Skip to content

Commit

Permalink
Terraform 0.14 upgrade (#9)
Browse files Browse the repository at this point in the history
* Terraform 0.14 upgrade

* Keep local.enabled

Co-authored-by: Nuru <[email protected]>
  • Loading branch information
maximmi and Nuru authored Dec 22, 2020
1 parent c794eb2 commit 7c0c60a
Show file tree
Hide file tree
Showing 26 changed files with 1,337 additions and 285 deletions.
12 changes: 11 additions & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Use this file to define individuals or teams that are responsible for code in a repository.
# Read more: <https://help.github.com/articles/about-codeowners/>
#
# Order is important: the last matching pattern takes the most precedence
# Order is important: the last matching pattern has the highest precedence

# These owners will be the default owners for everything
* @cloudposse/engineering @cloudposse/contributors
Expand All @@ -12,3 +12,13 @@

# Cloud Posse must review any changes to GitHub actions
.github/* @cloudposse/engineering

# Cloud Posse must review any changes to standard context definition,
# but some changes can be rubber-stamped.
**/context.tf @cloudposse/engineering @cloudposse/approvers
README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers

# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration
.github/mergify.yml @cloudposse/admins
.github/CODEOWNERS @cloudposse/admins
53 changes: 53 additions & 0 deletions .github/auto-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name-template: 'v$RESOLVED_VERSION'
tag-template: '$RESOLVED_VERSION'
version-template: '$MAJOR.$MINOR.$PATCH'
version-resolver:
major:
labels:
- 'major'
minor:
labels:
- 'minor'
- 'enhancement'
patch:
labels:
- 'auto-update'
- 'patch'
- 'fix'
- 'bugfix'
- 'bug'
- 'hotfix'
default: 'minor'

categories:
- title: '🚀 Enhancements'
labels:
- 'enhancement'
- 'patch'
- title: '🐛 Bug Fixes'
labels:
- 'fix'
- 'bugfix'
- 'bug'
- 'hotfix'
- title: '🤖 Automatic Updates'
labels:
- 'auto-update'

change-template: |
<details>
<summary>$TITLE @$AUTHOR (#$NUMBER)</summary>
$BODY
</details>
template: |
$CHANGES
replacers:
# Remove irrelevant information from Renovate bot
- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
replace: ''
# Remove Renovate bot banner image
- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
replace: ''
58 changes: 58 additions & 0 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# https://docs.mergify.io/conditions.html
# https://docs.mergify.io/actions.html
pull_request_rules:
- name: "approve automated PRs that have passed checks"
conditions:
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- "base=master"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
- "check-success=test/readme"
- "check-success=test/terratest"
- "check-success=validate-codeowners"
actions:
review:
type: "APPROVE"
bot_account: "cloudposse-mergebot"
message: "We've automatically approved this PR because the checks from the automated Pull Request have passed."

- name: "merge automated PRs when approved and tests pass"
conditions:
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- "base=master"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
- "check-success=test/readme"
- "check-success=test/terratest"
- "check-success=validate-codeowners"
- "#approved-reviews-by>=1"
- "#changes-requested-reviews-by=0"
- "#commented-reviews-by=0"
actions:
merge:
method: "squash"

- name: "delete the head branch after merge"
conditions:
- "merged"
actions:
delete_head_branch: {}

- name: "ask to resolve conflict"
conditions:
- "conflict"
- "-closed"
actions:
comment:
message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏"

- name: "remove outdated reviews"
conditions:
- "base=master"
actions:
dismiss_reviews:
changes_requested: true
approved: true
message: "This Pull Request has been updated, so we're dismissing all reviews."
12 changes: 12 additions & 0 deletions .github/renovate.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"extends": [
"config:base",
":preserveSemverRanges"
],
"labels": ["auto-update"],
"enabledManagers": ["terraform"],
"terraform": {
"ignorePaths": ["**/context.tf", "examples/**"]
}
}

55 changes: 55 additions & 0 deletions .github/workflows/auto-context.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: "auto-context"
on:
schedule:
# Update context.tf nightly
- cron: '0 3 * * *'

jobs:
update:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

- name: Update context.tf
shell: bash
id: update
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
if [[ -f context.tf ]]; then
echo "Discovered existing context.tf! Fetching most recent version to see if there is an update."
curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf
if git diff --no-patch --exit-code context.tf; then
echo "No changes detected! Exiting the job..."
else
echo "context.tf file has changed. Update examples and rebuild README.md."
make init
make github/init/context.tf
make readme/build
echo "::set-output name=create_pull_request=true"
fi
else
echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates."
fi
- name: Create Pull Request
if: steps.update.outputs.create_pull_request == 'true'
uses: cloudposse/actions/github/[email protected]
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
commit-message: Update context.tf from origin source
title: Update context.tf
body: |-
## what
This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label`
## why
To support all the features of the `context` interface.
branch: auto-update/context.tf
base: master
delete-branch: true
labels: |
auto-update
context
86 changes: 86 additions & 0 deletions .github/workflows/auto-format.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: Auto Format
on:
pull_request_target:
types: [opened, synchronize]

jobs:
auto-format:
runs-on: ubuntu-latest
container: cloudposse/build-harness:slim-latest
steps:
# Checkout the pull request branch
# "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
# the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains
# a workflow configured to run when push events occur."
# However, using a personal access token will cause events to be triggered.
# We need that to ensure a status gets posted after the auto-format commit.
# We also want to trigger tests if the auto-format made no changes.
- uses: actions/checkout@v2
if: github.event.pull_request.state == 'open'
name: Privileged Checkout
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# Check out the PR commit, not the merge commit
# Use `ref` instead of `sha` to enable pushing back to `ref`
ref: ${{ github.event.pull_request.head.ref }}

# Do all the formatting stuff
- name: Auto Format
if: github.event.pull_request.state == 'open'
shell: bash
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host

# Commit changes (if any) to the PR branch
- name: Commit changes to the PR branch
if: github.event.pull_request.state == 'open'
shell: bash
id: commit
env:
SENDER: ${{ github.event.sender.login }}
run: |
set -x
output=$(git diff --name-only)
if [ -n "$output" ]; then
echo "Changes detected. Pushing to the PR branch"
git config --global user.name 'cloudpossebot'
git config --global user.email '[email protected]'
git add -A
git commit -m "Auto Format"
# Prevent looping by not pushing changes in response to changes from cloudpossebot
[[ $SENDER == "cloudpossebot" ]] || git push
# Set status to fail, because the push should trigger another status check,
# and we use success to indicate the checks are finished.
printf "::set-output name=%s::%s\n" "changed" "true"
exit 1
else
printf "::set-output name=%s::%s\n" "changed" "false"
echo "No changes detected"
fi
- name: Auto Test
uses: cloudposse/actions/github/[email protected]
# match users by ID because logins (user names) are inconsistent,
# for example in the REST API Renovate Bot is `renovate[bot]` but
# in GraphQL it is just `renovate`, plus there is a non-bot
# user `renovate` with ID 1832810.
# Mergify bot: 37929162
# Renovate bot: 29139614
# Cloudpossebot: 11232728
# Need to use space separators to prevent "21" from matching "112144"
if: >
contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id))
&& steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open'
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: cloudposse/actions
event-type: test-command
client-payload: |-
{ "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}},
"pull_request": ${{ toJSON(github.event.pull_request) }},
"github":{"payload":{"repository": ${{ toJSON(github.event.repository) }},
"comment": {"id": ""}
}
}
}
19 changes: 19 additions & 0 deletions .github/workflows/auto-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: auto-release

on:
push:
branches:
- master

jobs:
publish:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@v5
with:
publish: true
prerelease: false
config-name: auto-release.yml
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
8 changes: 4 additions & 4 deletions .github/workflows/chatops.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: "Handle common commands"
uses: cloudposse/actions/github/slash-command-dispatch@0.15.0
uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: cloudposse/actions
commands: rebuild-readme, terraform-fmt
permission: none
permission: triage
issue-type: pull-request

test:
Expand All @@ -24,13 +24,13 @@ jobs:
- name: "Checkout commit"
uses: actions/checkout@v2
- name: "Run tests"
uses: cloudposse/actions/github/slash-command-dispatch@0.15.0
uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: cloudposse/actions
commands: test
permission: none
permission: triage
issue-type: pull-request
reactions: false

Expand Down
25 changes: 25 additions & 0 deletions .github/workflows/validate-codeowners.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Validate Codeowners
on:
pull_request:

jobs:
validate-codeowners:
runs-on: ubuntu-latest
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v2
- uses: mszostok/[email protected]
if: github.event.pull_request.head.repo.full_name == github.repository
name: "Full check of CODEOWNERS"
with:
# For now, remove "files" check to allow CODEOWNERS to specify non-existent
# files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos
# checks: "files,syntax,owners,duppatterns"
checks: "syntax,owners,duppatterns"
# GitHub access token is required only if the `owners` check is enabled
github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
- uses: mszostok/[email protected]
if: github.event.pull_request.head.repo.full_name != github.repository
name: "Syntax check of CODEOWNERS"
with:
checks: "syntax,duppatterns"
16 changes: 0 additions & 16 deletions .travis.yml

This file was deleted.

Loading

0 comments on commit 7c0c60a

Please sign in to comment.