From 0b6b86334eb4768be82aee419b50bba32ed4a0c3 Mon Sep 17 00:00:00 2001 From: Barry Morrison <689591+esacteksab@users.noreply.github.com> Date: Sun, 12 Jan 2025 18:07:50 -0600 Subject: [PATCH] chore: update things (#51) * chore(deps): pre-commit autoupdate * chore: make these files match other projects * chore: pin shared action * chore: changes to renovate to align with current needs * chore: official tfdocs hook --- .github/workflows/validate.yml | 2 +- .markdownlintrc | 3 ++- .pre-commit-config.yaml | 14 +++++------ .terraform-docs.yml | 21 ++++++++++++++++ README.md | 44 ++++++++++++++-------------------- renovate.json | 10 ++------ 6 files changed, 51 insertions(+), 43 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 705a013..c04990f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -10,4 +10,4 @@ on: jobs: validate-tf: - uses: trussworks/shared-actions/.github/workflows/validate-tf.yml@main + uses: trussworks/shared-actions/.github/workflows/validate-tf.yml@3cab03ab95045711da37ad6d63a93c666fc22398 # v0.0.2 diff --git a/.markdownlintrc b/.markdownlintrc index 83eb43d..3e0ef98 100644 --- a/.markdownlintrc +++ b/.markdownlintrc @@ -4,5 +4,6 @@ "first-line-h1": false, "line_length": false, "no-multiple-blanks": false, - "no-inline-html": false + "no-inline-html": false, + "no-alt-text": false } diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index bfd87bb..020bec2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v5.0.0 hooks: - id: check-json - id: check-merge-conflict @@ -15,7 +15,7 @@ repos: - id: mixed-line-ending - repo: https://github.com/executablebooks/mdformat - rev: 0.7.16 + rev: 0.7.21 hooks: - id: mdformat additional_dependencies: @@ -25,16 +25,16 @@ repos: exclude: README.m(ark)?d(own)? - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.33.0 + rev: v0.43.0 hooks: - id: markdownlint - - repo: https://github.com/detailyang/pre-commit-shell - rev: 1.0.5 + - repo: https://github.com/terraform-docs/terraform-docs + rev: "v0.19.0" hooks: - - id: shell-lint + - id: terraform-docs-go - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 + rev: v1.96.3 hooks: - id: terraform_fmt diff --git a/.terraform-docs.yml b/.terraform-docs.yml index fb05467..8b4c387 100644 --- a/.terraform-docs.yml +++ b/.terraform-docs.yml @@ -1,4 +1,25 @@ settings: html: false anchor: false + escape: false + lockfile: false + hide-empty: true formatter: "markdown table" + +sections: + show: + - requirements + - providers + - modules + - data-sources + - resources + - inputs + - outputs + +output: + file: README.md + mode: inject + template: |- + + {{ .Content }} + diff --git a/README.md b/README.md index 6897f00..0113f0d 100644 --- a/README.md +++ b/README.md @@ -108,10 +108,6 @@ module "github_terraform_aws_ou_scp" { |------|---------| | aws | >= 3.0 | -## Modules - -No modules. - ## Resources | Name | Type | @@ -125,30 +121,26 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allowed\_ec2\_instance\_types | EC2 instances types allowed for use | `list(string)` | ```[ "" ]``` | no | -| allowed\_regions | AWS Regions allowed for use (for use with the restrict regions SCP) | `list(string)` | ```[ "" ]``` | no | -| deny\_all | If false, create a combined policy. If true, deny all access | `bool` | `false` | no | -| deny\_creating\_iam\_users | DenyCreatingIAMUsers in the OU policy. | `bool` | `false` | no | -| deny\_deleting\_cloudwatch\_logs | DenyDeletingCloudwatchLogs in the OU policy. | `bool` | `false` | no | -| deny\_deleting\_kms\_keys | DenyDeletingKMSKeys in the OU policy. | `bool` | `false` | no | -| deny\_deleting\_route53\_zones | DenyDeletingRoute53Zones in the OU policy. | `bool` | `false` | no | -| deny\_leaving\_orgs | DenyLeavingOrgs in the OU policy. | `bool` | `false` | no | -| deny\_root\_account | DenyRootAccount in the OU policy. | `bool` | `false` | no | -| deny\_s3\_bucket\_public\_access\_resources | S3 bucket resource ARNs to block public access | `list(string)` | ```[ "" ]``` | no | -| deny\_s3\_buckets\_public\_access | DenyS3BucketsPublicAccess in the OU policy. | `bool` | `false` | no | -| limit\_ec2\_instance\_types | LimitEC2InstanceTypes in the OU policy. | `bool` | `false` | no | -| limit\_regions | LimitRegions in the OU policy. | `bool` | `false` | no | -| protect\_iam\_role\_resources | IAM role resource ARNs to protect from modification and deletion | `list(string)` | ```[ "" ]``` | no | -| protect\_iam\_roles | ProtectIAMRoles in the OU policy. | `bool` | `false` | no | -| protect\_s3\_bucket\_resources | S3 bucket resource ARNs to protect from bucket and object deletion | `list(string)` | ```[ "" ]``` | no | -| protect\_s3\_buckets | ProtectS3Buckets in the OU policy. | `bool` | `false` | no | -| require\_s3\_encryption | DenyIncorrectEncryptionHeader and DenyUnEncryptedObjectUploads in the OU policy | `bool` | `false` | no | +| allowed_ec2_instance_types | EC2 instances types allowed for use | `list(string)` | ```[ "" ]``` | no | +| allowed_regions | AWS Regions allowed for use (for use with the restrict regions SCP) | `list(string)` | ```[ "" ]``` | no | +| deny_all | If false, create a combined policy. If true, deny all access | `bool` | `false` | no | +| deny_creating_iam_users | DenyCreatingIAMUsers in the OU policy. | `bool` | `false` | no | +| deny_deleting_cloudwatch_logs | DenyDeletingCloudwatchLogs in the OU policy. | `bool` | `false` | no | +| deny_deleting_kms_keys | DenyDeletingKMSKeys in the OU policy. | `bool` | `false` | no | +| deny_deleting_route53_zones | DenyDeletingRoute53Zones in the OU policy. | `bool` | `false` | no | +| deny_leaving_orgs | DenyLeavingOrgs in the OU policy. | `bool` | `false` | no | +| deny_root_account | DenyRootAccount in the OU policy. | `bool` | `false` | no | +| deny_s3_bucket_public_access_resources | S3 bucket resource ARNs to block public access | `list(string)` | ```[ "" ]``` | no | +| deny_s3_buckets_public_access | DenyS3BucketsPublicAccess in the OU policy. | `bool` | `false` | no | +| limit_ec2_instance_types | LimitEC2InstanceTypes in the OU policy. | `bool` | `false` | no | +| limit_regions | LimitRegions in the OU policy. | `bool` | `false` | no | +| protect_iam_role_resources | IAM role resource ARNs to protect from modification and deletion | `list(string)` | ```[ "" ]``` | no | +| protect_iam_roles | ProtectIAMRoles in the OU policy. | `bool` | `false` | no | +| protect_s3_bucket_resources | S3 bucket resource ARNs to protect from bucket and object deletion | `list(string)` | ```[ "" ]``` | no | +| protect_s3_buckets | ProtectS3Buckets in the OU policy. | `bool` | `false` | no | +| require_s3_encryption | DenyIncorrectEncryptionHeader and DenyUnEncryptedObjectUploads in the OU policy | `bool` | `false` | no | | tags | Tags applied to the SCP policy | `map(string)` | `{}` | no | | target | OU resource to attach SCP | ```object({ name = string id = string })``` | n/a | yes | - -## Outputs - -No outputs. ## Developer Setup diff --git a/renovate.json b/renovate.json index 8472513..a72d458 100644 --- a/renovate.json +++ b/renovate.json @@ -1,7 +1,7 @@ { "extends": [ - "config:base", - ":disableDependencyDashboard" + "config:recommended", + "helpers:pinGitHubActionDigests" ], "labels": [ "dependencies" @@ -32,10 +32,7 @@ "groupName": "dependencies", "managers": [ "terraform", - "gomod", "pre-commit", - "circleci", - "dockerfile", "github-actions" ], "matchUpdateTypes": [ @@ -44,9 +41,6 @@ ] } ], - "postUpdateOptions": [ - "gomodTidy" - ], "schedule": [ "every weekend" ],