Merge pull request #4 from clouddrove/test-cognito

Test cognito
clouddrove · Dec 5, 2022 · cedf0ca · cedf0ca
2 parents efca761 + bbb6d42
commit cedf0ca
Show file tree

Hide file tree

Showing 13 changed files with 556 additions and 502 deletions.
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
@@ -12,30 +12,30 @@ jobs:
       - name: 'Checkout'
         uses: actions/checkout@master
 
-      - name: Set up Python 3.7.
+      - name: 'Set up Python 3.7'
         uses: actions/setup-python@v2
         with:
           python-version: '3.x'
 
       - name: 'create readme'
-        uses: 'clouddrove/github-actions@v4.0'
+        uses: 'clouddrove/github-actions@v9.0.1'
         with:
           actions_subcommand: 'readme'
           github_token: '${{ secrets.GITHUB}}'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
 
 
-      - name: pre-commit check errors
+      - name: 'pre-commit check errors'
         uses: pre-commit/action@v2.0.0
         continue-on-error: true
 
-      - name: pre-commit fix erros
+      - name: 'pre-commit fix erros'
         uses: pre-commit/action@v2.0.0
         continue-on-error: true
 
       - name: 'push readme'
-        uses: 'clouddrove/github-actions@v4.0'
+        uses: 'clouddrove/github-actions@v9.0.1'
         continue-on-error: true
         with:
           actions_subcommand: 'push'
@@ -51,4 +51,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+        if: always()
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -1,7 +1,7 @@
 name: static-checks
 
 on:
-  push:
+  pull_request:
 
 jobs:
   versionExtract:

diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml
@@ -6,29 +6,27 @@ on:
     types: [labeled]
 
 jobs:
-  terraform:
-    name: 'Terraform'
+  Terratest:
+    name: 'terratest'
     runs-on: ubuntu-latest
     steps:
 
       - name: 'Checkout'
-        uses: actions/checkout@master
+        uses: actions/checkout@v2.3.4
 
-      - name: Configure AWS Credentials
+      - name: 'Configure AWS Credentials'
         uses: clouddrove/configure-aws-credentials@v1
         with:
           aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
           aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
           aws-region: us-east-2
 
-      - name: 'Terratest'
-        if: ${{ github.event.label.name == 'terratest' }}
-        uses: 'clouddrove/github-actions@v4.0'
+      - name: 'terratest'
+        uses: 'clouddrove/github-actions@v9.0.1'
         with:
           actions_subcommand: 'terratest'
+          if: ${{ github.event.label.name == 'terratest' }}
           tf_actions_working_dir: '_test'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }
 
       - name: 'Slack Notification'
         uses: clouddrove/action-slack@v2

diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -0,0 +1,25 @@
+name: tfsec
+on:
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: aquasecurity/tfsec-sarif-action@v0.1.0
+        with:
+          sarif_file: tfsec.sarif
+          working_directory: _example
+          full_repo_scan: true
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif
diff --git a/.gitignore b/.gitignore
@@ -1,8 +1,40 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+
+
+
 # ignored files
 *.tfstate
 *.tfstate.backup
 .terraform
 .idea
 *.iml
-.terraform.tfstate.lock.info
-go.sum
+*.terraform.lock.hcl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,13 +1,21 @@
 repos:
-  - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.45.0
+
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
     hooks:
-    - id: terraform_fmt
+      - id: terraform-fmt
+      - id: shellcheck
+      - id: tflint
 
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1 # Use the ref you want to point at
     hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+      - id: check-byte-order-marker
+      - id: check-executables-have-shebangs
       - id: check-merge-conflict
+      - id: debug-statements
       - id: check-yaml
-      - id: check-added-large-files
-      - id: trailing-whitespace
+      - id: check-added-large-files