wbyc/terraform-vsphere-resourcegroups
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17 Commits 1 Branch 0 Tags
Commit Graph

17 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick de Ruiter
810e85562c
Add skip_tls_verify to Vault provider
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 18s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 47s
Details
Code Quality & Security Scan / Terraform Init (push) Failing after 32s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 31s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 36s
Details 
- Added skip_tls_verify = true to Vault provider configuration
- Fixes x509 certificate verification error for self-signed certificates
- Matches pattern used in vSphere provider (allow_unverified_ssl)
 2025-11-02 01:20:43 +01:00
Patrick de Ruiter
14a22b2561
Add required Terraform variables to plan step
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 31s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 38s
Details
Code Quality & Security Scan / Terraform Init (push) Failing after 30s
Details 
- Added TF_VAR_datacenter environment variable
- Added TF_VAR_cluster_name environment variable
- Added TF_VAR_environment environment variable
- Prevents interactive prompts during terraform plan
- Required secrets: VSPHERE_DATACENTER, VSPHERE_CLUSTER, ENVIRONMENT
 2025-11-02 01:16:27 +01:00
Patrick de Ruiter
269c9b48d7
Add Terraform plan step with artifact upload
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 26s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 28s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 35s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 38s
Details
Code Quality & Security Scan / Terraform Init (push) Has been cancelled
Details 
- Added terraform plan step that outputs plan to tfplan file
- Plan includes all required environment variables for Vault and MinIO
- Plan artifact uploaded with 30-day retention for later apply step
- Plan file can be downloaded and used for terraform apply
 2025-11-02 00:48:46 +01:00
Patrick de Ruiter
72c8be1a56
Add Vault credentials to workflow secrets
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Has been cancelled
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Has been cancelled
Details
Code Quality & Security Scan / SonarQube Trigger (push) Has been cancelled
Details
Code Quality & Security Scan / Terraform Init (push) Has been cancelled
Details 
- Added TF_VAR_role_id and TF_VAR_secret_id environment variables
- Added VAULT_ADDR environment variable
- Vault credentials now sourced from Gitea secrets instead of tfvars
- Required secrets: VAULT_ADDR, VAULT_ROLE_ID, VAULT_SECRET_ID
 2025-11-02 00:48:17 +01:00
Patrick de Ruiter
4a2ed7bf4f
Refactor Terraform init to use backend-config flags
All checks were successful
Code Quality & Security Scan / TFLint (push) Successful in 21s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 31s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 35s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 45s
Details
Code Quality & Security Scan / Terraform Init (push) Successful in 29s
Details 
- Updated backend.tf to use partial configuration
- Modified workflow to pass backend settings via -backend-config flags
- Follows Azure-style pattern with environment variables
- Improves flexibility and keeps configuration out of version control
- Required secrets: MINIO_ENDPOINT, MINIO_BUCKET, MINIO_STATE_KEY
 2025-11-02 00:32:28 +01:00
Patrick de Ruiter
4ce4ee9b70
Add Terraform init step with secure MinIO backend
Some checks failed
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 28s
Details
Code Quality & Security Scan / TFLint (push) Successful in 17s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 36s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 38s
Details
Code Quality & Security Scan / Terraform Init (push) Failing after 30s
Details 
- Removed hardcoded MinIO credentials from backend.tf
- Added terraform-init job after SonarQube step
- Uses organization secrets for MinIO credentials:
  - MINIO_ACCESS_KEY
  - MINIO_SECRET_KEY
- Credentials passed via AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY env vars
- Initializes Terraform with S3-compatible MinIO backend
 2025-11-01 23:59:01 +01:00
Patrick de Ruiter
0089d060cf
Add Tfsec security scanning before Checkov
All checks were successful
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 36s
Details
Code Quality & Security Scan / TFLint (push) Successful in 19s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 1m4s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 40s
Details 
- Added Tfsec job for Terraform security analysis
- Tfsec specializes in detecting security issues in Terraform code
- Pipeline flow: TFLint -> Tfsec -> Checkov -> SonarQube
- Tfsec focuses on cloud security misconfigurations
- Complements Checkov with different security rule sets
 2025-11-01 23:10:13 +01:00
Patrick de Ruiter
3ee45d2603
Fix all TFLint warnings
All checks were successful
Code Quality & Security Scan / TFLint (push) Successful in 18s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 35s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 35s
Details 
- Added version constraints for vsphere (~> 2.0) and vault (~> 5.0) providers
- Added terraform required_version (>= 1.0)
- Removed unused variables: domain, esxi_hosts, port_groups
- Removed unused data source: vsphere_host
- All TFLint checks now pass successfully
 2025-11-01 23:02:03 +01:00
Patrick de Ruiter
b9a4e24583
Add TFLint configuration with Terraform best practices
Some checks failed
Code Quality & Security Scan / TFLint (push) Failing after 20s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped
Details
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Details 
- Enabled Terraform recommended preset
- Added rules for documentation, naming conventions, and unused declarations
- Note: No TFLint plugins available for vsphere or vault providers
- Core Terraform ruleset will still catch syntax errors and best practices
 2025-11-01 22:59:30 +01:00
Patrick de Ruiter
f4be04dce1
Add TFLint as first pipeline step
Some checks failed
Code Quality & Security Scan / TFLint (push) Failing after 28s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped
Details
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Details 
- Added TFLint job to catch Terraform errors and best practices
- TFLint runs before Checkov for early error detection
- Uses latest TFLint version with automatic initialization
- Pipeline flow: TFLint -> Checkov -> SonarQube
 2025-11-01 22:56:34 +01:00
Patrick de Ruiter
d7bc88ced2
Fix Checkov workflow for Gitea compatibility
All checks were successful
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 30s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 44s
Details 
- Removed upload-artifact step (not supported in Gitea)
- Simplified output to CLI format only
- Checkov results will be displayed in pipeline logs
 2025-11-01 22:51:19 +01:00
Patrick de Ruiter
1262a96f93
Add Checkov compliance scanning to CI pipeline
Some checks failed
Code Quality & Security Scan / Checkov Security Scan (push) Failing after 1m58s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Details 
- Added Checkov security scan job that runs before SonarQube
- Configured for Terraform-specific IaC compliance checks
- Outputs results in CLI and SARIF formats
- Uploads scan results as artifacts for review
- SonarQube job now depends on Checkov passing
- Renamed workflow to reflect both quality and security scanning
 2025-11-01 22:36:25 +01:00
Patrick de Ruiter
dcc7aaa091
Update SonarQube action to v6 for security patches
All checks were successful
SonarQube Scan / SonarQube Trigger (push) Successful in 47s
Details
2025-11-01 20:39:05 +01:00
Patrick de Ruiter
bcb3110e03
Fix SonarQube scan Java version mismatch
Some checks failed
SonarQube Scan / SonarQube Trigger (push) Has been cancelled
Details 
- Updated SonarQube action from kitabisa/sonarqube-action@v1.2.0 to sonarsource/sonarqube-scan-action@v4
- Official action uses Java 17, compatible with SonarQube 25.10
- Added sonar-project.properties with Terraform-specific exclusions
- Fixes: java.lang.UnsupportedClassVersionError (class file version 61.0 vs 55.0)
 2025-11-01 20:36:15 +01:00
Patrick de Ruiter
171d476941
Added gitea action pipeline
Some checks failed
SonarQube Scan / SonarQube Trigger (push) Failing after 20s
Details
2025-11-01 19:47:36 +01:00
Patrick de Ruiter
dd088b4d17
Added gitea action pipeline 2025-11-01 19:45:34 +01:00
Patrick de Ruiter
560200bb3c
Initial commit: Terraform vSphere resource groups module 
- Add vSphere resource pool management
- Configure CPU and memory allocation controls
- Implement tagging system for organization
- Add comprehensive documentation
 2025-11-01 06:18:59 +01:00