Linting changes (#23)

* lint smtp mailer file

* add precommit

* lint shared functions file

* lint shared functions file

* format smtp mailer file

* add gitleaks precommit

* lint ses mailer file

* lint mailgun mailer file

* lint encryption file

* lint destructor file

* lint destructor file

* lint destructor file

* lint creator file

* update imports order

* update github actions version

* update tf files and workflow

* remove uploading semgrep results to github

* fix iam policy syntax and upgrade python version

* update libraries and fix syntax

* add script to build lambda layers

* use trap

Author: paliwalvimal

.github/workflows/checkov.yml

@@ -7,14 +7,14 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python 3.9
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.11
       - name: Scan with Checkov
         id: checkov
-        uses: bridgecrewio/checkov-action@master
+        uses: bridgecrewio/checkov-action@v12
         with:
           directory: terraform
           framework: terraform

.github/workflows/codeql.yml

@@ -37,7 +37,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/release.yml

@@ -10,9 +10,9 @@ jobs:
       run:
         working-directory: terraform
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
       - name: Terraform Init
         id: init
         run: terraform init
@@ -22,14 +22,14 @@ jobs:
   checkov:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python 3.9
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.11
       - name: Scan with Checkov
         id: checkov
-        uses: bridgecrewio/checkov-action@master
+        uses: bridgecrewio/checkov-action@v12
         with:
           directory: terraform
           framework: terraform
@@ -39,7 +39,7 @@ jobs:
       run:
         working-directory: src
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
@@ -52,15 +52,15 @@ jobs:
       run:
         working-directory: src
     container:
-      image: returntocorp/semgrep
+      image: semgrep/semgrep
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: semgrep ci --config "p/ci" --config "p/python" --config "p/owasp-top-ten" --sarif --output=semgrep.sarif
   release:
     needs: [test, checkov, codeql, semgrep]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: "marvinpinto/[email protected]"
         with:
           repo_token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/semgrep.yml

@@ -27,21 +27,15 @@ jobs:
   semgrep:
     name: scan
     runs-on: ubuntu-latest
+    container:
+      image: semgrep/semgrep
     steps:
       # Fetch project source
-      - uses: actions/checkout@v3
-
-      - uses: returntocorp/semgrep-action@v1
-        with:
-          generateSarif: "1"
-          config: >-
-            p/ci
-            p/python
-            p/owasp-top-ten
-            p/cwe-top-25
-
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: semgrep.sarif
-        if: always()
+      - uses: actions/checkout@v4
+      # Run the "semgrep ci" command on the command line of the docker image.
+      - run: semgrep ci --config "p/ci" --config "p/python" --config "p/owasp-top-ten" --sarif --output=semgrep.sarif
+        env:
+          # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
+          # Generate a token from Semgrep Cloud Platform > Settings
+          # and add it to your GitHub secrets.
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

.github/workflows/test.yml

@@ -10,9 +10,9 @@ jobs:
       run:
         working-directory: terraform
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
       - name: Terraform Init
         id: init
         run: terraform init

.pre-commit-config.yaml

@@ -0,0 +1,18 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v2.3.0
+  hooks:
+  - id: check-yaml
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.3.2
+  hooks:
+    # Run the linter.
+    - id: ruff
+    # Run the formatter.
+    - id: ruff-format
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.18.2
+  hooks:
+    - id: gitleaks