Merge pull request #3 from transcom/I-13461-transferservice

add exception for transfer family
transcom · Nov 18, 2024 · b92f115 · b92f115
2 parents 99c539a + 4b45833
commit b92f115
Show file tree

Hide file tree

Showing 11 changed files with 627 additions and 36 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,10 @@
+# Lines starting with '#' are comments.
+# Each line is a file pattern followed by one or more owners.
+
+# Order is important. The last matching pattern has the most precedence.
+# So if a pull request only matches a later pattern, only those later code
+# owners will be requested for a review.
+# Add language specific code owners if it becomes relevant
+
+# All PRs must be approved by a member of infra
+* @deandreJones @cameroncaci @josiahzimmerman-caci
diff --git a/.github/workflows/fmt_and_validate.yml b/.github/workflows/fmt_and_validate.yml
@@ -0,0 +1,74 @@
+name: Automatic Docs Generation, Formatting, Validation, and Pre-commit
+
+on:
+  pull_request:
+
+jobs:
+  docs_fmt_validation_pre_commit:
+    name: docs_fmt_validation_pre_commit
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render Terraform Docs inside README.md and push changes back to PR branch
+      env:
+        GH_TOKEN: ${{ secrets.ROBOT_MYMOVE_TOKEN }}
+      uses: terraform-docs/[email protected]
+      with:
+        working-dir: .
+        fail-on-diff: true
+        template: |-
+          <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+          {{ .Content }}
+          <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+    - name: Run Terraform fmt
+      uses: dflook/terraform-fmt-check@v1
+
+    - name: Spell check
+      if: ${{ github.actor != 'robot-mymove' && github.event.issue.user.login != 'dependabot[bot]' }}
+      uses: rojopolis/[email protected]
+
+    - name: Validate JSON
+      if: ${{ github.actor != 'robot-mymove' && github.event.issue.user.login != 'dependabot[bot]' }}
+      uses: limitusus/json-syntax-check@v2
+      with:
+        pattern: "\\.json$"
+
+    - name: Run YAML lint
+      if: ${{ github.actor != 'robot-mymove' && github.event.issue.user.login != 'dependabot[bot]' }}
+      uses: karancode/[email protected]
+      with:
+        yamllint_config_datapath: yamllint-config.yml
+
+    - name: Run tfsec
+      if: ${{ github.actor != 'robot-mymove' && github.event.issue.user.login != 'dependabot[bot]' }}
+      uses: aquasecurity/[email protected]
+      with:
+        additional_args: --exclude-downloaded-modules --no-module-downloads
+
+    - name: Set up Python for pre-commit
+      uses: actions/setup-python@v3
+      with:
+        python-version: 3.9
+
+    - uses: actions/cache@v3
+      with:
+        path: ${{ env.pythonLocation }}
+        key: ${{ env.pythonLocation }}-pip-pre-commit-2.20.0
+
+    - uses: actions/cache@v3
+      with:
+        path: ~/.cache/pre-commit
+        key: ${{ runner.os }}-pre-commit-${{ hashFiles('**/.pre-commit-config.yaml') }}
+
+    - name: Run pre-commit
+      env:
+        SKIP: terraform_docs,terraform_fmt,terraform_tfsec
+      run: |
+        pip install pre-commit==2.20.0
+        pre-commit run --all-files
diff --git a/.github/workflows/pre-commit-autoupdate.yml b/.github/workflows/pre-commit-autoupdate.yml
@@ -0,0 +1,39 @@
+name: pre-commit auto-update
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  auto-update:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.ROBOT_MYMOVE_TOKEN }}
+      - name: install python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.x
+      - name: install pre-commit
+        run: pip install pre-commit
+      - name: run pre-commit autoupdate
+        run: pre-commit autoupdate
+      - name: set up Git
+        env:
+          GITHUB_TOKEN: ${{ secrets.ROBOT_MYMOVE_TOKEN }}
+          GITHUB_ACTOR_NAME: "robot-mymove"
+          GITHUB_ACTOR_EMAIL: "[email protected]"
+        run: |
+          git config --global user.name "${GITHUB_ACTOR_NAME}"
+          git config --global user.email "${GITHUB_ACTOR_EMAIL}"
+      - name: create pull request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.ROBOT_MYMOVE_TOKEN }}
+          branch: update/pre-commit-autoupdate
+          title: update pre-commit hooks
+          commit-message: update pre-commit hooks
+          body: update pre-commit hooks
+          labels: dependencies
+          team-reviewers: Truss-InfraSec
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
diff --git a/.markdownlintrc b/.markdownlintrc
@@ -4,5 +4,13 @@
   "first-line-h1": false,
   "line_length": false,
   "no-multiple-blanks": false,
-  "no-inline-html": false
-}
+  "MD024": {
+    "siblings_only": true
+  },
+  "MD014": false,
+  "MD033": false,
+  "MD046": {
+    "style": "fenced"
+  },
+  "single-trailing-newline": false
+}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,16 @@
 repos:
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.90.0
+    hooks:
+      - id: terraform_docs
+      - id: terraform_fmt
+      - id: terraform_tfsec
+        args:
+          - --args=--exclude-downloaded-modules --no-module-downloads
+
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.6.0
     hooks:
       - id: check-json
       - id: check-merge-conflict
@@ -9,32 +19,38 @@ repos:
       - id: pretty-format-json
         args:
           - --autofix
+        exclude: >
+          (?x)^(
+            package-lock.json|
+          )
       - id: trailing-whitespace
-      - id: check-symlinks
-      - id: end-of-file-fixer
-      - id: mixed-line-ending
-
-  - repo: https://github.com/executablebooks/mdformat
-    rev: 0.7.16
-    hooks:
-      - id: mdformat
-        additional_dependencies:
-          - mdformat-gfm
-          - mdformat-toc
-        # mdformat fights with terraform_docs
-        exclude: README.m(ark)?d(own)?
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.33.0
+    rev: v0.40.0
     hooks:
       - id: markdownlint
+        entry: markdownlint --ignore .github/*.md
 
   - repo: https://github.com/detailyang/pre-commit-shell
     rev: 1.0.5
     hooks:
       - id: shell-lint
 
-  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.1
+  - repo: https://github.com/trussworks/pre-commit-hooks
+    rev: v1.1.1
     hooks:
-      - id: terraform_fmt
+      - id: circleci-validate
+      - id: markdown-toc
+      - id: mdspell
+        exclude: >
+          (?x)^(
+            .terraform/|
+          )
+
+  - repo: local
+    hooks:
+    - id: spelling-sort
+      name: sort spelling doc
+      entry: /usr/bin/sort -u -o .spelling .spelling
+      language: script
+      pass_filenames: false
diff --git a/.spellcheck.yml b/.spellcheck.yml
@@ -0,0 +1,11 @@
+matrix:
+- name: Markdown
+  aspell:
+    lang: en
+  dictionary:
+    wordlists:
+    - .spelling
+    encoding: utf-8
+  sources:
+  - '**/*.md'
+  default_encoding: utf-8