ci: enable ci (#2250)

* ci: enable ci

* fix: rename for-ci to for-test

.github/workflows/apply.yaml

@@ -2,7 +2,7 @@
 name: apply
 on:
   push:
-    branches: [dummy] # Disabled. CHANGEME Replace dummy with main
+    branches: [main]
 env:
   TFACTION_IS_APPLY: 'true'
 jobs:
@@ -73,7 +73,7 @@ jobs:
           # If you use private registries, contents:read is required
           permissions: >-
             {
-              "contents:read"
+              "contents": "read"
             }
           # private repositories hosting private modules
           repositories: >-

.github/workflows/test.yaml

@@ -106,7 +106,6 @@ jobs:
 
   test:
     uses: ./.github/workflows/wc-test.yaml
-    if: 'false' # CHANGEME Please remove this.
     needs: path-filter
     permissions:
       id-token: write

templates/for-test/.tflint.hcl

@@ -0,0 +1,40 @@
+# https://github.com/terraform-linters/tflint/tree/master/docs/rules
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = false
+}

templates/for-test/aqua/aqua.yaml

@@ -0,0 +1,13 @@
+---
+# aqua - Declarative CLI Version Manager
+# https://aquaproj.github.io/
+checksum:
+  enabled: true
+  require_checksum: true
+#   supported_envs:
+#   - all
+registries:
+- type: standard
+  ref: v4.92.2 # renovate: depName=aquaproj/aqua-registry
+packages:
+  - import: imports/*.yaml

templates/for-test/aqua/imports/terraform.yaml

@@ -0,0 +1,2 @@
+packages:
+  - name: hashicorp/terraform@v1.6.2

templates/for-test/aqua/imports/tflint.yaml

@@ -0,0 +1,2 @@
+packages:
+  - name: terraform-linters/tflint@v0.48.0

templates/for-test/aqua/imports/trivy.yaml

@@ -0,0 +1,2 @@
+packages:
+  - name: aquasecurity/trivy@v0.46.0

templates/for-test/terraform.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_version = ">= 1.0"
+}
+
+terraform {
+  required_providers {
+    null = {
+      source  = "hashicorp/null"
+      version = "3.2.2"
+    }
+  }
+}

tfaction-root.yaml

@@ -42,6 +42,21 @@ target_groups:
   tfmigrate_apply_config:
     aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_tfmigrate_apply
 
+- working_directory: for-test/
+  target: for-test/
+  # aws_region: ap-northeast-1 # CHANGEME Fix the region if necessary
+  # s3_bucket_name_plan_file: '<S3 Bucket Name for Terraform Plan File>' # CHANGEME
+  # s3_bucket_name_tfmigrate_history: '<S3 Bucket Name for tfmigrate history files>' # CHANGEME
+  template_dir: templates/for-test
+  # terraform_plan_config:
+  #   aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_github_terraform_plan # CHANGEME
+  # tfmigrate_plan_config:
+  #   aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_github_tfmigrate_plan # CHANGEME
+  # terraform_apply_config:
+  #   aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_github_terraform_apply # CHANGEME
+  # tfmigrate_apply_config:
+  #   aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_github_tfmigrate_apply # CHANGEME
+
 - working_directory: github/services/
   target: github/
   aws_region: ap-northeast-1 # CHANGEME Fix the region if necessary