honestbank · honestbank-bot · Sep 12, 2024 · Sep 12, 2024
@@ -6,13 +6,14 @@
 
 -->
 
-## Pull Request Submission Checklist
+### Pull Request Submission Checklist
 
 Please confirm that you have done the following before requesting reviews:
 
 - [ ] I have confirmed that the PR type is appropriate for the change I am making according to the [Honest Pull Request and Commit Message Naming Conventions](https://www.notion.so/honestbank/Pull-Request-and-Commit-Message-Naming-Conventions-bd97f2cbb34c4c73b1ff3a3e384b850c).
 - [ ] I have typed an adequate description that explains **why** I am making this change.
 - [ ] I have installed and run standard pre-commit hooks that lints and validates my code.
+- [ ] All entities that I am working with are up-to-date in Backstage; if updates are needed, I have linked the relevant PRs. [Backstage guide](https://www.notion.so/honestbank/How-to-Write-a-Backstage-Service-Catalog-Entry-a-catalog-info-yaml-file-21845ff72e404b14aed2ac989fb202cf?pvs=4)
 
 ### Description
 

@@ -25,8 +25,8 @@ jobs:
           fi
       - name: Output baseline contents to console
         run: |
-          echo "Checkov baseline file (.checkov.baseline) contents:"
-          cat .checkov.baseline
+            echo "Checkov baseline file (.checkov.baseline) contents:"
+            cat .checkov.baseline
       - name: Run Checkov
         id: checkov
         uses: bridgecrewio/checkov-action@master

@@ -1,19 +1,28 @@
-name: "semantic-pull-request"
-permissions: read-all
+# yamllint disable rule:line-length
+# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows
+
+# Use this workflow for public repos, since public repos cannot access our internal
+# workflows repo.
+---
+name: public-semantic-pr
+permissions:
+  contents: write
+  pull-requests: write
 
 on:
   pull_request:
     types:
       - opened
       - edited
+      - reopened
       - synchronize
 
 jobs:
-  main:
-    name: semantic-pull-request
+  public-semantic-pr:
+    name: public-semantic-pr
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v5
+      - uses: amannn/action-semantic-pull-request@v4
         name: Semantic Pull Request
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,33 @@
+name: "Terraform GitHub Action"
+on:
+  pull_request:
+    # This workflow is meant for public Terraform module repositories
+    # which are generally component modules that follow trunk-based development.
+    branches: [main]
+jobs:
+  terraform:
+    name: "terraform"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: "recursive"
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt
+        continue-on-error: true
+      - name: Terraform Init
+        id: init
+        run: terraform init
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan -no-color
+        continue-on-error: true
@@ -0,0 +1,30 @@
+name: "Terratest GitHub Action"
+on:
+  pull_request:
+    branches: [test, dev, qa, prod, main]
+  push:
+    branches: [test, dev, qa, prod, main]
+env:
+  AWS_ACCESS_KEY_ID: ${{ secrets.TERRATEST_AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_KEY: ${{ secrets.TERRATEST_AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: ${{ secrets.TERRATEST_AWS_REGION }}
+  AWS_REGION: ${{ secrets.TERRATEST_AWS_REGION }}
+jobs:
+  terratest:
+    name: terratest
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.20
+        id: go
+      - name: Run 'go test -v -timeout 60m'
+        run: |
+          cd test
+          go mod download
+          go test -v -timeout 30m