Cross account support (#2)

* Update linting/checks

* not needed

* added crossaccount support

* fix badge

Co-authored-by: Steven B <[email protected]>

Co-authored-by: Steven B <[email protected]>

Author: cdaniluk

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @rhythmictech/engineering

.github/workflows/check.yml

@@ -0,0 +1,23 @@
+---
+name: misspell
+on:
+  push:
+    branches:
+      - main
+      - master
+      - prod
+      - develop
+
+jobs:
+  misspell:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: misspell
+        uses: reviewdog/action-misspell@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          locale: "US"
+          reporter: github-check
+          filter_mode: nofilter
+          level: error

.github/workflows/misspell.yaml

@@ -0,0 +1,39 @@
+---
+name: pre-commit-check
+on:
+  push:
+    branches: -- main
+      - master
+      - prod
+      - develop
+
+jobs:
+  pre-commit-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+      - name: Install prerequisites
+        run: ./bin/install-ubuntu.sh
+      - name: initialize Terraform
+        run: terraform init --backend=false
+      - name: pre-commit
+        uses: pre-commit/[email protected]
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          # many of these are covered by better reviewdog linters below
+          SKIP: >-
+            terraform_tflint_deep,
+            no-commit-to-branch,
+            terraform_tflint_nocreds,
+            terraform_tfsec
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        if: ${{ failure() }}
+        with:
+          commit_message: Apply automatic changes
+          commit_options: "--no-verify"
+          # Optional commit user and author settings
+          commit_user_name: Linter Bot
+          commit_user_email: [email protected]
+          commit_author: Linter Bot <[email protected]>

.github/workflows/pre-commit.yaml

@@ -0,0 +1,93 @@
+---
+name: pull request
+on:
+  pull_request:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+      - name: Install prerequisites
+        run: ./bin/install-ubuntu.sh
+      - name: initialize Terraform
+        run: terraform init --backend=false
+      - name: pre-commit
+        uses: pre-commit/[email protected]
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          # many of these are covered by better reviewdog linters below
+          SKIP: >-
+            terraform_tflint_deep,
+            no-commit-to-branch,
+            terraform_tflint_nocreds,
+            terraform_tfsec
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        if: ${{ failure() }}
+        with:
+          commit_message: Apply automatic changes
+          commit_options: "--no-verify"
+          # Optional commit user and author settings
+          commit_user_name: Linter Bot
+          commit_user_email: [email protected]
+          commit_author: Linter Bot <[email protected]>
+  tflint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 0.12.26
+      - name: Terraform init
+        run: terraform init --backend=false
+      - name: tflint
+        uses: reviewdog/action-tflint@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-pr-check
+          filter_mode: added
+          flags: --module
+          level: error
+  tfsec:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 0.12.26
+      - name: Terraform init
+        run: terraform init --backend=false
+      - name: tfsec
+        uses: reviewdog/action-tfsec@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-pr-check
+          filter_mode: added
+          level: warning
+  misspell:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: misspell
+        uses: reviewdog/action-misspell@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          locale: "US"
+          reporter: github-pr-check
+          filter_mode: added
+          level: error
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: yamllint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-pr-check
+          filter_mode: added
+          level: error

.github/workflows/pullRequest.yaml

@@ -0,0 +1,29 @@
+---
+name: tflint
+on:
+  push:
+    branches:
+      - main
+      - master
+      - prod
+      - develop
+
+jobs:
+  tflint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 0.12.26
+      - name: Terraform init
+        run: terraform init --backend=false
+      - name: tflint
+        uses: reviewdog/action-tflint@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-check
+          filter_mode: nofilter
+          flags: --module
+          level: error

.github/workflows/tflint.yaml

@@ -0,0 +1,28 @@
+---
+name: tfsec
+on:
+  push:
+    branches:
+      - main
+      - master
+      - prod
+      - develop
+
+jobs:
+  tfsec:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 0.12.26
+      - name: Terraform init
+        run: terraform init --backend=false
+      - name: tfsec
+        uses: reviewdog/action-tfsec@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-check
+          filter_mode: nofilter
+          level: error

.github/workflows/tfsec.yaml

@@ -0,0 +1,22 @@
+---
+name: yamllint
+on:
+  push:
+    branches:
+      - main
+      - master
+      - prod
+      - develop
+
+jobs:
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: yamllint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-check
+          filter_mode: nofilter
+          level: error

.github/workflows/yamllint.yaml

@@ -0,0 +1,9 @@
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfvars files
+*.tfvars

.gitignore

@@ -1,13 +1,71 @@
----
 repos:
-- repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.24.0
-  hooks:
-    - id: terraform_fmt
-    - id: terraform_docs
-- repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v2.4.0
-  hooks:
-    - id: end-of-file-fixer
-    - id: trailing-whitespace
-    - id: no-commit-to-branch
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.31.0
+    hooks:
+      - id: terraform_docs
+        always_run: true
+        args:
+          - --args=--sort-by-required
+      - id: terraform_fmt
+      - id: terraform_tflint
+        alias: terraform_tflint_deep
+        name: terraform_tflint_deep
+        args:
+          - --args=--deep
+      - id: terraform_tflint
+        alias: terraform_tflint_nocreds
+        name: terraform_tflint_nocreds
+      - id: terraform_tfsec
+  - repo: local
+    hooks:
+      - id: terraform_validate
+        name: terraform_validate
+        entry: |
+          bash -c '
+            AWS_DEFAULT_REGION=us-east-1
+            declare -a DIRS
+            for FILE in "$@"
+            do
+              DIRS+=($(dirname "$FILE"))
+            done
+            for DIR in $(printf "%s\n" "${DIRS[@]}" | sort -u)
+            do
+              cd $(dirname "$FILE")
+              terraform init --backend=false
+              terraform validate .
+            done
+          '
+        language: system
+        verbose: true
+        files: \.tf(vars)?$
+        exclude: examples
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.0.0
+    hooks:
+      - id: check-case-conflict
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-yaml
+        args:
+          - --unsafe
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args:
+          - --fix=lf
+      - id: no-commit-to-branch
+        args:
+          - --branch
+          - main
+          - --branch
+          - master
+          - --branch
+          - prod
+      - id: pretty-format-json
+        args:
+          - --autofix
+          - --top-keys=name,Name
+      - id: trailing-whitespace
+        args:
+          - --markdown-linebreak-ext=md
+        exclude: README.md