From 6595f99009c62ac7289eddb2df9ac16cd82ad8f5 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:10 +0400 Subject: [PATCH 01/16] Change by terraform in repo workflow config, Add .github/workflows/pre-commit.yaml --- .github/workflows/pre-commit.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/pre-commit.yaml diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml new file mode 100644 index 0000000..f43ab25 --- /dev/null +++ b/.github/workflows/pre-commit.yaml @@ -0,0 +1,23 @@ +name: Pre-Commit +on: + pull_request: + push: + branches: [main, master] +jobs: + terraform-validate: + runs-on: ubuntu-latest + permissions: + actions: write + contents: write + discussions: write + pull-requests: write + id-token: write + steps: + - name: Pre-Commit + uses: dasmeta/reusable-actions-workflows/pre-commit@4.2.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + path: modules/${{ matrix.path }} + continue-on-error: true From c5a6540e371e76c678ec5daeb1ac8c07fb6790b9 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:11 +0400 Subject: [PATCH 02/16] Change by terraform in repo workflow config, Add git-conventional-commits.json --- git-conventional-commits.json | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 git-conventional-commits.json diff --git a/git-conventional-commits.json b/git-conventional-commits.json new file mode 100644 index 0000000..009fca5 --- /dev/null +++ b/git-conventional-commits.json @@ -0,0 +1,41 @@ +{ + "convention" : { + "commitTypes": [ + "feat", + "fix", + "perf", + "refactor", + "style", + "test", + "build", + "ops", + "docs", + "merge", + "chore" + ], + "commitScopes": [], + "releaseTagGlobPattern": "v[0-9]*.[0-9]*.[0-9]*", + "issueRegexPattern": "(^|\\s)#\\d+(\\s|$)" + }, + "changelog" : { + "commitTypes": [ + "feat", + "fix", + "perf", + "merge" + ], + "includeInvalidCommits": true, + "commitScopes": [], + "commitIgnoreRegexPattern": "^WIP ", + "headlines": { + "feat": "Features", + "fix": "Bug Fixes", + "perf": "Performance Improvements", + "merge": "Merged Branches", + "breakingChange": "BREAKING CHANGES" + }, + "commitUrl": "https://github.com/ACCOUNT/REPOSITORY/commit/%commit%", + "commitRangeUrl": "https://github.com/ACCOUNT/REPOSITORY/compare/%from%...%to%?diff=split", + "issueUrl": "https://github.com/ACCOUNT/REPOSITORY/issues/%issue%" + } +} From f369cb03989e2b2ef46740bd3629d761e58cfad2 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:12 +0400 Subject: [PATCH 03/16] Change by terraform in repo workflow config, Add githooks/commit-msg --- githooks/commit-msg | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 githooks/commit-msg diff --git a/githooks/commit-msg b/githooks/commit-msg new file mode 100644 index 0000000..b760692 --- /dev/null +++ b/githooks/commit-msg @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# File generated by pre-commit: https://pre-commit.com +# ID: 138fd403232d2ddd5efb44317e38bf03 + +# start templated +INSTALL_PYTHON=/usr/bin/python3 +ARGS=(hook-impl --config=.pre-commit-config.yaml --hook-type=commit-msg) +# end templated + +HERE="$(cd "$(dirname "$0")" && pwd)" +ARGS+=(--hook-dir "$HERE" -- "$@") + +if command -v pre-commit > /dev/null; then + exec pre-commit "${ARGS[@]}" +elif [ -x "$INSTALL_PYTHON" ]; then + exec "$INSTALL_PYTHON" -mpre_commit "${ARGS[@]}" +else + echo '`pre-commit` not found. Did you forget to activate your virtualenv?' 1>&2 + exit 1 +fi From 9981387dff325cd39e0895556f383c81536d2566 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:14 +0400 Subject: [PATCH 04/16] Change by terraform in repo workflow config, Add .pre-commit-config.yaml --- .pre-commit-config.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..cd2b6fa --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,36 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.3.0 + hooks: + - id: check-added-large-files + - id: check-merge-conflict + - id: check-vcs-permalinks + - id: end-of-file-fixer + - id: trailing-whitespace + args: [--markdown-linebreak-ext=md] + exclude: CHANGELOG.md + - id: check-yaml + - id: check-merge-conflict + - id: check-case-conflict + - id: mixed-line-ending + args: [--fix=lf] + - id: detect-aws-credentials + args: ['--allow-missing-credentials'] + - id: detect-private-key + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.64.1 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - --hook-config=--path-to-file=README.md + - --hook-config=--add-to-existing-file=true + - --hook-config=--create-file-if-not-exist=true + - repo: https://github.com/qoomon/git-conventional-commits + rev: v2.4.0 + hooks: + - id: conventional-commits + - repo: https://github.com/zricethezav/gitleaks + rev: v8.12.0 + hooks: + - id: gitleaks From 74e881e351085e57f64af750ab9cb493ec0556b2 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:15 +0400 Subject: [PATCH 05/16] Change by terraform in repo workflow config, Add githooks/pre-commit --- githooks/pre-commit | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 githooks/pre-commit diff --git a/githooks/pre-commit b/githooks/pre-commit new file mode 100644 index 0000000..c3aacd8 --- /dev/null +++ b/githooks/pre-commit @@ -0,0 +1,4 @@ +#!/bin/bash + +set -e +pre-commit run --show-diff-on-failure --color=always --all-files From b689a5bf709af41e2c46ec599bd85e4c522f8e53 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:17 +0400 Subject: [PATCH 06/16] Change by terraform in repo workflow config, Add .github/workflows/terraform-test.yaml --- .github/workflows/terraform-test.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/terraform-test.yaml diff --git a/.github/workflows/terraform-test.yaml b/.github/workflows/terraform-test.yaml new file mode 100644 index 0000000..8a0f009 --- /dev/null +++ b/.github/workflows/terraform-test.yaml @@ -0,0 +1,27 @@ +name: Terraform Test +on: + pull_request: + push: + branches: [main, master] +jobs: + terraform-validate: + permissions: + actions: write + contents: write + discussions: write + pull-requests: write + id-token: write + runs-on: ubuntu-latest + strategy: + matrix: + path: + - / + + steps: + - uses: dasmeta/reusable-actions-workflows/terraform-test@4.2.0 + with: + aws-region: ${{ secrets.AWS_REGION}} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + path: ${{ matrix.path }} + continue-on-error: true From 5e35a690fa40176b2077da14656cad893ed2239e Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:18 +0400 Subject: [PATCH 07/16] Change by terraform in repo workflow config, Add .github/workflows/branch-name-check.yaml --- .github/workflows/branch-name-check.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/branch-name-check.yaml diff --git a/.github/workflows/branch-name-check.yaml b/.github/workflows/branch-name-check.yaml new file mode 100644 index 0000000..396e83c --- /dev/null +++ b/.github/workflows/branch-name-check.yaml @@ -0,0 +1,14 @@ +name: 'Branch Naming Check' +on: pull_request + +jobs: + branch-naming-rules: + runs-on: ubuntu-latest + steps: + - uses: deepakputhraya/action-branch-name@master + with: + regex: 'DMVP-[0-9]*' # Regex the branch should match. This example enforces grouping + allowed_prefixes: 'DMVP-' # All branches should start with the given prefix + ignore: master,develop # Ignore exactly matching branch names from convention + min_length: 5 # Min length of the branch name + max_length: 30 # Max length of the branch name From 5224ce60ee661d5f8003d097ac694e471767c91b Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:19 +0400 Subject: [PATCH 08/16] Change by terraform in repo workflow config, Add .github/workflows/checkov.yaml --- .github/workflows/checkov.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/checkov.yaml diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml new file mode 100644 index 0000000..960e52f --- /dev/null +++ b/.github/workflows/checkov.yaml @@ -0,0 +1,26 @@ +name: Checkov +on: + pull_request: + push: + branches: [main, master] +jobs: + terraform-validate: + runs-on: ubuntu-latest + permissions: + actions: write + contents: write + discussions: write + pull-requests: write + security-events: write + id-token: write + strategy: + matrix: + path: + - / + + steps: + - uses: dasmeta/reusable-actions-workflows/checkov@4.2.0 + with: + fetch-depth: 0 + directory: ${{ matrix.path }} + continue-on-error: true From ed490ab83be615ae230662709ffd858147b13713 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:21 +0400 Subject: [PATCH 09/16] Change by terraform in repo workflow config, Add .github/workflows/pr-title-checker.yaml --- .github/workflows/pr-title-checker.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/pr-title-checker.yaml diff --git a/.github/workflows/pr-title-checker.yaml b/.github/workflows/pr-title-checker.yaml new file mode 100644 index 0000000..0ad09fb --- /dev/null +++ b/.github/workflows/pr-title-checker.yaml @@ -0,0 +1,16 @@ +name: 'PR Title Checker' +on: + pull_request: + types: [edited, opened, synchronize, reopened] + +jobs: + title-check: + runs-on: ubuntu-latest + steps: + - uses: deepakputhraya/action-pr-title@v1.0.2 + with: + regex: 'DMVP-[0-9]*:' # Regex the title should match. + allowed_prefixes: 'DMVP-' # title should start with the given prefix + prefix_case_sensitive: false # title prefix are case insensitive + min_length: 5 # Min length of the title + max_length: -1 # Max length of the title From c574623af2895a73b00bb7a3246ce842945f499b Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:24 +0400 Subject: [PATCH 10/16] Change by terraform in repo workflow config, Add .github/workflows/tflint.yaml --- .github/workflows/tflint.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/tflint.yaml diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml new file mode 100644 index 0000000..78eb241 --- /dev/null +++ b/.github/workflows/tflint.yaml @@ -0,0 +1,30 @@ +name: Tflint +on: + pull_request: + push: + branches: [main, master] + +jobs: + terraform-validate: + permissions: + actions: write + contents: write + discussions: write + pull-requests: write + id-token: write + security-events: write + runs-on: ubuntu-latest + strategy: + matrix: + path: + - / + + steps: + - uses: dasmeta/reusable-actions-workflows/tflint@4.2.0 + with: + aws-region: ${{ secrets.AWS_REGION}} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + path: ${{ matrix.path }} + repo-token: ${{ secrets.GITHUB_TOKEN }} + continue-on-error: true From 4049ba016352603f4e328740d9dcc18d54025760 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:58:49 +0400 Subject: [PATCH 11/16] Change by terraform in repo workflow config, Add .github/dependabot.yaml --- .github/dependabot.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..2509343 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,17 @@ +version: 2 + +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: feat + + - package-ecosystem: "terraform" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: feat From 27c8c5bdc6e2dc6cab6eaea50417cf50aea5390f Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:59:10 +0400 Subject: [PATCH 12/16] Change by terraform in repo workflow config, Add .github/workflows/semantic-release.yaml --- .github/workflows/semantic-release.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/semantic-release.yaml diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml new file mode 100644 index 0000000..d6ce913 --- /dev/null +++ b/.github/workflows/semantic-release.yaml @@ -0,0 +1,22 @@ +name: Semantic-Release +on: [pull_request, push] +jobs: + publish: + runs-on: ubuntu-latest + permissions: + actions: write + contents: write + discussions: write + pull-requests: write + id-token: write + steps: + - uses: actions/checkout@v4 + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: 16 + - name: Semantic Release + uses: cycjimmy/semantic-release-action@v4 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} From f942315cba9d6317b763577d70003c3f4e5b1029 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:59:15 +0400 Subject: [PATCH 13/16] Change by terraform in repo workflow config, Add commitlint.config.js --- commitlint.config.js | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 commitlint.config.js diff --git a/commitlint.config.js b/commitlint.config.js new file mode 100644 index 0000000..81c4b92 --- /dev/null +++ b/commitlint.config.js @@ -0,0 +1,5 @@ +module.exports = { + extends: [ + "@commitlint/config-conventional" + ] +} From 0587c625956d17cab06771309ac4cbd49bf1db62 Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:59:26 +0400 Subject: [PATCH 14/16] Change by terraform in repo workflow config, Add package.json --- package.json | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 package.json diff --git a/package.json b/package.json new file mode 100644 index 0000000..1782661 --- /dev/null +++ b/package.json @@ -0,0 +1,22 @@ +{ + "name": "app", + "devDependencies": { + "@commitlint/cli": "^17.0.3", + "@commitlint/config-conventional": "^17.0.3", + "husky": "^8.0.1", + "@semantic-release/github": "^8.0.4", + "semantic-release": "^19.0.3" + }, + "release": { + "branches": [ + "main", "master", "next" + ] + }, + "private": true, + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + "@semantic-release/github", + "@semantic-release/npm" + ] +} From b8907a60377a867d15fff5e9a83cc7b0c797970d Mon Sep 17 00:00:00 2001 From: Viktorya Ghazaryan <76973530+viktoryathegreat@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:59:28 +0400 Subject: [PATCH 15/16] Change by terraform in repo workflow config, Add .github/workflows/tfsec.yaml --- .github/workflows/tfsec.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/tfsec.yaml diff --git a/.github/workflows/tfsec.yaml b/.github/workflows/tfsec.yaml new file mode 100644 index 0000000..3f9ad3b --- /dev/null +++ b/.github/workflows/tfsec.yaml @@ -0,0 +1,20 @@ +name: TFSEC +on: + pull_request: + push: + branches: [main, master] +jobs: + terraform-tfsec: + runs-on: ubuntu-latest + permissions: + actions: write + contents: write + discussions: write + pull-requests: write + id-token: write + security-events: write + steps: + - uses: dasmeta/reusable-actions-workflows/tfsec@4.2.0 + with: + fetch-depth: 0 + continue-on-error: true From 33af95a722f4a4c852092e1ec2ccd2e563d3d8f6 Mon Sep 17 00:00:00 2001 From: "Karapetyan, Aram" Date: Fri, 3 Nov 2023 11:08:08 +0100 Subject: [PATCH 16/16] chore(DMVP-0000): chmod hook files --- githooks/commit-msg | 0 githooks/pre-commit | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 githooks/commit-msg mode change 100644 => 100755 githooks/pre-commit diff --git a/githooks/commit-msg b/githooks/commit-msg old mode 100644 new mode 100755 diff --git a/githooks/pre-commit b/githooks/pre-commit old mode 100644 new mode 100755