Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#155] Add tfsec to the CI of the generated project #178

Merged
merged 2 commits into from
Apr 25, 2023
Merged

[#155] Add tfsec to the CI of the generated project #178

merged 2 commits into from
Apr 25, 2023

Conversation

Nihisil
Copy link
Contributor

@Nihisil Nihisil commented Mar 24, 2023
edited
Loading

What happened 👀

  • Add the tfsec GH action into the generated project template. TFSEC_VERSION specified with the required v prefix, as tfsec uses this format for release tags.
  • Also tfsec is included in the .tool-versions file for asdf, so that developers can run checks locally during the development process.

Insight 📝

Our template had multiple warnings listed by tfsec. A few of these warnings were addressed and resolved accordingly, while others were silenced since they don't have much sense.

Proof Of Work 📹

  • A new project was created and pushed to GitHub.
  • The tfsec action was initiated and the CI passed.

CI for newly generated project:

image

@Nihisil Nihisil added the type : feature New feature or request label Mar 24, 2023
@Nihisil Nihisil requested a review from hoangmirs as a code owner March 24, 2023 09:01
@Nihisil Nihisil self-assigned this Mar 24, 2023
@Nihisil Nihisil marked this pull request as draft March 28, 2023 06:16
@Nihisil
Copy link
Contributor Author

Nihisil commented Mar 28, 2023

tfsec is not working correctly because of that bug: #179

I have moved this PR to draft and will revise it after 179 will be fixed.

@Nihisil Nihisil added this to the 2.0.0 milestone Mar 29, 2023
@Nihisil Nihisil force-pushed the feature/155-add-tfsec branch from 1a71c6c to b0f8243 Compare March 31, 2023 04:04
@Nihisil Nihisil force-pushed the feature/155-add-tfsec branch from 8a25306 to 40b5523 Compare April 20, 2023 09:08
@Nihisil Nihisil requested a review from longnd April 20, 2023 09:11
@Nihisil Nihisil marked this pull request as ready for review April 20, 2023 09:11
longnd
longnd reviewed Apr 21, 2023
View reviewed changes
Copy link
Contributor

@longnd longnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please rebase against this branch chore/151-refactor-modules (PR #168) as Hoang rebased many modules and potentially we will have conflicts.

malparty
malparty approved these changes Apr 24, 2023
View reviewed changes
Copy link
Member

@malparty malparty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice changes!
@Nihisil among the new ignore tags added, do you see any of them that we should consider implementing in another PR? If yes, let me know which one, I can help with creating the issues and trying to implement it 🙇

hoangmirs
hoangmirs reviewed Apr 24, 2023
View reviewed changes
Copy link
Collaborator

@hoangmirs hoangmirs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase and adjust with the latest changes 🙏

@Nihisil Nihisil force-pushed the feature/155-add-tfsec branch from 40b5523 to 63f6030 Compare April 25, 2023 02:09
@Nihisil Nihisil force-pushed the feature/155-add-tfsec branch from 63f6030 to 6adae42 Compare April 25, 2023 02:11
@Nihisil Nihisil force-pushed the feature/155-add-tfsec branch from 6adae42 to e47d487 Compare April 25, 2023 02:23
@Nihisil
Copy link
Contributor Author

Nihisil commented Apr 25, 2023

@malparty It's a great idea! I included a ticket to address an issue that was previously ignored: #189.

As for the other issues, some simply don't make sense to address, for instance, forcing encryption for ALB S3 bucket. In other cases, there's some uncertainty whether they should be addressed, such as using a custom KMS key for ECR images.

@Nihisil Nihisil requested a review from hoangmirs April 25, 2023 02:46
@hoangmirs hoangmirs merged commit 4a5ccac into develop Apr 25, 2023
@hoangmirs hoangmirs deleted the feature/155-add-tfsec branch April 25, 2023 03:20
@hoangmirs hoangmirs modified the milestones: 2.0.0, 1.5.0 Jul 6, 2023
@hoangmirs hoangmirs mentioned this pull request Jul 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@longnd longnd longnd approved these changes

@malparty malparty malparty approved these changes

@hoangmirs hoangmirs hoangmirs approved these changes

@andyduong1920 andyduong1920 Awaiting requested review from andyduong1920 andyduong1920 is a code owner

@bterone bterone Awaiting requested review from bterone bterone is a code owner

@byhbt byhbt Awaiting requested review from byhbt byhbt is a code owner

@nvminhtue nvminhtue Awaiting requested review from nvminhtue nvminhtue is a code owner

@rosle rosle Awaiting requested review from rosle

Assignees

@Nihisil Nihisil

Labels
type : feature New feature or request
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.

Add tfsec to the CI of the generated project
4 participants
@Nihisil @longnd @hoangmirs @malparty