diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..77d5fdf --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,14 @@ +name: Auto Assign PRs + +on: + pull_request: + types: [opened, reopened] + + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' \ No newline at end of file diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..47988d0 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,12 @@ +--- + name: Auto merge + on: + pull_request: + jobs: + auto-merge: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + tfcheck: 'basic / Check code format' + ... \ No newline at end of file diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 3e88b85..4b735f5 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -6,7 +6,7 @@ on: - "*" workflow_dispatch: jobs: - call-workflow-changelog: + changelog: uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master secrets: inherit with: diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 8b60bee..444164d 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -1,54 +1,15 @@ -name: 'Create README.md file' +name: Readme Workflow on: push: branches: - master - + paths-ignore: + - 'README.md' + - 'docs/**' + workflow_dispatch: jobs: - readme-create: - name: 'readme-create' - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@master - - - name: 'Set up Python 3.7' - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB }}' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - - name: 'pre-commit check errors' - uses: pre-commit/action@v2.0.0 - continue-on-error: true - - - name: 'pre-commit fix erros' - uses: pre-commit/action@v2.0.0 - continue-on-error: true - - - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.2' - continue-on-error: true - with: - actions_subcommand: 'push' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() + README: + uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master + secrets: + TOKEN : ${{ secrets.GITHUB }} + SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} \ No newline at end of file diff --git a/.github/workflows/semantic-releaser.yml b/.github/workflows/semantic-releaser.yml deleted file mode 100644 index 6e685a0..0000000 --- a/.github/workflows/semantic-releaser.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Release - -on: - push: - branches: - - main - paths: - - '**.tf' - - '!examples/**.tf' - -jobs: - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - persist-credentials: false - - - name: Setup Node.js - uses: actions/setup-node@v1 - with: - node-version: 14 - - - name: Release - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} - run: npx semantic-release diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml deleted file mode 100644 index f580192..0000000 --- a/.github/workflows/static-checks.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/ - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB_TOKEN }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive -check=true diff --git a/.github/workflows/tf-check.yml b/.github/workflows/tf-check.yml new file mode 100644 index 0000000..7aa8a76 --- /dev/null +++ b/.github/workflows/tf-check.yml @@ -0,0 +1,11 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + with: + working_directory: './examples/' \ No newline at end of file diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..ee98182 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file diff --git a/_example/main.tf b/_example/main.tf deleted file mode 100644 index 2413f91..0000000 --- a/_example/main.tf +++ /dev/null @@ -1,31 +0,0 @@ -provider "azurerm" { - features {} -} - -module "resource_group" { - source = "clouddrove/resource-group/azure" - version = "1.0.2" - - name = "app-sentianl" - environment = "test-m" - label_order = ["name", "environment"] - location = "Canada Central" -} -module "log-analytics" { - source = "clouddrove/log-analytics/azure" - version = "1.0.1" - name = "app" - environment = "test" - label_order = ["name", "environment"] - create_log_analytics_workspace = true - log_analytics_workspace_sku = "PerGB2018" - resource_group_name = module.resource_group.resource_group_name - log_analytics_workspace_location = module.resource_group.resource_group_location -} - -module "sentinel" { - source = "./.." - name = "app" - environment = "test" - log_analytics_workspace_id = module.log-analytics.workspace_id -} diff --git a/_example/variables.tf b/_example/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/main.tf b/examples/main.tf new file mode 100644 index 0000000..e083584 --- /dev/null +++ b/examples/main.tf @@ -0,0 +1,44 @@ +provider "azurerm" { + features {} + subscription_id = "068245d4-3c94-42fe-9c4d-9e5e1cabc60c" +} + +locals { + name = "app" + environment = "test" + location = "Canada Central" +} + +module "resource_group" { + source = "clouddrove/resource-group/azure" + version = "1.0.2" + name = local.name + environment = local.environment + location = "Canada Central" +} + +##----------------------------------------------------------------------------- +## Log Analytics module call. +##----------------------------------------------------------------------------- +module "log-analytics" { + source = "clouddrove/log-analytics/azure" + version = "1.1.0" + name = local.name + environment = local.environment + create_log_analytics_workspace = true + log_analytics_workspace_sku = "PerGB2018" + retention_in_days = 90 + daily_quota_gb = "-1" + internet_ingestion_enabled = true + internet_query_enabled = true + resource_group_name = module.resource_group.resource_group_name + log_analytics_workspace_location = module.resource_group.resource_group_location + log_analytics_workspace_id = module.log-analytics.workspace_id +} + +module "sentinel" { + source = "./.." + name = local.name + environment = local.environment + log_analytics_workspace_id = module.log-analytics.workspace_id +} diff --git a/_example/outputs.tf b/examples/outputs.tf similarity index 100% rename from _example/outputs.tf rename to examples/outputs.tf diff --git a/_example/versions.tf b/examples/versions.tf similarity index 86% rename from _example/versions.tf rename to examples/versions.tf index 55c5a8f..e7d8495 100644 --- a/_example/versions.tf +++ b/examples/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=2.90.0" + version = ">=3.39.0" } } } diff --git a/main.tf b/main.tf index 7f3a61a..41691fc 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,6 @@ +##----------------------------------------------------------------------------- +## Labels module callled that will be used for naming and tags. +##----------------------------------------------------------------------------- module "labels" { source = "clouddrove/labels/azure" version = "1.0.0" @@ -13,11 +16,10 @@ resource "azurerm_sentinel_log_analytics_workspace_onboarding" "main" { workspace_id = var.log_analytics_workspace_id } - resource "azurerm_sentinel_alert_rule_ms_security_incident" "main" { count = var.enabled && var.ms_security_incident_enabled ? length(var.product_filter) : 0 name = format("%s-ms-security-incident-alert-rule-%s", module.labels.id, count.index) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id product_filter = element(var.product_filter, count.index) display_name = element(var.display_name, count.index) severity_filter = var.severity_filter @@ -27,35 +29,35 @@ resource "azurerm_sentinel_alert_rule_ms_security_incident" "main" { resource "azurerm_sentinel_data_connector_iot" "main" { count = var.enabled && var.dtc_iot_enabled ? 1 : 0 name = format("%s-data-connector-azure-iot", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id subscription_id = var.subscription_id } resource "azurerm_sentinel_data_connector_azure_security_center" "main" { count = var.enabled && var.dtc_security_center_enabled ? 1 : 0 name = format("%s-data-connector-azure-security-center", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id subscription_id = var.subscription_id } resource "azurerm_sentinel_data_connector_azure_active_directory" "main" { count = var.enabled && var.dtc_ad_enabled ? 1 : 0 name = format("%s-data-connector-azure-ad", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id tenant_id = var.tenant_id } resource "azurerm_sentinel_data_connector_azure_advanced_threat_protection" "main" { count = var.enabled && var.dtc_advanced_threat_protection_enabled ? 1 : 0 name = format("%s-data-connector-advanced-threat-protection", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id tenant_id = var.tenant_id } resource "azurerm_sentinel_data_connector_microsoft_cloud_app_security" "main" { count = var.enabled && var.dtc_ms_cloud_app_security_enabled ? 1 : 0 name = format("%s-data-connector-microsoft-cloud-app-security", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id alerts_enabled = var.alerts_enabled discovery_logs_enabled = var.discovery_logs_enabled tenant_id = var.tenant_id @@ -64,19 +66,19 @@ resource "azurerm_sentinel_data_connector_microsoft_cloud_app_security" "main" { resource "azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection" "main" { count = var.enabled && var.dtc_ms_defender_advanced_threat_protection_enabled ? 1 : 0 name = format("%s-data-connector-ms-defender-advanced-threat-protection", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id tenant_id = var.tenant_id } resource "azurerm_sentinel_data_connector_microsoft_threat_protection" "main" { count = var.enabled && var.dtc_ms_threat_protection_enabled ? 1 : 0 name = format("%s-data-connector-ms-threat-protection", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id tenant_id = var.tenant_id } resource "azurerm_sentinel_data_connector_threat_intelligence" "main" { count = var.enabled && var.dtc_threat-intelligence_enabled ? 1 : 0 name = format("%s-data-connector-threat-intelligence", module.labels.id) - log_analytics_workspace_id = join("", azurerm_sentinel_log_analytics_workspace_onboarding.main.*.workspace_id) + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.main[0].workspace_id }