ci: update to new pipeline (#142)

Author: daniel-butler-irl

.github/settings.yml

@@ -5,7 +5,7 @@
 # any change of this settings.yml file is detected by the GitHub App and
 # the settings of this repository are updated immediately.
 #
-_extends: repo-settings:.github/common-settings.yml
+_extends: repo-settings:.github/common-settings-v2.yml
 
 # repo-specific settings
 #
@@ -20,3 +20,4 @@ repository:
   # organization page and in the 'About' section of the repository.
 
   description: "Deploys the LogDNA agent and SysDig agents to a cluster"
+  topics: core-team, terraform, ibm-cloud, terraform-module, logdna, sysdig, monitoring-agent, logging-agent, observability-agent

.github/workflows/ci.yml

@@ -1,20 +1,15 @@
 name: CI-Pipeline
 
-# Controls when the workflow will run
+# Controls when the workflow will run, when comment is created
 on:
-  # Triggers the workflow on push or pull request events but only for the main branch
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
+  issue_comment:
+    types:
+      - created
 jobs:
   call-terraform-ci-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci.yml@v1.9.1
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.14.0
     secrets: inherit
     with:
+      craSCCv2: true
       craTarget: "examples/basic"
-      craGoalIgnoreFile: "cra-tf-validate-ignore-goals.json"
+      craRuleIgnoreFile: "cra-tf-validate-ignore-rules.json"

.github/workflows/release.yml

@@ -1,17 +1,12 @@
 name: Release-Pipeline
 
+# Trigger on push(merge) to main branch
 on:
-  workflow_run:
-    workflows: [CI-Pipeline]
-    branches: [main]
-    types:
-      - completed
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
+  push:
+    branches:
+      - main
 
 jobs:
   call-terraform-release-pipeline:
-    if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') }}
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected]
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected]
     secrets: inherit

cra-tf-validate-ignore-goals.json

@@ -0,0 +1,16 @@
+{
+    "scc_rules": [
+        {
+            "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9",
+            "description": "Check whether Flow Logs for VPC are enabled",
+            "ignore_reason": "This rule is not relevant to the module itself, just the VPC resource that is used in the example that is scanned",
+            "is_valid": false
+        },
+        {
+            "scc_rule_id": "rule-2325054a-c338-474a-9740-0b7034487e40",
+            "description:": "Check whether OpenShift clusters are accessible only by using private endpoints",
+            "ignore_reason": "This rule is not relevant to the module itself, just the cluster resource that is used in the example that is scanned",
+            "is_valid": false
+        }
+    ]
+}