From 846271074a3444119201d237970e11bc029fb9c9 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 3 Mar 2023 15:15:57 +0200 Subject: [PATCH 01/23] Example terraform fmt --- .github/workflows/feature-branch.yml | 54 ++++++++++++++++++++++++++++ .github/workflows/main-branch.yml | 1 + .github/workflows/release.yml | 1 + examples/complete/outputs.tf | 2 -- 4 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/feature-branch.yml create mode 100644 .github/workflows/main-branch.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml new file mode 100644 index 0000000..53683b4 --- /dev/null +++ b/.github/workflows/feature-branch.yml @@ -0,0 +1,54 @@ +name: Feature Branch +on: + pull_request: + branches: [ 'main' ] + types: [opened, synchronize, reopened, closed, labeled, unlabeled] + +permissions: + pull-requests: write + deployments: write + id-token: write + contents: read + +jobs: + suggest-terraform-lint: + runs-on: ubuntu-latest + container: cloudposse/build-harness:latest + steps: + - name: Checkout + uses: actions/checkout@v3 + +# - name: Terraform Format +# shell: bash +# run: make -C vendor/tflint + + - uses: terraform-linters/setup-tflint@v2 + name: Setup TFLint + with: + tflint_version: v0.38.1 + + - name: Run tflint + shell: bash + run: tflint ./examples --format=checkstyle + + - name: Reviewdog Suggester + uses: reviewdog/action-suggester@v1 + with: + fail_on_error: true + cleanup: true + reviewdog_flags: '-f=checkstyle -name="tflint"' + +# default: +# uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main +# with: +# organization: "${{ github.event.repository.owner.login }}" +# repository: "${{ github.event.repository.name }}" +# open: ${{ github.event.pull_request.state == 'open' }} +# labels: ${{ toJSON(github.event.pull_request.labels.*.name) }} +# ref: ${{ github.event.pull_request.head.ref }} +# secrets: +# github-private-actions-pat: "${{ secrets.PUBLIC_AND_PRIVATE_REPO_ACCESS_TOKEN }}" +# registry: "${{ secrets.ECR_REGISTRY }}" +# secret-outputs-passphrase: "${{ secrets.GHA_SECRET_OUTPUT_PASSPHRASE }}" +# ecr-region: "${{ secrets.ECR_REGION }}" +# ecr-iam-role: "${{ secrets.ECR_IAM_ROLE }}" diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml new file mode 100644 index 0000000..4640904 --- /dev/null +++ b/.github/workflows/main-branch.yml @@ -0,0 +1 @@ +# TODO diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..4640904 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1 @@ +# TODO diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 20aa3e3..ac740b2 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -4,11 +4,9 @@ output "id" { } output "example" { - description = "Output \"example\" from example module" value = module.example.example } output "random" { - description = "Output \"random\" from example module" value = module.example.random } From 8fdfabbf256e2d28d71113db70bef41a0a394d3e Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Mon, 6 Mar 2023 14:12:50 +0200 Subject: [PATCH 02/23] updates from call --- .github/workflows/feature-branch.yml | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 53683b4..6df7bf9 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -18,25 +18,22 @@ jobs: - name: Checkout uses: actions/checkout@v3 -# - name: Terraform Format -# shell: bash -# run: make -C vendor/tflint - - - uses: terraform-linters/setup-tflint@v2 - name: Setup TFLint + - name: Setup TFLint + uses: terraform-linters/setup-tflint@v2 with: tflint_version: v0.38.1 - - name: Run tflint + - name: Terraform init shell: bash - run: tflint ./examples --format=checkstyle + run: terraform init -get -backend=false -input=false >/dev/null - - name: Reviewdog Suggester - uses: reviewdog/action-suggester@v1 + - name: tflint + uses: cloudposse/action-tflint@master with: fail_on_error: true - cleanup: true - reviewdog_flags: '-f=checkstyle -name="tflint"' + +# - name: suggester +# # default: # uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main From 5f740da450d2346406d8a7053881214a68d52af2 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 17:15:18 +0200 Subject: [PATCH 03/23] use cloudposse suggestions --- .github/workflows/feature-branch.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 6df7bf9..5e0d465 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -18,22 +18,22 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Setup TFLint + - name: Setup tflint uses: terraform-linters/setup-tflint@v2 with: tflint_version: v0.38.1 - name: Terraform init shell: bash - run: terraform init -get -backend=false -input=false >/dev/null + run: terraform init -get -backend=false -input=false >/dev/null - - name: tflint + - name: Run tflint / suggester uses: cloudposse/action-tflint@master with: + filter_mode: "nofilter" fail_on_error: true - -# - name: suggester -# + reporter: "github-pr-review" + flags: "--module --recursive" # default: # uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main From e01ab0c814c9ec3bd15e751b5f2abd76aa525578 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 22:01:08 +0200 Subject: [PATCH 04/23] test matts code --- .github/workflows/feature-branch.yml | 60 ++++++++++++++++++++-------- 1 file changed, 44 insertions(+), 16 deletions(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 5e0d465..5168309 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -11,29 +11,57 @@ permissions: contents: read jobs: - suggest-terraform-lint: + find-terraform-directories: runs-on: ubuntu-latest - container: cloudposse/build-harness:latest steps: - - name: Checkout - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - name: Setup tflint - uses: terraform-linters/setup-tflint@v2 - with: - tflint_version: v0.38.1 + - id: set-matrix + run: | + matrix=$(find ./ -name '*.tf' \ + -not -path '*/.terraform/*' \ + -exec dirname {} \; \ + | sort \ + | uniq \ + | jq --raw-input --slurp 'split("\n")| map(select(. != ""))') + echo "::set-output name=matrix::$(echo $matrix)" | tee -a $GITHUB_OUTPUT + outputs: + tfdirs_matrix: ${{ steps.set-matrix.outputs.matrix }} + + tflint: + runs-on: ubuntu-latest + needs: find-terraform-directories + strategy: + matrix: + tfdir: ${{ fromJson(needs.find-terraform-directories.outputs.tfdirs_matrix) }} + env: + TFLINT_PLUGIN_DIR: ${{ github.workspace }}/.tflint.d/plugins + TFLINT_PLUGINS: aws + TFLINT_CACHE_VER: 1 # Increment this to force a cache refresh + steps: + - uses: actions/checkout@v3 + + - uses: hashicorp/setup-terraform@v2 - - name: Terraform init - shell: bash - run: terraform init -get -backend=false -input=false >/dev/null + - run: terraform init + working-directory: ${{ matrix.tfdir }} - - name: Run tflint / suggester - uses: cloudposse/action-tflint@master + - name: cache tflint plugins + id: cache-plugins + uses: actions/cache@v3 + with: + path: ${{ env.TFLINT_PLUGIN_DIR }} + key: tflint-plugins-${{ env.TFLINT_CACHE_VER }} + + - name: tflint + uses: reviewdog/action-tflint@v1.17.0 with: - filter_mode: "nofilter" - fail_on_error: true reporter: "github-pr-review" - flags: "--module --recursive" + filter_mode: nofilter + fail_on_error: true + tflint_rulesets: ${{ env.TFLINT_PLUGINS }} + tflint_init: true + working_directory: ${{ matrix.tfdir }} # default: # uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main From 155e5c183590768490eee420be32ba8479fa0aaf Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 22:48:25 +0200 Subject: [PATCH 05/23] lint all dirs --- .github/workflows/feature-branch.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 5168309..fa8934f 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -32,6 +32,7 @@ jobs: runs-on: ubuntu-latest needs: find-terraform-directories strategy: + fail-fast: false matrix: tfdir: ${{ fromJson(needs.find-terraform-directories.outputs.tfdirs_matrix) }} env: From 7620e9b6db4dc42d4f5ea6b8cdab898991f30432 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 22:51:57 +0200 Subject: [PATCH 06/23] Test new outputs syntax --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index fa8934f..ede88da 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -24,7 +24,7 @@ jobs: | sort \ | uniq \ | jq --raw-input --slurp 'split("\n")| map(select(. != ""))') - echo "::set-output name=matrix::$(echo $matrix)" | tee -a $GITHUB_OUTPUT + echo "matrix='$(echo $matrix)'" >> $GITHUB_OUTPUT outputs: tfdirs_matrix: ${{ steps.set-matrix.outputs.matrix }} From 67eef1ddb72cfd50de2028eee8390330e9abcc51 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 22:56:01 +0200 Subject: [PATCH 07/23] fix types --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index ede88da..9214358 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -24,7 +24,7 @@ jobs: | sort \ | uniq \ | jq --raw-input --slurp 'split("\n")| map(select(. != ""))') - echo "matrix='$(echo $matrix)'" >> $GITHUB_OUTPUT + echo "matrix=$(echo $matrix)" >> $GITHUB_OUTPUT outputs: tfdirs_matrix: ${{ steps.set-matrix.outputs.matrix }} From f20a734a16a96698e65e4de71e26414107bf30b7 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 22:58:58 +0200 Subject: [PATCH 08/23] fix reporter --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 9214358..7e5ff53 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -57,7 +57,7 @@ jobs: - name: tflint uses: reviewdog/action-tflint@v1.17.0 with: - reporter: "github-pr-review" + reporter: github-pr-review filter_mode: nofilter fail_on_error: true tflint_rulesets: ${{ env.TFLINT_PLUGINS }} From 16dc041d8744f13b51fe34463e5349686af47446 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 23:00:58 +0200 Subject: [PATCH 09/23] test pr review --- variables.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/variables.tf b/variables.tf index ff9b03b..ffc09f2 100644 --- a/variables.tf +++ b/variables.tf @@ -2,3 +2,7 @@ variable "example" { description = "Example variable" default = "hello world" } + +variable "unused" { + default = "test" +} From 9e79207811251073629ae1e87dfdc7f93cfa17af Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 8 Mar 2023 23:13:32 +0200 Subject: [PATCH 10/23] reduce scope to dif --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 7e5ff53..2b71269 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -58,7 +58,7 @@ jobs: uses: reviewdog/action-tflint@v1.17.0 with: reporter: github-pr-review - filter_mode: nofilter +# filter_mode: nofilter fail_on_error: true tflint_rulesets: ${{ env.TFLINT_PLUGINS }} tflint_init: true From 6d341ea50b7dfa247f8cca70bd9c724913338ad1 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Mar 2023 12:08:03 +0200 Subject: [PATCH 11/23] rm nofilter --- .github/workflows/feature-branch.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 2b71269..eb368b0 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -58,7 +58,6 @@ jobs: uses: reviewdog/action-tflint@v1.17.0 with: reporter: github-pr-review -# filter_mode: nofilter fail_on_error: true tflint_rulesets: ${{ env.TFLINT_PLUGINS }} tflint_init: true From fd00e75c1a3f240056bea4f7d467d0c142efe448 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Mar 2023 16:43:50 +0200 Subject: [PATCH 12/23] Shared workflows --- .github/workflows/auto-format.yml | 4 +- .github/workflows/auto-readme.yml | 28 +++++------ .github/workflows/auto-release.yml | 10 ++-- .github/workflows/feature-branch.yml | 73 ++-------------------------- .github/workflows/main-branch.yml | 13 ++++- .github/workflows/release.yml | 13 ++++- 6 files changed, 49 insertions(+), 92 deletions(-) diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml index c600d60..a76e6e1 100644 --- a/.github/workflows/auto-format.yml +++ b/.github/workflows/auto-format.yml @@ -1,7 +1,7 @@ name: Auto Format on: - pull_request_target: - types: [opened, synchronize] +# pull_request_target: +# types: [opened, synchronize] jobs: auto-format: diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml index 6f25b8d..d37fbf0 100644 --- a/.github/workflows/auto-readme.yml +++ b/.github/workflows/auto-readme.yml @@ -1,19 +1,19 @@ name: "auto-readme" on: - workflow_dispatch: - - schedule: - # Example of job definition: - # .---------------- minute (0 - 59) - # | .------------- hour (0 - 23) - # | | .---------- day of month (1 - 31) - # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... - # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat - # | | | | | - # * * * * * user-name command to be executed - - # Update README.md nightly at 4am UTC - - cron: '0 4 * * *' +# workflow_dispatch: +# +# schedule: +# # Example of job definition: +# # .---------------- minute (0 - 59) +# # | .------------- hour (0 - 23) +# # | | .---------- day of month (1 - 31) +# # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... +# # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat +# # | | | | | +# # * * * * * user-name command to be executed +# +# # Update README.md nightly at 4am UTC +# - cron: '0 4 * * *' jobs: update: diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 3a38fae..d58d188 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -1,11 +1,11 @@ name: auto-release on: - push: - branches: - - main - - master - - production +# push: +# branches: +# - main +# - master +# - production jobs: publish: diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index eb368b0..c156118 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -1,79 +1,14 @@ name: Feature Branch on: pull_request: - branches: [ 'main' ] + branches: [ main ] types: [opened, synchronize, reopened, closed, labeled, unlabeled] permissions: - pull-requests: write - deployments: write + pull-requests: read id-token: write contents: read jobs: - find-terraform-directories: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - id: set-matrix - run: | - matrix=$(find ./ -name '*.tf' \ - -not -path '*/.terraform/*' \ - -exec dirname {} \; \ - | sort \ - | uniq \ - | jq --raw-input --slurp 'split("\n")| map(select(. != ""))') - echo "matrix=$(echo $matrix)" >> $GITHUB_OUTPUT - outputs: - tfdirs_matrix: ${{ steps.set-matrix.outputs.matrix }} - - tflint: - runs-on: ubuntu-latest - needs: find-terraform-directories - strategy: - fail-fast: false - matrix: - tfdir: ${{ fromJson(needs.find-terraform-directories.outputs.tfdirs_matrix) }} - env: - TFLINT_PLUGIN_DIR: ${{ github.workspace }}/.tflint.d/plugins - TFLINT_PLUGINS: aws - TFLINT_CACHE_VER: 1 # Increment this to force a cache refresh - steps: - - uses: actions/checkout@v3 - - - uses: hashicorp/setup-terraform@v2 - - - run: terraform init - working-directory: ${{ matrix.tfdir }} - - - name: cache tflint plugins - id: cache-plugins - uses: actions/cache@v3 - with: - path: ${{ env.TFLINT_PLUGIN_DIR }} - key: tflint-plugins-${{ env.TFLINT_CACHE_VER }} - - - name: tflint - uses: reviewdog/action-tflint@v1.17.0 - with: - reporter: github-pr-review - fail_on_error: true - tflint_rulesets: ${{ env.TFLINT_PLUGINS }} - tflint_init: true - working_directory: ${{ matrix.tfdir }} - -# default: -# uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main -# with: -# organization: "${{ github.event.repository.owner.login }}" -# repository: "${{ github.event.repository.name }}" -# open: ${{ github.event.pull_request.state == 'open' }} -# labels: ${{ toJSON(github.event.pull_request.labels.*.name) }} -# ref: ${{ github.event.pull_request.head.ref }} -# secrets: -# github-private-actions-pat: "${{ secrets.PUBLIC_AND_PRIVATE_REPO_ACCESS_TOKEN }}" -# registry: "${{ secrets.ECR_REGISTRY }}" -# secret-outputs-passphrase: "${{ secrets.GHA_SECRET_OUTPUT_PASSPHRASE }}" -# ecr-region: "${{ secrets.ECR_REGION }}" -# ecr-iam-role: "${{ secrets.ECR_IAM_ROLE }}" + default: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml index 4640904..d2929fe 100644 --- a/.github/workflows/main-branch.yml +++ b/.github/workflows/main-branch.yml @@ -1 +1,12 @@ -# TODO +name: Main Branch +on: + push: + branches: [ main ] + +permissions: + contents: write + id-token: write + +jobs: + default: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/main-branch.yml@main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4640904..85888fa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1 +1,12 @@ -# TODO +name: Release +on: + release: + types: [ published ] + +permissions: + id-token: write + contents: write + +jobs: + default: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main From 668af1b67c75569146ef6f0167c28aefebcd5605 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Mar 2023 19:57:18 +0200 Subject: [PATCH 13/23] Use shared workflows --- .github/workflows/main-branch.yml | 4 ++-- .github/workflows/release.yml | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml index d2929fe..009bbf6 100644 --- a/.github/workflows/main-branch.yml +++ b/.github/workflows/main-branch.yml @@ -4,9 +4,9 @@ on: branches: [ main ] permissions: - contents: write + contents: read id-token: write jobs: - default: + validate: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/main-branch.yml@main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 85888fa..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Release -on: - release: - types: [ published ] - -permissions: - id-token: write - contents: write - -jobs: - default: - uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main From 11d9979231dee40a1d12fb7631619b1db9b8ae44 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Mar 2023 20:49:47 +0200 Subject: [PATCH 14/23] revert testing --- examples/complete/outputs.tf | 2 ++ variables.tf | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index ac740b2..20aa3e3 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -4,9 +4,11 @@ output "id" { } output "example" { + description = "Output \"example\" from example module" value = module.example.example } output "random" { + description = "Output \"random\" from example module" value = module.example.random } diff --git a/variables.tf b/variables.tf index ffc09f2..ff9b03b 100644 --- a/variables.tf +++ b/variables.tf @@ -2,7 +2,3 @@ variable "example" { description = "Example variable" default = "hello world" } - -variable "unused" { - default = "test" -} From ccad278aaf7552f7ca42a4a08979e4a35242366f Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Mon, 13 Mar 2023 22:21:37 +0200 Subject: [PATCH 15/23] update permissions --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index c156118..1922cdc 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -5,7 +5,7 @@ on: types: [opened, synchronize, reopened, closed, labeled, unlabeled] permissions: - pull-requests: read + pull-requests: write id-token: write contents: read From 8a29b68d2a24f3567bef2f4e3ed1236f15bb15b2 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Mon, 13 Mar 2023 23:05:03 +0200 Subject: [PATCH 16/23] adjust events --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 1922cdc..3add263 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -2,7 +2,7 @@ name: Feature Branch on: pull_request: branches: [ main ] - types: [opened, synchronize, reopened, closed, labeled, unlabeled] + types: [opened, synchronize, reopened] permissions: pull-requests: write From 327c39c7163ede3ef8ecf51fe3660a2ce309616e Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Mon, 13 Mar 2023 23:08:52 +0200 Subject: [PATCH 17/23] adjust permissions --- .github/workflows/main-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml index 009bbf6..971859c 100644 --- a/.github/workflows/main-branch.yml +++ b/.github/workflows/main-branch.yml @@ -4,7 +4,7 @@ on: branches: [ main ] permissions: - contents: read + contents: write id-token: write jobs: From 1a4caea2a94142180e08ebd306b540d4b27d31a4 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Mon, 13 Mar 2023 23:24:34 +0200 Subject: [PATCH 18/23] update naming --- .github/workflows/main-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml index 971859c..d2929fe 100644 --- a/.github/workflows/main-branch.yml +++ b/.github/workflows/main-branch.yml @@ -8,5 +8,5 @@ permissions: id-token: write jobs: - validate: + default: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/main-branch.yml@main From 069171245564e611dd0bde98fa34bc32b4ded111 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Thu, 16 Mar 2023 18:34:54 +0200 Subject: [PATCH 19/23] update naming --- .github/workflows/main-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml index d2929fe..fa83554 100644 --- a/.github/workflows/main-branch.yml +++ b/.github/workflows/main-branch.yml @@ -8,5 +8,5 @@ permissions: id-token: write jobs: - default: + tf: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/main-branch.yml@main From 6d409ae3c032604aff3c8c340a86d21e0f87f2d3 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Thu, 16 Mar 2023 20:55:48 +0200 Subject: [PATCH 20/23] more renames --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index 3add263..bae02c0 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -10,5 +10,5 @@ permissions: contents: read jobs: - default: + tf: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main From a004b62350db62c41c88ebd5af17885b9e15adfe Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Thu, 16 Mar 2023 23:38:53 +0200 Subject: [PATCH 21/23] sync with work --- .github/workflows/feature-branch.yml | 2 +- .github/workflows/main-branch.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index bae02c0..fd747ce 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -10,5 +10,5 @@ permissions: contents: read jobs: - tf: + terraform-module: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml index fa83554..7c3be80 100644 --- a/.github/workflows/main-branch.yml +++ b/.github/workflows/main-branch.yml @@ -8,5 +8,5 @@ permissions: id-token: write jobs: - tf: + terraform-module: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/main-branch.yml@main From 0f73dab49ff12ff5e4b8a2165a1b9094b232f14d Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Tue, 21 Mar 2023 18:10:50 +0200 Subject: [PATCH 22/23] sync work --- .github/workflows/auto-context.yml | 6 ++--- .github/workflows/feature-branch.yml | 2 ++ .github/workflows/main-branch.yml | 2 ++ .github/workflows/validate-codeowners.yml | 29 ----------------------- 4 files changed, 7 insertions(+), 32 deletions(-) delete mode 100644 .github/workflows/validate-codeowners.yml diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 665833a..a3487c5 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -1,8 +1,8 @@ name: "auto-context" on: - schedule: - # Update context.tf nightly - - cron: '0 3 * * *' +# schedule: +# # Update context.tf nightly +# - cron: '0 3 * * *' jobs: update: diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index fd747ce..8191c91 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -12,3 +12,5 @@ permissions: jobs: terraform-module: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml index 7c3be80..cc3a389 100644 --- a/.github/workflows/main-branch.yml +++ b/.github/workflows/main-branch.yml @@ -10,3 +10,5 @@ permissions: jobs: terraform-module: uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/main-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml deleted file mode 100644 index 70f829e..0000000 --- a/.github/workflows/validate-codeowners.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Validate Codeowners -on: - workflow_dispatch: - - pull_request: - -jobs: - validate-codeowners: - runs-on: ubuntu-latest - steps: - - name: "Checkout source code at current commit" - uses: actions/checkout@v2 - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name == github.repository - name: "Full check of CODEOWNERS" - with: - # For now, remove "files" check to allow CODEOWNERS to specify non-existent - # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos - # checks: "files,syntax,owners,duppatterns" - checks: "syntax,owners,duppatterns" - owner_checker_allow_unowned_patterns: "false" - # GitHub access token is required only if the `owners` check is enabled - github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name != github.repository - name: "Syntax check of CODEOWNERS" - with: - checks: "syntax,duppatterns" - owner_checker_allow_unowned_patterns: "false" From 073730b7373d465f3c283d7829ea7bfe34aef2e8 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 22 Mar 2023 22:34:41 +0200 Subject: [PATCH 23/23] pr ready --- .github/workflows/auto-context.yml | 57 ------------------- .github/workflows/auto-format.yml | 88 ------------------------------ .github/workflows/auto-readme.yml | 71 ------------------------ .github/workflows/auto-release.yml | 26 --------- 4 files changed, 242 deletions(-) delete mode 100644 .github/workflows/auto-context.yml delete mode 100644 .github/workflows/auto-format.yml delete mode 100644 .github/workflows/auto-readme.yml delete mode 100644 .github/workflows/auto-release.yml diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml deleted file mode 100644 index a3487c5..0000000 --- a/.github/workflows/auto-context.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: "auto-context" -on: -# schedule: -# # Update context.tf nightly -# - cron: '0 3 * * *' - -jobs: - update: - if: github.event_name == 'schedule' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update context.tf - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - if [[ -f context.tf ]]; then - echo "Discovered existing context.tf! Fetching most recent version to see if there is an update." - curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf - if git diff --no-patch --exit-code context.tf; then - echo "No changes detected! Exiting the job..." - else - echo "context.tf file has changed. Update examples and rebuild README.md." - make init - make github/init/context.tf - make readme/build - echo "::set-output name=create_pull_request::true" - fi - else - echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." - fi - - - name: Create Pull Request - if: steps.update.outputs.create_pull_request == 'true' - uses: cloudposse/actions/github/create-pull-request@0.30.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' - author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' - commit-message: Update context.tf from origin source - title: Update context.tf - body: |- - ## what - This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` - - ## why - To support all the features of the `context` interface. - - branch: auto-update/context.tf - base: master - delete-branch: true - labels: | - auto-update - context diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml deleted file mode 100644 index a76e6e1..0000000 --- a/.github/workflows/auto-format.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Auto Format -on: -# pull_request_target: -# types: [opened, synchronize] - -jobs: - auto-format: - runs-on: ubuntu-latest - container: cloudposse/build-harness:latest - steps: - # Checkout the pull request branch - # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using - # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains - # a workflow configured to run when push events occur." - # However, using a personal access token will cause events to be triggered. - # We need that to ensure a status gets posted after the auto-format commit. - # We also want to trigger tests if the auto-format made no changes. - - uses: actions/checkout@v2 - if: github.event.pull_request.state == 'open' - name: Privileged Checkout - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - # Check out the PR commit, not the merge commit - # Use `ref` instead of `sha` to enable pushing back to `ref` - ref: ${{ github.event.pull_request.head.ref }} - - # Do all the formatting stuff - - name: Auto Format - if: github.event.pull_request.state == 'open' - shell: bash - env: - GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host - - # Commit changes (if any) to the PR branch - - name: Commit changes to the PR branch - if: github.event.pull_request.state == 'open' - shell: bash - id: commit - env: - SENDER: ${{ github.event.sender.login }} - run: | - set -x - output=$(git diff --name-only) - - if [ -n "$output" ]; then - echo "Changes detected. Pushing to the PR branch" - git config --global user.name 'cloudpossebot' - git config --global user.email '11232728+cloudpossebot@users.noreply.github.com' - git add -A - git commit -m "Auto Format" - # Prevent looping by not pushing changes in response to changes from cloudpossebot - [[ $SENDER == "cloudpossebot" ]] || git push - # Set status to fail, because the push should trigger another status check, - # and we use success to indicate the checks are finished. - printf "::set-output name=%s::%s\n" "changed" "true" - exit 1 - else - printf "::set-output name=%s::%s\n" "changed" "false" - echo "No changes detected" - fi - - - name: Auto Test - uses: cloudposse/actions/github/repository-dispatch@0.30.0 - # match users by ID because logins (user names) are inconsistent, - # for example in the REST API Renovate Bot is `renovate[bot]` but - # in GraphQL it is just `renovate`, plus there is a non-bot - # user `renovate` with ID 1832810. - # Mergify bot: 37929162 - # Renovate bot: 29139614 - # Cloudpossebot: 11232728 - # Need to use space separators to prevent "21" from matching "112144" - if: > - contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) - && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - repository: cloudposse/actions - event-type: test-command - client-payload: |- - { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}}, - "pull_request": ${{ toJSON(github.event.pull_request) }}, - "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }}, - "comment": {"id": ""} - } - } - } diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml deleted file mode 100644 index d37fbf0..0000000 --- a/.github/workflows/auto-readme.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: "auto-readme" -on: -# workflow_dispatch: -# -# schedule: -# # Example of job definition: -# # .---------------- minute (0 - 59) -# # | .------------- hour (0 - 23) -# # | | .---------- day of month (1 - 31) -# # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... -# # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat -# # | | | | | -# # * * * * * user-name command to be executed -# -# # Update README.md nightly at 4am UTC -# - cron: '0 4 * * *' - -jobs: - update: - if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Find default branch name - id: defaultBranch - shell: bash - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) - printf "::set-output name=defaultBranch::%s\n" "${default_branch}" - printf "defaultBranchRef.name=%s\n" "${default_branch}" - - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}" - run: | - make init - make readme/build - # Ignore changes if they are only whitespace - if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then - git restore README.md - echo Ignoring whitespace-only changes in README - fi - - - name: Create Pull Request - # This action will not create or change a pull request if there are no changes to make. - # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR. - uses: cloudposse/actions/github/create-pull-request@0.30.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs - - ## why - To have most recent changes of README.md and doc from origin templates - - branch: auto-update/readme - base: ${{ steps.defaultBranch.outputs.defaultBranch }} - delete-branch: true - labels: | - auto-update - no-release - readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml deleted file mode 100644 index d58d188..0000000 --- a/.github/workflows/auto-release.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: auto-release - -on: -# push: -# branches: -# - main -# - master -# - production - -jobs: - publish: - runs-on: ubuntu-latest - steps: - # Get PR from merged commit to master - - uses: actions-ecosystem/action-get-merged-pull-request@v1 - id: get-merged-pull-request - with: - github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - # Drafts your next Release notes as Pull Requests are merged into "main" - - uses: release-drafter/release-drafter@v5 - with: - publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }} - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}