     },
+    {
+      "name": "SquareOAuthDetector"
+    },
     {
       "name": "StripeDetector"
     },
     {
       "name": "TwilioKeyDetector"
     }
   ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
   "results": {},
-  "version": "0.14.3",
-  "word_list": {
-    "file": null,
-    "hash": null
-  }
+  "generated_at": "2022-07-28T10:50:47Z"
 }

.terraform-docs.yml

@@ -0,0 +1,15 @@
+formatter: markdown table
+
+output:
+  mode: inject
+  template: |-
+    <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+    {{ .Content }}
+    <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+sections:
+  hide:
+    - providers
+
+sort:
+  by: required

.tflint.hcl

@@ -0,0 +1,11 @@
+plugin "terraform" {
+  enabled = true
+  version = "0.1.1"
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+  preset  = "recommended"
+}
+plugin "aws" {
+  enabled = true
+  version = "0.17.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}