diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml new file mode 100644 index 0000000..24ec847 --- /dev/null +++ b/.github/workflows/check-pr-title.yml @@ -0,0 +1,12 @@ +name: GitHub Actions - Check PR Title +on: + pull_request: + types: [opened, reopened, edited, synchronize] +jobs: + Jira-PR-Title: + # Github Runnner in `tools-staging` runner set + runs-on: arc-runner-set + steps: + - name: "Check PR Title" + if: ${{ (github.actor != 'dependabot[bot]') && (github.actor != 'EburyCrowdin') }} + uses: Ebury/github-tools/.github/workflows/check-pr-title-reusable-workflow.yml@master diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml deleted file mode 100644 index 6bf3169..0000000 --- a/.github/workflows/pr-title.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Validate PR title - -on: - pull_request_target: - types: - - opened - - edited - - synchronize - -jobs: - main: - name: 👀 Validate PR title - runs-on: ubuntu-latest - steps: - # Please look up the latest version from - # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - # Configure which types are allowed. - # Default: https://github.com/commitizen/conventional-commit-types - types: | - fix - feat - docs - ci - chore - # Configure that a scope must always be provided. - requireScope: false - # Configure additional validation for the subject based on a regex. - # This example ensures the subject starts with an uppercase character. - subjectPattern: ^[A-Z].+$ - # If `subjectPattern` is configured, you can use this property to override - # the default error message that is shown when the pattern doesn't match. - # The variables `subject` and `title` can be used within the message. - subjectPatternError: | - The subject "{subject}" found in the pull request title "{title}" - didn't match the configured pattern. Please ensure that the subject - starts with an uppercase character. - # For work-in-progress PRs you can typically use draft pull requests - # from Github. However, private repositories on the free plan don't have - # this option and therefore this action allows you to opt-in to using the - # special "[WIP]" prefix to indicate this state. This will avoid the - # validation of the PR title and the pull request checks remain pending. - # Note that a second check will be reported if this is enabled. - wip: true - # When using "Squash and merge" on a PR with only one commit, GitHub - # will suggest using that commit message instead of the PR title for the - # merge commit, and it's easy to commit this by mistake. Enable this option - # to also validate the commit message for one commit PRs. - validateSingleCommit: false diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml deleted file mode 100644 index 0ad1299..0000000 --- a/.github/workflows/pre-commit.yml +++ /dev/null @@ -1,96 +0,0 @@ -name: pre-commit - -env: - AWS_REGION: af-south-1 - AWS_ROLE_ARN: arn:aws:iam::353444730604:role/cat-genrl-prd-infra-github-workflows - -on: - workflow_dispatch: - pull_request: - branches: - - main - - master - - develop - -permissions: - id-token: write - contents: read - -defaults: - # Set shell for steps inside containers (default=sh) - run: - shell: bash - -jobs: - #-------------------------------------------------------------- - # PRE-COMMIT - #-------------------------------------------------------------- - pre_commit: - name: 💍 pre-commit - # For public repos use runs-on: ubuntu-latest - # For private repos use runs-on: self-hosted - runs-on: ubuntu-latest - container: bjorncloudandthings/terraform-aws-github:latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 - - uses: hashicorp/setup-terraform@v2 - - name: Install requirements - run: | - python -m venv .venv - source .venv/bin/activate - if [ -f requirements.txt ]; then - pip install -r requirements.txt - else - pip install pre-commit - fi - - name: Run - run: | - source .venv/bin/activate - pre-commit install - if [[ "${{ env.GITHUB_REPOSITORY}}" == "cloudandthings/terraform-aws-template" ]]; then - export SKIP=no-vanilla-readme - fi - pre-commit run --all-files --show-diff-on-failure - - name: cat pre-commit log - if: failure() - run: cat ~/.cache/pre-commit/pre-commit.log - - #-------------------------------------------------------------- - # TESTS - #-------------------------------------------------------------- - tests: - needs: [pre_commit] - name: ✅ tests - # For public repos use runs-on: ubuntu-latest - # For private repos use runs-on: self-hosted - runs-on: ubuntu-latest - container: bjorncloudandthings/terraform-aws-github:latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 - - uses: hashicorp/setup-terraform@v2 - - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: ${{ env.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-to-assume: ${{ env.AWS_ROLE_ARN }} - role-duration-seconds: 3600 - - name: Install requirements - run: | - python -m venv .venv - source .venv/bin/activate - pip install -r requirements.txt - - name: Run - run: | - source .venv/bin/activate - cat <<- EOF > .pytest_config.yaml - variables: - run_id: ${{ github.run_id }} - EOF - echo "::echo::off" - pytest --error-for-skips - env: - PYTEST_ADDOPTS: "--color=yes" - timeout-minutes: 30 diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml deleted file mode 100644 index 6b0e2bd..0000000 --- a/.github/workflows/release-please.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: release - -# Overview ref: https://github.com/googleapis/release-please -# Configuration ref: https://github.com/google-github-actions/release-please-action - -on: - workflow_dispatch: - push: - branches: - - main - - master - - develop - -jobs: - release-please: - name: 🙏 release-please - runs-on: ubuntu-latest - steps: - - name: release-please - uses: google-github-actions/release-please-action@v3 - id: release - with: - release-type: simple - # These bumps are honoured only if there is an - # initial tag of v0.1.0 . Create it manually if needed. - # - # BREAKING CHANGE only bumps semver minor if version < 1.0.0 - bump-minor-pre-major: true - # feat commits bump semver patch instead of minor if version < 1.0.0 - bump-patch-for-minor-pre-major: true - # prerelease when committing to develop - prerelease: ${{ github.ref == 'refs/heads/develop' }} - #-------------------------------------------- - # Comment - #-------------------------------------------- - - name: comment - uses: thollander/actions-comment-pull-request@v2 - if: github.event_name == 'pull_request' && steps.release.outputs.releases_created - with: - message: | - :white_check_mark: **Release PR details** :white_check_mark: - - ${{ steps.release.outputs.pr }} - - #${{ steps.release.outputs.pr.number }} diff --git a/.github/workflows/terraform-min-max.yml b/.github/workflows/terraform-min-max.yml deleted file mode 100644 index 0eb39d4..0000000 --- a/.github/workflows/terraform-min-max.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: Terraform min-max - -on: - pull_request: - -jobs: - collectDirectories: - name: 🍱 collect directories - # Outputs a list of all unique directories - # that contain *.tf files and do not start with . - runs-on: ubuntu-latest - outputs: - directories: ${{ steps.set-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v3 - - id: set-matrix - run: | - DIRS=$(find . -type f -name '*.tf' -not -path '**/.*' | sed -r 's|/[^/]+$||' | sort | uniq) - DIRS_JSON=$(jq -ncR '[inputs]' <<< "$DIRS") - cat <<< matrix=$DIRS_JSON >> $GITHUB_OUTPUT - cat $GITHUB_OUTPUT - - validateTerraformMinMaxVersions: - name: 🏗️ Validate Terraform min/max versions - needs: collectDirectories - # For public repos use runs-on: ubuntu-latest - # For private repos use runs-on: self-hosted - runs-on: ubuntu-latest - container: bjorncloudandthings/terraform-aws-github:latest - strategy: - matrix: - directory: ${{ fromJson(needs.collectDirectories.outputs.directories) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Get Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 - with: - directory: ${{ matrix.directory }} - - - name: Validate min Terraform version (${{ steps.minMax.outputs.minVersion }}) - run: | - ls -la ~ - tfenv install ${{ steps.minMax.outputs.minVersion }} - tfenv use ${{ steps.minMax.outputs.minVersion }} - terraform --version - terraform init -backend=false - terraform validate - - - name: Validate max Terraform version (${{ steps.minMax.outputs.maxVersion }}) - run: | - ls -la ~ - tfenv install ${{ steps.minMax.outputs.maxVersion }} - tfenv use ${{ steps.minMax.outputs.maxVersion }} - terraform --version - terraform init -backend=false - terraform validate diff --git a/modules/user_data/cloud-init-ephemeral.yaml b/modules/user_data/cloud-init-ephemeral.yaml index 3bd2dd4..3d6a463 100644 --- a/modules/user_data/cloud-init-ephemeral.yaml +++ b/modules/user_data/cloud-init-ephemeral.yaml @@ -115,6 +115,12 @@ runcmd: - chmod a+r -R /home/ubuntu/actions-runner - systemctl enable this.service +# install kubectl/aws +- apt remove awscli -y +- snap install kubectl --channel=1.28/stable --classic +- snap install aws-cli --classic + + power_state: mode: reboot diff --git a/modules/user_data/cloud-init.yaml b/modules/user_data/cloud-init.yaml index 867c6f6..f8eb048 100644 --- a/modules/user_data/cloud-init.yaml +++ b/modules/user_data/cloud-init.yaml @@ -78,6 +78,12 @@ runcmd: - mv actions-runner /home/ubuntu/actions-runner - chown -R ubuntu:ubuntu /home/ubuntu +# install kubectl/aws +- apt remove awscli -y +- snap install kubectl --channel=1.28/stable --classic +- snap install aws-cli --classic + + # configure actions-runner - PERSONAL_ACCESS_TOKEN=`aws ssm get-parameter --with-decryption --name ${SSM_PARAMETER_NAME} --region ${REGION} | jq -r '.Parameter.Value'` - >