brew install pre-commit tflint tfsec trivy checkov detect-secretsGo to root direcotry of project
pre-commit install- now pre-commit will run automatically on git commit!
It's usually a good idea to run the hooks against all the files when adding new hooks (usually pre-commit will only run on the changed files during git hooks)
pre-commit run -aThis project is about to deploy below services on AWS via terraform:
- A backend server on ECS
- A frontend server on ECS
- A RDS database and its replica
- AN ALB to publish api and web app
The environment folder is the main module for different env where maintain the corresponding variables.
- Config your own AWS account
export AWS_ACCESS_KEY_ID={your_access_key} export AWS_SECRET_ACCESS_KEY={your_secret_key}
- Go into the
envfolder(ie: src/environments/dev) - Run terraform commands
terraform init terraform validate terraform plan terraform apply
A Github workflow will be triggered after push codes to master branch, and its step:
- Check secrets
- Code scan, including: lint, vulnerability scan
- Terraform format&validate
- Apply to aws (Only if head commit message contains
[!go deploy!])
Please notice:
- The AWS account is configured in Github secret, you need to change to your own one
- You don't have to follow these Github actions, and design your prefer.