made few improvements

made few improvements

.github/workflows/terraform.yml

@@ -4,64 +4,140 @@ name: Terraform
 on:
   pull_request:
 
+permissions:
+  contents: write
+  pull-requests: write
+
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
-  terraform-fmt:
+  fmt-lint-validate:
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@master
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+
+      - name: Setup Terraform Linters
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          github_token: ${{ env.GITHUB_TOKEN }}
+
       - name: Terraform Format
-        uses: hashicorp/terraform-github-actions@master
+        id: fmt
+        run: terraform fmt -check -recursive
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Lint
+        id: lint
+        run: tflint --no-color --recursive --format compact
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request' || always()
         with:
-          tf_actions_version: latest
-          tf_actions_subcommand: fmt
-          tf_actions_comment: true
+          github-token: ${{ env.GITHUB_TOKEN }}
+          script: |
+            // 1. Retrieve existing bot comments for the PR
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            })
+            const botComment = comments.find(comment => {
+              return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+            })
 
-  terraform-validate:
+            // 2. Prepare format of the comment
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Lint 📖\`${{ steps.lint.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            <details><summary>Validation Output</summary>
+
+            \`\`\`\n
+            ${{ steps.validate.outputs.stdout }}
+            \`\`\`
+
+            </details>`;
+
+            // 3. If we have a comment, update it, otherwise create a new one
+            if (botComment) {
+              github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: output
+              })
+            } else {
+              github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: output
+              })
+            }
+  
+  tfsec:
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@master
-      - name: Terraform Init
-        uses: hashicorp/terraform-github-actions@master
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Terraform security scan
+        uses: aquasecurity/[email protected]
         with:
-          tf_actions_version: latest
-          tf_actions_subcommand: init
-          tf_actions_comment: true
-      - name: Terraform Validate
-        uses: hashicorp/terraform-github-actions@master
-        env:
-          AWS_DEFAULT_REGION: eu-west-1
+          github_token: ${{ env.GITHUB_TOKEN }}
+          soft_fail: false
+
+      - name: Terraform pr commenter
+        uses: aquasecurity/[email protected]
         with:
-          tf_actions_version: latest
-          tf_actions_subcommand: validate
-          tf_actions_comment: true
+          github_token: ${{ env.GITHUB_TOKEN }}
+          tfsec_args: --concise-output --force-all-dirs
 
-  terraform-docs:
+  checkov:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-      - name: Update module usage docs and push any changes back to PR branch
-        uses: Dirrk/[email protected]
+        uses: actions/checkout@v4
+
+      - name: Run Checkov
+        uses: bridgecrewio/[email protected]
         with:
-          tf_docs_args: '--sort-inputs-by-required'
-          tf_docs_git_commit_message: 'terraform-docs: Update module usage'
-          tf_docs_git_push: 'true'
-          tf_docs_output_file: README.md
-          tf_docs_output_method: inject
-          tf_docs_find_dir: .
+          container_user: 1000
+          directory: "/"
+          download_external_modules: false
+          framework: terraform
+          output_format: sarif
+          quiet: true
+          skip_check: "CKV_TF_1,CKV_AWS_108,CKV_AWS_109,CKV_AWS_111,CKV_AWS_356"
+          soft_fail: false
 
-  tfsec:
-    name: tfsec
+  docs:
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-      - name: Terraform security scan
-        uses: triat/[email protected]
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render terraform docs inside the README.md and push changes back to PR branch
+        uses: terraform-docs/[email protected]
+        with:
+          args: --sort-by required
+          git-commit-message: "docs(readme): update module usage"
+          git-push: true
+          output-file: README.md
+          output-method: inject
+          working-dir: .
+        continue-on-error: true # added this to prevent a PR from a remote fork failing the workflow

examples/example.tf

@@ -1,5 +1,5 @@
 module "example_glue_job" {
-  source            = "github.com/komminar/terraform-aws-glue-job?ref=v0.1.0"
+  source            = "github.com/komminarlab/terraform-aws-glue-job?ref=v1.0.0"
   name              = "example-glue-job"
   max_retries       = 1
   number_of_workers = 2

iam.tf

@@ -0,0 +1,29 @@
+data "aws_iam_policy_document" "default" {
+  statement {
+    actions = ["sts:AssumeRole"]
+    principals {
+      type        = "Service"
+      identifiers = ["glue.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "default" {
+  count              = var.role_arn == null ? 1 : 0
+  name               = "GlueExecutionRole-${var.name}"
+  assume_role_policy = data.aws_iam_policy_document.default.json
+  tags               = var.tags
+}
+
+resource "aws_iam_role_policy" "default" {
+  count  = var.role_arn == null && var.role_policy != null ? 1 : 0
+  name   = "GlueExecutionRole-${var.name}"
+  role   = aws_iam_role.default[0].id
+  policy = var.role_policy
+}
+
+resource "aws_iam_role_policy_attachment" "default" {
+  count      = var.role_arn == null ? 1 : 0
+  role       = aws_iam_role.default[0].id
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole"
+}

main.tf

@@ -1,46 +1,15 @@
-data "aws_iam_policy_document" "default" {
-  statement {
-    actions = [
-      "sts:AssumeRole"
-    ]
-    principals {
-      type        = "Service"
-      identifiers = ["glue.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "default" {
-  count              = var.role_arn == null ? 1 : 0
-  name               = "GlueRole-${var.name}"
-  assume_role_policy = data.aws_iam_policy_document.default.json
-  tags               = var.tags
-}
-
-resource "aws_iam_role_policy" "default" {
-  count  = var.role_arn == null && var.role_policy != null ? 1 : 0
-  name   = "GlueRole-${var.name}"
-  role   = aws_iam_role.default[0].id
-  policy = var.role_policy
-}
-
-resource "aws_iam_role_policy_attachment" "default" {
-  count      = var.role_arn == null ? 1 : 0
-  role       = aws_iam_role.default[0].id
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole"
-}
-
 resource "aws_glue_job" "default" {
-  name              = var.name
-  connections       = var.connections
-  default_arguments = var.default_arguments
-  glue_version      = var.glue_version
-  max_capacity      = var.max_capacity
-  max_retries       = var.max_retries
-  number_of_workers = var.number_of_workers
-  role_arn          = var.role_arn != null ? var.role_arn : aws_iam_role.default[0].arn
-  worker_type       = var.worker_type
-  tags              = var.tags
+  name                   = var.name
+  connections            = var.connections
+  default_arguments      = var.default_arguments
+  glue_version           = var.glue_version
+  max_capacity           = var.max_capacity
+  max_retries            = var.max_retries
+  number_of_workers      = var.number_of_workers
+  role_arn               = var.role_arn != null ? var.role_arn : aws_iam_role.default[0].arn
+  security_configuration = var.security_configuration
+  worker_type            = var.worker_type
+  tags                   = var.tags
 
   command {
     name            = var.command_name

variables.tf

@@ -28,7 +28,7 @@ variable "default_arguments" {
 
 variable "glue_version" {
   type        = string
-  default     = "2.0"
+  default     = "4.0"
   description = "The Glue version to use"
 }
 
@@ -74,6 +74,12 @@ variable "schedule" {
   description = "A cron expression used to specify the schedule for the glue trigger"
 }
 
+variable "security_configuration" {
+  type        = string
+  default     = null
+  description = "The name of the Security Configuration to be associated with the job"
+}
+
 variable "schedule_active" {
   type        = bool
   default     = true

versions.tf

@@ -1,7 +1,10 @@
 terraform {
-  required_version = ">= 0.13.0"
+  required_version = ">= 1.3"
 
   required_providers {
-    aws = ">= 3.10"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.62.0"
+    }
   }
 }