SNS-2 - Updating tfsec - CodeQL Action (#10)

* SNS-2 - Updating tfsec - CodeQL Action * updating pre-commit to use local pylint * removing comments * installing pylint locally * playing with pylint... 1 * playing with pylint... 2 * playing with pylint... 3 * playing with pylint... 4 * playing with tflint... 1 * fixing tflint typo
d-dot-one · Jul 31, 2023 · 6d3d81d · 6d3d81d
1 parent fafa36f
commit 6d3d81d
Show file tree

Hide file tree

Showing 5 changed files with 139 additions and 17 deletions.
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -8,7 +8,11 @@ on:
 
 jobs:
   pre-commit-ci:
-    runs-on: ubuntu-20.04
+#    runs-on: ubuntu-20.04
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-20.04]
     timeout-minutes: 15
 
     steps:
@@ -20,19 +24,46 @@ jobs:
         with:
           python-version: "3.11"
 
-      - name: install pipenv
-        run: |
-          python -m pip install pipenv
+      - uses: actions/cache@v3
+        name: cache tflint plugin directory
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
 
-      - id: cache-pipenv
-        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920  # v1
+      - uses: terraform-linters/setup-tflint@v3
+        name: setup tflint
         with:
-          path: ~/.local/share/virtualenvs
-          key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }}
+          tflint_version: v0.47.0
+
+      - name: tflint version
+        run: tflint --version
+
+      - name: tflint init
+        run: tflint --init
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
 
-      - name: install dependencies
+      - name: install pre-commit
+        run: |
+          pip install pre-commit
+
+      - name: install requirements
         run: |
-          pipenv install --dev
+          pip install -r requirements.txt
+
+#      - name: install pipenv
+#        run: |
+#          python -m pip install pipenv
+#
+#      - id: cache-pipenv
+#        uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920  # v1
+#        with:
+#          path: ~/.local/share/virtualenvs
+#          key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }}
+#
+#      - name: install dependencies
+#        run: |
+#          pipenv install --dev
 
       - name: install pre-commit
         uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
diff --git a/.github/workflows/tfsec.yaml b/.github/workflows/tfsec.yaml
@@ -22,7 +22,7 @@ jobs:
           sarif_file: tfsec.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: tfsec.sarif
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -32,23 +32,21 @@ repos:
       - id: name-tests-test
         args:
         - --django
-      - id: requirements-txt-fixer
       - id: trailing-whitespace
 
     - repo: https://github.com/pre-commit/mirrors-isort
       rev: v5.4.2
       hooks:
         -  id: isort
 
-    - repo: https://github.com/PyCQA/pylint
-      rev: v2.13.4
+    - repo: local
       hooks:
        - id: pylint
          name: pylint
          entry: pylint
          exclude: ^tests
          language: system
-         types: [file, python]
+         types: [python]
          require_serial: true
          args:
           # general config

diff --git a/Dockerfile b/Dockerfile
@@ -53,7 +53,7 @@ LABEL version="1.0.1"
 COPY action/publish_to_sns.py ${HOME_DIR}
 COPY action/__init__.py ${HOME_DIR}
 
-RUN echo "#!/bin/bash\npipenv run python /usr/${USER_NAME}/publish_to_sns.py" > ./entrypoint.sh && \
-    chmod u+x ./entrypoint.sh
+RUN echo -e "#\!/bin/bash\npipenv run python /usr/${USER_NAME}/publish_to_sns.py" > ./entrypoint.sh && \
+    chmod +x ./entrypoint.sh
 
 ENTRYPOINT ["./entrypoint.sh"]
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,93 @@
+-i https://pypi.org/simple
+appnope==0.1.3 ; sys_platform == 'darwin'
+astroid==2.15.6 ; python_full_version >= '3.7.2'
+asttokens==2.2.1
+backcall==0.2.0
+boto3==1.28.13
+botocore==1.31.13
+certifi==2023.7.22 ; python_version >= '3.6'
+cffi==1.15.1
+cfgv==3.3.1 ; python_full_version >= '3.6.1'
+charset-normalizer==3.2.0 ; python_full_version >= '3.7.0'
+click==8.1.6 ; python_version >= '3.7'
+coverage==7.2.7
+coverage-badge==1.1.0
+cryptography==41.0.2 ; python_version >= '3.7'
+decorator==5.1.1 ; python_version >= '3.5'
+defusedxml==0.7.1
+dill==0.3.7 ; python_version >= '3.11'
+distlib==0.3.7
+dparse==0.6.3 ; python_version >= '3.6'
+executing==1.2.0
+filelock==3.12.2 ; python_version >= '3.7'
+flake8==6.0.0
+flake8-html==0.4.3
+genbadge[coverage,flake8,tests]==1.1.0
+identify==2.5.26 ; python_version >= '3.8'
+idna==3.4 ; python_version >= '3.5'
+iniconfig==2.0.0 ; python_version >= '3.7'
+ipython==8.14.0
+isort==5.12.0 ; python_full_version >= '3.8.0'
+jedi==0.18.2 ; python_version >= '3.6'
+jinja2==3.1.2 ; python_version >= '3.7'
+jmespath==1.0.1 ; python_version >= '3.7'
+lazy-object-proxy==1.9.0 ; python_version >= '3.7'
+markupsafe==2.1.3 ; python_version >= '3.7'
+matplotlib-inline==0.1.6 ; python_version >= '3.5'
+mccabe==0.7.0 ; python_version >= '3.6'
+moto[sns]==4.1.13
+mypy==1.4.1
+mypy-extensions==1.0.0 ; python_version >= '3.5'
+nodeenv==1.8.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6'
+packaging==21.3 ; python_version >= '3.6'
+parso==0.8.3 ; python_version >= '3.6'
+pexpect==4.8.0 ; sys_platform != 'win32'
+pickleshare==0.7.5
+pillow==10.0.0 ; python_version >= '3.8'
+platformdirs==3.9.1 ; python_version >= '3.7'
+pluggy==1.2.0 ; python_version >= '3.7'
+pre-commit==3.3.3
+prompt-toolkit==3.0.39 ; python_full_version >= '3.7.0'
+ptyprocess==0.7.0
+pure-eval==0.2.2
+py==1.11.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
+py-cpuinfo==9.0.0
+pycodestyle==2.10.0 ; python_version >= '3.6'
+pycparser==2.21
+pyflakes==3.0.1 ; python_version >= '3.6'
+pygments==2.15.1 ; python_version >= '3.7'
+pylint==2.17.5
+pylint-quotes==0.2.3
+pyparsing==3.1.0 ; python_full_version >= '3.6.8'
+pytest==7.4.0
+pytest-benchmark==4.0.0
+pytest-datadir==1.4.1 ; python_version >= '3.6'
+pytest-html==3.2.0
+pytest-metadata==3.0.0 ; python_version >= '3.7'
+pytest-regressions==2.4.2
+python-dateutil==2.8.2 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
+pyyaml==6.0.1 ; python_version >= '3.6'
+requests==2.31.0 ; python_version >= '3.7'
+responses==0.23.1 ; python_version >= '3.7'
+ruamel.yaml==0.17.32 ; python_version >= '3'
+ruamel.yaml.clib==0.2.7 ; python_version < '3.12' and platform_python_implementation == 'CPython'
+s3transfer==0.6.1 ; python_version >= '3.7'
+safety==2.3.5
+setuptools==68.0.0 ; python_version >= '3.7'
+six==1.16.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
+stack-data==0.6.2
+tomlkit==0.12.1 ; python_version >= '3.7'
+traitlets==5.9.0 ; python_version >= '3.7'
+types-pyyaml==6.0.12.11
+typing-extensions==4.7.1 ; python_version >= '3.7'
+urllib3==1.26.16 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'
+virtualenv==20.24.2 ; python_version >= '3.7'
+wcwidth==0.2.6
+werkzeug==2.3.6 ; python_version >= '3.8'
+wrapt==1.15.0 ; python_version >= '3.11'
+xmltodict==0.13.0 ; python_version >= '3.4'
+awscli==1.29.13
+colorama==0.4.4 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
+docutils==0.16 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
+pyasn1==0.5.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'
+rsa==4.7.2 ; python_version >= '3.5' and python_version < '4'