use terraform letast version

clouddrove · Jan 27, 2023 · 8ff82d5 · 8ff82d5
1 parent 28ce292
commit 8ff82d5
Show file tree

Hide file tree

Showing 11 changed files with 91 additions and 36 deletions.
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -58,6 +58,7 @@ jobs:
       - name: tflint
         uses: reviewdog/action-tflint@master
         with:
+          tflint_version: v0.29.0
           github_token: ${{ secrets.GITHUB }}
           working_directory: ${{ matrix.directory }}
           fail_on_error: 'true'

diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml
@@ -0,0 +1,40 @@
+name: 'Terratest GitHub Actions'
+on:
+  pull_request:
+    branches:
+      - master
+    types: [labeled]
+
+jobs:
+  Terratest:
+    name: 'terratest'
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: 'Checkout'
+        uses: actions/[email protected]
+
+      - name: 'Configure AWS Credentials'
+        uses: clouddrove/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
+          aws-region: us-east-2
+
+      - name: 'terratest'
+        uses: 'clouddrove/[email protected]'
+        with:
+          actions_subcommand: 'terratest'
+          if: ${{ github.event.label.name == 'terratest' }}
+          tf_actions_working_dir: '_test'
+
+      - name: 'Slack Notification'
+        uses: clouddrove/action-slack@v2
+        with:
+          status: ${{ job.status }}
+          fields: repo,author
+          author_name: 'CloudDrove'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
+        if: always()
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -4,23 +4,38 @@ on:
 
 jobs:
   tfsec:
-    name: tfsec sarif report
+    name: Terraform Security Scan
     runs-on: ubuntu-latest
 
     steps:
       - name: Clone repo
         uses: actions/checkout@master
 
-      - name: tfsec
+      - name: tfsec Basic
         uses: aquasecurity/[email protected]
         with:
           sarif_file: tfsec.sarif
-          working_directory: _example
+          working_directory: ./_example/
           full_repo_scan: true
 
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v1
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: tfsec.sarif
-
+
+      - name: tfsec commenter for PR
+        uses: tfsec/tfsec-pr-commenter-action@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB}}
+          working_directory: ./_example/
+
+      - name: 'Terraform security scan Advanced'
+        uses: triat/[email protected]
+        if: github.event_name == 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB}}
+          tfsec_actions_working_dir: ./_example/
+          tfsec_actions_comment: true
+          tfsec_output_format: sarif
+        continue-on-error: true
diff --git a/README.yaml b/README.yaml
@@ -44,7 +44,7 @@ usage : |-
   ```hcl
     module "alb" {
       source                     = "clouddrove/alb/aws"
-      version                    = "1.0.1"
+      version                    = "1.3.0"
       name                       = "alb"
       internal                   = false
       load_balancer_type         = "application"
@@ -86,7 +86,7 @@ usage : |-
   ```hcl
     module "alb" {
       source                     = "clouddrove/alb/aws"
-      version                    = "1.0.1"
+      version                    = "1.3.0"
       name                       = "nlb"
       internal                   = false
       load_balancer_type         = "application"
@@ -131,7 +131,7 @@ usage : |-
   ```hcl
     module "clb" {
     source                     = "clouddrove/alb/aws"
-    version                    = "1.0.1"
+    version                    = "1.3.0"
     name                       = "clb"
 
     load_balancer_type = "classic"

diff --git a/_example/alb/example.tf b/_example/alb/example.tf
@@ -4,7 +4,7 @@ provider "aws" {
 
 module "vpc" {
   source  = "clouddrove/vpc/aws"
-  version = "0.15.1"
+  version = "1.3.0"
 
   name        = "vpc"
   environment = "test"
@@ -15,7 +15,7 @@ module "vpc" {
 
 module "public_subnets" {
   source  = "clouddrove/subnet/aws"
-  version = "0.15.3"
+  version = "1.3.0"
 
   name        = "public-subnet"
   environment = "test"
@@ -32,7 +32,7 @@ module "public_subnets" {
 
 module "http_https" {
   source  = "clouddrove/security-group/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "http-https"
   environment = "test"
@@ -46,7 +46,7 @@ module "http_https" {
 
 module "ssh" {
   source  = "clouddrove/security-group/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "ssh"
   environment = "test"
@@ -60,7 +60,7 @@ module "ssh" {
 
 module "iam-role" {
   source  = "clouddrove/iam-role/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "iam-role"
   environment = "test"
@@ -98,7 +98,7 @@ data "aws_iam_policy_document" "iam-policy" {
 
 module "ec2" {
   source  = "clouddrove/ec2/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "ec2-instance"
   environment = "test"

diff --git a/_example/alb/versions.tf b/_example/alb/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 0.14.0"
+  required_version = ">= 1.3.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.1.15"
+      version = ">= 4.48.0"
     }
   }
-}
+}
diff --git a/_example/clb/example.tf b/_example/clb/example.tf
@@ -4,7 +4,7 @@ provider "aws" {
 
 module "vpc" {
   source  = "clouddrove/vpc/aws"
-  version = "0.15.1"
+  version = "1.3.0"
 
   name        = "vpc"
   environment = "test"
@@ -15,7 +15,7 @@ module "vpc" {
 
 module "public_subnets" {
   source  = "clouddrove/subnet/aws"
-  version = "0.15.3"
+  version = "1.3.0"
 
   name        = "public-subnet"
   environment = "test"
@@ -31,7 +31,7 @@ module "public_subnets" {
 
 module "http_https" {
   source  = "clouddrove/security-group/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
 
   name        = "http-https"
@@ -45,7 +45,7 @@ module "http_https" {
 
 module "ssh" {
   source  = "clouddrove/security-group/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "ssh"
   environment = "test"
@@ -58,7 +58,7 @@ module "ssh" {
 
 module "iam-role" {
   source  = "clouddrove/iam-role/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "iam-role"
   environment = "test"
@@ -96,7 +96,7 @@ data "aws_iam_policy_document" "iam-policy" {
 
 module "ec2" {
   source  = "clouddrove/ec2/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "ec2-instance"
   environment = "test"

diff --git a/_example/clb/versions.tf b/_example/clb/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 0.14.0"
+  required_version = ">= 1.3.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.1.15"
+      version = ">= 4.48.0"
     }
   }
-}
+}
diff --git a/_example/nlb/example.tf b/_example/nlb/example.tf
@@ -4,7 +4,7 @@ provider "aws" {
 
 module "vpc" {
   source  = "clouddrove/vpc/aws"
-  version = "0.15.1"
+  version = "1.3.0"
 
   name        = "vpc"
   environment = "test"
@@ -15,7 +15,7 @@ module "vpc" {
 
 module "public_subnets" {
   source  = "clouddrove/subnet/aws"
-  version = "0.15.3"
+  version = "1.3.0"
 
   name        = "public-subnet"
   environment = "test"
@@ -31,7 +31,7 @@ module "public_subnets" {
 
 module "http-https" {
   source  = "clouddrove/security-group/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "http-https"
   environment = "test"
@@ -45,7 +45,7 @@ module "http-https" {
 
 module "ssh" {
   source  = "clouddrove/security-group/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "ssh"
   environment = "test"
@@ -58,7 +58,7 @@ module "ssh" {
 
 module "iam-role" {
   source  = "clouddrove/iam-role/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "iam-role"
   environment = "test"
@@ -96,7 +96,7 @@ data "aws_iam_policy_document" "iam-policy" {
 
 module "ec2" {
   source  = "clouddrove/ec2/aws"
-  version = "1.0.1"
+  version = "1.3.0"
 
   name        = "ec2-instance"
   environment = "test"
@@ -117,7 +117,6 @@ module "ec2" {
   instance_profile_enabled = true
   iam_instance_profile     = module.iam-role.name
 
-  disk_size          = 8
   ebs_optimized      = false
   ebs_volume_enabled = true
   ebs_volume_type    = "gp2"

diff --git a/_example/nlb/versions.tf b/_example/nlb/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 0.14.0"
+  required_version = ">= 1.3.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.1.15"
+      version = ">= 4.48.0"
     }
   }
-}
+}
diff --git a/main.tf b/main.tf
@@ -8,7 +8,7 @@
 #              naming convention.
 module "labels" {
   source  = "clouddrove/labels/aws"
-  version = "0.15.0"
+  version = "1.3.0"
 
   name        = var.name
   repository  = var.repository