Skip to content

Terraform#11

Merged
cgrpa merged 13 commits into
mainfrom
terraform
May 6, 2026
Merged

Terraform#11
cgrpa merged 13 commits into
mainfrom
terraform

Conversation

@cgrpa

@cgrpa cgrpa commented Apr 30, 2026

Copy link
Copy Markdown
Owner

This pull request introduces several improvements and refactors to the CI/CD workflow, project structure, and developer tooling. The main highlights are a more modular and efficient GitHub Actions workflow, restructuring of the .NET solution files, and enhancements for security and automation.

CI/CD Workflow Improvements:

  • Refactored .github/workflows/pr-validation.yml to split validation into multiple jobs: path-based filtering, Zizmor security scan, Terraform plan, .NET tests, and a final status check. Each job now uses more restrictive permissions and sparse checkouts for efficiency and security.
  • Updated the Docker CI workflow to use environment variables for build arguments and disabled credential persistence on code checkout for improved security. [1] [2] [3]

.NET Solution Structure Changes:

  • Removed the legacy TheSexy6BotWorker.sln and replaced it with a simplified TheSexy6BotWorker.slnx that points to the new project location under src/dotnet/. All workflow references to the solution file have been updated accordingly. [1] [2] [3]

Developer Tooling:

  • Added a .vscode/settings.json file to auto-approve Terraform commands in the VS Code terminal, streamlining the developer experience.

Security and Best Practices:

  • All GitHub Actions checkouts now use pinned commit SHAs and have persist-credentials: false set to reduce the risk of credential leakage. [1] [2] [3]

Summary of Most Important Changes:

CI/CD Workflow Enhancements:

  • Modularized PR validation workflow with job-level filters and outputs, introducing separate jobs for Zizmor scanning, Terraform planning, .NET testing, and a status aggregator. Each job uses minimal permissions and sparse checkouts for performance and security. (.github/workflows/pr-validation.yml)
  • Docker CI workflow now injects build arguments via environment variables and disables credential persistence during checkout for improved security. (.github/workflows/docker-ci.txt) [1] [2] [3]

.NET Solution and Build Updates:

  • Removed the old .sln file and switched to .slnx format, updating project paths to reflect the new directory structure under src/dotnet/. All workflow steps now reference the new solution file. (TheSexy6BotWorker.sln, TheSexy6BotWorker.slnx, .github/workflows/pr-validation.yml) [1] [2] [3]

Developer Experience:

  • Added VS Code settings to auto-approve Terraform terminal commands, reducing friction for developers working with infrastructure code. (.vscode/settings.json)

Security Improvements:

  • All GitHub Actions checkouts use pinned versions and disable credential persistence. [1] [2] [3]

Che added 4 commits April 30, 2026 13:07
…e dotnet from terraform. move dotnet code into dotnet location, and add terraform + initial scaffold
…uns terraform plan if tf changes. runs dotnet test always. fails pr if status check fails (either of depedent)
…plan job level. Add new job - Zizmor security scan.
@cgrpa cgrpa merged commit bb7f266 into main May 6, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant