diff --git a/.github/issue_label_bot.yaml b/.github/issue_label_bot.yaml new file mode 100644 index 0000000..eae2b86 --- /dev/null +++ b/.github/issue_label_bot.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +label-alias: + bug: 'kind/bug' + feature_request: 'kind/feature' + question: 'kind/question' diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..6fe273e --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,35 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Labels for action/labeler + +area/kubernetes: + - kubernetes/* + - kubernetes/**/* + +area/gcp: + - iac/gcp/* + - iac/gcp/**/* + +area/aws: + - iac/aws/* + - iac/aws/**/* + +area/azure: + - iac/azure/* + - iac/azure/**/* + +kind/documentation: + - docs/* + - docs/**/* diff --git a/.github/labels.yaml b/.github/labels.yaml new file mode 100644 index 0000000..3330ddc --- /dev/null +++ b/.github/labels.yaml @@ -0,0 +1,62 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# labels to be used with /area command +area: + - 'gcp' + - 'aws' + - 'azure' + - 'kubernetes' + +kind: + - 'documentation' + - 'discussion' + - 'feature' + - 'question' + +priority: + - 'low' + - 'medium' + - 'high' + - 'critical' + +status: + - available + - blocked + - in_progress + - on_hold + +# File globs for PR labeler +# tests: +# - '**/*.test.ts' + +'area/kubernetes': + - kubernetes/* + - kubernetes/**/* + +'area/gcp': + - iac/gcp/* + - iac/gcp/**/* + +'area/aws': + - iac/aws/* + - iac/aws/**/* + +'area/azure': + - iac/azure/* + - iac/azure/**/* + +'kind/documentation': + - docs/* + - docs/**/* diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..9f17d2a --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,59 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name-template: 'v$RESOLVED_VERSION 🌈' +tag-template: 'v$RESOLVED_VERSION' +# https://gitmoji.carloscuesta.me/ +categories: + - title: '🚀 Features' + labels: + - 'feature' + - 'enhancement' + - 'kind/feature' + - 'kind/enhancement' + - title: '🐛 Bug Fixes' + labels: + - 'kind/bug' + - 'fix' + - 'bugfix' + - 'bug' + - title: '🚨 Maintenance' + labels: + - 'area/renovate' + - 'kind/renovate' + - 'dependency/flux' + - 'chore' + - title: '📝 Documentation' + labels: + - 'kind/documentation' + - title: '💡 Question' + labels: + - 'kind/question' +change-template: '- $TITLE @$AUTHOR (#$NUMBER)' +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + patch: + labels: + - 'patch' + default: patch +template: | + ## 🚧 Changes + + $CHANGES diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..b59cd44 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,84 @@ +{ + "extends": [ + "config:base", + ":gitSignOff" + ], + "enabled": true, + "timezone": "Europe/Paris", + "dependencyDashboard": true, + "dependencyDashboardTitle": "Renovate Dashboard", + // "gitAuthor": "Nicolas Lamirault ", + // "commitBody": "Signed-off-by: Nicolas Lamirault ", + // Do not notify on closed unmerged PRs + "suppressNotifications": ["prIgnoreNotification"], + // Do not rebase PRs + "rebaseWhen": "conflicted", + "assignees": ["@nlamirault"], + "reviewersFromCodeOwners": true, + // "labels": ["kind/renovate"], + "packageRules": [ + // Labels for Terraform + { + "datasources": ["terraform", "terraform-version", "terraform-provider", "terraform-module"], + "updateTypes": ["major"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/terraform", "dependency/terraform", "priority/high", "size/xs"] + }, + { + "datasources": ["terraform", "terraform-version", "terraform-provider", "terraform-module"], + "updateTypes": ["minor"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/terraform", "dependency/terraform", "priority/medium", "size/xs"] + }, + { + "datasources": ["terraform", "terraform-version", "terraform-provider", "terraform-module"], + "updateTypes": ["patch"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/terraform", "dependency/terraform", "priority/low", "size/xs"] + }, + { + "matchPackageNames": ["hashicorp/terraform"], + "matchUpdateTypes": ["major"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/terraform", "dependency/terraform", "priority/high", "size/xs"] + }, + { + "matchPackageNames": ["hashicorp/terraform"], + "matchUpdateTypes": ["minor"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/terraform", "dependency/terraform", "priority/medium", "size/xs"] + }, + { + "matchPackageNames": ["hashicorp/terraform"], + "matchUpdateTypes": ["patch"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/terraform", "dependency/terraform", "priority/low", "size/xs"] + }, + // Labels for Docker + { + "datasources": ["docker"], + "updateTypes": ["major"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "dependency/docker", "priority/high", "size/xs"] + }, + { + "datasources": ["docker"], + "updateTypes": ["minor"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "dependency/docker", "priority/medium", "size/xs"] + }, + { + "datasources": ["docker"], + "updateTypes": ["patch"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "dependency/docker", "priority/low", "size/xs"] + }, + // Labels for Github Actions + { + "datasources": ["action"], + "updateTypes": ["major"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/github", "dependency/github", "priority/high", "size/xs"] + }, + { + "datasources": ["action"], + "updateTypes": ["minor"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/github", "dependency/github", "priority/medium", "size/xs"] + }, + { + "datasources": ["action"], + "updateTypes": ["patch"], + "labels": ["kind/renovate", "lifecycle/active", "status/review_needed", "area/github", "dependency/github", "priority/low", "size/xs"] + }, + ] +} diff --git a/.github/stale.yml b/.github/stale.yml new file mode 100644 index 0000000..de6160f --- /dev/null +++ b/.github/stale.yml @@ -0,0 +1,32 @@ + +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Number of days of inactivity before an issue becomes stale +daysUntilStale: 60 +# Number of days of inactivity before a stale issue is closed +daysUntilClose: 7 +# Issues with these labels will never be considered stale +exemptLabels: + - security fix + - security vulnerability +# Label to use when marking an issue as stale +staleLabel: lifecycle/stale +# Comment to post when marking an issue as stale. Set to `false` to disable +markComment: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. +# Comment to post when closing a stale issue. Set to `false` to disable +closeComment: false diff --git a/.github/workflows/draft-labels.yml b/.github/workflows/draft-labels.yml new file mode 100644 index 0000000..a3e90c9 --- /dev/null +++ b/.github/workflows/draft-labels.yml @@ -0,0 +1,30 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Project / Draft PR Labels + +on: + pull_request: + types: [opened, ready_for_review] + +jobs: + triage: + runs-on: ubuntu-latest + steps: + - name: label swapping + uses: jinmayamashita/ready-for-review@1.0.0 + with: + in-progress-label: 'status/in_progress' + ready-for-review-label: 'status/review_needed' + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000..1559a74 --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,28 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# name: Project / Pre-commit + +# on: +# pull_request: +# push: +# branches: [master] + +# jobs: +# pre-commit: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v2 +# - uses: actions/setup-python@v2 +# - uses: pre-commit/action@v2.0.0 diff --git a/.github/workflows/prow-labels.yml b/.github/workflows/prow-labels.yml new file mode 100644 index 0000000..074ee94 --- /dev/null +++ b/.github/workflows/prow-labels.yml @@ -0,0 +1,39 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# name: "Label PRs from globs" +# on: +# schedule: +# - cron: "0 * * * *" + +# jobs: +# execute: +# runs-on: ubuntu-latest +# steps: +# - uses: jpmcb/prow-github-actions@v1.1.1 +# with: +# jobs: 'pr-labeler' +# github-token: "${{ secrets.GITHUB_TOKEN }}" + +name: Prow / Pull Request Labeler +on: +- pull_request_target + +jobs: + triage: + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@main + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/prow-lgtm-merge.yml b/.github/workflows/prow-lgtm-merge.yml new file mode 100644 index 0000000..978202d --- /dev/null +++ b/.github/workflows/prow-lgtm-merge.yml @@ -0,0 +1,31 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Prow / Merge on lgtm label +on: + schedule: + - cron: "0 * * * *" + +jobs: + execute: + runs-on: ubuntu-latest + steps: + - uses: jpmcb/prow-github-actions@v1.1.3 + with: + jobs: 'lgtm' + github-token: "${{ secrets.GITHUB_TOKEN }}" + + # this configuration is optional and will default to 'merge' + # possible options are 'merge', 'rebase', or 'squash' + merge-method: 'squash' diff --git a/.github/workflows/prow-lgtm-pull.yml b/.github/workflows/prow-lgtm-pull.yml new file mode 100644 index 0000000..935c213 --- /dev/null +++ b/.github/workflows/prow-lgtm-pull.yml @@ -0,0 +1,25 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Prow / Run Jobs on PR +on: pull_request + +jobs: + execute: + runs-on: ubuntu-latest + steps: + - uses: jpmcb/prow-github-actions@v1.1.3 + with: + jobs: 'lgtm' + github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/prow.yml b/.github/workflows/prow.yml new file mode 100644 index 0000000..4d2fde7 --- /dev/null +++ b/.github/workflows/prow.yml @@ -0,0 +1,43 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Prow / Github Actions +on: + issue_comment: + types: [created] + +jobs: + execute: + runs-on: ubuntu-latest + steps: + - uses: jpmcb/prow-github-actions@v1.1.3 + with: + prow-commands: '/assign + /unassign + /approve + /retitle + /area + /kind + /priority + /status + /remove + /lgtm + /close + /reopen + /lock + /milestone + /hold + /cc + /uncc' + github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml new file mode 100644 index 0000000..f551ded --- /dev/null +++ b/.github/workflows/rebase.yml @@ -0,0 +1,33 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Projet / Rebase +on: + issue_comment: + types: [created] +jobs: + rebase: + name: Rebase + if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') + runs-on: ubuntu-latest + steps: + - name: Checkout the latest code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 # otherwise, you will fail to push refs to dest repo + - name: Automatic Rebase + uses: cirrus-actions/rebase@1.5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml new file mode 100644 index 0000000..8c49ab4 --- /dev/null +++ b/.github/workflows/release-drafter.yml @@ -0,0 +1,33 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Project / Release Drafter + +on: + push: + # branches to consider in the event; optional, defaults to all + branches: + - master + +jobs: + update_release_draft: + runs-on: ubuntu-latest + steps: + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v5 + # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml + # with: + # config-name: my-config.yml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml new file mode 100644 index 0000000..c9519c2 --- /dev/null +++ b/.github/workflows/renovate.yml @@ -0,0 +1,47 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Renovate / Helm releases + +on: + workflow_dispatch: + schedule: + - cron: "0 * * * *" + +jobs: + renovate-helmrelease: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 1 + + # - name: Update Helm Releases + # run: | + # docker-compose run -T --rm builder bootstrap/renovate-helm-releases.sh + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + branch: update/pre-commit-auto-update + delete-branch: true + title: Auto-update pre-commit hooks + signoff: true + committer: "Nicolas Lamirault " + author: "Nicolas Lamirault " + commit-message: Auto-update pre-commit hooks + body: | + Signed-off-by: Nicolas Lamirault + labels: dependencies, merge diff --git a/.github/workflows/size.yaml b/.github/workflows/size.yaml new file mode 100644 index 0000000..5bedb2b --- /dev/null +++ b/.github/workflows/size.yaml @@ -0,0 +1,38 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Project / Size PR + +on: + pull_request: + types: [opened, synchronize] + +jobs: + update_labels: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: actions-ecosystem/action-size@v2 + id: size + + - uses: actions-ecosystem/action-remove-labels@v1 + with: + github_token: ${{ secrets.github_token }} + labels: ${{ steps.size.outputs.stale_labels }} + + - uses: actions-ecosystem/action-add-labels@v1 + with: + github_token: ${{ secrets.github_token }} + labels: ${{ steps.size.outputs.new_label }} diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml new file mode 100644 index 0000000..f979977 --- /dev/null +++ b/.github/workflows/tfsec.yml @@ -0,0 +1,35 @@ +# Copyright (C) 2020 Nicolas Lamirault + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Tfsec + +# Controls when the action will run. Triggers the workflow on push or pull request +# events but only for the main branch +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + tfsec: + name: gcp + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Terraform security scan master + uses: triat/terraform-security-scan@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..91cb051 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,46 @@ +# Copyright (C) 2021 Nicolas Lamirault + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.0.1 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-added-large-files +- repo: git://github.com/antonbabenko/pre-commit-terraform + rev: v1.50.0 + hooks: + - id: terraform_fmt + - id: terraform_docs + - id: terraform_tflint + args: + - '--args=--enable-rule=terraform_deprecated_interpolation' + - '--args=--enable-rule=terraform_deprecated_index' + - '--args=--enable-rule=terraform_unused_declarations' + - '--args=--enable-rule=terraform_comment_syntax' + - '--args=--enable-rule=terraform_documented_outputs' + - '--args=--enable-rule=terraform_documented_variables' + - '--args=--enable-rule=terraform_typed_variables' + - '--args=--enable-rule=terraform_naming_convention' + - '--args=--enable-rule=terraform_required_version' + - '--args=--enable-rule=terraform_required_providers' + - '--args=--enable-rule=terraform_unused_required_providers' + - '--args=--enable-rule=terraform_standard_module_structure' + # - id: terraform_tfsec + # args: + # - '--args=--config-file=.tfsec.yml' diff --git a/.terraform-version b/.terraform-version new file mode 100644 index 0000000..90a27f9 --- /dev/null +++ b/.terraform-version @@ -0,0 +1 @@ +1.0.5 diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..49bd031 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,51 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +config { + module = false + force = false + disabled_by_default = false + + ignore_module = { + } + +} + +############################################################################### +# Rules + +rule "terraform_deprecated_interpolation" { enabled = true } +rule "terraform_deprecated_interpolation" { enabled = true } +rule "terraform_deprecated_index" { enabled = true } +rule "terraform_unused_declarations" { enabled = true } +rule "terraform_comment_syntax" { enabled = true } +rule "terraform_documented_outputs" { enabled = true } +rule "terraform_documented_variables" { enabled = true } +rule "terraform_typed_variables" { enabled = true } +rule "terraform_naming_convention" { enabled = true } +rule "terraform_required_version" { enabled = true } +rule "terraform_required_providers" { enabled = true } +rule "terraform_unused_required_providers" { enabled = true } +rule "terraform_standard_module_structure" { enabled = true } + +############################################################################### +# PORTEFAIX + +plugin "portefaix" { + enabled = true +} + +rule "terraform_portefaix_standard_structure" { enabled = false } +rule "terraform_portefaix_standard_files" { enabled = false } +rule "terraform_portefaix_tfenv" { enabled = true } diff --git a/.tfsec.yml b/.tfsec.yml new file mode 100644 index 0000000..301f20e --- /dev/null +++ b/.tfsec.yml @@ -0,0 +1,15 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- diff --git a/cluster.tf b/cluster.tf index 8c873d8..6d3ae2d 100644 --- a/cluster.tf +++ b/cluster.tf @@ -31,5 +31,9 @@ resource "digitalocean_kubernetes_cluster" "k8s" { tags = var.node_tags labels = var.node_labels } + maintenance_policy { + start_time = var.maintenance_policy_start_time + day = var.maintenance_policy_day + } } diff --git a/terraform.tf b/main.tf similarity index 92% rename from terraform.tf rename to main.tf index f1aa915..9c7da83 100755 --- a/terraform.tf +++ b/main.tf @@ -13,12 +13,12 @@ # limitations under the License. terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.0.0" required_providers { digitalocean = { source = "digitalocean/digitalocean" - version = ">= 1.22.0" + version = ">= 2.10.0" } } } diff --git a/variables.tf b/variables.tf index 22111a5..aafa43c 100644 --- a/variables.tf +++ b/variables.tf @@ -36,7 +36,17 @@ variable "tags" { variable "kubernetes_version" { type = string - description = "The EKS Kubernetes version" + description = "The Kubernetes version" +} + +variable "maintenance_policy_start_time" { + type = string + description = "The start time in UTC of the maintenance window policy in 24-hour clock format / HH:MM notation" +} + +variable "maintenance_policy_day" { + type = string + description = "The day of the maintenance window policy" } variable "size" {