From 0dd7d724dcda91370778d373ab3e58f3ebb6b6b5 Mon Sep 17 00:00:00 2001 From: Charles Bushong Date: Thu, 21 Dec 2023 13:15:41 -0500 Subject: [PATCH] configure precommit ci (#13) * Adding pre-commit config * Adding markdown files * terraform-docs: automated action --------- Co-authored-by: github-actions[bot] --- .github/workflows/pre-commit.yaml | 56 +++++++++++++++++++++++++++++++ .pre-commit-config.yaml | 20 ++++++++--- LICENSE.md | 34 +++++++++++++++++++ README.md | 12 ++++--- SECURITY.md | 17 ++++++++++ 5 files changed, 131 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/pre-commit.yaml create mode 100644 LICENSE.md create mode 100644 SECURITY.md diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml new file mode 100644 index 0000000..aeda5ec --- /dev/null +++ b/.github/workflows/pre-commit.yaml @@ -0,0 +1,56 @@ +on: + pull_request: + push: + branches: [main] + +jobs: + tf_docs: + name: Render Terraform Docs + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.0.0 + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" + pre_commit: + name: Run pre-commit and commit any autocorrections + # Depends on tf_docs to avoid conflicts when changes are being written by both tf_docs and pre-commit + needs: tf_docs + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.6 + - name: Setup Terragrunt + uses: autero1/action-terragrunt@v1.1.0 + with: + terragrunt_version: 0.54.8 + # To avoid rate-limiting + token: ${{ secrets.GITHUB_TOKEN }} + - uses: terraform-linters/setup-tflint@v3 + name: TFLint - Setup + with: + tflint_version: latest + + - name: TFLint - Init + run: tflint --init + env: + # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting + GITHUB_TOKEN: ${{ github.token }} + - name: TFLint - Show version + run: tflint --version + - uses: actions/setup-python@v4 + with: + python-version: 3.x + - uses: pre-commit/action@v3.0.0 + - uses: pre-commit-ci/lite-action@v1.0.1 + if: always() diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 11d16c9..e760372 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,7 +2,7 @@ # See https://pre-commit.com/hooks.html for more hooks repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -10,10 +10,22 @@ repos: args: ["--allow-multiple-documents"] - id: check-added-large-files - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases + rev: v1.85.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases hooks: - id: terraform_fmt # args: ["--enable require-variable-braces,deprecate-which"] - id: terraform_tflint - exclude: .* + args: + - "--args=--fix" - id: terragrunt_fmt - - id: terraform_docs + #- id: terraform_docs +ci: + autofix_commit_msg: | + [pre-commit.ci] auto fixes from pre-commit.com hooks + + for more information, see https://pre-commit.ci + autofix_prs: true + autoupdate_branch: '' + autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate' + autoupdate_schedule: weekly + skip: [terraform_fmt, terraform_tflint, terragrunt_fmt, terraform_docs] + submodules: false diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..f2a0872 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,34 @@ +# License + +As a work of the [United States government](https://www.usa.gov/), this project +is in the public domain within the United States of America. + +Additionally, we waive copyright and related rights in the work worldwide +through the CC0 1.0 Universal public domain dedication. + +## CC0 1.0 Universal Summary + +This is a human-readable summary of the [Legal Code (read the full +text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode). + +### No Copyright + +The person who associated a work with this deed has dedicated the work to the +public domain by waiving all of their rights to the work worldwide under +copyright law, including all related and neighboring rights, to the extent +allowed by law. + +You can copy, modify, distribute, and perform the work, even for commercial +purposes, all without asking permission. + +### Other Information + +In no way are the patent or trademark rights of any person affected by CC0, nor +are the rights that other persons may have in the work or in how the work is +used, such as publicity or privacy rights. + +Unless expressly stated otherwise, the person who associated a work with this +deed makes no warranties about the work, and disclaims liability for all uses +of the work, to the fullest extent permitted by applicable law. When using or +citing the work, you should not imply endorsement by the author or the +affirmer. diff --git a/README.md b/README.md index 32d26ae..09e8d15 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,18 @@ # batcave-tf-gatus -For deploying the Gatus service within ECS, as well as supporting persistent data needs. - ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.0 | ## Modules @@ -23,6 +24,7 @@ No requirements. | Name | Type | |------|------| +| [aws_ecs_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource | | [aws_efs_file_system.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource | | [aws_efs_mount_target.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource | | [aws_route53_record.dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | @@ -34,6 +36,7 @@ No requirements. | [aws_security_group_rule.ingress_prefix_list](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | | [aws_security_group_rule.ingress_prefix_list_80](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | | [aws_acm_certificate.acm_certificate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/acm_certificate) | data source | +| [aws_ecs_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecs_cluster) | data source | | [aws_iam_policy_document.fargate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_kms_key.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | | [aws_route53_zone.cms_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | @@ -46,6 +49,7 @@ No requirements. | [certificate\_arns](#input\_certificate\_arns) | n/a | `list(any)` | `[]` | no | | [cluster\_name](#input\_cluster\_name) | n/a | `string` | `"batcave"` | no | | [config\_bucket\_name](#input\_config\_bucket\_name) | n/a | `string` | n/a | yes | +| [create\_ecs\_cluster](#input\_create\_ecs\_cluster) | Toggles either creating the ECS Cluster or looking up an existing one | `bool` | `true` | no | | [hosted\_zone\_dns](#input\_hosted\_zone\_dns) | n/a | `string` | `""` | no | | [iam\_role\_path](#input\_iam\_role\_path) | n/a | `string` | `""` | no | | [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | n/a | `string` | `"arn:aws:iam::373346310182:policy/cms-cloud-admin/developer-boundary-policy"` | no | diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..90e23aa --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Security and Responsible Disclosure Policy + +*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via +email or via GitHub Issues. Please use our website to submit vulnerabilities at +[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). +HHS maintains an acknowledgements page to recognize your efforts on behalf of +the American public, but you are also welcome to submit anonymously. + +Review the HHS Disclosure Policy and websites in scope: +[https://www.hhs.gov/vulnerability-disclosure-policy/index.html](https://www.hhs.gov/vulnerability-disclosure-policy/index.html). + +This policy describes *what systems and types of research* are covered under this +policy, *how to send* us vulnerability reports, and *how long* we ask security +researchers to wait before publicly disclosing vulnerabilities. + +If you have other cybersecurity related questions, please contact us at +[csirc@hhs.gov.](mailto:csirc@hhs.gov).