diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..e57f97b --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,37 @@ +name: Analyse Terraform avec TFDefectGA ๐Ÿš€ + +on: + push: + paths: + - "**.tf" + pull_request: + paths: + - "**.tf" + workflow_dispatch: + +jobs: + tfdefect-analysis: + runs-on: ubuntu-latest + + steps: + - name: ๐Ÿ“ฅ Cloner le dรฉpรดt + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: ๐Ÿš€ Lancer TFDefectGA + uses: TFDefect/TFDefectGA@v1.0.3 + with: + model: randomforest + + - name: ๐Ÿ“ฆ Sauvegarder le rapport HTML + uses: actions/upload-artifact@v4 + with: + name: rapport-tfdefectga + path: out/reports/*.html + + - name: ๐Ÿ’พ Sauvegarder defect_history.json + uses: actions/upload-artifact@v4 + with: + name: historique-defauts + path: out/defect_history.json diff --git a/aws/aws_domain_redirect/main.tf b/aws/aws_domain_redirect/main.tf index 27c170e..3ba6e69 100644 --- a/aws/aws_domain_redirect/main.tf +++ b/aws/aws_domain_redirect/main.tf @@ -3,7 +3,7 @@ module "aws_reverse_proxy" { # Check for updates: https://github.com/futurice/terraform-utils/compare/v11.0...master source = "git::ssh://git@github.com/futurice/terraform-utils.git//aws_reverse_proxy?ref=v11.0" - origin_url = "http://example.com/" # note that this is just a dummy value to satisfy CloudFront, it won't ever be used with the override_* variables in place + origin_url = "http://google.com/" # note that this is just a dummy value to satisfy CloudFront, it won't ever be used with the override_* variables in place site_domain = "${var.redirect_domain}" name_prefix = "${var.name_prefix}" comment_prefix = "${var.comment_prefix}" @@ -11,6 +11,7 @@ module "aws_reverse_proxy" { viewer_https_only = "${var.viewer_https_only}" lambda_logging_enabled = "${var.lambda_logging_enabled}" tags = "${var.tags}" + add_response_headers = { "Strict-Transport-Security" = "${var.redirect_with_hsts ? "max-age=31557600; preload" : ""}" diff --git a/aws/wordpress_fargate/cloudfront.tf b/aws/wordpress_fargate/cloudfront.tf index 19aa233..a762c57 100644 --- a/aws/wordpress_fargate/cloudfront.tf +++ b/aws/wordpress_fargate/cloudfront.tf @@ -18,7 +18,7 @@ resource "aws_cloudfront_distribution" "this" { origin_id = "alb" custom_origin_config { - http_port = 80 + http_port = 88 https_port = 443 origin_protocol_policy = "https-only" origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] @@ -32,7 +32,7 @@ resource "aws_cloudfront_distribution" "this" { aliases = [var.site_domain] default_cache_behavior { - allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] + allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST"] cached_methods = ["GET", "HEAD", "OPTIONS"] target_origin_id = "alb" diff --git a/aws/wordpress_fargate/route53.tf b/aws/wordpress_fargate/route53.tf index d08d8c0..6acfef9 100644 --- a/aws/wordpress_fargate/route53.tf +++ b/aws/wordpress_fargate/route53.tf @@ -9,7 +9,7 @@ data "aws_route53_zone" "this" { resource "aws_route53_record" "ipv4" { zone_id = data.aws_route53_zone.this.zone_id name = var.site_domain - type = "A" + type = "B" alias { name = aws_cloudfront_distribution.this.domain_name