Skip to content

Chore: tool config and workflow updates#60

Merged
bcdady merged 12 commits intomainfrom
chore-dependabot
Dec 31, 2025
Merged

Chore: tool config and workflow updates#60
bcdady merged 12 commits intomainfrom
chore-dependabot

Conversation

@bcdady
Copy link
Copy Markdown
Owner

@bcdady bcdady commented Dec 31, 2025

This pull request introduces several foundational improvements to the repository's infrastructure, focusing on code consistency, automated dependency and Terraform checks, and security/static analysis. The most important changes are grouped below:

CI/CD and Automation Enhancements:

  • Added a GitHub Actions workflow for Terraform CI, automating formatting, initialization, validation, linting (TFLint), and security scanning (TFSec and Checkov) for all pushes and pull requests to main (.github/workflows/terraform.yml).
  • Introduced a Dependency Review workflow using GitHub Actions to automatically review dependencies on pull requests (.github/workflows/dependency-review.yml).

Dependency Management Improvements:

  • Updated Dependabot configuration to:
    • Set reviewer(s) for PRs,
    • Limit open PRs,
    • Add support for github-actions ecosystem in addition to Terraform (.github/dependabot.yml).

Code Quality and Consistency:

  • Added an .editorconfig file to enforce consistent code style across the project, including indentation, line endings, and file-specific overrides (.editorconfig).

Static Analysis and Linting:

  • Added a TFLint configuration file to enable recommended rules and enforce Terraform best practices, including naming conventions and documentation requirements (.tflint.hcl).
  • Added a TFSec configuration file to exclude a specific Cloudflare DNS record rule from security scanning (.tfsec.yml).

@bcdady
chore(deps): update dependabot configuration for terraform and github…
ac3983e 
…-actions

Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
chore(ci): add dependency review github-action
c3924da 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
chore(ci): add terraform CI workflow
17d3b0b 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
chore: add editor, tflint, tfsec config
1cec298 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
fix(ci): add TF_VAR_cf_api_token
59fea6f 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
fix(ci): add TF_API_TOKEN
4df7a1a 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
chore(ci): specify environment for the terraform env secrets
4a9a4d9 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
chore(ci): enhance Terraform CI workflow with caching and PR plan com…
6caa671 
…ments

Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
fix(ci): set tf creds instead of env secret
cc3aa13 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
fix(zone): correct reference in zone_id
bc1f8a3 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
fix(zone): correct zone_id reference in locals
b3a22cc 
Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady
fix(zone): set default value of zone_enabled to false
3493067 
To work around / resolve a validate error
that only appears in CI, for local.zone_id

Signed-off-by: Bryan Dady <bryan@dady.us>
@bcdady bcdady mentioned this pull request Dec 31, 2025
Open
@bcdady bcdady marked this pull request as ready for review December 31, 2025 20:37
@bcdady bcdady merged commit f444dcf into main Dec 31, 2025
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bcdady