Linting changes (#23)

* lint smtp mailer file * add precommit * lint shared functions file * lint shared functions file * format smtp mailer file * add gitleaks precommit * lint ses mailer file * lint mailgun mailer file * lint encryption file * lint destructor file * lint destructor file * lint destructor file * lint creator file * update imports order * update github actions version * update tf files and workflow * remove uploading semgrep results to github * fix iam policy syntax and upgrade python version * update libraries and fix syntax * add script to build lambda layers * use trap
skildops · Apr 3, 2024 · 677c35e · 677c35e
1 parent 7f268fb
commit 677c35e
Show file tree

Hide file tree

Showing 19 changed files with 785 additions and 490 deletions.
diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml
@@ -7,14 +7,14 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python 3.9
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.11
       - name: Scan with Checkov
         id: checkov
-        uses: bridgecrewio/checkov-action@master
+        uses: bridgecrewio/checkov-action@v12
         with:
           directory: terraform
           framework: terraform
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -37,7 +37,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,9 +10,9 @@ jobs:
       run:
         working-directory: terraform
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
       - name: Terraform Init
         id: init
         run: terraform init
@@ -22,14 +22,14 @@ jobs:
   checkov:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python 3.9
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.11
       - name: Scan with Checkov
         id: checkov
-        uses: bridgecrewio/checkov-action@master
+        uses: bridgecrewio/checkov-action@v12
         with:
           directory: terraform
           framework: terraform
@@ -39,7 +39,7 @@ jobs:
       run:
         working-directory: src
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
@@ -52,15 +52,15 @@ jobs:
       run:
         working-directory: src
     container:
-      image: returntocorp/semgrep
+      image: semgrep/semgrep
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: semgrep ci --config "p/ci" --config "p/python" --config "p/owasp-top-ten" --sarif --output=semgrep.sarif
   release:
     needs: [test, checkov, codeql, semgrep]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: "marvinpinto/[email protected]"
         with:
           repo_token: "${{ secrets.GITHUB_TOKEN }}"

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -27,21 +27,15 @@ jobs:
   semgrep:
     name: scan
     runs-on: ubuntu-latest
+    container:
+      image: semgrep/semgrep
     steps:
       # Fetch project source
-      - uses: actions/checkout@v3
-
-      - uses: returntocorp/semgrep-action@v1
-        with:
-          generateSarif: "1"
-          config: >-
-            p/ci
-            p/python
-            p/owasp-top-ten
-            p/cwe-top-25
-
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: semgrep.sarif
-        if: always()
+      - uses: actions/checkout@v4
+      # Run the "semgrep ci" command on the command line of the docker image.
+      - run: semgrep ci --config "p/ci" --config "p/python" --config "p/owasp-top-ten" --sarif --output=semgrep.sarif
+        env:
+          # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
+          # Generate a token from Semgrep Cloud Platform > Settings
+          # and add it to your GitHub secrets.
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -10,9 +10,9 @@ jobs:
       run:
         working-directory: terraform
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
       - name: Terraform Init
         id: init
         run: terraform init

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,18 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v2.3.0
+  hooks:
+  - id: check-yaml
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.3.2
+  hooks:
+    # Run the linter.
+    - id: ruff
+    # Run the formatter.
+    - id: ruff-format
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.18.2
+  hooks:
+    - id: gitleaks