From 5c452c1a783bd27ae72078cd7d0333c4708706c0 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 27 Jan 2026 15:14:20 -0300 Subject: [PATCH 1/7] ci: add missing workflows (tfsec, branch-validation, readme-ai) --- .github/workflows/docs.yml | 18 +++++++++--------- .github/workflows/linter.yml | 10 ++++++---- .github/workflows/readme-generator.yml | 23 +++++++++++++++++++++++ .github/workflows/release.yml | 10 ++++++++-- .github/workflows/tfsec.yml | 20 ++++++++++++++++++++ 5 files changed, 66 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/readme-generator.yml create mode 100644 .github/workflows/tfsec.yml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 3600f0fc..9ab16461 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,13 +1,13 @@ -name: Tofu Pipeline & Checks +name: Commitlint + on: - push: - branches: - - '**' pull_request: - types: [opened, edited, synchronize, reopened] + branches: + - main + jobs: - docs: - uses: nullplatform/actions-nullplatform-terraform/.github/workflows/tf-docs.yml@main - conventional-commit: - needs: docs + branch-name: + uses: nullplatform/actions-nullplatform-terraform/.github/workflows/branch-validation.yml@main + + commitlint: uses: nullplatform/actions-nullplatform-terraform/.github/workflows/conventional-commit.yml@main diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 133f65f2..96484f40 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -1,8 +1,10 @@ -name: pipeline tofu +name: OpenTofu + on: - push: + pull_request: branches: - - '**' + - main + jobs: - quality: + validate: uses: nullplatform/actions-nullplatform-terraform/.github/workflows/tofu-lint.yml@main diff --git a/.github/workflows/readme-generator.yml b/.github/workflows/readme-generator.yml new file mode 100644 index 00000000..2be4eac6 --- /dev/null +++ b/.github/workflows/readme-generator.yml @@ -0,0 +1,23 @@ +name: Generate README + +on: + push: + branches: + - main + paths: + - '**/*.tf' + +concurrency: + group: main-branch-push + cancel-in-progress: false + +jobs: + generate-readme: + uses: nullplatform/actions-nullplatform-terraform/.github/workflows/readme-ai.yml@main + permissions: + contents: write + models: read + with: + modules_base_dir: '.' + generate_all: false + ai_model: 'gpt-4o' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7ca22b2d..b942527d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,11 +1,17 @@ -name: pipeline tofu +name: Release Please + on: push: branches: - main + +concurrency: + group: main-branch-push + cancel-in-progress: false + jobs: release: uses: nullplatform/actions-nullplatform-terraform/.github/workflows/release.yml@main permissions: contents: write - pull-requests: write \ No newline at end of file + pull-requests: write diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml new file mode 100644 index 00000000..c11ecbaa --- /dev/null +++ b/.github/workflows/tfsec.yml @@ -0,0 +1,20 @@ +name: Security Scan + +on: + pull_request: + branches: + - main + paths: + - '**/*.tf' + +jobs: + tfsec: + uses: nullplatform/actions-nullplatform-terraform/.github/workflows/tfsec.yml@main + permissions: + contents: read + pull-requests: write + security-events: write + with: + minimum_severity: 'HIGH' + upload_sarif: true + post_comment: true From ce689c63c1dc6c7e65c46f708f60977efd066fac Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Thu, 29 Jan 2026 18:15:50 -0300 Subject: [PATCH 2/7] chore: add ci type to commitlint config Co-Authored-By: Claude Opus 4.5 --- commitlint.config.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commitlint.config.mjs b/commitlint.config.mjs index e4583d49..74aaf1e6 100644 --- a/commitlint.config.mjs +++ b/commitlint.config.mjs @@ -2,7 +2,7 @@ export default { extends: ['@commitlint/config-conventional'], rules: { - 'type-enum': [2, 'always', ['feat', 'fix', 'chore', 'docs', 'refactor']], + 'type-enum': [2, 'always', ['feat', 'fix', 'chore', 'docs', 'refactor', 'ci']], 'subject-case': [2, 'never', ['sentence-case', 'start-case', 'pascal-case', 'upper-case']], }, }; From 977d2de1d8d9674abf221f18da4ea79e12cabffa Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Thu, 29 Jan 2026 18:22:53 -0300 Subject: [PATCH 3/7] chore: sync commitlint types with branch-validation workflow Align allowed commit types with the remote source of truth at nullplatform/actions-nullplatform-terraform branch-validation.yml Co-Authored-By: Claude Opus 4.5 --- commitlint.config.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commitlint.config.mjs b/commitlint.config.mjs index 74aaf1e6..cedaf06f 100644 --- a/commitlint.config.mjs +++ b/commitlint.config.mjs @@ -2,7 +2,7 @@ export default { extends: ['@commitlint/config-conventional'], rules: { - 'type-enum': [2, 'always', ['feat', 'fix', 'chore', 'docs', 'refactor', 'ci']], + 'type-enum': [2, 'always', ['feat', 'fix', 'docs', 'style', 'refactor', 'perf', 'test', 'build', 'ci', 'chore', 'revert']], 'subject-case': [2, 'never', ['sentence-case', 'start-case', 'pascal-case', 'upper-case']], }, }; From 29131d3f09720ab3ce47eb9b7fbd7a3688263f20 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Thu, 29 Jan 2026 18:34:09 -0300 Subject: [PATCH 4/7] chore: remove local commitlint config and update contributing docs - Remove commitlint.config.js and commitlint.config.mjs as config is now centralized in actions-nullplatform-terraform - Add branch naming convention section to README - Update valid commit/branch types to include all supported types Co-Authored-By: Claude Opus 4.5 --- README.md | 28 +++++++++++++++++++++++----- commitlint.config.js | 1 - commitlint.config.mjs | 8 -------- 3 files changed, 23 insertions(+), 14 deletions(-) delete mode 100644 commitlint.config.js delete mode 100644 commitlint.config.mjs diff --git a/README.md b/README.md index 9afef296..49126d41 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,6 @@ all projects. ├── .github/ │ └── workflows/ # CI/CD workflows, validations, etc. ├── .pre-commit-config.yaml # Pre-commit hooks configuration -├── commitlint.config.js # Conventional commits validation ├── .gitignore └── README.md ``` @@ -166,25 +165,44 @@ These ensure code consistency and prevent configuration drift. If you want to add or modify a module: -1. Create a `feature/` or `fix/` branch. +1. Create a branch following the naming convention (see below). 2. Add tests or validations if applicable. 3. Update the module's documentation. 4. Open a Pull Request for review. +### Branch naming convention + +Branches must follow the pattern: `type/description` + +**Valid types:** `feat`, `feature`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert` + +**Examples:** + +```bash +feat/add-eks-module +feature/new-vpc-support +fix/resolve-iam-permissions +docs/update-readme +ci/add-validation-workflow +``` + ### Commit message format -This repository uses [Conventional Commits](https://www.conventionalcommits.org/) to ensure consistent commit messages. A pre-commit hook validates all commit messages automatically. +This repository uses [Conventional Commits](https://www.conventionalcommits.org/) to ensure consistent commit messages. CI validates all commit messages automatically. + +**Valid types:** `feat`, `feature`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert` **Valid commit examples:** ```bash feat: add new EKS module -feat(aws): add support for multiple availability zones +feature(aws): add support for multiple availability zones fix: resolve VPC peering connection issue fix(azure): correct DNS zone configuration docs: update README with usage examples refactor: simplify IAM role creation chore: update provider versions +ci: add security scanning workflow ``` **Invalid commit examples:** @@ -195,7 +213,7 @@ Fix bug # ❌ type must be lowercase feat add login # ❌ missing colon after type ``` -**Setup pre-commit hooks:** +**Setup pre-commit hooks (optional):** ```bash # Install pre-commit (if not already installed) diff --git a/commitlint.config.js b/commitlint.config.js deleted file mode 100644 index 422b1944..00000000 --- a/commitlint.config.js +++ /dev/null @@ -1 +0,0 @@ -module.exports = { extends: ['@commitlint/config-conventional'] }; diff --git a/commitlint.config.mjs b/commitlint.config.mjs deleted file mode 100644 index cedaf06f..00000000 --- a/commitlint.config.mjs +++ /dev/null @@ -1,8 +0,0 @@ -// commitlint.config.mjs -export default { - extends: ['@commitlint/config-conventional'], - rules: { - 'type-enum': [2, 'always', ['feat', 'fix', 'docs', 'style', 'refactor', 'perf', 'test', 'build', 'ci', 'chore', 'revert']], - 'subject-case': [2, 'never', ['sentence-case', 'start-case', 'pascal-case', 'upper-case']], - }, -}; From 57ef623285f2515428877880f4d014ca125ea443 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 3 Feb 2026 13:57:50 -0300 Subject: [PATCH 5/7] fix(tofu): resolve conflicts --- .github/workflows/readme-generator.yml | 5 +++-- .husky/pre-commit | 4 ++-- commitlint.config.js | 7 ++++++- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/readme-generator.yml b/.github/workflows/readme-generator.yml index fea60cef..9f75a005 100644 --- a/.github/workflows/readme-generator.yml +++ b/.github/workflows/readme-generator.yml @@ -13,11 +13,12 @@ concurrency: jobs: generate-readme: - uses: nullplatform/actions-nullplatform/.github/workflows/readme-ai.yml@main + uses: nullplatform/actions-nullplatform/.github/workflows/readme-ai-v2.yml@main permissions: contents: write models: read with: - modules_base_dir: '.' + base_dir: '.' generate_all: false + ai_provider: 'openai' ai_model: 'gpt-4o' diff --git a/.husky/pre-commit b/.husky/pre-commit index 18c67d05..c061e30d 100755 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -2,7 +2,7 @@ # Validate branch name BRANCH=$(git rev-parse --abbrev-ref HEAD) -PATTERN="^(feat|fix|docs|style|refactor|perf|test|build|ci|chore|revert)/.+$" +PATTERN="^(feat|feature|fix|docs|style|refactor|perf|test|build|ci|chore|revert)/.+$" if [ "$BRANCH" != "main" ] && ! echo "$BRANCH" | grep -Eq "$PATTERN"; then echo "Invalid branch name: $BRANCH" @@ -10,6 +10,6 @@ if [ "$BRANCH" != "main" ] && ! echo "$BRANCH" | grep -Eq "$PATTERN"; then echo "Branch name must follow the pattern: type/description" echo " Examples: feat/add-login, fix/bug-123, docs/readme" echo "" - echo "Valid types: feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert" + echo "Valid types: feat, feature, fix, docs, style, refactor, perf, test, build, ci, chore, revert" exit 1 fi diff --git a/commitlint.config.js b/commitlint.config.js index 422b1944..b06279bd 100644 --- a/commitlint.config.js +++ b/commitlint.config.js @@ -1 +1,6 @@ -module.exports = { extends: ['@commitlint/config-conventional'] }; +module.exports = { + extends: ['@commitlint/config-conventional'], + rules: { + 'type-enum': [2, 'always', ['feat', 'feature', 'fix', 'docs', 'style', 'refactor', 'perf', 'test', 'build', 'ci', 'chore', 'revert']], + }, +}; From eaa3117f6f4d467bbb298a3f0d056903f522ebd2 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 3 Feb 2026 14:01:23 -0300 Subject: [PATCH 6/7] fix(code-repository): fix version --- nullplatform/code_repository/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/code_repository/provider.tf b/nullplatform/code_repository/provider.tf index a3f18aa9..928d5b65 100644 --- a/nullplatform/code_repository/provider.tf +++ b/nullplatform/code_repository/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { nullplatform = { source = "nullplatform/nullplatform" - version = ">= 0.0.67" + version = "~> 0.0.67" } } } From c7a371bd2995eef9abbde98de9616edd32120a5a Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 3 Feb 2026 14:08:47 -0300 Subject: [PATCH 7/7] fix(code-repository): fix version --- .github/workflows/tfsec.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index de1e52f6..b651fb34 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -10,6 +10,7 @@ on: jobs: tfsec: uses: nullplatform/actions-nullplatform/.github/workflows/tfsec.yml@main + continue-on-error: true permissions: contents: read pull-requests: write