Merge pull request #2 from SCT-Engineering/mcmCluster

pre-commit and commitizen

.cz.yaml

@@ -0,0 +1,7 @@
+---
+commitizen:
+  name: cz_gitmoji
+  tag_format: $version
+  update_changelog_on_bump: true
+  version_provider: scm
+  version_scheme: semver2

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.gitignore

@@ -1,5 +1,6 @@
 # Local .terraform directories
 **/.terraform/*
+**/.terragrunt-cache/*
 
 # terraform lock file.
 **/.terraform.lock.hcl
@@ -35,4 +36,3 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
-

.pre-commit-config.yaml

@@ -1,22 +1,111 @@
 repos:
-- repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.83.5
-  hooks:
-#    - id: terraform_validate
-    - id: terraform_fmt
-    - id: terraform_docs
-      args: [ '--args=--config=.terraform-docs.yml', 'table' ]
-      exclude: common/*.tf
-      exclude: version.tf
-      exclude: examples/
-    - id: terraform_tflint
-#      args:  [ "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"]
-#      exclude: examples/
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.5.0
+  rev: v4.6.0
   hooks:
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+    - id: check-byte-order-marker
+    - id: check-case-conflict
+    - id: check-json
+    - id: check-merge-conflict
     - id: check-symlinks
-    - id: detect-aws-credentials
+    - id: check-vcs-permalinks
+    - id: check-toml
+    - id: check-xml
     - id: detect-private-key
+    - id: requirements-txt-fixer
+    - id: sort-simple-yaml
+
+    # Common errors
+    - id: end-of-file-fixer
     - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-executables-have-shebangs
+
+    # Cross platform
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args: [--fix=lf]
+
+    # Security
+    - id: detect-aws-credentials
+      args: ['--allow-missing-credentials']
+    - id: detect-private-key
+
+# JSON5 Linter
+- repo: https://github.com/pre-commit/mirrors-prettier
+  rev: v4.0.0-alpha.8
+  hooks:
+  - id: prettier
+    # https://prettier.io/docs/en/options.html#parser
+    files: '.json5$'
+
+# Terraform Hooks
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.92.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  hooks:
+    - id: terraform_fmt
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terraform_docs
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terraform_tflint
+      name: Terraform validate with tflint
+      description: Validates all Terraform configuration files with TFLint.
+      require_serial: true
+      entry: hooks/terraform_tflint.sh
+      language: script
+      files: (\.tf|\.tfvars)$
+      exclude: \.(terraform/.*|terragrunt-cache)$
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terragrunt_fmt
+      name: Terragrunt fmt
+      description: Rewrites all Terragrunt configuration files to a canonical format.
+      entry: hooks/terragrunt_fmt.sh
+      language: script
+      files: (\.hcl)$
+      exclude: \.(terraform/.*|terragrunt-cache)$
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    # Will require dependency mocks
+    # - id: terragrunt_validate
+    #   name: Terragrunt validate
+    #   description: Validates all Terragrunt configuration files.
+    #   entry: hooks/terragrunt_validate.sh
+    #   language: script
+    #   files: (\.hcl)$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terragrunt_validate_inputs
+    #   name: Terragrunt validate inputs
+    #   description: Validates Terragrunt unused and undefined inputs.
+    #   entry: hooks/terragrunt_validate_inputs.sh
+    #   language: script
+    #   files: (\.hcl)$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terragrunt_providers_lock
+    #   name: Terragrunt providers lock
+    #   description: Updates provider signatures in dependency lock files using terragrunt.
+    #   entry: hooks/terragrunt_providers_lock.sh
+    #   language: script
+    #   files: (terragrunt|\.terraform\.lock)\.hcl$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
 
+- repo: https://github.com/ljnsn/cz-conventional-gitmoji
+  rev: v0.3.2
+  hooks:
+    - id: conventional-gitmoji

.pre-commit-hooks.yaml

@@ -0,0 +1,170 @@
+#### THESE ARE NOT ENABLED, THEY ARE FOR REFERENCE
+# - id: infracost_breakdown
+#   name: Infracost breakdown
+#   description: Check terraform infrastructure cost
+#   entry: hooks/infracost_breakdown.sh
+#   language: script
+#   require_serial: true
+#   files: \.(tf(vars)?|hcl)$
+#   exclude: \.terraform/.*$
+
+# - id: terraform_fmt
+#   name: Terraform fmt
+#   description: Rewrites all Terraform configuration files to a canonical format.
+#   entry: hooks/terraform_fmt.sh
+#   language: script
+#   files: (\.tf|\.tfvars)$
+#   exclude: \.terraform/.*$
+
+# - id: terraform_docs
+#   name: Terraform docs
+#   description: Inserts input and output documentation into README.md (using terraform-docs).
+#   require_serial: true
+#   entry: hooks/terraform_docs.sh
+#   language: script
+#   files: (\.tf|\.terraform\.lock\.hcl)$
+#   exclude: \.terraform/.*$
+
+# - id: terraform_docs_without_aggregate_type_defaults
+#   name: Terraform docs (without aggregate type defaults)
+#   description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs.
+#   require_serial: true
+#   entry: hooks/terraform_docs.sh
+#   language: script
+#   files: (\.tf)$
+#   exclude: \.terraform/.*$
+
+# - id: terraform_docs_replace
+#   name: Terraform docs (overwrite README.md)
+#   description: Overwrite content of README.md with terraform-docs.
+#   require_serial: true
+#   entry: terraform_docs_replace
+#   language: python
+#   files: (\.tf)$
+#   exclude: \.terraform/.*$
+
+# - id: terraform_validate
+#   name: Terraform validate
+#   description: Validates all Terraform configuration files.
+#   require_serial: true
+#   entry: hooks/terraform_validate.sh
+#   language: script
+#   files: \.(tf(vars)?|terraform\.lock\.hcl)$
+#   exclude: \.terraform/.*$
+
+# - id: terraform_providers_lock
+#   name: Lock terraform provider versions
+#   description: Updates provider signatures in dependency lock files.
+#   require_serial: true
+#   entry: hooks/terraform_providers_lock.sh
+#   language: script
+#   files: (\.terraform\.lock\.hcl)$
+#   exclude: \.terraform/.*$
+
+# - id: terraform_tflint
+#   name: Terraform validate with tflint
+#   description: Validates all Terraform configuration files with TFLint.
+#   require_serial: true
+#   entry: hooks/terraform_tflint.sh
+#   language: script
+#   files: (\.tf|\.tfvars)$
+#   exclude: \.terraform/.*$
+
+# - id: terragrunt_fmt
+#   name: Terragrunt fmt
+#   description: Rewrites all Terragrunt configuration files to a canonical format.
+#   entry: hooks/terragrunt_fmt.sh
+#   language: script
+#   files: (\.hcl)$
+#   exclude: \.terraform/.*$
+
+# - id: terragrunt_validate
+#   name: Terragrunt validate
+#   description: Validates all Terragrunt configuration files.
+#   entry: hooks/terragrunt_validate.sh
+#   language: script
+#   files: (\.hcl)$
+#   exclude: \.terraform/.*$
+
+# - id: terragrunt_validate_inputs
+#   name: Terragrunt validate inputs
+#   description: Validates Terragrunt unused and undefined inputs.
+#   entry: hooks/terragrunt_validate_inputs.sh
+#   language: script
+#   files: (\.hcl)$
+#   exclude: \.terraform/.*$
+
+# - id: terragrunt_providers_lock
+#   name: Terragrunt providers lock
+#   description: Updates provider signatures in dependency lock files using terragrunt.
+#   entry: hooks/terragrunt_providers_lock.sh
+#   language: script
+#   files: (terragrunt|\.terraform\.lock)\.hcl$
+#   exclude: \.(terraform/.*|terragrunt-cache)$
+
+# - id: terraform_tfsec
+#   name: Terraform validate with tfsec (deprecated, use "terraform_trivy")
+#   description: Static analysis of Terraform templates to spot potential security issues.
+#   require_serial: true
+#   entry: hooks/terraform_tfsec.sh
+#   files: \.tf(vars)?$
+#   language: script
+
+# - id: terraform_trivy
+#   name: Terraform validate with trivy
+#   description: Static analysis of Terraform templates to spot potential security issues.
+#   require_serial: true
+#   entry: hooks/terraform_trivy.sh
+#   files: \.tf(vars)?$
+#   language: script
+
+# - id: checkov
+#   name: checkov (deprecated, use "terraform_checkov")
+#   description: Runs checkov on Terraform templates.
+#   entry: checkov -d .
+#   language: python
+#   pass_filenames: false
+#   always_run: false
+#   files: \.tf$
+#   exclude: \.terraform/.*$
+#   require_serial: true
+
+# - id: terraform_checkov
+#   name: Checkov
+#   description: Runs checkov on Terraform templates.
+#   entry: hooks/terraform_checkov.sh
+#   language: script
+#   always_run: false
+#   files: \.tf$
+#   exclude: \.terraform/.*$
+#   require_serial: true
+
+# - id: terraform_wrapper_module_for_each
+#   name: Terraform wrapper with for_each in module
+#   description: Generate Terraform wrappers with for_each in module.
+#   entry: hooks/terraform_wrapper_module_for_each.sh
+#   language: script
+#   pass_filenames: false
+#   always_run: false
+#   require_serial: true
+#   files: \.tf$
+#   exclude: \.terraform/.*$
+
+# - id: terrascan
+#   name: terrascan
+#   description: Runs terrascan on Terraform templates.
+#   language: script
+#   entry: hooks/terrascan.sh
+#   files: \.tf$
+#   exclude: \.terraform/.*$
+#   require_serial: true
+
+# - id: tfupdate
+#   name: tfupdate
+#   description: Runs tfupdate on Terraform templates.
+#   language: script
+#   entry: hooks/tfupdate.sh
+#   args:
+#     - --args=terraform
+#   files: \.tf$
+#   require_serial: true

.terraform-docs.yml

@@ -1,25 +1,44 @@
 formatter: markdown table
 
-content: |-
-  {{ .Header }}
-
-  {{ .Requirements }}
-
-  {{ .Inputs }}
-
-  {{ .Outputs }}
-
-  {{ .Resources }}
-
-  {{ .Modules }}
-
-  {{ .Footer }}
-  {{- printf "\n" -}}
-
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show:
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
 
 output:
-  file: "README.md"
-  mode: replace
+  file: README.md
+  mode: inject
   template: |-
+    <!-- BEGIN_TF_DOCS -->
     {{ .Content }}
-
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: true
+  escape: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true