diff --git a/.tfsec/launch_configuration_imdsv2_tfchecks.json b/.config/.tfsec/launch_configuration_imdsv2_tfchecks.json similarity index 100% rename from .tfsec/launch_configuration_imdsv2_tfchecks.json rename to .config/.tfsec/launch_configuration_imdsv2_tfchecks.json diff --git a/.tfsec/launch_template_imdsv2_tfchecks.json b/.config/.tfsec/launch_template_imdsv2_tfchecks.json similarity index 100% rename from .tfsec/launch_template_imdsv2_tfchecks.json rename to .config/.tfsec/launch_template_imdsv2_tfchecks.json diff --git a/.tfsec/no_launch_config_tfchecks.json b/.config/.tfsec/no_launch_config_tfchecks.json similarity index 100% rename from .tfsec/no_launch_config_tfchecks.json rename to .config/.tfsec/no_launch_config_tfchecks.json diff --git a/.tfsec/sg_no_embedded_egress_rules_tfchecks.json b/.config/.tfsec/sg_no_embedded_egress_rules_tfchecks.json similarity index 100% rename from .tfsec/sg_no_embedded_egress_rules_tfchecks.json rename to .config/.tfsec/sg_no_embedded_egress_rules_tfchecks.json diff --git a/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json b/.config/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json similarity index 100% rename from .tfsec/sg_no_embedded_ingress_rules_tfchecks.json rename to .config/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json diff --git a/.config/functional_tests/post-entrypoint-helpers.sh b/.config/functional_tests/post-entrypoint-helpers.sh index a1bc78c..8faff15 100644 --- a/.config/functional_tests/post-entrypoint-helpers.sh +++ b/.config/functional_tests/post-entrypoint-helpers.sh @@ -3,4 +3,4 @@ ## use this to load any configuration before the functional test ## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh ## migrate any customization you did on entrypoint.sh to this helper script -echo "Executing Pre-Entrypoint Helpers" \ No newline at end of file +echo "Executing Pre-Entrypoint Helpers" diff --git a/.config/functional_tests/pre-entrypoint-helpers.sh b/.config/functional_tests/pre-entrypoint-helpers.sh index 9ed42cd..2b6de4e 100644 --- a/.config/functional_tests/pre-entrypoint-helpers.sh +++ b/.config/functional_tests/pre-entrypoint-helpers.sh @@ -3,4 +3,4 @@ ## Use this to load any configurations after the functional test ## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh ## migrate any customization you did on entrypoint.sh to this helper script -echo "Executing Post-Entrypoint Helpers" \ No newline at end of file +echo "Executing Post-Entrypoint Helpers" diff --git a/.config/static_tests/post-entrypoint-helpers.sh b/.config/static_tests/post-entrypoint-helpers.sh new file mode 100644 index 0000000..25fbae1 --- /dev/null +++ b/.config/static_tests/post-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the end of static test +## Use this to load any configurations after the static test +## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Post-Entrypoint Helpers" \ No newline at end of file diff --git a/.config/static_tests/pre-entrypoint-helpers.sh b/.config/static_tests/pre-entrypoint-helpers.sh new file mode 100644 index 0000000..d24d7a6 --- /dev/null +++ b/.config/static_tests/pre-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the start of static test +## use this to load any configuration before the static test +## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Pre-Entrypoint Helpers" \ No newline at end of file diff --git a/.copier-answers.yml b/.copier-answers.yml index 90a8117..0ce081a 100644 --- a/.copier-answers.yml +++ b/.copier-answers.yml @@ -1,6 +1,6 @@ # This file is auto-generated, changes will be overwritten -_commit: v0.1.2 -_src_path: /task/ce524240-d748-11ee-a77c-fafd94ad0946/projecttype +_commit: v0.1.4 +_src_path: /task/cf7c2d2f-5c16-11f0-b3bd-8641080bf2f9/projecttype starting_version: v0.0.0 version_file: VERSION diff --git a/.project_automation/functional_tests/Dockerfile b/.project_automation/functional_tests/Dockerfile index 3b17ece..18c8d04 100644 --- a/.project_automation/functional_tests/Dockerfile +++ b/.project_automation/functional_tests/Dockerfile @@ -2,4 +2,4 @@ FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 ENV TERRAFORM_VERSION=1.12.2 RUN cd /tmp && \ wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ - unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform \ No newline at end of file + unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform diff --git a/.project_automation/functional_tests/entrypoint.sh b/.project_automation/functional_tests/entrypoint.sh index f6de09f..1494070 100755 --- a/.project_automation/functional_tests/entrypoint.sh +++ b/.project_automation/functional_tests/entrypoint.sh @@ -47,4 +47,4 @@ fi post_entrypoint #********** Exit Code ************* -exit $EXIT_CODE \ No newline at end of file +exit $EXIT_CODE diff --git a/.project_automation/static_tests/entrypoint.sh b/.project_automation/static_tests/entrypoint.sh index 57ead38..ceda076 100755 --- a/.project_automation/static_tests/entrypoint.sh +++ b/.project_automation/static_tests/entrypoint.sh @@ -1,53 +1,50 @@ -#!/bin/bash -e +#!/bin/bash + +## WARNING: DO NOT modify the content of entrypoint.sh +# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh +# to load any customizations or additional configurations ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between # managed and local tasks always use these variables for the project and project type path PROJECT_PATH=${BASE_PATH}/project PROJECT_TYPE_PATH=${BASE_PATH}/projecttype -echo "Starting Static Tests" +#********** helper functions ************* +pre_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/static_tests/pre-entrypoint-helpers.sh ]; then + echo "Pre-entrypoint helper found" + source ${PROJECT_PATH}/.config/static_tests/pre-entrypoint-helpers.sh + echo "Pre-entrypoint helper loaded" + else + echo "Pre-entrypoint helper not found - skipped" + fi +} +post_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh ]; then + echo "Post-entrypoint helper found" + source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh + echo "Post-entrypoint helper loaded" + else + echo "Post-entrypoint helper not found - skipped" + fi +} -cd ${PROJECT_PATH} -terraform init -terraform validate +#********** Pre-entrypoint helper ************* +pre_entrypoint -#********** tflint ******************** -echo 'Starting tflint' -tflint --init --config ${PROJECT_PATH}/.config/.tflint.hcl -MYLINT=$(tflint --force --config ${PROJECT_PATH}/.config/.tflint.hcl) -if [ -z "$MYLINT" ] +#********** Static Test ************* +/bin/bash ${PROJECT_PATH}/.project_automation/static_tests/static_tests.sh +if [ $? -eq 0 ] then - echo "Success - tflint found no linting issues!" + echo "Static test completed" + EXIT_CODE=0 else - echo "Failure - tflint found linting issues!" - echo "$MYLINT" - exit 1 -fi -#********** tfsec ********************* -echo 'Starting tfsec' -MYTFSEC=$(tfsec . --config-file ${PROJECT_PATH}/.config/.tfsec.yml || true) -if [[ $MYTFSEC == *"No problems detected!"* ]]; -then - echo "Success - tfsec found no security issues!" - echo "$MYTFSEC" -else - echo "Failure - tfsec found security issues!" - echo "$MYTFSEC" - exit 1 + echo "Static test failed" + EXIT_CODE=1 fi -#********** Checkov Analysis ************* -echo "Running Checkov Analysis" -checkov --config-file ${PROJECT_PATH}/.config/.checkov.yml -if [ $? -eq 0 ] -then - echo "Success - checkov found no security issues!" - echo "$MYCHECKOV" -else - echo "Failure - checkov found security issues!" - echo "$MYCHECKOV" - exit 1 -fi +#********** Post-entrypoint helper ************* +post_entrypoint #********** Markdown Lint ************** echo 'Starting markdown lint' diff --git a/.project_automation/static_tests/static_tests.sh b/.project_automation/static_tests/static_tests.sh new file mode 100644 index 0000000..fe41048 --- /dev/null +++ b/.project_automation/static_tests/static_tests.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +echo "Starting Static Tests" + +#********** Terraform Validate ************* +cd ${PROJECT_PATH} +terraform init +terraform validate +if [ $? -eq 0 ] +then + echo "Success - Terraform validate" +else + echo "Failure - Terraform validate" + exit 1 +fi + +#********** tflint ******************** +echo 'Starting tflint' +tflint --init --config ${PROJECT_PATH}/.config/.tflint.hcl +MYLINT=$(tflint --force --config ${PROJECT_PATH}/.config/.tflint.hcl) +if [ -z "$MYLINT" ] +then + echo "Success - tflint found no linting issues!" +else + echo "Failure - tflint found linting issues!" + echo "$MYLINT" + exit 1 +fi + +#********** tfsec ********************* +echo 'Starting tfsec' +MYTFSEC=$(tfsec . --config-file ${PROJECT_PATH}/.config/.tfsec.yml --custom-check-dir ${PROJECT_PATH}/.config/.tfsec) +if [[ $MYTFSEC == *"No problems detected!"* ]]; +then + echo "Success - tfsec found no security issues!" + echo "$MYTFSEC" +else + echo "Failure - tfsec found security issues!" + echo "$MYTFSEC" + exit 1 +fi + +#********** Checkov Analysis ************* +echo "Running Checkov Analysis" +checkov --config-file ${PROJECT_PATH}/.config/.checkov.yml +if [ $? -eq 0 ] +then + echo "Success - Checkov found no issues!" +else + echo "Failure - Checkov found issues!" + exit 1 +fi + +#********** Markdown Lint ************** +echo 'Starting markdown lint' +MYMDL=$(mdl --config ${PROJECT_PATH}/.config/.mdlrc .header.md examples/*/.header.md) +if [ -z "$MYMDL" ] +then + echo "Success - markdown lint found no linting issues!" +else + echo "Failure - markdown lint found linting issues!" + echo "$MYMDL" + exit 1 +fi + +#********** Terraform Docs ************* +echo 'Starting terraform-docs' +TDOCS="$(terraform-docs --config ${PROJECT_PATH}/.config/.terraform-docs.yaml --lockfile=false ./)" +git add -N README.md +GDIFF="$(git diff --compact-summary)" +if [ -z "$GDIFF" ] +then + echo "Success - Terraform Docs creation verified!" +else + echo "Failure - Terraform Docs creation failed, ensure you have precommit installed and running before submitting the Pull Request. TIPS: false error may occur if you have unstaged files in your repo" + echo "$GDIFF" + exit 1 +fi + +#*************************************** +echo "End of Static Tests" \ No newline at end of file