Bump OIDC module (#6)

Author: lawliet89

.github/workflows/ci.yml

@@ -14,6 +14,6 @@ permissions:
 
 jobs:
   ci:
-    uses: SPHTech-Platform/reusable-workflows/.github/workflows/terraform.yaml@main
+    uses: SPHTech-Platform/reusable-workflows/.github/workflows/terraform.yaml@v2
     with:
       upload_sarif: true

.pre-commit-config.yaml

@@ -1,28 +1,40 @@
 repos:
   - repo: https://github.com/gruntwork-io/pre-commit
-    rev: v0.1.17
+    rev: v0.1.22
     hooks:
-      - id: terraform-fmt
-      - id: terraform-validate
-      - id: tflint
-        args:
-          - "--module"
-          - "--config=.tflint.hcl"
-      - id: markdown-link-check
       - id: shellcheck
 
+  - repo: https://github.com/tcort/markdown-link-check
+    rev: v3.11.2
+    hooks:
+      - id: markdown-link-check
+        args:
+          - "--config=mlc_config.json"
+
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.64.0
+    rev: v1.81.0
     hooks:
+      - id: terraform_fmt
+      - id: terraform_providers_lock
+        args:
+          - --args=-platform=linux_amd64
+      - id: terraform_validate
+      - id: terraform_tflint
+        args:
+          - --args=--module
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
       - id: terraform_docs
         args:
-          - "--args=--lockfile=false"
+          - --hook-config=--path-to-file=README.md
+          - --hook-config=--add-to-existing-file=true
+          - --hook-config=--recursive=true
       - id: terraform_tfsec
         args:
           - --args=--exclude-downloaded-modules
-      - id: checkov
+      - id: terraform_checkov
+
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.4.0
     hooks:
       # Git style
       - id: check-added-large-files

.tflint.hcl

@@ -1,6 +1,6 @@
 plugin "aws" {
   enabled = true
-  version = "0.13.4"
+  version = "0.24.1"
   source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
 

README.md

@@ -7,19 +7,20 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | n/a |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | >= 4.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_tfc_workload_identity_role"></a> [tfc\_workload\_identity\_role](#module\_tfc\_workload\_identity\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.3.0 |
+| <a name="module_tfc_workload_identity_role"></a> [tfc\_workload\_identity\_role](#module\_tfc\_workload\_identity\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.27 |
 
 ## Resources
 

main.tf

@@ -4,13 +4,13 @@ resource "aws_iam_openid_connect_provider" "tfc_provider" {
   url            = local.oidc_provider_url
   client_id_list = var.tfc_oidc_provider_audiences
   thumbprint_list = [
-    data.tls_certificate.tfc_certificate.certificates.0.sha1_fingerprint,
+    data.tls_certificate.tfc_certificate.certificates[0].sha1_fingerprint,
   ]
 }
 
 module "tfc_workload_identity_role" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
-  version = "~> 5.3.0"
+  version = "~> 5.27"
 
   # Role must not be created if no workspaces are listed. Otherwise, anyone on TFC with the right
   # audience can assume this role.

versions.tf

@@ -5,5 +5,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 4.0"
     }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0"
+    }
   }
 }