-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #141 from xunleii/140-refresh-this-repo
♻️ Cleanup this repository
- Loading branch information
Showing
38 changed files
with
931 additions
and
415 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| { | ||
| "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json", | ||
| "name": "k3s Terraform module - Dev Container", | ||
| "image": "mcr.microsoft.com/vscode/devcontainers/universal", | ||
| "features": { | ||
| "ghcr.io/devcontainers-contrib/features/yamllint:2.0.9": {}, | ||
| "ghcr.io/devcontainers/features/terraform:1.3.5": { | ||
| "version": "1.6.2" | ||
| }, | ||
| "ghcr.io/devcontainers-contrib/features/go-task:1.0.5": {}, | ||
| "ghcr.io/dhoeric/features/terraform-docs:1.0.0": { | ||
| "version": "0.16.0" | ||
| }, | ||
| "ghcr.io/itsmechlark/features/act:1.0.0": {}, | ||
| "ghcr.io/itsmechlark/features/trivy:1.0.0": {} | ||
| }, | ||
| "customizations": { | ||
| "vscode": { | ||
| "extensions": [ | ||
| "bierner.github-markdown-preview", | ||
| "github.copilot", | ||
| "ms-vscode.makefile-tools", | ||
| "redhat.vscode-yaml", | ||
| "tylerharris.terraform-link-docs", | ||
| "yzhang.markdown-all-in-one", | ||
| "task.vscode-task" | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| name: Bug Report | ||
| description: File a bug report for this project | ||
| title: ":bug: " | ||
| labels: ["kind/bug"] | ||
| projects: ["xunleii/2"] | ||
|
|
||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Before opening a new issue, please search existing issues. | ||
| ---- | ||
| Thank you for filing a bug report! Please fill out the sections below to help us reproduce the bug. | ||
| - type: textarea | ||
| id: what_happened | ||
| attributes: | ||
| label: ":fire: What happened?" | ||
| description: Describe the issue you are experiencing here | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: what_expected | ||
| attributes: | ||
| label: ":+1: What did you expect to happen?" | ||
| description: Describe what you expected to happen here | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: how_reproduce | ||
| attributes: | ||
| label: ":mag: How can we reproduce the issue?" | ||
| description: Describe how to reproduce the problem in as much detail as possible | ||
| validations: | ||
| required: true | ||
|
|
||
| - type: input | ||
| id: module_version | ||
| attributes: | ||
| label: ":wrench: Module version" | ||
| description: Please provide the version of the module you are using | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: terraform_version | ||
| attributes: | ||
| label: ":wrench: Terraform version" | ||
| description: Please provide the version of Terraform you are using | ||
| validations: | ||
| required: true | ||
|
|
||
| - type: textarea | ||
| id: provider_list | ||
| attributes: | ||
| label: ":wrench: Terraform providers" | ||
| description: List all the providers you are using with their version (copy the output of `terraform providers`) | ||
| validations: | ||
| required: true | ||
|
|
||
| - type: textarea | ||
| id: additional_info | ||
| attributes: | ||
| label: ":clipboard: Additional information" | ||
| description: Please provide any additional information that might be useful | ||
| validations: | ||
| required: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| blank_issues_enabled: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| --- | ||
| name: '[bot] Close stale issues and PRs' | ||
| on: | ||
| schedule: | ||
| - cron: '0 0 * * *' | ||
|
|
||
| jobs: | ||
| stale: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| issues: write | ||
| pull-requests: write | ||
| steps: | ||
| - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 | ||
| with: | ||
| days-before-close: 7 | ||
| days-before-stale: 30 | ||
| exempt-issue-labels: no-stale | ||
| exempt-pr-labels: no-stale | ||
| repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
| stale-issue-label: status/stale | ||
| stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. If the issue still persists, please leave a comment and it will be reopened.' | ||
| stale-pr-label: status/stale | ||
| stale-pr-message: 'This pull request has been automatically marked as stale because it has not had recent activity. If the pull request still needs attention, please leave a comment and it will be reopened.' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| name: Security hardening (Terraform) | ||
|
|
||
| on: | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| trivy: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | ||
| - uses: aquasecurity/trivy-action@b77b85c0254bba6789e787844f0585cde1e56320 # v0.13.0 | ||
| with: | ||
| scan-type: config | ||
| scan-ref: . | ||
| exit-code: 1 | ||
| severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
121 changes: 121 additions & 0 deletions
121
.github/workflows/templates.terraform.pull_requests.lint.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| name: IaaS - Terraform CI (for pull requests) - Lint | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| terraform_workdir: | ||
| description: Working directory where Terraform files are | ||
| required: false | ||
| default: "." | ||
| type: string | ||
| terraform_version: | ||
| description: Terraform version that should we use (latest by default) | ||
| required: false | ||
| type: string | ||
|
|
||
| jobs: | ||
| # Terraform validate checks if your TF files are in a canonical format and without HCL issues | ||
| terraform_validate: | ||
| name: Terraform files validation | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 | ||
| - uses: hashicorp/setup-terraform@bbe167fbdaa1a3bd046bdd70eba9dd3dddcca99c # tag=v2.0.2 | ||
| with: | ||
| terraform_version: ${{ inputs.terraform_version }} | ||
| - name: Pre-hook Terraform workflow | ||
| id: pre | ||
| run: | | ||
| # Setup `workdir` suffix used to give more information during execution | ||
| if [[ '${{ inputs.terraform_workdir }}' == '.' ]]; then | ||
| echo "workdir=" >> "${GITHUB_OUTPUT}" | ||
| else | ||
| echo "workdir=(${{ inputs.terraform_workdir }})" >> "${GITHUB_OUTPUT}" | ||
| fi | ||
| # --- `terraform fmt` | ||
| - name: Check if all Terraform configuration files are in a canonical format ${{ steps.pre.outputs.workdir }} | ||
| id: fmt | ||
| run: terraform fmt -check -recursive -diff -no-color | ||
| working-directory: ${{ inputs.terraform_workdir }} | ||
| - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1 | ||
| if: failure() && steps.fmt.outcome == 'failure' | ||
| with: | ||
| recreate: true | ||
| header: tf::${{ steps.pre.outputs.workdir }} | ||
| message: | | ||
| # Terraform CI/CD ${{ steps.pre.outputs.workdir }} | ||
| - [ ] :paintbrush: Check if all Terraform configuration files are in a canonical format | ||
| ### 🚫 Failure reason | ||
| ```terraform | ||
| ${{ steps.fmt.outputs.stdout }} | ||
| ``` | ||
| <br/> | ||
| > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._ | ||
| # --- `terraform init` | ||
| - name: Initialize Terraform working directory ${{ steps.pre.outputs.workdir }} | ||
| id: init | ||
| env: | ||
| TF_IN_AUTOMATION: yes | ||
| run: terraform init -no-color -backend=false | ||
| working-directory: ${{ inputs.terraform_workdir }} | ||
| - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1 | ||
| if: failure() && steps.init.outcome == 'failure' | ||
| with: | ||
| recreate: true | ||
| header: tf::${{ steps.pre.outputs.workdir }} | ||
| message: | | ||
| # Terraform CI/CD ${{ steps.pre.outputs.workdir }} | ||
| - [x] :paintbrush: Check if all Terraform configuration files are in a canonical format | ||
| - [ ] :hammer_and_wrench: Validate the configuration files | ||
| ### 🚫 Failure reason | ||
| ``` | ||
| ${{ steps.init.outputs.stderr }} | ||
| ``` | ||
| <br/> | ||
| > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._ | ||
| # --- `terraform validate` | ||
| - name: Validate the configuration files ${{ steps.pre.outputs.workdir }} | ||
| id: validate | ||
| env: | ||
| TF_IN_AUTOMATION: yes | ||
| run: terraform validate -no-color | ||
| working-directory: ${{ inputs.terraform_workdir }} | ||
| - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1 | ||
| if: failure() && steps.validate.outcome == 'failure' | ||
| with: | ||
| recreate: true | ||
| header: tf::${{ steps.pre.outputs.workdir }} | ||
| message: | | ||
| # Terraform CI/CD ${{ steps.pre.outputs.workdir }} | ||
| - [x] :paintbrush: Check if all Terraform configuration files are in a canonical format | ||
| - [ ] :hammer_and_wrench: Validate the configuration files | ||
| ### 🚫 Failure reason | ||
| ``` | ||
| ${{ steps.validate.outputs.stderr }} | ||
| ``` | ||
| <br/> | ||
| > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._ | ||
| - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1 | ||
| if: success() | ||
| with: | ||
| recreate: true | ||
| header: tf::${{ steps.pre.outputs.workdir }} | ||
| message: | | ||
| # Terraform CI/CD ${{ steps.pre.outputs.workdir }} | ||
| - [x] :paintbrush: Check if all Terraform configuration files are in a canonical format | ||
| - [x] :hammer_and_wrench: Validate the configuration files | ||
| > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._ |
Oops, something went wrong.