diff --git a/.checkov.yaml b/.checkov.yaml index 4ad43d9..7fc1061 100644 --- a/.checkov.yaml +++ b/.checkov.yaml @@ -1,24 +1,23 @@ -block-list-secret-scan: [] +block-list-secret-scan: [ ] branch: master directory: -- . + - . download-external-modules: false evaluate-variables: true external-modules-download-path: .external_modules framework: -- secrets -- dockerfile -- github_configuration -- github_actions -- json -- yaml -- sca_package -- sca_image -mask: [] + - secrets + - dockerfile + - github_configuration + - github_actions + - json + - yaml + - sca_package + - sca_image +mask: [ ] secrets-history-timeout: 12h -secrets-scan-file-type: [] +secrets-scan-file-type: [ ] skip-path: -- terraform -- venv -- examples + - terraform + - venv summary-position: top diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 36ebc69..067a995 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,7 +5,8 @@ on: name: CI permissions: read-all - +env: + GITHUB_TOKEN: ${{ github.token }} jobs: test: ## We want to define a strategy for our job @@ -14,7 +15,7 @@ jobs: ## we wish to test again: matrix: go-version: [1.21.x] - platform: [ubuntu-latest, macos-latest, windows-latest] + platform: [ ubuntu-latest, macos-latest, windows-latest ] ## Defines the platform for each test run runs-on: ${{ matrix.platform }} @@ -22,20 +23,25 @@ jobs: ## the steps that will be run through for each version and platform ## combination steps: - ## sets up go based on the version - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: - go-version: ${{ matrix.go-version }} + ## sets up go based on the version + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: ${{ matrix.go-version }} + + ## checks out our code locally, so we can work with the files + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - ## checks out our code locally, so we can work with the files - - name: Checkout code - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + ## runs go test ./... + - name: Build + run: go build ./... - ## runs go test ./... - - name: Build - run: go build ./... + ## runs go test ./... + - name: Test + run: go test ./... -coverprofile=./cover.out - ## runs go test ./... - - name: Test - run: go test ./... + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@3444e47d45411c1e34e39245eb914e9d557d2305 # v3.1.4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c2e2bd0..90ec592 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,36 +38,32 @@ jobs: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - - name: Checkout repository - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Checkout repository + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@e4262713b504983e61c7728f5452be240d9385a7 # codeql-bundle-v2.14.3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@c6c77c8c2d62cfd5b2e8d548817fd3d1582ac744 # codeql-bundle-v2.14.5 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@c6c77c8c2d62cfd5b2e8d548817fd3d1582ac744 # codeql-bundle-v2.14.5 + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@e4262713b504983e61c7728f5452be240d9385a7 # codeql-bundle-v2.14.3 + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e4262713b504983e61c7728f5452be240d9385a7 # codeql-bundle-v2.14.3 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@c6c77c8c2d62cfd5b2e8d548817fd3d1582ac744 # codeql-bundle-v2.14.5 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ed71a8a..0fcaeb5 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -1,53 +1,55 @@ on: pull_request name: Pull request permissions: read-all +env: + GITHUB_TOKEN: ${{ github.token }} jobs: lint: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: go-version: 1.21.x - - name: Restore cache - uses: actions/cache@f5ce41475b483ad7581884324a6eca9f48f8dcc7 # v1.2.1 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-mod- - - name: gofumpt - uses: iamnotaturtle/auto-gofmt@3934ab53013ffb44d3db33bbd1c271279b5925d5 # v2.1.0 + - name: Restore cache + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-mod- + - name: gofumpt + uses: iamnotaturtle/auto-gofmt@3934ab53013ffb44d3db33bbd1c271279b5925d5 # v2.1.0 test: strategy: matrix: go-version: [1.21.x] - platform: [ubuntu-latest, macos-latest, windows-latest] + platform: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.platform }} steps: - - name: Checkout code - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: - go-version: ${{ matrix.go-version }} - - name: Restore cache - uses: actions/cache@f5ce41475b483ad7581884324a6eca9f48f8dcc7 # v1.2.1 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-mod- - - name: Test - run: make test + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: ${{ matrix.go-version }} + - name: Restore cache + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-mod- + - name: Test + run: make test docs: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: go-version: 1.21.x diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf53bf0..e3fb304 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,5 @@ --- -name: release +name: Release on: push: tags: @@ -20,12 +20,12 @@ jobs: go-version: 1.21 - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5.4.0 + uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: version: latest args: release --clean diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8c8bf4e..d75d877 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/stale@a20b814fb01b71def3bd6f56e7494d667ddf28da # v4.1.1 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.' days-before-stale: 30 diff --git a/.goreleaser.yml b/.goreleaser.yml index 6bb2175..c9177b4 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -10,13 +10,13 @@ builds: - linux - windows goarch: - - 386 + - "386" - amd64 - arm64 goarm: - - 7 + - "7" ignore: - - goarch: 386 + - goarch: "386" goos: darwin archives: - format_overrides: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dcffc46..60999a6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -39,13 +39,12 @@ repos: rev: v0.1.50 hooks: - id: terraform-fmt - language_version: python3.10 + language_version: python3.11 - repo: https://github.com/gruntwork-io/pre-commit rev: v0.1.22 hooks: - id: gofmt - id: goimports - - id: golint - repo: https://github.com/syntaqx/git-hooks rev: v0.0.18 hooks: @@ -62,7 +61,6 @@ repos: hooks: - id: checkov language_version: python3.11 - args: ["-d", "."] - repo: https://github.com/jameswoolfenden/ghat rev: v0.1.0 hooks: @@ -70,7 +68,13 @@ repos: name: ghat description: upgrade action dependencies language: golang - entry: ghat swot -d . --stable 14 + entry: ghat swot -d . --continue-on-error true --stable 14 always_run: true pass_filenames: false types: [ yaml ] + - repo: https://github.com/dnephin/pre-commit-golang + rev: v0.5.1 + hooks: + - id: validate-toml + - id: no-go-testing + - id: go-mod-tidy diff --git a/README.md b/README.md index 9dfe7fb..e98c384 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit) [![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/) [![Github All Releases](https://img.shields.io/github/downloads/jameswoolfenden/sato/total.svg)](https://github.com/JamesWoolfenden/sato/releases) +[![codecov](https://codecov.io/gh/JamesWoolfenden/sato/graph/badge.svg?token=AT1DREJQPR)](https://codecov.io/gh/JamesWoolfenden/sato) Converts CloudFormation (and now also ARM) into Terraform. In Go, quickerly. diff --git a/src/see/lookup.go b/src/see/lookup.go index dd9d96d..71305c5 100644 --- a/src/see/lookup.go +++ b/src/see/lookup.go @@ -166,6 +166,10 @@ func Lookup(resource string, reverse bool) (*string, error) { "microsoft.servicebus/namespaces/queues": "azurerm_servicebus_queue", "microsoft.storage/storageaccounts": "azurerm_storage_account", "microsoft.compute/availabilitysets": "azurerm_availability_set", + "microsoft.compute/virtualmachinescalesets": "azurerm_linux_virtual_machine_scale_set", + "microsoft.documentdb/databaseaccounts": "azurerm_cosmosdb_account", + "microsoft.cognitiveservices/accounts": "azurerm_cognitive_account", + "": "azurerm_mssql_server", } if reverse {