From 73381a060776cded805fa9147a5dd785899e7e63 Mon Sep 17 00:00:00 2001 From: Moritz Zimmer Date: Wed, 18 Sep 2024 17:45:44 +0200 Subject: [PATCH] chore(terraform): bumped pre-commit plugins and tflint ruleset --- .pre-commit-config.yaml | 4 ++-- .tflint.hcl | 4 ++-- Makefile | 11 +++-------- README.md | 4 ++-- examples/complete/README.md | 4 ++-- outputs.tf | 2 +- 6 files changed, 12 insertions(+), 17 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7609e25..2cc8080 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.86.0 + rev: v1.96.1 hooks: - id: terraform_fmt - id: terraform_validate @@ -16,7 +16,7 @@ repos: args: - '--args=--lockfile=false' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: check-merge-conflict - id: trailing-whitespace diff --git a/.tflint.hcl b/.tflint.hcl index a9755aa..7c8464b 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -1,9 +1,9 @@ config { - module = false + call_module_type = "all" } plugin "aws" { enabled = true - version = "0.28.0" + version = "0.33.0" source = "github.com/terraform-linters/tflint-ruleset-aws" } diff --git a/Makefile b/Makefile index ec9095c..7ce4fe0 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ NEXT_TAG := v$(NEXT_VERSION) STACKS = $(shell find . -not -path "*/\.*" -iname "*.tf" | sed -E "s|/[^/]+$$||" | sort --unique) ROOT_DIR := $(shell pwd) -all: fmt validate tfsec tflint +all: fmt validate tflint trivy init: ## Initialize a Terraform working directory @echo "+ $@" @@ -54,14 +54,9 @@ tflint: ## Runs tflint on all Terraform files tflint --chdir=$$s --format=compact --config=$(ROOT_DIR)/.tflint.hcl || exit 1;\ done; -.PHONY: tfsec -tfsec: ## Runs tfsec on all Terraform files +trivy: ## Runs trivy on all Terraform files @echo "+ $@" - @for s in $(STACKS); do \ - echo "tfsec $$s"; \ - cd $$s; terraform init -backend=false > /dev/null; \ - tfsec --concise-output --exclude-downloaded-modules --minimum-severity HIGH || exit 1; cd $(ROOT_DIR);\ - done; + @trivy config --exit-code 1 --severity HIGH --tf-exclude-downloaded-modules . bump :: @echo bumping version from $(VERSION_TAG) to $(NEXT_TAG) diff --git a/README.md b/README.md index 1cc43bb..485e114 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ for example. - [complete](examples/complete): complete example showcasing ALB integration, autoscaling and task definition configuration - + ## Requirements | Name | Version | @@ -298,4 +298,4 @@ for example. | [task\_role\_arn](#output\_task\_role\_arn) | ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. | | [task\_role\_name](#output\_task\_role\_name) | Friendly name of IAM role that allows your Amazon ECS container task to make calls to other AWS services. | | [task\_role\_unique\_id](#output\_task\_role\_unique\_id) | Stable and unique string identifying the IAM role that allows your Amazon ECS container task to make calls to other AWS services. | - + diff --git a/examples/complete/README.md b/examples/complete/README.md index 49ba9bf..787b5f0 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -12,7 +12,7 @@ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` to destroy those resources. - + ## Requirements | Name | Version | @@ -62,4 +62,4 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Description | |------|-------------| | [alb\_dns\_name](#output\_alb\_dns\_name) | n/a | - + diff --git a/outputs.tf b/outputs.tf index 711cae2..9de82a0 100644 --- a/outputs.tf +++ b/outputs.tf @@ -62,4 +62,4 @@ output "alb_target_group_arns" { output "alb_target_group_arn_suffixes" { description = "ARN suffixes of the created target groups." value = aws_alb_target_group.main[*].arn_suffix -} \ No newline at end of file +}