Added pre-commit hook (#11)

* Added pre-commit hook

pre-commit fixes

* pre-commit run fixes

Author: saidsef

.github/ISSUE_TEMPLATE/bug_report.md

@@ -21,4 +21,4 @@ about: If something isn't working as expected.
 ...version and build of the project, OS and runtime versions, virtualised environment (if any), etc. ...
 
 ### Additional Context:
-...add any other context about the problem here. If applicable, add screenshots to help explain...
+...add any other context about the problem here. If applicable, add screenshots to help explain...

.github/workflows/ci.yaml

@@ -10,8 +10,19 @@ on:
   workflow_dispatch:
 
 jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3
+    - uses: terraform-linters/setup-tflint@v3
+    - uses: pre-commit/action@v3.0.0
+      with:
+        extra_args: "-a"
+
   validate:
     name: Validate
+    needs: [pre-commit]
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
@@ -50,50 +61,26 @@ jobs:
         terraform init -backend=false -upgrade -reconfigure
         terraform validate
 
-  tflint:
-    name: tflint
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    needs: [validate]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - uses: actions/cache@v3
-        name: Cache plugin dir
-        with:
-          path: ~/.tflint.d/plugins
-          key: ${{ runner.os }}-tflint
-      - uses: terraform-linters/setup-tflint@v3
-        name: Setup TFLint
-        with:
-          github_token: ${{ github.token }}
-          tflint_version: latest
-      - name: Run TFLint
-        run: |
-          tflint --init
-          tflint -f compact
-
   tfsec:
     name: tfsec
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
     needs: [validate]
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: tfsec
-        uses: aquasecurity/tfsec-action@v1.0.2
-        with:
-          additional_args: "--force-all-dirs --concise-output --code-theme=dark"
-          version: "latest"
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: tfsec
+      uses: aquasecurity/tfsec-action@v1.0.2
+      with:
+        additional_args: "--force-all-dirs --concise-output --code-theme=dark"
+        version: "latest"
 
   caller-identity-check:
     if: contains(github.event_name, 'pull_request')
     runs-on: ubuntu-latest
     name: Return the IAM user
-    needs: [validate, tflint, tfsec]
+    needs: [validate, tfsec]
     permissions:
       contents: read
       id-token: write

.pre-commit-config.yaml

@@ -0,0 +1,16 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_tflint
+      - id: terraform_validate
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: check-vcs-permalinks
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace

CONTRIBUTING.md

@@ -62,4 +62,4 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
 
 [homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+[version]: http://contributor-covenant.org/version/1/4/

README.md

@@ -7,7 +7,7 @@ This Terraform module enables you to configure GitLab Actions as an AWS IAM OIDC
 
 - AWS Account(s) and credentials
 - GitLab repository
-- Terraform >= 1.0.x
+- Terraform >= 1.x
 - Profit?
 
 ## Deployment / Usage

TERRAFORM.md

@@ -2,15 +2,15 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.46.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.47.0 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.4 |
 
 ## Modules

exmaples/complete/main.tf

@@ -5,18 +5,18 @@ provider "aws" {
 module "gitlab_oidc" {
   source = "../../"
 
-  attach_admin_policy           = true
-  attach_read_only_policy       = true
-  create_oidc_provider          = true
-  enabled                       = true
-  force_detach_policies         = false
+  attach_admin_policy           = var.attach_admin_policy
+  attach_read_only_policy       = var.attach_read_only_policy
+  create_oidc_provider          = var.create_oidc_provider
+  enabled                       = var.enabled
+  force_detach_policies         = var.force_detach_policies
   gitlab_organisation           = var.gitlab_organisation
-  gitlab_repositories           = [{ name = "terraform-aws-gitlab-oidc", branches = ["main", "pr-*", "*pull*", "*"] }]
-  iam_role_name                 = "gitlab-runner"
-  iam_role_path                 = "/"
-  iam_role_permissions_boundary = ""
-  iam_role_policy_arns          = []
-  max_session_duration          = 3600
-  tags                          = {}
-  url                           = "gitlab.com"
-}
+  gitlab_repositories           = var.gitlab_repositories
+  iam_role_name                 = var.iam_role_name
+  iam_role_path                 = var.iam_role_path
+  iam_role_permissions_boundary = var.iam_role_permissions_boundary
+  iam_role_policy_arns          = var.iam_role_policy_arns
+  max_session_duration          = var.max_session_duration
+  tags                          = var.tags
+  url                           = var.url
+}

exmaples/complete/outputs.tf

@@ -8,4 +8,4 @@ output "thumbprint" {
   description = "GitLab certificates thumbprint"
   value       = module.gitlab_oidc.thumbprint
   sensitive   = false
-}
+}

exmaples/complete/terraform.tfvars

@@ -5,9 +5,8 @@ enabled                 = true
 force_detach_policies   = false
 gitlab_organisation     = "saidsef"
 gitlab_repositories = [
-  {
-    "branches" : null,
-    "name" : null
+  { name     = "terraform-aws-gitlab-oidc",
+    branches = ["main", "pr-*", "*pull*", "*"]
   }
 ]
 iam_role_name                 = "gitlab-runner"

exmaples/complete/versions.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4"
+    }
+
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4"
+    }
+  }
+
+  required_version = "~> 1"
+}

exmaples/remote/main.tf

@@ -11,7 +11,7 @@ module "gitlab_oidc" {
   create_oidc_provider          = true
   enabled                       = true
   force_detach_policies         = false
-  gitlab_organisation           = var.gitlab_organisation
+  gitlab_organisation           = "saidsef"
   gitlab_repositories           = [{ name = "terraform-aws-gitlab-oidc", branches = ["main", "pr-*", "*pull*", "*"] }]
   iam_role_name                 = "gitlab-runner"
   iam_role_path                 = "/"
@@ -20,4 +20,4 @@ module "gitlab_oidc" {
   max_session_duration          = 3600
   tags                          = {}
   url                           = "gitlab.com"
-}
+}

exmaples/remote/outputs.tf

@@ -8,4 +8,4 @@ output "thumbprint" {
   description = "GitLab certificates thumbprint"
   value       = module.gitlab_oidc.thumbprint
   sensitive   = false
-}
+}

exmaples/remote/variables.tf

@@ -3,104 +3,3 @@ variable "region" {
   description = "AWS Region name"
   type        = string
 }
-
-variable "attach_admin_policy" {
-  default     = false
-  description = "Enable attachment of the AdministratorAccess policy"
-  type        = bool
-}
-
-variable "attach_read_only_policy" {
-  default     = true
-  description = "Enable attachment of the ReadOnly policy"
-  type        = bool
-}
-
-variable "create_oidc_provider" {
-  default     = true
-  description = "Enable creation of the GitLab OIDC provider"
-  type        = bool
-}
-
-variable "enabled" {
-  default     = true
-  description = "Enable creation of resources"
-  type        = bool
-}
-
-variable "force_detach_policies" {
-  default     = false
-  description = "Force detachment of policies attached to the IAM role"
-  type        = string
-}
-
-variable "gitlab_organisation" {
-  default     = "saidsef"
-  description = "GitLab organisation name"
-  type        = string
-}
-
-variable "gitlab_repositories" {
-  type = list(object({
-    name     = string
-    branches = list(string)
-  }))
-  default = [{
-    branches = null
-    name     = null
-  }]
-  description = "List of GitLab repository name(s) and branche names or patterns"
-}
-
-variable "iam_role_name" {
-  default     = "gitlab-runner"
-  description = "Name of the IAM role"
-  type        = string
-}
-
-variable "iam_role_path" {
-  default     = "/"
-  description = "Path to the IAM role"
-  type        = string
-  sensitive   = false
-}
-
-variable "iam_role_permissions_boundary" {
-  default     = ""
-  description = "ARN of the permissions boundary to be used by the IAM role"
-  type        = string
-  sensitive   = false
-}
-
-variable "iam_role_policy_arns" {
-  default     = []
-  description = "List of IAM policy ARNs to attach to the IAM role"
-  type        = list(string)
-  sensitive   = false
-}
-
-variable "max_session_duration" {
-  default     = 3600
-  description = "Maximum session duration in seconds"
-  type        = number
-  sensitive   = false
-
-  validation {
-    condition     = var.max_session_duration >= 3600 && var.max_session_duration <= 43200
-    error_message = "Session duration must be between 3600 and 43200 seconds."
-  }
-}
-
-variable "url" {
-  type        = string
-  description = "URL of identity provider"
-  default     = "gitlab.com"
-  sensitive   = false
-}
-
-variable "tags" {
-  default     = {}
-  description = "Map of tags to be applied to all resources"
-  type        = map(string)
-  sensitive   = false
-}

exmaples/remote/versions.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4"
+    }
+
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4"
+    }
+  }
+
+  required_version = "~> 1"
+}

versions.tf

@@ -12,4 +12,4 @@ terraform {
   }
 
   required_version = "~> 1"
-}
+}