From b57c20775790d44ec365463e536258e1c4b81b90 Mon Sep 17 00:00:00 2001 From: Abdelmoumene Haouari <77422917+abdelhaouari@users.noreply.github.com> Date: Thu, 10 Apr 2025 16:02:56 -0400 Subject: [PATCH 1/5] Create main.yml --- .github/workflows/main.yml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..e1a93d8 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,37 @@ +name: Analyse Terraform avec TFDefectGA 🚀 + +on: + push: + paths: + - "**.tf" + pull_request: + paths: + - "**.tf" + workflow_dispatch: + +jobs: + tfdefect-analysis: + runs-on: ubuntu-latest + + steps: + - name: Cloner le dépôt + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: 🚀 Lancer TFDefectGA + uses: TFDefect/TFDefectGA@v1.0.3 + with: + model: randomforest + + - name: 📦 Sauvegarder le rapport HTML + uses: actions/upload-artifact@v4 + with: + name: rapport-tfdefectga + path: out/reports/*.html + + - name: 💾 Sauvegarder defect_history.json + uses: actions/upload-artifact@v4 + with: + name: historique-defauts + path: out/defect_history.json From 02f1b9b8155d6960327b462e0b8a48299d79ff09 Mon Sep 17 00:00:00 2001 From: Abdelmoumene Haouari <77422917+abdelhaouari@users.noreply.github.com> Date: Thu, 10 Apr 2025 16:10:11 -0400 Subject: [PATCH 2/5] Update main.yml --- .github/workflows/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e1a93d8..bca2965 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,10 +14,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Cloner le dépôt + - name: Cloner un commit précis uses: actions/checkout@v3 with: - fetch-depth: 0 + ref: c191f7bcb0fa786b68c7b3904b6f3bbb90881fc6 + fetch-depth: 2 - name: 🚀 Lancer TFDefectGA uses: TFDefect/TFDefectGA@v1.0.3 From aacc25797d5597edaa45336585453e241ec9387e Mon Sep 17 00:00:00 2001 From: Abdelmoumene Haouari <77422917+abdelhaouari@users.noreply.github.com> Date: Thu, 10 Apr 2025 16:10:20 -0400 Subject: [PATCH 3/5] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bca2965..ea53ebe 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@v3 with: ref: c191f7bcb0fa786b68c7b3904b6f3bbb90881fc6 - fetch-depth: 2 + fetch-depth: 0 - name: 🚀 Lancer TFDefectGA uses: TFDefect/TFDefectGA@v1.0.3 From e8ed14dfeb0d7137d21d84c99b39a01721fa9267 Mon Sep 17 00:00:00 2001 From: Abdelmoumene Haouari <77422917+abdelhaouari@users.noreply.github.com> Date: Thu, 10 Apr 2025 16:36:07 -0400 Subject: [PATCH 4/5] Update main.yml --- .github/workflows/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ea53ebe..e57f97b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,10 +14,9 @@ jobs: runs-on: ubuntu-latest steps: - - name: Cloner un commit précis + - name: 📥 Cloner le dépôt uses: actions/checkout@v3 with: - ref: c191f7bcb0fa786b68c7b3904b6f3bbb90881fc6 fetch-depth: 0 - name: 🚀 Lancer TFDefectGA From f47fd714c31c23b9333eebe750484e5b067e408b Mon Sep 17 00:00:00 2001 From: Abdelmoumene Haouari Date: Thu, 10 Apr 2025 16:41:00 -0400 Subject: [PATCH 5/5] modif .tf files --- aws/aws_domain_redirect/main.tf | 3 ++- aws/wordpress_fargate/cloudfront.tf | 4 ++-- aws/wordpress_fargate/route53.tf | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/aws/aws_domain_redirect/main.tf b/aws/aws_domain_redirect/main.tf index 27c170e..3ba6e69 100644 --- a/aws/aws_domain_redirect/main.tf +++ b/aws/aws_domain_redirect/main.tf @@ -3,7 +3,7 @@ module "aws_reverse_proxy" { # Check for updates: https://github.com/futurice/terraform-utils/compare/v11.0...master source = "git::ssh://git@github.com/futurice/terraform-utils.git//aws_reverse_proxy?ref=v11.0" - origin_url = "http://example.com/" # note that this is just a dummy value to satisfy CloudFront, it won't ever be used with the override_* variables in place + origin_url = "http://google.com/" # note that this is just a dummy value to satisfy CloudFront, it won't ever be used with the override_* variables in place site_domain = "${var.redirect_domain}" name_prefix = "${var.name_prefix}" comment_prefix = "${var.comment_prefix}" @@ -11,6 +11,7 @@ module "aws_reverse_proxy" { viewer_https_only = "${var.viewer_https_only}" lambda_logging_enabled = "${var.lambda_logging_enabled}" tags = "${var.tags}" + add_response_headers = { "Strict-Transport-Security" = "${var.redirect_with_hsts ? "max-age=31557600; preload" : ""}" diff --git a/aws/wordpress_fargate/cloudfront.tf b/aws/wordpress_fargate/cloudfront.tf index 19aa233..a762c57 100644 --- a/aws/wordpress_fargate/cloudfront.tf +++ b/aws/wordpress_fargate/cloudfront.tf @@ -18,7 +18,7 @@ resource "aws_cloudfront_distribution" "this" { origin_id = "alb" custom_origin_config { - http_port = 80 + http_port = 88 https_port = 443 origin_protocol_policy = "https-only" origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] @@ -32,7 +32,7 @@ resource "aws_cloudfront_distribution" "this" { aliases = [var.site_domain] default_cache_behavior { - allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] + allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST"] cached_methods = ["GET", "HEAD", "OPTIONS"] target_origin_id = "alb" diff --git a/aws/wordpress_fargate/route53.tf b/aws/wordpress_fargate/route53.tf index d08d8c0..6acfef9 100644 --- a/aws/wordpress_fargate/route53.tf +++ b/aws/wordpress_fargate/route53.tf @@ -9,7 +9,7 @@ data "aws_route53_zone" "this" { resource "aws_route53_record" "ipv4" { zone_id = data.aws_route53_zone.this.zone_id name = var.site_domain - type = "A" + type = "B" alias { name = aws_cloudfront_distribution.this.domain_name