bump modules to be supported by tf 0.13+

Author: wsilva

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @grupoboticario/sq-devops-dea-ped

.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+
+registries:
+  github-grupoboticario:
+    type: git
+    url: https://github.com
+    username: x-access-token
+    password: ${{ secrets.GB_TERRAFORM_API_TOKEN }}
+
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    open-pull-requests-limit: 10
+    schedule:
+      interval: weekly
+
+updates:

.github/workflows/dependabot.yaml

@@ -0,0 +1,22 @@
+name: Update Dependabot Config File
+
+on:
+  - pull_request
+
+permissions:
+  contents: write
+  pull-requests: read
+  deployments: write
+
+jobs:
+  updateDependabotCfgFile:
+    runs-on: [self-hosted, core-shr]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+      - name: Update Dependabot Config File
+        uses: grupoboticario/actions-tf-dependabot@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/devsecops.yml

@@ -0,0 +1,13 @@
+run-name: DevSecOps
+name: DevSecOps
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  devsecops:
+    uses: grupoboticario/actions-devsecops-workflows/.github/workflows/devsecops.yml@v0

.github/workflows/pre-commit.yml

@@ -1,78 +1,16 @@
-name: Pre-Commit
+name: pre-commit
 
 on:
   pull_request:
-    branches:
-      - main
-      - master
-
-env:
-  TERRAFORM_DOCS_VERSION: v0.16.0
+    branches: [main]
+  push:
+    branches: [main]
 
 jobs:
-  collectInputs:
-    name: Collect workflow inputs
-    runs-on: ubuntu-latest
-    outputs:
-      directories: ${{ steps.dirs.outputs.directories }}
+  pre-commit:
+    runs-on: [self-hosted, core-shr]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Get root directories
-        id: dirs
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-
-  preCommitMinVersions:
-    name: Min TF pre-commit
-    needs: collectInputs
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Terraform min/max versions
-        id: minMax
-        uses: clowdhaus/[email protected]
-        with:
-          directory: ${{ matrix.directory }}
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        # Run only validate pre-commit check on min version supported
-        if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        with:
-          terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        # Run only validate pre-commit check on min version supported
-        if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        with:
-          terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
-
-  preCommitMaxVersion:
-    name: Max TF pre-commit
-    runs-on: ubuntu-latest
-    needs: collectInputs
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-          repository: ${{github.event.pull_request.head.repo.full_name}}
-
-      - name: Terraform min/max versions
-        id: minMax
-        uses: clowdhaus/[email protected]
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        with:
-          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
-          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+        uses: actions/checkout@v4
+      - name: pre-commit
+        uses: grupoboticario/actions-tf-pre-commit@v1

.gitignore

@@ -27,3 +27,4 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+.terraform.lock.hcl

.pre-commit-config.yaml

@@ -1,29 +1,32 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.64.0
+    rev: v1.89.0
     hooks:
-      - id: terraform_fmt
-      - id: terraform_validate
-      - id: terraform_docs
+      - id: terraform_checkov
         args:
-          - '--args=--lockfile=false'
+          - --args=--skip-check CKV_AWS_23
+          - --args=--skip-check CKV_AWS_18
+          - --args=--skip-check CKV_AWS_109
+          - --args=--skip-check CKV_AWS_111
+          - --args=--skip-check CKV_AWS_144
+          - --args=--skip-check CKV_AWS_145
+          - --args=--skip-check CKV_AWS_149
+          - --args=--skip-check CKV_AWS_274
+          - --args=--skip-check CKV_AWS_356
+          - --args=--skip-check CKV2_AWS_5
+          - --args=--skip-check CKV2_AWS_57
+          - --args=--skip-check CKV2_AWS_61
+          - --args=--skip-check CKV2_AWS_62
+          - --args=--skip-check CKV2_AWS_65
+          - --args=--skip-check CKV_TF_1
+          - --args=--skip-check CKV2_GHA_1
+      - id: terraform_docs
+      - id: terraform_docs_without_aggregate_type_defaults
+      - id: terraform_fmt
       - id: terraform_tflint
-        args:
-          - '--args=--only=terraform_deprecated_interpolation'
-          - '--args=--only=terraform_deprecated_index'
-          - '--args=--only=terraform_unused_declarations'
-          - '--args=--only=terraform_comment_syntax'
-          - '--args=--only=terraform_documented_outputs'
-          - '--args=--only=terraform_documented_variables'
-          - '--args=--only=terraform_typed_variables'
-          - '--args=--only=terraform_module_pinned_source'
-          - '--args=--only=terraform_naming_convention'
-          - '--args=--only=terraform_required_version'
-          - '--args=--only=terraform_required_providers'
-          - '--args=--only=terraform_standard_module_structure'
-          - '--args=--only=terraform_workspace_remote'
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
-    hooks:
-      - id: check-merge-conflict
-      - id: end-of-file-fixer
+      - id: terraform_trivy
+      # - id: terraform_validate
+      # - id: terrascan
+      #   args:
+      #     - --args=--non-recursive
+      #     - --args=--skip-rules="AC_AWS_0500"

README.md

@@ -201,6 +201,7 @@ Users have the ability to:
 1. This module does not create RDS security group. Use [terraform-aws-security-group](https://github.com/terraform-aws-modules/terraform-aws-security-group) module for this.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/complete-mssql/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/complete-mssql/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/complete-mysql/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/complete-mysql/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/complete-oracle/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/complete-oracle/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/complete-postgres/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/complete-postgres/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/cross-region-replica-postgres/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/cross-region-replica-postgres/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/enhanced-monitoring/README.md

@@ -17,6 +17,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/enhanced-monitoring/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/groups/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/groups/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/replica-mysql/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |

examples/replica-mysql/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4"
     }
   }
 }

examples/replica-postgres/README.md

@@ -15,6 +15,7 @@ $ terraform apply
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## Requirements
 
 | Name | Version |