Patrick de Ruiter
86d9e60dd6
Some checks failed
Code Quality & Security Scan / TFLint (push) Failing after 18s
Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped
Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped
Code Quality & Security Scan / Terraform Validate (push) Has been skipped
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Code Quality & Security Scan / Terraform Plan (push) Has been skipped
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Added comprehensive Gitea Actions pipeline with: - TFLint for Terraform linting - Tfsec for security scanning - Checkov for policy validation - Terraform validate for syntax checking - SonarQube integration for code quality analysis - Terraform plan/apply workflow with MinIO artifact storage - Terraform destroy workflow with manual approval Pipeline Features: - Runs on push to main and pull requests - Sequential job execution with proper dependencies - Secure secrets management for Vault, MinIO, and Renovate - Plan artifact storage in MinIO for apply jobs - Production environment protection for apply - Destroy approval environment for safety - Support for destroy via PR label SonarQube Configuration: - Project metadata and version tracking - Terraform-specific exclusions - Proper source encoding - Documentation links to Gitea repository Required Secrets: - VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR - MINIO_ACCESS_KEY, MINIO_SECRET_KEY, MINIO_ENDPOINT, MINIO_BUCKET - RENOVATE_ENDPOINT, RENOVATE_TOKEN - SONARQUBE_HOST, SONARQUBE_TOKEN
26 lines
840 B
Properties
26 lines
840 B
Properties
sonar.projectKey=terraform-docker-renovate
|
|
sonar.projectName=Terraform Docker Renovate Module
|
|
sonar.projectVersion=2.0.0
|
|
|
|
# Source code location
|
|
sonar.sources=.
|
|
sonar.exclusions=**/.terraform/**,**/.git/**,**/files/**,**/*.md,**/.gitea/**
|
|
|
|
# File encoding
|
|
sonar.sourceEncoding=UTF-8
|
|
|
|
# Terraform specific settings
|
|
sonar.language=terraform
|
|
|
|
# Coverage exclusions
|
|
sonar.coverage.exclusions=**/*.tf,**/*.tfvars
|
|
|
|
# Test exclusions (if you add tests later)
|
|
sonar.test.exclusions=**/tests/**
|
|
|
|
# Documentation
|
|
sonar.links.homepage=https://git.bsdserver.nl/gitea-admin/terraform-docker-renovate
|
|
sonar.links.ci=https://git.bsdserver.nl/gitea-admin/terraform-docker-renovate/actions
|
|
sonar.links.scm=https://git.bsdserver.nl/gitea-admin/terraform-docker-renovate
|
|
sonar.links.issue=https://git.bsdserver.nl/gitea-admin/terraform-docker-renovate/issues
|