dasmeta · aramkarapetian · Nov 3, 2023 · Nov 3, 2023 · Nov 3, 2023 · Nov 3, 2023
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,17 @@
+version: 2
+
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: feat
+
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: feat
diff --git a/.github/workflows/branch-name-check.yaml b/.github/workflows/branch-name-check.yaml
@@ -0,0 +1,14 @@
+name: 'Branch Naming Check'
+on: pull_request
+
+jobs:
+  branch-naming-rules:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: deepakputhraya/action-branch-name@master
+        with:
+          regex: 'DMVP-[0-9]*' # Regex the branch should match. This example enforces grouping
+          allowed_prefixes: 'DMVP-' # All branches should start with the given prefix
+          ignore: master,develop # Ignore exactly matching branch names from convention
+          min_length: 5 # Min length of the branch name
+          max_length: 30 # Max length of the branch name
diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml
@@ -0,0 +1,26 @@
+name: Checkov
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      security-events: write
+      id-token: write
+    strategy:
+      matrix:
+        path:
+          - /
+
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/checkov@4.2.0
+      with:
+        fetch-depth: 0
+        directory: ${{ matrix.path }}
+      continue-on-error: true
diff --git a/.github/workflows/pr-title-checker.yaml b/.github/workflows/pr-title-checker.yaml
@@ -0,0 +1,16 @@
+name: 'PR Title Checker'
+on:
+  pull_request:
+    types: [edited, opened, synchronize, reopened]
+
+jobs:
+  title-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: deepakputhraya/action-pr-title@v1.0.2
+        with:
+          regex: 'DMVP-[0-9]*:' # Regex the title should match.
+          allowed_prefixes: 'DMVP-' # title should start with the given prefix
+          prefix_case_sensitive: false # title prefix are case insensitive
+          min_length: 5 # Min length of the title
+          max_length: -1 # Max length of the title
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,23 @@
+name: Pre-Commit
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+    steps:
+    - name: Pre-Commit
+      uses: dasmeta/reusable-actions-workflows/pre-commit@4.2.0
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: modules/${{ matrix.path }}
+      continue-on-error: true
diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml
@@ -0,0 +1,22 @@
+name:  Semantic-Release
+on: [pull_request, push]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/terraform-test.yaml b/.github/workflows/terraform-test.yaml
@@ -0,0 +1,27 @@
+name: Terraform Test
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-validate:
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - /
+
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/terraform-test@4.2.0
+      with:
+        aws-region: ${{ secrets.AWS_REGION}}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: ${{ matrix.path }}
+      continue-on-error: true
diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml
@@ -0,0 +1,30 @@
+name: Tflint
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+
+jobs:
+  terraform-validate:
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+      security-events: write
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        path:
+          - /
+
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/tflint@4.2.0
+      with:
+        aws-region: ${{ secrets.AWS_REGION}}
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        path: ${{ matrix.path }}
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+      continue-on-error: true
diff --git a/.github/workflows/tfsec.yaml b/.github/workflows/tfsec.yaml
@@ -0,0 +1,20 @@
+name: TFSEC
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+jobs:
+  terraform-tfsec:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      discussions: write
+      pull-requests: write
+      id-token: write
+      security-events: write
+    steps:
+    - uses: dasmeta/reusable-actions-workflows/tfsec@4.2.0
+      with:
+        fetch-depth: 0
+    continue-on-error: true
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,36 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-vcs-permalinks
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+        exclude: CHANGELOG.md
+      - id: check-yaml
+      - id: check-merge-conflict
+      - id: check-case-conflict
+      - id: mixed-line-ending
+        args: [--fix=lf]
+      - id: detect-aws-credentials
+        args: ['--allow-missing-credentials']
+      - id: detect-private-key
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.64.1
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+          - --hook-config=--path-to-file=README.md
+          - --hook-config=--add-to-existing-file=true
+          - --hook-config=--create-file-if-not-exist=true
+  - repo: https://github.com/qoomon/git-conventional-commits
+    rev: v2.4.0
+    hooks:
+      - id: conventional-commits
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.12.0
+    hooks:
+      - id: gitleaks
diff --git a/commitlint.config.js b/commitlint.config.js
@@ -0,0 +1,5 @@
+module.exports = {
+    extends: [
+        "@commitlint/config-conventional"
+    ]
+}
diff --git a/git-conventional-commits.json b/git-conventional-commits.json
@@ -0,0 +1,41 @@
+{
+  "convention" : {
+    "commitTypes": [
+      "feat",
+      "fix",
+      "perf",
+      "refactor",
+      "style",
+      "test",
+      "build",
+      "ops",
+      "docs",
+      "merge",
+      "chore"
+    ],
+    "commitScopes": [],
+    "releaseTagGlobPattern":  "v[0-9]*.[0-9]*.[0-9]*",
+    "issueRegexPattern": "(^|\\s)#\\d+(\\s|$)"
+  },
+  "changelog" : {
+    "commitTypes": [
+      "feat",
+      "fix",
+      "perf",
+      "merge"
+    ],
+    "includeInvalidCommits": true,
+    "commitScopes": [],
+    "commitIgnoreRegexPattern": "^WIP ",
+    "headlines": {
+      "feat": "Features",
+      "fix": "Bug Fixes",
+      "perf": "Performance Improvements",
+      "merge": "Merged Branches",
+      "breakingChange": "BREAKING CHANGES"
+    },
+    "commitUrl": "https://github.com/ACCOUNT/REPOSITORY/commit/%commit%",
+    "commitRangeUrl": "https://github.com/ACCOUNT/REPOSITORY/compare/%from%...%to%?diff=split",
+    "issueUrl": "https://github.com/ACCOUNT/REPOSITORY/issues/%issue%"
+  }
+}
diff --git a/githooks/commit-msg b/githooks/commit-msg
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# File generated by pre-commit: https://pre-commit.com
+# ID: 138fd403232d2ddd5efb44317e38bf03
+
+# start templated
+INSTALL_PYTHON=/usr/bin/python3
+ARGS=(hook-impl --config=.pre-commit-config.yaml --hook-type=commit-msg)
+# end templated
+
+HERE="$(cd "$(dirname "$0")" && pwd)"
+ARGS+=(--hook-dir "$HERE" -- "$@")
+
+if command -v pre-commit > /dev/null; then
+    exec pre-commit "${ARGS[@]}"
+elif [ -x "$INSTALL_PYTHON" ]; then
+    exec "$INSTALL_PYTHON" -mpre_commit "${ARGS[@]}"
+else
+    echo '`pre-commit` not found.  Did you forget to activate your virtualenv?' 1>&2
+    exit 1
+fi
diff --git a/githooks/pre-commit b/githooks/pre-commit
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+set -e
+pre-commit run --show-diff-on-failure --color=always --all-files
diff --git a/package.json b/package.json
@@ -0,0 +1,22 @@
+{
+  "name": "app",
+  "devDependencies": {
+    "@commitlint/cli": "^17.0.3",
+    "@commitlint/config-conventional": "^17.0.3",
+    "husky": "^8.0.1",
+    "@semantic-release/github": "^8.0.4",
+    "semantic-release": "^19.0.3"
+  },
+  "release": {
+    "branches": [
+      "main", "master", "next"
+    ]
+  },
+  "private": true,
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/github",
+    "@semantic-release/npm"
+  ]
+}