Changes for testing

tomer-ds · tomer-ds · commit 21448809ea70 · 2024-06-26T12:42:51.000+03:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml
@@ -1,14 +1,47 @@
-name: "Changelog"
+name: Changelog CI
 
 on:
   push:
     branches:
-      - "release/**"
+      - 'release/**'
     paths-ignore:
-      - "**.md"
+      - "*.md"
+  create:
+
+  workflow_call:
   workflow_dispatch:
 
 jobs:
-  call-workflow:
-    uses: jivygroup/om2-github-workflows/.github/workflows/changelog.yaml@main
-    secrets: inherit
+  generate-changelog:
+    if: contains(github.ref, 'release/')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install GitVersion
+        uses: gittools/actions/gitversion/setup@v1.1.1
+        with:
+          versionSpec: "5.12.0"
+
+      - name: Determine Version
+        id: gitversion
+        uses: gittools/actions/gitversion/execute@v1.1.1
+
+      - name: Run Changelog CI
+        uses: saadmk11/changelog-ci@v1.1.2
+        with:
+          config_file: .github/config/changelog-config.yaml
+          release_version: ${{ steps.gitversion.outputs.majorMinorPatch }}
+          github_token: ${{ secrets.GITHUB_TOKEN  }}
+        
+      - name: Notify Slack
+        if: failure()
+        uses: act10ns/slack@v2
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        with:
+          status: ${{ job.status }}
+          channel: "#phoenix-builds"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,11 +1,26 @@
-name: "Release"
+name: Create Release
 
 on:
   push:
     tags:
       - "*"
+  workflow_call:
+  workflow_dispatch:
 
 jobs:
-  call-workflow:
-    uses: jivygroup/om2-github-workflows/.github/workflows/release.yaml@main
-    secrets: inherit
+  create_release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Create GitHub Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ github.ref }}
+          draft: false
+          prerelease: false
diff --git a/.github/workflows/terraform-checks.yaml b/.github/workflows/terraform-checks.yaml
@@ -0,0 +1,123 @@
+name: "Terraform Checks"
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+      - release/*
+  pull_request:
+    branches: [main, develop, release/*]
+    types: [opened, labeled, synchronize]
+  workflow_dispatch:
+
+permissions: 
+  contents: write
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  terraform-format:
+    name: "Terraform Code Format Checks"
+    runs-on: large-ubuntu-latest
+    timeout-minutes: 1
+    defaults:
+      run:
+        working-directory: ${{ inputs.working-directory }}
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ vars.TF_VERSION }}
+          terraform_wrapper: false
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check
+
+  terrascan:
+    name: "Terrascan"
+    runs-on: large-ubuntu-latest
+    timeout-minutes: 2
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Terrascan
+        id: terrascan
+        uses: tenable/terrascan-action@main
+        with:
+          iac_dir: ${{ inputs.working-directory }}
+          iac_type: "terraform"
+          iac_version: "v14"
+          policy_type: "aws"
+          only_warn: true
+          sarif_upload: true
+          #scm_token: ${{ secrets.ACCESS_TOKEN }}
+          #verbose: true
+          #non_recursive:
+          #policy_path:
+          #skip_rules:
+          #config_path:
+          #find_vulnerabilities:
+          #webhook_url:
+          #webhook_token:
+
+  checkov:
+    name: "Checkov"
+    runs-on: large-ubuntu-latest
+    timeout-minutes: 2
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Checkov action
+        id: checkov
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: ${{ inputs.working-directory }}
+          quiet: true # optional: display only failed checks
+          soft_fail: true # optional: do not return an error code if there are failed checks
+          framework: terraform # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
+          output_format: sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
+          download_external_modules: true # optional: download external terraform modules from public git repositories and terraform registry
+          log_level: DEBUG # optional: set log level. Default WARNING
+          container_user: 1000 # optional: Define what UID and / or what GID to run the container under to prevent permission issues
+          skip_check: CKV_TF_1,CKV2_AWS_5 # optional: skip a specific check_id. can be comma separated list
+          #file: example/tfplan.json # optional: provide the path for resource to be scanned. This will override the directory if both are provided.
+          #check: CKV_AWS_1 # optional: run only a specific check_id. can be comma separated list
+          #config_file: path/this_file
+          #baseline: cloudformation/.checkov.baseline # optional: Path to a generated baseline file. Will only report results not in the baseline.
+
+  docs:
+    runs-on: large-ubuntu-latest
+    if: contains(github.ref, 'pull')
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render terraform docs inside the README.md and push changes back to PR branch
+        uses: terraform-docs/gh-actions@v1
+        with:
+          working-dir: ${{ inputs.working-directory }}
+          git-push: "true"
+          git-commit-message: "[skip ci] terraform-docs: Update READMEs"
+          git-push-sign-off: true
+        
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
diff --git a/README.md b/README.md
@@ -1,28 +1,18 @@
-# om2-terraform-template
+# om2-candidate
 
-A repo for a terraform-based repos.
+Welcome to OM2.
+This repo holds the candidate excercise to help us guage technical profficiency.
 
-## Usage
+## Excercise
 
-This repository is intended to be used as a template for other Terraform repositories.  To use it:
-
-- Either click the "Use this template" button above, or select the template in the New Repository template selection drop-down.
-  - Ensure to select to use only the default branch and NOT ALL branches.
-  - Please note that only Code Owners can create repositories for purposes of coinsistency.
-- This will create a new repository in your account with the same files and directory structure as this one.
-- Configure the repository settings as needed:
-  - Add colaborators by teams ONLY. No individual users should be added as collaborators.
-  - Add branch protection policies to develop and main branches. (might already exist)
-- You can then clone that repository to your local machine and start working on it.
-- Once cloned create Main branch and push it
-- Create an initial tag (like 0.0.1) and push it to create initial release so that ChangeLog workflow will have a starting point to work with.
-- Create first PR and start coding
-- Ensure to change all references to names 
-
-## Best Practices for New Repositories
-
-- Ensure to update the Readme.md file with the appropriate information for the repository.
-- Create an example in the examples folder that can be used for testing.
+- Implement the terraform code for the simplest possible EKS cluster with a single t3.micro node.
+- Implement a github workflow that will run `terraform plan` and `terraform apply` on every push to the main branch or a PR against develop.
+- Use pre-commit to ensure code standards are met.
+- Document your changes
+- Use `terraform test` framework to write a simple test of something in the code
+- Check if there are any Terraform versions that should be updated in the codebase
+- If possible create the cluster
+- Once you have a cluster install some community helm chart on it.
 
 
 <!-- BEGIN_TF_DOCS -->
@@ -49,4 +39,4 @@ No inputs.
 ## Outputs
 
 No outputs.
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/pre-commit.ps1 b/pre-commit.ps1
@@ -6,7 +6,7 @@ param (
     $TestNamesRegex = "null"
 )
 
-$TAG = "latest"
+$TAG = "main"
 docker run --rm -v ${pwd}:/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a
 
 $tests = Get-ChildItem -Recurse -Filter '*.tftest.hcl' -File | Sort-Object
@@ -28,7 +28,7 @@ $tests | ForEach-Object -Parallel {
     }
     Write-Output "Running test: $($_.FullName)"
     terraform init -upgrade
-    terraform validate
+    terraform validate -force
     terraform test
     $currentLocation = Get-Location
     if ($currentLocation -ne $startingLocation) {
