From f151bd262c3071c8600524b78dbdd7c5fce36bcf Mon Sep 17 00:00:00 2001
From: Timothy MacDonald <tim.macdonald@lacework.net>
Date: Thu, 5 Oct 2023 09:49:53 -0500
Subject: [PATCH 1/2] docs(readme): add terraform docs automation Add terraform
 docs script along with makefile target and gihub action for same

Signed-off-by: Timothy MacDonald <tim.macdonald@lacework.net>
---
 .github/.workflows/terraform_docs.yml | 18 ++++++++++++++++++
 .terraform-docs.yml                   |  4 ++++
 GNUmakefile                           |  5 +++++
 README.md                             | 13 ++++++++-----
 scripts/terraform-docs.sh             | 13 +++++++++++++
 5 files changed, 48 insertions(+), 5 deletions(-)
 create mode 100644 .github/.workflows/terraform_docs.yml
 create mode 100644 .terraform-docs.yml
 create mode 100755 scripts/terraform-docs.sh

diff --git a/.github/.workflows/terraform_docs.yml b/.github/.workflows/terraform_docs.yml
new file mode 100644
index 0000000..2ec2082
--- /dev/null
+++ b/.github/.workflows/terraform_docs.yml
@@ -0,0 +1,18 @@
+name: Generate terraform docs
+on:
+  - pull_request
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render terraform docs inside the README.md and push changes back to PR branch
+      uses: terraform-docs/gh-actions@v1.0.0
+      with:
+        working-dir: .
+        output-file: README.md
+        output-method: inject
+        git-push: "true"
\ No newline at end of file
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
new file mode 100644
index 0000000..f46384b
--- /dev/null
+++ b/.terraform-docs.yml
@@ -0,0 +1,4 @@
+formatter: "markdown"
+version: "0.16.0"
+output:
+  file: README.md
diff --git a/GNUmakefile b/GNUmakefile
index e5154a6..80e3cad 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -5,3 +5,8 @@ ci:
 
 release: ci
 	scripts/release.sh prepare
+
+.PHONY: terraform-docs
+terraform-docs:
+	scripts/terraform-docs.sh
+
diff --git a/README.md b/README.md
index 74e0084..0dd494f 100644
--- a/README.md
+++ b/README.md
@@ -31,12 +31,13 @@ cloudresourcemanager.googleapis.com
 artifactregistry.googleapis.com
 ```
 
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | >= 4.4.0, < 5.0.0 |
 | <a name="requirement_lacework"></a> [lacework](#requirement\_lacework) | ~> 1.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.6 |
 
@@ -44,7 +45,7 @@ artifactregistry.googleapis.com
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | >= 4.4.0, < 5.0.0 |
 | <a name="provider_lacework"></a> [lacework](#provider\_lacework) | ~> 1.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_time"></a> [time](#provider\_time) | ~> 0.6 |
@@ -59,7 +60,8 @@ artifactregistry.googleapis.com
 
 | Name | Type |
 |------|------|
-| [google_project_iam_member.for_gar_integration](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
+| [google_project_iam_member.gar_reader](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
+| [google_project_iam_member.storage_reader](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
 | [google_project_service.required_apis_for_gar_integration](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource |
 | [lacework_integration_gar.default](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_gar) | resource |
 | [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
@@ -72,9 +74,9 @@ artifactregistry.googleapis.com
 |------|-------------|------|---------|:--------:|
 | <a name="input_lacework_integration_name"></a> [lacework\_integration\_name](#input\_lacework\_integration\_name) | The integration name displayed in the Lacework UI. | `string` | `"TF GAR"` | no |
 | <a name="input_limit_by_label"></a> [limit\_by\_label](#input\_limit\_by\_label) | An image label to limit the assessment of images with matching label. If you specify limit\_by\_tag and limit\_by\_label limits, they function as an AND.  Input is "key" = "value" | `list(any)` | <pre>[<br>  {<br>    "": ""<br>  }<br>]</pre> | no |
-| <a name="input_limit_by_repositories"></a> [limit\_by\_repositories](#input\_limit\_by\_repositories) | A comma-separated list of repositories to assess. This should be defined as a string. (without spaces recommended) | `list(any)` | `[]` | no |
+| <a name="input_limit_by_repositories"></a> [limit\_by\_repositories](#input\_limit\_by\_repositories) | A comma-separated list of repositories to assess. Defaults to empty (will assess all repositories in the registry). | `list(any)` | `[]` | no |
 | <a name="input_limit_by_tags"></a> [limit\_by\_tags](#input\_limit\_by\_tags) | An image tag to limit the assessment of images with matching tag. If you specify limit\_by\_tag and limit\_by\_label limits, they function as an AND. Supported field input are mytext*mytext, mytext, mytext*, or mytext. Only one * wildcard is supported | `list(any)` | `[]` | no |
-| <a name="input_limit_num_imgs"></a> [limit\_num\_imgs](#input\_limit\_num\_imgs) | The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. | `string` | `"5"` | no |
+| <a name="input_limit_num_imgs"></a> [limit\_num\_imgs](#input\_limit\_num\_imgs) | The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15 | `string` | `"5"` | no |
 | <a name="input_non_os_package_support"></a> [non\_os\_package\_support](#input\_non\_os\_package\_support) | Whether or not the integration should check non-os packages in the container for vulnerabilities | `bool` | `true` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix that will be use at the beginning of every generated resource | `string` | `"lw-gar"` | no |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | A project ID different from the default defined inside the provider | `string` | `""` | no |
@@ -91,3 +93,4 @@ artifactregistry.googleapis.com
 |------|-------------|
 | <a name="output_service_account_name"></a> [service\_account\_name](#output\_service\_account\_name) | The Service Account name created for the integration |
 | <a name="output_service_account_private_key"></a> [service\_account\_private\_key](#output\_service\_account\_private\_key) | The private key in JSON format, base64 encoded |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/scripts/terraform-docs.sh b/scripts/terraform-docs.sh
new file mode 100755
index 0000000..96e4f65
--- /dev/null
+++ b/scripts/terraform-docs.sh
@@ -0,0 +1,13 @@
+
+if which terraform-docs >/dev/null; then
+    terraform-docs .
+elif which docker >/dev/null; then
+    echo "## terraform-docs not found in PATH, but docker was found"
+    echo "## running terraform-docs in docker"
+    terraform_docs_version=$(cat .terraform-docs.yml | grep version | cut -d\" -f 2)
+    docker run --rm -v `pwd`:/data cytopia/terraform-docs:${terraform_docs_version} terraform-docs .
+else
+    echo "## terraform-docs not found in PATH, neither was docker"
+    echo "## please install terraform-docs or docker"
+    exit 1
+fi
\ No newline at end of file

From 3d2acb7e1f1fa9ceb2257e119547b3377a4e38ee Mon Sep 17 00:00:00 2001
From: Timothy MacDonald <tim.macdonald@lacework.net>
Date: Mon, 9 Oct 2023 14:24:43 -0500
Subject: [PATCH 2/2] docs(readme): automate update and testing of README.md by
 terraform-docs Add github action to test that README.md has been update. Also
 add update of README.md to /scripts/release.sh prepare

Signed-off-by: Timothy MacDonald <tim.macdonald@lacework.net>
---
 .github/.workflows/terraform_docs.yml | 18 -----------------
 .github/workflows/terraform_docs.yml  | 29 +++++++++++++++++++++++++++
 scripts/release_helpers.sh            |  7 ++++++-
 3 files changed, 35 insertions(+), 19 deletions(-)
 delete mode 100644 .github/.workflows/terraform_docs.yml
 create mode 100644 .github/workflows/terraform_docs.yml

diff --git a/.github/.workflows/terraform_docs.yml b/.github/.workflows/terraform_docs.yml
deleted file mode 100644
index 2ec2082..0000000
--- a/.github/.workflows/terraform_docs.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Generate terraform docs
-on:
-  - pull_request
-jobs:
-  docs:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        ref: ${{ github.event.pull_request.head.ref }}
-
-    - name: Render terraform docs inside the README.md and push changes back to PR branch
-      uses: terraform-docs/gh-actions@v1.0.0
-      with:
-        working-dir: .
-        output-file: README.md
-        output-method: inject
-        git-push: "true"
\ No newline at end of file
diff --git a/.github/workflows/terraform_docs.yml b/.github/workflows/terraform_docs.yml
new file mode 100644
index 0000000..276d534
--- /dev/null
+++ b/.github/workflows/terraform_docs.yml
@@ -0,0 +1,29 @@
+name: Test that terraform docs has been run
+on: push
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+    - name: Install terraform-docs
+      run: curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz | (cd /usr/local/bin; tar zxvf -; chmod +x /usr/local/bin/terraform-docs)
+    - name: store hash of orig README.md
+      id: old_hash
+      run: echo "README_HASH=$(md5sum README.md)" >> $GITHUB_OUTPUT
+    - name: Update README.md using terraform-docs make target
+      run: make terraform-docs
+    - name: store hash of new README.md
+      id: new_hash
+      run: echo "README_HASH=$(md5sum README.md)" >> $GITHUB_OUTPUT
+    - name: echo hashes
+      run: |
+        echo ${{ steps.old_hash.outputs.README_HASH }}
+        echo ${{ steps.new_hash.outputs.README_HASH }}
+    - name: test to see of hashs are the same
+      if: ${{ steps.old_hash.outputs.README_HASH != steps.new_hash.outputs.README_HASH }}
+      uses: actions/github-script@v6
+      with:
+        script: |
+          core.setFailed('Please run "make terraform-docs" and try again')
\ No newline at end of file
diff --git a/scripts/release_helpers.sh b/scripts/release_helpers.sh
index d9a8235..3106297 100644
--- a/scripts/release_helpers.sh
+++ b/scripts/release_helpers.sh
@@ -1,6 +1,6 @@
 #
 # Name::        release_helpers.sh
-# Description:: A set of helper funtions to be used by our release.sh script
+# Description:: A set of helper functions to be used by our release.sh script
 # Author::      Salim Afiune Maya (<afiune@lacework.net>)
 #
 
@@ -137,6 +137,7 @@ prepare_release() {
   prerequisites
   remove_tag_version
   check_for_minor_version_bump
+  generate_readme
   generate_release_notes
   update_changelog
   push_release
@@ -192,6 +193,10 @@ generate_release_notes() {
   echo "$(cat CHANGES.md)" >> RELEASE_NOTES.md
 }
 
+generate_readme() {
+  make terraform-docs
+}
+
 load_list_of_changes() {
   latest_version=$(find_latest_version)
   local _list_of_changes=$(git log --no-merges --pretty="* %s (%an)([%h](https://github.com/${org_name}/${project_name}/commit/%H))" ${latest_version}..${main_branch})