2a5fb1ebd0
fix: Add backend configuration to all pipeline terraform init steps
...
Code Quality & Security Scan / TFLint (push) Successful in 18s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 39s
Code Quality & Security Scan / Terraform Validate (push) Successful in 34s
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 37s
Code Quality & Security Scan / Terraform Plan (push) Failing after 32s
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Updated all terraform init commands in the pipeline to include backend configuration:
- terraform-plan job: Added backend-config flags
- terraform-apply job: Added backend-config flags
- terraform-destroy job: Added backend-config flags
Backend Configuration:
- Uses secrets for all values (MINIO_ENDPOINT, MINIO_BUCKET)
- State file key: docker/renovate/terraform.tfstate
- Credentials from AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars
- Region: main
- S3-compatible settings for MinIO
Required Secrets (should already be available):
- MINIO_ACCESS_KEY, MINIO_SECRET_KEY
- MINIO_ENDPOINT, MINIO_BUCKET
- VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR
- RENOVATE_ENDPOINT, RENOVATE_TOKEN
- SONARQUBE_HOST, SONARQUBE_TOKEN
Fixes pipeline error: Missing Required Value for bucket, key, and region
2025-11-18 02:57:09 +01:00
696bffd023
security: Remove hardcoded credentials from backend configuration
...
Code Quality & Security Scan / TFLint (push) Successful in 20s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 23s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Code Quality & Security Scan / Terraform Validate (push) Successful in 35s
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 38s
Code Quality & Security Scan / Terraform Plan (push) Failing after 25s
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Removed all hardcoded sensitive values from backend.tf:
- MinIO endpoint URL
- Bucket name
- State file key/path
- Access key and secret key
Security Improvements:
- Backend configuration now uses environment variables
- Added comprehensive documentation for backend setup
- Provided examples for both env vars and backend.hcl
- Added backend.hcl to .gitignore to prevent credential leaks
- Updated README with secure configuration instructions
- Fixed step numbering in README after adding backend config section
Backend Configuration Methods:
1. Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
2. Command-line flags during terraform init
3. Backend configuration file (backend.hcl) - now gitignored
Breaking Change:
- Users must now explicitly configure backend during terraform init
- No default backend configuration provided for security reasons
See README section 'Configure Backend (Optional)' for detailed setup instructions.
2025-11-17 08:35:16 +01:00
3a85a73a1b
fix: Add missing Terraform and DNS provider version constraints
...
Code Quality & Security Scan / TFLint (push) Successful in 18s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Code Quality & Security Scan / SonarQube Trigger (push) Has been cancelled
Code Quality & Security Scan / Terraform Validate (push) Has been cancelled
Code Quality & Security Scan / Terraform Plan (push) Has been cancelled
Code Quality & Security Scan / Terraform Apply (push) Has been cancelled
- Added required_version constraint (>= 1.5.0)
- Added DNS provider to required_providers with version ~> 3.4
- Updated provider versions to use pessimistic constraint operator (~>)
- Fixes TFLint warnings for missing version constraints
2025-11-17 08:28:13 +01:00
86d9e60dd6
feat: Add CI/CD pipeline and SonarQube configuration
...
Code Quality & Security Scan / TFLint (push) Failing after 18s
Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped
Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped
Code Quality & Security Scan / Terraform Validate (push) Has been skipped
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Code Quality & Security Scan / Terraform Plan (push) Has been skipped
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Added comprehensive Gitea Actions pipeline with:
- TFLint for Terraform linting
- Tfsec for security scanning
- Checkov for policy validation
- Terraform validate for syntax checking
- SonarQube integration for code quality analysis
- Terraform plan/apply workflow with MinIO artifact storage
- Terraform destroy workflow with manual approval
Pipeline Features:
- Runs on push to main and pull requests
- Sequential job execution with proper dependencies
- Secure secrets management for Vault, MinIO, and Renovate
- Plan artifact storage in MinIO for apply jobs
- Production environment protection for apply
- Destroy approval environment for safety
- Support for destroy via PR label
SonarQube Configuration:
- Project metadata and version tracking
- Terraform-specific exclusions
- Proper source encoding
- Documentation links to Gitea repository
Required Secrets:
- VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR
- MINIO_ACCESS_KEY, MINIO_SECRET_KEY, MINIO_ENDPOINT, MINIO_BUCKET
- RENOVATE_ENDPOINT, RENOVATE_TOKEN
- SONARQUBE_HOST, SONARQUBE_TOKEN
2025-11-17 08:25:38 +01:00
d417281ee0
feat: Repurpose module from Ansible EDA to Renovate bot deployment
...
Complete rewrite of the module to deploy a Renovate bot for automated
dependency management with Gitea integration.
Breaking Changes:
- Module purpose changed from Ansible EDA to Renovate bot
- All variables restructured for Renovate configuration
- State file path updated to home/docker/renovate/renovate.tfstate
- Volumes changed from EDA rulebooks/logs to config/cache
- Container image now uses renovate/renovate:latest
Added:
- Gitea platform integration with token authentication
- Renovate configuration template (config.js.tpl)
- Repository configuration examples
- Gitea Actions workflow examples
- SonarQube integration examples
- Comprehensive documentation (README, QUICKSTART, MIGRATION_GUIDE)
- CHANGELOG.md for version tracking
- Security best practices
Removed:
- All Ansible EDA-specific configuration
- Traefik labels (not needed for Renovate)
- Old EDA documentation files
- example-rulebook.yml
Updated:
- Complete README with Gitea setup instructions
- terraform.tfvars with Renovate configuration
- All resource names from ansible_eda to renovate
- Backend state path
This is version 2.0.0 - not backward compatible with previous EDA version.
See MIGRATION_GUIDE.md for detailed migration instructions.
2025-11-17 00:32:51 +01:00
