From f53ad2dd258b864b06f55d1da70fa1662939cbac Mon Sep 17 00:00:00 2001 From: Honest Bot Date: Thu, 12 Sep 2024 02:53:03 +0000 Subject: [PATCH] ci: synced file(s) with honestbank/.github --- .github/pull_request_template.md | 3 ++- .github/workflows/checkov.yaml | 4 ++-- .github/workflows/semantic-pr.yaml | 19 ++++++++++++----- .github/workflows/terraform.yaml | 33 ++++++++++++++++++++++++++++++ .github/workflows/terratest.yaml | 30 +++++++++++++++++++++++++++ 5 files changed, 81 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/terraform.yaml create mode 100644 .github/workflows/terratest.yaml diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a178f2c..7e799e2 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -6,13 +6,14 @@ --> -## Pull Request Submission Checklist +### Pull Request Submission Checklist Please confirm that you have done the following before requesting reviews: - [ ] I have confirmed that the PR type is appropriate for the change I am making according to the [Honest Pull Request and Commit Message Naming Conventions](https://www.notion.so/honestbank/Pull-Request-and-Commit-Message-Naming-Conventions-bd97f2cbb34c4c73b1ff3a3e384b850c). - [ ] I have typed an adequate description that explains **why** I am making this change. - [ ] I have installed and run standard pre-commit hooks that lints and validates my code. +- [ ] All entities that I am working with are up-to-date in Backstage; if updates are needed, I have linked the relevant PRs. [Backstage guide](https://www.notion.so/honestbank/How-to-Write-a-Backstage-Service-Catalog-Entry-a-catalog-info-yaml-file-21845ff72e404b14aed2ac989fb202cf?pvs=4) ### Description diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml index 603695e..ccec113 100644 --- a/.github/workflows/checkov.yaml +++ b/.github/workflows/checkov.yaml @@ -25,8 +25,8 @@ jobs: fi - name: Output baseline contents to console run: | - echo "Checkov baseline file (.checkov.baseline) contents:" - cat .checkov.baseline + echo "Checkov baseline file (.checkov.baseline) contents:" + cat .checkov.baseline - name: Run Checkov id: checkov uses: bridgecrewio/checkov-action@master diff --git a/.github/workflows/semantic-pr.yaml b/.github/workflows/semantic-pr.yaml index 8d7887b..3627556 100644 --- a/.github/workflows/semantic-pr.yaml +++ b/.github/workflows/semantic-pr.yaml @@ -1,19 +1,28 @@ -name: "semantic-pull-request" -permissions: read-all +# yamllint disable rule:line-length +# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows + +# Use this workflow for public repos, since public repos cannot access our internal +# workflows repo. +--- +name: public-semantic-pr +permissions: + contents: write + pull-requests: write on: pull_request: types: - opened - edited + - reopened - synchronize jobs: - main: - name: semantic-pull-request + public-semantic-pr: + name: public-semantic-pr runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@v4 name: Semantic Pull Request env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml new file mode 100644 index 0000000..cbdc29f --- /dev/null +++ b/.github/workflows/terraform.yaml @@ -0,0 +1,33 @@ +name: "Terraform GitHub Action" +on: + pull_request: + # This workflow is meant for public Terraform module repositories + # which are generally component modules that follow trunk-based development. + branches: [main] +jobs: + terraform: + name: "terraform" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: "recursive" + - name: Set up Terraform + uses: hashicorp/setup-terraform@v3 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + - name: Terraform Format + id: fmt + run: terraform fmt + continue-on-error: true + - name: Terraform Init + id: init + run: terraform init + - name: Terraform Validate + id: validate + run: terraform validate -no-color + - name: Terraform Plan + id: plan + run: terraform plan -no-color + continue-on-error: true diff --git a/.github/workflows/terratest.yaml b/.github/workflows/terratest.yaml new file mode 100644 index 0000000..05041b1 --- /dev/null +++ b/.github/workflows/terratest.yaml @@ -0,0 +1,30 @@ +name: "Terratest GitHub Action" +on: + pull_request: + branches: [test, dev, qa, prod, main] + push: + branches: [test, dev, qa, prod, main] +env: + AWS_ACCESS_KEY_ID: ${{ secrets.TERRATEST_AWS_ACCESS_KEY_ID }} + AWS_SECRET_KEY: ${{ secrets.TERRATEST_AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.TERRATEST_AWS_REGION }} + AWS_REGION: ${{ secrets.TERRATEST_AWS_REGION }} +jobs: + terratest: + name: terratest + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: true + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: 1.20 + id: go + - name: Run 'go test -v -timeout 60m' + run: | + cd test + go mod download + go test -v -timeout 30m