wbyc/terraform-docker-renovate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
Commit Graph

2 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick de Ruiter
86d9e60dd6
feat: Add CI/CD pipeline and SonarQube configuration
Some checks failed
Code Quality & Security Scan / TFLint (push) Failing after 18s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped
Details
Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped
Details
Code Quality & Security Scan / Terraform Validate (push) Has been skipped
Details
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Details
Code Quality & Security Scan / Terraform Plan (push) Has been skipped
Details
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Details
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Details 
Added comprehensive Gitea Actions pipeline with:
- TFLint for Terraform linting
- Tfsec for security scanning
- Checkov for policy validation
- Terraform validate for syntax checking
- SonarQube integration for code quality analysis
- Terraform plan/apply workflow with MinIO artifact storage
- Terraform destroy workflow with manual approval

Pipeline Features:
- Runs on push to main and pull requests
- Sequential job execution with proper dependencies
- Secure secrets management for Vault, MinIO, and Renovate
- Plan artifact storage in MinIO for apply jobs
- Production environment protection for apply
- Destroy approval environment for safety
- Support for destroy via PR label

SonarQube Configuration:
- Project metadata and version tracking
- Terraform-specific exclusions
- Proper source encoding
- Documentation links to Gitea repository

Required Secrets:
- VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR
- MINIO_ACCESS_KEY, MINIO_SECRET_KEY, MINIO_ENDPOINT, MINIO_BUCKET
- RENOVATE_ENDPOINT, RENOVATE_TOKEN
- SONARQUBE_HOST, SONARQUBE_TOKEN
 2025-11-17 08:25:38 +01:00
Patrick de Ruiter
d417281ee0
feat: Repurpose module from Ansible EDA to Renovate bot deployment 
Complete rewrite of the module to deploy a Renovate bot for automated
dependency management with Gitea integration.

Breaking Changes:
- Module purpose changed from Ansible EDA to Renovate bot
- All variables restructured for Renovate configuration
- State file path updated to home/docker/renovate/renovate.tfstate
- Volumes changed from EDA rulebooks/logs to config/cache
- Container image now uses renovate/renovate:latest

Added:
- Gitea platform integration with token authentication
- Renovate configuration template (config.js.tpl)
- Repository configuration examples
- Gitea Actions workflow examples
- SonarQube integration examples
- Comprehensive documentation (README, QUICKSTART, MIGRATION_GUIDE)
- CHANGELOG.md for version tracking
- Security best practices

Removed:
- All Ansible EDA-specific configuration
- Traefik labels (not needed for Renovate)
- Old EDA documentation files
- example-rulebook.yml

Updated:
- Complete README with Gitea setup instructions
- terraform.tfvars with Renovate configuration
- All resource names from ansible_eda to renovate
- Backend state path

This is version 2.0.0 - not backward compatible with previous EDA version.
See MIGRATION_GUIDE.md for detailed migration instructions.
 2025-11-17 00:32:51 +01:00