chore: synced file(s) with honestbank/.github

.checkov.yaml

@@ -10,3 +10,4 @@ quiet: true
 skip-path:
   - .external_modules
   - modules
+  - catalog-info.yml

.github/pull_request_template.md

@@ -6,7 +6,7 @@
 
 -->
 
-## Pull Request Submission Checklist
+### Pull Request Submission Checklist
 
 Please confirm that you have done the following before requesting reviews:
 
@@ -17,3 +17,9 @@ Please confirm that you have done the following before requesting reviews:
 ### Description
 
 * <!-- WRITE A SHORT DESCRIPTION OF CHANGES -->
+
+### Experiment Link
+
+<!-- All code changes require an experiment - you can get started at https://www.notion.so/honestbank/How-to-create-a-feature-flag-ON-OFF-on-GrowthBook-0a11a156397d4eca89fb76dad0eb921c?pvs=4 -->
+
+GrowthBook Experiment Link: https://app.growthbook.io/features/

.github/workflows/checkov.yaml

@@ -0,0 +1,27 @@
+# yamllint disable rule:line-length
+# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows
+---
+name: "repository-checkov"
+permissions: read-all
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    branches:
+      - test
+      - dev
+      - qa
+      - prod
+      - main
+  push:
+    branches:
+      - test
+      - dev
+      - qa
+      - prod
+      - main
+
+jobs:
+  repository-checkov:
+    name: repository-checkov
+    uses: honestbank/workflows/.github/workflows/shared-checkov.yaml@main
+    secrets: inherit

.github/workflows/shiftleft-terraform.yaml

@@ -0,0 +1,33 @@
+# yamllint disable rule:line-length
+# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows
+---
+name: "repository-shiftleft-terraform"
+permissions: read-all
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    branches:
+      - test
+      - dev
+      - qa
+      - prod
+      - main
+  push:
+    branches:
+      - test
+      - dev
+      - qa
+      - prod
+      - main
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    # schedule a job to run every day at 17:30 UTC
+    - cron: '30 17 * * *'
+
+jobs:
+  repository-shiftleft-terraform:
+    name: repository-shiftleft-terraform
+    uses: honestbank/workflows/.github/workflows/shared-terraform-shiftleft.yaml@main
+    with:
+      repo_name: ${{ github.event.repository.name }}
+    secrets: inherit

.pre-commit-config.yaml

@@ -12,21 +12,28 @@ repos:
       - id: end-of-file-fixer
       - id: check-yaml
       - id: check-added-large-files
+      - id: detect-aws-credentials
+        args: ["--allow-missing-credentials"]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
     rev: v1.81.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
     hooks:
       - id: terraform_fmt
-      - id: terraform_docs
       - id: terraform_validate
-        exclude: (test/|examples/)
       - id: terraform_tfsec
-        exclude: (test/|examples/)
+        exclude: "test/"
       - id: terraform_checkov
-        exclude: (test/|examples/)
-  - repo: https://github.com/gitguardian/ggshield
-    rev: v1.16.0 # Update to latest version by running `pre-commit autoupdate`
+        exclude: "test/"
+  -   repo: https://github.com/gitguardian/ggshield
+      rev: v1.17.3
+      hooks:
+        - id: ggshield
+          language: python
+          stages: [commit]
+          args: [ 'secret', 'scan', 'pre-commit' ]
+  - repo: local
     hooks:
-      - id: ggshield
-        language: python
-        stages: [commit]
-        args: [ 'secret', 'scan', 'pre-commit' ]
+      - id: docs
+        name: docs
+        entry: make
+        args: [ 'docs' ]
+        language: system