github/pre-commit-opentofu
1
0
Fork 1
mirror of https://github.com/tofuutils/pre-commit-opentofu.git synced 2025-10-15 17:38:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

feat: Add GH checks and templates (#222)

Browse source
This commit is contained in:
Maksym Vlasov 2021-09-11 10:47:56 +03:00 committed by GitHub
commit 53a866e775
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 326 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

81
.github/ISSUE_TEMPLATE/bug_report_docker.md vendored Normal file
View file

@ -0,0 +1,81 @@
---
name: Local installation bug report
about: Create a bug report
labels:
- kind/bug
- area/docker
---
<!--
Thank you for helping to improve pre-commit-terraform!
Please be sure to search for open issues before raising a new one. We use issues
for bug reports and feature requests. Please note, this template is for bugs
report, not feature requests.
-->
### Describe the bug
<!--
Please let us know what behavior you expected and how terraform-docs diverged
from that behavior.
-->
### How can we reproduce it?
<!--
Help us to reproduce your bug as succinctly and precisely as possible. Any and
all steps or script that triggers the issue are highly appreciated!
Do you have long logs to share? Please use collapsible sections, that can be created via:
<details><summary>SECTION_NAME</summary>
```bash
YOUR_LOG_HERE
```
</details>
-->
### Environment information
* OS:
<!-- I.e.:
OS: Windows 10
OS: Win10 with Ubuntu 20.04 on WSL2
OS: MacOS
OS: Ubuntu 20.04
-->
* `docker info`:
<details><summary><code>command output</summary>
```bash
INSERT_OUTPUT_HERE
```
</details>
* Docker image tag/git commit:
* Tools versions. Don't forget to specify right tag in command -
`TAG=latest && docker run --entrypoint cat pre-commit:$TAG /usr/bin/tools_versions_info`
```bash
INSERT_OUTPUT_HERE
```
* `.pre-commit-config.yaml`:
<details><summary>file content</summary>
```bash
INSERT_FILE_CONTENT_HERE
```
</details>

106
.github/ISSUE_TEMPLATE/bug_report_local_install.md vendored Normal file
View file

@ -0,0 +1,106 @@
---
name: Docker bug report
about: Create a bug report
labels:
- kind/bug
- area/local_installation
---
<!--
Thank you for helping to improve pre-commit-terraform!
Please be sure to search for open issues before raising a new one. We use issues
for bug reports and feature requests. Please note, this template is for bugs
report, not feature requests.
-->
### Describe the bug
<!--
Please let us know what behavior you expected and how terraform-docs diverged
from that behavior.
-->
### How can we reproduce it?
<!--
Help us to reproduce your bug as succinctly and precisely as possible. Any and
all steps or script that triggers the issue are highly appreciated!
Do you have long logs to share? Please use collapsible sections, that can be created via:
<details><summary>SECTION_NAME</summary>
```bash
YOUR_LOG_HERE
```
</details>
-->
### Environment information
* OS:
<!-- I.e.:
OS: Windows 10
OS: Win10 with Ubuntu 20.04 on WSL2
OS: MacOS
OS: Ubuntu 20.04
-->
* `uname -a` and/or `systeminfo | Select-String "^OS"` output:
```bash
INSERT_OUTPUT_HERE
```
<!-- I.e.:
```bash
PS C:\Users\vm> systeminfo | Select-String "^OS"
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19043 N/A Build 19043
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
$ uname -a
Linux DESKTOP-C7315EF 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
```
-->
* Tools availability and versions:
<!-- For check all needed version run next script:
$0 << EOF
pre-commit --version 2>/dev/null || echo "pre-commit SKIPPED"
terraform --version | head -n 1 2>/dev/null || echo "terraform SKIPPED"
python --version 2>/dev/null || echo "python SKIPPED"
python3 --version 2>/dev/null || echo "python3 SKIPPED"
echo -n "checkov " && checkov --version 2>/dev/null || echo "checkov SKIPPED"
terraform-docs --version 2>/dev/null || echo "terraform-docs SKIPPED"
terragrunt --version 2>/dev/null || echo "terragrunt SKIPPED"
echo -n "terrascan " && terrascan version 2>/dev/null || echo "terrascan SKIPPED"
tflint --version 2>/dev/null || echo "tflint SKIPPED"
echo -n "tfsec " && tfsec --version 2>/dev/null || echo "tfsec SKIPPED"
EOF
-->
```bash
INSERT_TOOLS_VERSIONS_HERE
```
* `.pre-commit-config.yaml`:
<details><summary>file content</summary>
```bash
INSERT_FILE_CONTENT_HERE
```
</details>

29
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View file

@ -0,0 +1,29 @@
---
name: Feature request
about: Suggest an idea for this project
labels:
- kind/feature
---
<!--
Thank you for helping to improve pre-commit-terraform!
Please be sure to search for open issues before raising a new one. We use issues
for bug reports and feature requests. Please note, this template is for feature
requests, not bugs report.
-->
### What problem are you facing?
<!--
Please tell us a little about your use case - it's okay if it's hypothetical!
Leading with this context helps frame the feature request so we can ensure we
implement it sensibly.
--->
### How could pre-commit-terraform help solve your problem?
<!--
Let us know how you think pre-commit-terraform could help with your use case.
-->

31
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,31 @@
<!--
Thank you for helping to improve pre-commit-terraform!
-->
Put an `x` into the box if that apply:
- [ ] This PR introduces breaking change.
- [ ] This PR fixes a bug.
- [ ] This PR adds new functionality.
- [ ] This PR enhances existing functionality.
### Description of your changes
<!--
Briefly describe what this pull request does. Be sure to direct your reviewers'
attention to anything that needs special consideration.
We love pull requests that resolve an open pre-commit-terraform issue. If yours does, you
can uncomment the below line to indicate which issue your PR fixes, for example
"Fixes #123":
-->
<!-- Fixes # -->
### How has this code been tested
<!--
Before reviewers can be confident in the correctness of this pull request, it
needs to tested and shown to be correct. Briefly describe the testing that has
already been done or which is planned for this change.
-->

27
.github/workflows/pre-commit.yaml vendored Normal file
View file

@ -0,0 +1,27 @@
name: Common issues check
on: [pull_request]
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: |
git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
- name: Get changed files
id: file_changes
run: |
export DIFF=$(git diff --name-only origin/${{ github.base_ref }} ${{ github.sha }})
echo "Diff between ${{ github.base_ref }} and ${{ github.sha }}"
echo "::set-output name=files::$( echo "$DIFF" | xargs echo )"
- uses: actions/setup-python@v2
with:
python-version: '3.9'
- name: Execute pre-commit
uses: pre-commit/action@v2.0.0
env:
SKIP: no-commit-to-branch
with:
token: ${{ secrets.GITHUB_TOKEN }}
extra_args: --color=always --show-diff-on-failure --files ${{ steps.file_changes.outputs.files }}

34
.github/workflows/stale-actions.yaml vendored Normal file
View file

@ -0,0 +1,34 @@
name: "Mark or close stale issues and PRs"
on:
schedule:
- cron: "0 0 * * *"
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Staling issues and PR's
days-before-stale: 30
stale-issue-label: lifecycle/stale
stale-pr-label: lifecycle/stale
stale-issue-message: |
This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days
stale-pr-message: |
This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days
# Not stale if have this labels
exempt-issue-labels: kind/bug,lifecycle/active,lifecycle/frozen
exempt-pr-labels: kind/bug,lifecycle/active,lifecycle/frozen
# If unstale
labels-to-remove-when-unstale: lifecycle/stale
# Close issue operations
# Label will be automatically removed if the issues are no longer closed nor locked.
days-before-close: 10
close-issue-label: lifecycle/rotten
delete-branch: true
close-issue-message: This issue was automatically closed because of stale in 10 days
close-pr-message: This PR was automatically closed because of stale in 10 days

22
Dockerfile
View file

@ -123,18 +123,18 @@ RUN . /.env && \
) && chmod +x tfsec \
; fi
# Checking binaries versions
# Checking binaries versions and write it to debug file
RUN . /.env && \
echo "\n\n" && \
pre-commit --version && \
terraform --version | head -n 1 && \
(if [ "$CHECKOV_VERSION" != "false" ]; then echo -n "checkov " && checkov --version; else echo "checkov SKIPPED" ; fi) && \
(if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then ./terraform-docs --version; else echo "terraform-docs SKIPPED"; fi) && \
(if [ "$TERRAGRUNT_VERSION" != "false" ]; then ./terragrunt --version; else echo "terragrunt SKIPPED" ; fi) && \
(if [ "$TERRASCAN_VERSION" != "false" ]; then echo -n "terrascan " && ./terrascan version; else echo "terrascan SKIPPED" ; fi) && \
(if [ "$TFLINT_VERSION" != "false" ]; then ./tflint --version; else echo "tflint SKIPPED" ; fi) && \
(if [ "$TFSEC_VERSION" != "false" ]; then echo -n "tfsec " && ./tfsec --version; else echo "tfsec SKIPPED" ; fi) && \
echo "\n\n"
F=tools_versions_info && \
pre-commit --version >> $F && \
terraform --version | head -n 1 >> $F && \
(if [ "$CHECKOV_VERSION" != "false" ]; then echo "checkov $(checkov --version)" >> $F; else echo "checkov SKIPPED" >> $F ; fi) && \
(if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then ./terraform-docs --version >> $F; else echo "terraform-docs SKIPPED" >> $F; fi) && \
(if [ "$TERRAGRUNT_VERSION" != "false" ]; then ./terragrunt --version >> $F; else echo "terragrunt SKIPPED" >> $F ; fi) && \
(if [ "$TERRASCAN_VERSION" != "false" ]; then echo "terrascan $(./terrascan version)" >> $F; else echo "terrascan SKIPPED" >> $F ; fi) && \
(if [ "$TFLINT_VERSION" != "false" ]; then ./tflint --version >> $F; else echo "tflint SKIPPED" >> $F ; fi) && \
(if [ "$TFSEC_VERSION" != "false" ]; then echo "tfsec $(./tfsec --version)" >> $F; else echo "tfsec SKIPPED" >> $F ; fi) && \
echo "\n\n" && cat $F && echo "\n\n"
# based on debian:buster-slim
# https://github.com/docker-library/python/blob/master/3.9/buster/slim/Dockerfile

7
README.md
View file

@ -37,6 +37,7 @@
</sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub><br><br>
* [`checkov`](https://github.com/bridgecrewio/checkov) required for `checkov` hook.
* [`terraform-docs`](https://github.com/terraform-docs/terraform-docs) required for `terraform_docs` hooks.
* [`terragrunt`](https://terragrunt.gruntwork.io/docs/getting-started/install/) required for `terragrunt_validate` hook.
* [`terrascan`](https://github.com/accurics/terrascan) required for `terrascan` hook.
* [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook.
* [`TFSec`](https://github.com/liamg/tfsec) required for `terraform_tfsec` hook.
@ -163,6 +164,12 @@ Docker:
docker run -v $(pwd):/lint -w /lint pre-commit run -a
```
> You be able list tools versions when needed
>
> ```bash
> TAG=latest && docker run --entrypoint cat pre-commit:$TAG /usr/bin/tools_versions_info
> ```
## Available Hooks
There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape: