Merge pull request #2 from linuxtips/adicionar_pipeline

fix: precisamos da pipeline para checar o PR

Author: gomex

Diff for: .github/workflows/terraform-fmt.yaml

@@ -0,0 +1,24 @@
+name: terraform-fmt
+on:
+  pull_request:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terraform-fmt:
+    runs-on: ubuntu-latest
+
+    steps: 
+      - name: Checkout 
+        uses: actions/checkout@v4 
+
+      - name: Setup Terraform 
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.5.5"
+
+      - name: Terraform Format 
+        run: terraform fmt -check -recursive -diff
+        

Diff for: .github/workflows/terratests.yaml

@@ -0,0 +1,47 @@
+name: terratest
+
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: "The branch to run tests from"
+        default: "main"
+        required: true
+        type: string
+
+env: 
+  AWS_REGION: us-east-1
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+concurrency:
+  group: terratest
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  terratest:
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+          cache-dependency-path: |
+                go.sum
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.1"
+
+      - name: Run terratest only on changed modules
+        run: |
+            echo "###### running terratest on module #####"
+            go test -v tests/*.go -timeout 60m

Diff for: .github/workflows/tflint.yaml

@@ -0,0 +1,26 @@
+name: tflint
+on:
+  pull_request:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  tflint:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: terraform-linters/setup-tflint@v4
+      name: Setup TFLint
+      with:
+        tflint_version: v0.44.1
+
+    - name: tflint init
+      run: tflint --init
+
+    - name: Run TFLint
+      run: tflint --recursive --config "$(pwd)/.tflint.hcl"

Diff for: .github/workflows/tfsec.yml

@@ -0,0 +1,40 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: tfsec
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '32 14 * * 6'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  tfsec:
+    name: Run tfsec sarif report
+    runs-on: ubuntu-latest
+    
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v4
+
+      - name: Run tfsec
+        uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608
+        with:
+          sarif_file: tfsec.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif

Diff for: .tflint.hcl

@@ -0,0 +1,5 @@
+plugin "aws" {
+    enabled = true
+    version = "0.33.0"
+    source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}

Diff for: backend.tf

@@ -1,3 +1,3 @@
 terraform {
-    backend "s3" {}
+  backend "s3" {}
 }

Diff for: examples/.terraform.lock.hcl

@@ -0,0 +1,8 @@
+module "EKS" {
+  source = "../"
+
+  team         = "platform"
+  project      = "containers"
+  cluster_name = "production"
+  name         = "giropops"
+}

Diff for: examples/main.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}

Diff for: examples/providers.tf

@@ -3,10 +3,15 @@ provider "aws" {
 }
 
 terraform {
+  required_version = "1.5.5"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "4.0.6"
+    }
   }
 }

Diff for: provider.tf

@@ -9,8 +9,8 @@ resource "aws_subnet" "public_subnets" {
   tags = merge(
     var.tags,
     {
-      Name                                   = "${var.name}-public-${var.availability_zones[count.index]}"
-      "kubernetes.io/role/elb"               = "1"
+      Name                                        = "${var.name}-public-${var.availability_zones[count.index]}"
+      "kubernetes.io/role/elb"                    = "1"
       "kubernetes.io/cluster/${var.cluster_name}" = "owned"
     }
   )

Diff for: subnets.tf

@@ -0,0 +1,18 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+func TestEKSExample(t *testing.T) {
+
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: "../examples",
+	})
+
+	defer terraform.Destroy(t, terraformOptions)
+
+	terraform.InitAndApply(t, terraformOptions)
+}

Diff for: tests/eks_test.go

@@ -83,7 +83,7 @@ variable "node_capacity_type" {
 variable "node_labels" {
   description = "Key-value mapping of labels for the node group"
   type        = map(string)
-  default     = {
+  default = {
     role = "general"
   }
 }
@@ -119,5 +119,5 @@ variable "project" {
 variable "node_ami_type" {
   description = "AMI ID for worker nodes"
   type        = string
-  default     = "ami-XXXXXXXXXXXXXXXXX"
+  default     = "AL2_x86_64"
 }