wbyc/terraform-docker-renovate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 1 Branch 0 Tags
Commit Graph

2 Commits

Author SHA1 Message Date
Patrick de Ruiter
696bffd023
security: Remove hardcoded credentials from backend configuration
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Details
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 23s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Details
Code Quality & Security Scan / Terraform Validate (push) Successful in 35s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 38s
Details
Code Quality & Security Scan / Terraform Plan (push) Failing after 25s
Details
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Details 
Removed all hardcoded sensitive values from backend.tf:
- MinIO endpoint URL
- Bucket name
- State file key/path
- Access key and secret key

Security Improvements:
- Backend configuration now uses environment variables
- Added comprehensive documentation for backend setup
- Provided examples for both env vars and backend.hcl
- Added backend.hcl to .gitignore to prevent credential leaks
- Updated README with secure configuration instructions
- Fixed step numbering in README after adding backend config section

Backend Configuration Methods:
1. Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
2. Command-line flags during terraform init
3. Backend configuration file (backend.hcl) - now gitignored

Breaking Change:
- Users must now explicitly configure backend during terraform init
- No default backend configuration provided for security reasons

See README section 'Configure Backend (Optional)' for detailed setup instructions.
 2025-11-17 08:35:16 +01:00
Patrick de Ruiter
d417281ee0
feat: Repurpose module from Ansible EDA to Renovate bot deployment 
Complete rewrite of the module to deploy a Renovate bot for automated
dependency management with Gitea integration.

Breaking Changes:
- Module purpose changed from Ansible EDA to Renovate bot
- All variables restructured for Renovate configuration
- State file path updated to home/docker/renovate/renovate.tfstate
- Volumes changed from EDA rulebooks/logs to config/cache
- Container image now uses renovate/renovate:latest

Added:
- Gitea platform integration with token authentication
- Renovate configuration template (config.js.tpl)
- Repository configuration examples
- Gitea Actions workflow examples
- SonarQube integration examples
- Comprehensive documentation (README, QUICKSTART, MIGRATION_GUIDE)
- CHANGELOG.md for version tracking
- Security best practices

Removed:
- All Ansible EDA-specific configuration
- Traefik labels (not needed for Renovate)
- Old EDA documentation files
- example-rulebook.yml

Updated:
- Complete README with Gitea setup instructions
- terraform.tfvars with Renovate configuration
- All resource names from ansible_eda to renovate
- Backend state path

This is version 2.0.0 - not backward compatible with previous EDA version.
See MIGRATION_GUIDE.md for detailed migration instructions.
 2025-11-17 00:32:51 +01:00