diff --git a/.checkov.yaml b/.checkov.yaml index 17517ac..63752a3 100644 --- a/.checkov.yaml +++ b/.checkov.yaml @@ -10,3 +10,4 @@ quiet: true skip-path: - .external_modules - modules + - catalog-info.yml diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a178f2c..039f966 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -6,7 +6,7 @@ --> -## Pull Request Submission Checklist +### Pull Request Submission Checklist Please confirm that you have done the following before requesting reviews: @@ -17,3 +17,9 @@ Please confirm that you have done the following before requesting reviews: ### Description * + +### Experiment Link + + + +GrowthBook Experiment Link: https://app.growthbook.io/features/ diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml new file mode 100644 index 0000000..1cbe949 --- /dev/null +++ b/.github/workflows/checkov.yaml @@ -0,0 +1,27 @@ +# yamllint disable rule:line-length +# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows +--- +name: "repository-checkov" +permissions: read-all + +on: # yamllint disable-line rule:truthy + pull_request: + branches: + - test + - dev + - qa + - prod + - main + push: + branches: + - test + - dev + - qa + - prod + - main + +jobs: + repository-checkov: + name: repository-checkov + uses: honestbank/workflows/.github/workflows/shared-checkov.yaml@main + secrets: inherit diff --git a/.github/workflows/shiftleft-terraform.yaml b/.github/workflows/shiftleft-terraform.yaml new file mode 100644 index 0000000..20fa16a --- /dev/null +++ b/.github/workflows/shiftleft-terraform.yaml @@ -0,0 +1,33 @@ +# yamllint disable rule:line-length +# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows +--- +name: "repository-shiftleft-terraform" +permissions: read-all + +on: # yamllint disable-line rule:truthy + pull_request: + branches: + - test + - dev + - qa + - prod + - main + push: + branches: + - test + - dev + - qa + - prod + - main + schedule: + # * is a special character in YAML so you have to quote this string + # schedule a job to run every day at 17:30 UTC + - cron: '30 17 * * *' + +jobs: + repository-shiftleft-terraform: + name: repository-shiftleft-terraform + uses: honestbank/workflows/.github/workflows/shared-terraform-shiftleft.yaml@main + with: + repo_name: ${{ github.event.repository.name }} + secrets: inherit diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f274372..cf76e20 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,21 +12,28 @@ repos: - id: end-of-file-fixer - id: check-yaml - id: check-added-large-files + - id: detect-aws-credentials + args: ["--allow-missing-credentials"] - repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.81.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases hooks: - id: terraform_fmt - - id: terraform_docs - id: terraform_validate - exclude: (test/|examples/) - id: terraform_tfsec - exclude: (test/|examples/) + exclude: "test/" - id: terraform_checkov - exclude: (test/|examples/) - - repo: https://github.com/gitguardian/ggshield - rev: v1.16.0 # Update to latest version by running `pre-commit autoupdate` + exclude: "test/" + - repo: https://github.com/gitguardian/ggshield + rev: v1.17.3 + hooks: + - id: ggshield + language: python + stages: [commit] + args: [ 'secret', 'scan', 'pre-commit' ] + - repo: local hooks: - - id: ggshield - language: python - stages: [commit] - args: [ 'secret', 'scan', 'pre-commit' ] + - id: docs + name: docs + entry: make + args: [ 'docs' ] + language: system