chore(terraform): bumped pre-commit plugins and tflint ruleset

stroeer · Sep 18, 2024 · 73381a0 · 73381a0
1 parent 2c8d8d9
commit 73381a0
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 17 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.86.0
+    rev: v1.96.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -16,7 +16,7 @@ repos:
         args:
           - '--args=--lockfile=false'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace

diff --git a/.tflint.hcl b/.tflint.hcl
@@ -1,9 +1,9 @@
 config {
-  module = false
+  call_module_type = "all"
 }
 
 plugin "aws" {
   enabled = true
-  version = "0.28.0"
+  version = "0.33.0"
   source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
diff --git a/Makefile b/Makefile
@@ -24,7 +24,7 @@ NEXT_TAG 			:= v$(NEXT_VERSION)
 STACKS = $(shell find . -not -path "*/\.*" -iname "*.tf" | sed -E "s|/[^/]+$$||" | sort --unique)
 ROOT_DIR := $(shell pwd)
 
-all: fmt validate tfsec tflint
+all: fmt validate tflint trivy
 
 init: ## Initialize a Terraform working directory
 	@echo "+ $@"
@@ -54,14 +54,9 @@ tflint: ## Runs tflint on all Terraform files
 		tflint --chdir=$$s --format=compact --config=$(ROOT_DIR)/.tflint.hcl || exit 1;\
 	done;
 
-.PHONY: tfsec
-tfsec: ## Runs tfsec on all Terraform files
+trivy: ## Runs trivy on all Terraform files
 	@echo "+ $@"
-	@for s in $(STACKS); do \
-		echo "tfsec $$s"; \
-		cd $$s; terraform init -backend=false > /dev/null; \
-		tfsec --concise-output --exclude-downloaded-modules --minimum-severity HIGH || exit 1; cd $(ROOT_DIR);\
-	done;
+	@trivy config  --exit-code 1 --severity HIGH --tf-exclude-downloaded-modules .
 
 bump ::
 	@echo bumping version from $(VERSION_TAG) to $(NEXT_TAG)

diff --git a/README.md b/README.md
@@ -146,7 +146,7 @@ for example.
 
 - [complete](examples/complete): complete example showcasing ALB integration, autoscaling and task definition configuration
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -298,4 +298,4 @@ for example.
 | <a name="output_task_role_arn"></a> [task\_role\_arn](#output\_task\_role\_arn) | ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. |
 | <a name="output_task_role_name"></a> [task\_role\_name](#output\_task\_role\_name) | Friendly name of IAM role that allows your Amazon ECS container task to make calls to other AWS services. |
 | <a name="output_task_role_unique_id"></a> [task\_role\_unique\_id](#output\_task\_role\_unique\_id) | Stable and unique string identifying the IAM role that allows your Amazon ECS container task to make calls to other AWS services. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -12,7 +12,7 @@ terraform apply
 
 Note that this example may create resources which cost money. Run `terraform destroy` to destroy those resources.
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -62,4 +62,4 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Description |
 |------|-------------|
 | <a name="output_alb_dns_name"></a> [alb\_dns\_name](#output\_alb\_dns\_name) | n/a |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/outputs.tf b/outputs.tf
@@ -62,4 +62,4 @@ output "alb_target_group_arns" {
 output "alb_target_group_arn_suffixes" {
   description = "ARN suffixes of the created target groups."
   value       = aws_alb_target_group.main[*].arn_suffix
-}
+}