From b772f725cb3db357fa10a6d34535e4747b51c27b Mon Sep 17 00:00:00 2001
From: Igor Rodionov <goruha@gmail.com>
Date: Thu, 12 Sep 2024 15:09:22 +0300
Subject: [PATCH] Added migration to new test account (#120)

---
 migrate/migrations/20240905/README.md         |  13 ++
 migrate/migrations/20240905/repos-00          |  16 ++
 migrate/migrations/20240905/repos-01          |  16 ++
 migrate/migrations/20240905/repos-02          |  16 ++
 migrate/migrations/20240905/repos-03          |  16 ++
 migrate/migrations/20240905/repos-04          |  16 ++
 migrate/migrations/20240905/repos-05          |  16 ++
 migrate/migrations/20240905/repos-06          |  16 ++
 migrate/migrations/20240905/repos-07          |  16 ++
 migrate/migrations/20240905/repos-08          |  16 ++
 migrate/migrations/20240905/repos-09          |  16 ++
 migrate/migrations/20240905/repos-10          |   4 +
 migrate/migrations/20240905/repos.sh          |   5 +
 migrate/migrations/20240905/repos.txt         | 164 ++++++++++++++++++
 migrate/migrations/20240905/script.sh         |   7 +
 .../.github/workflows/chatops.yml             |   7 +-
 16 files changed, 357 insertions(+), 3 deletions(-)
 create mode 100644 migrate/migrations/20240905/README.md
 create mode 100644 migrate/migrations/20240905/repos-00
 create mode 100644 migrate/migrations/20240905/repos-01
 create mode 100644 migrate/migrations/20240905/repos-02
 create mode 100644 migrate/migrations/20240905/repos-03
 create mode 100644 migrate/migrations/20240905/repos-04
 create mode 100644 migrate/migrations/20240905/repos-05
 create mode 100644 migrate/migrations/20240905/repos-06
 create mode 100644 migrate/migrations/20240905/repos-07
 create mode 100644 migrate/migrations/20240905/repos-08
 create mode 100644 migrate/migrations/20240905/repos-09
 create mode 100644 migrate/migrations/20240905/repos-10
 create mode 100755 migrate/migrations/20240905/repos.sh
 create mode 100644 migrate/migrations/20240905/repos.txt
 create mode 100644 migrate/migrations/20240905/script.sh

diff --git a/migrate/migrations/20240905/README.md b/migrate/migrations/20240905/README.md
new file mode 100644
index 00000000..94b29c76
--- /dev/null
+++ b/migrate/migrations/20240905/README.md
@@ -0,0 +1,13 @@
+## what
+- Update `.github/settings.yml` 
+- Update `.github/chatops.yml` files
+
+## why
+- Re-apply `.github/settings.yml` from org level to get `terratest` environment
+- Migrate to new `test` account
+
+## References
+* DEV-388 Automate clean up of test account in new organization
+* DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
+* DEV-386 Update terratest to use new testing account with GitHub OIDC
+
diff --git a/migrate/migrations/20240905/repos-00 b/migrate/migrations/20240905/repos-00
new file mode 100644
index 00000000..930944f7
--- /dev/null
+++ b/migrate/migrations/20240905/repos-00
@@ -0,0 +1,16 @@
+cloudposse/terraform-module-test
+cloudposse/terraform-aws-ecs-web-app
+cloudposse/terraform-aws-sns-lambda-notify-slack
+cloudposse/terraform-aws-ecs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-dms
+cloudposse/terraform-aws-backup
+cloudposse/terraform-kubernetes-tfc-cloud-agent
+cloudposse/terraform-aws-github-action-token-rotator
+cloudposse/terraform-aws-memorydb
+cloudposse/terraform-aws-vpn-connection
+cloudposse/terraform-aws-lambda-function
+cloudposse/terraform-aws-s3-log-storage
+cloudposse/terraform-aws-service-control-policies
+cloudposse/terraform-aws-step-functions
+cloudposse/terraform-aws-ecs-spot-fleet
+cloudposse/terraform-aws-lambda-cloudwatch-sns-alarms
diff --git a/migrate/migrations/20240905/repos-01 b/migrate/migrations/20240905/repos-01
new file mode 100644
index 00000000..e0a8f3d8
--- /dev/null
+++ b/migrate/migrations/20240905/repos-01
@@ -0,0 +1,16 @@
+cloudposse/terraform-datadog-platform
+cloudposse/terraform-aws-efs
+cloudposse/terraform-external-module-artifact
+cloudposse/terraform-aws-kv-store
+cloudposse/terraform-aws-waf
+cloudposse/terraform-aws-security-group
+cloudposse/terraform-aws-organization-access-role
+cloudposse/terraform-aws-ssm-parameter-chamber-reader
+cloudposse/terraform-aws-cicd
+cloudposse/terraform-aws-elastic-beanstalk-environment
+cloudposse/terraform-aws-datadog-integration
+cloudposse/terraform-aws-helm-release
+cloudposse/terraform-aws-iam-system-user
+cloudposse/terraform-aws-eks-iam-role
+cloudposse/terraform-aws-config-storage
+cloudposse/terraform-aws-sso
diff --git a/migrate/migrations/20240905/repos-02 b/migrate/migrations/20240905/repos-02
new file mode 100644
index 00000000..5b3cd2d5
--- /dev/null
+++ b/migrate/migrations/20240905/repos-02
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-cloudwatch-flow-logs
+cloudposse/terraform-aws-rds-cluster-instance-group
+cloudposse/terraform-aws-efs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-kinesis-stream
+cloudposse/terraform-aws-acm-request-certificate
+cloudposse/terraform-aws-multi-az-subnets
+cloudposse/terraform-aws-vpc
+cloudposse/terraform-aws-iam-account-settings
+cloudposse/terraform-aws-athena
+cloudposse/terraform-aws-cloudtrail-s3-bucket
+cloudposse/terraform-aws-ssm-parameter-store
+cloudposse/terraform-aws-s3-website
+cloudposse/terraform-aws-security-hub
+cloudposse/terraform-aws-ec2-client-vpn
+cloudposse/terraform-aws-network-firewall
+cloudposse/terraform-aws-ssm-tls-ssh-key-pair
diff --git a/migrate/migrations/20240905/repos-03 b/migrate/migrations/20240905/repos-03
new file mode 100644
index 00000000..7806ace3
--- /dev/null
+++ b/migrate/migrations/20240905/repos-03
@@ -0,0 +1,16 @@
+cloudposse/terraform-terraform-label
+cloudposse/terraform-null-label
+cloudposse/terraform-aws-sns-topic
+cloudposse/terraform-aws-route53-resolver-dns-firewall
+cloudposse/terraform-aws-key-pair
+cloudposse/terraform-cloudflare-waf-rulesets
+cloudposse/terraform-aws-route53-alias
+cloudposse/terraform-aws-managed-grafana
+cloudposse/terraform-aws-emr-cluster
+cloudposse/terraform-aws-ecs-container-definition
+cloudposse/terraform-aws-alb-target-group-cloudwatch-sns-alarms
+cloudposse/terraform-aws-efs-backup
+cloudposse/terraform-aws-rds
+cloudposse/terraform-aws-iam-s3-user
+cloudposse/terraform-aws-mwaa
+cloudposse/terraform-aws-alb-ingress
diff --git a/migrate/migrations/20240905/repos-04 b/migrate/migrations/20240905/repos-04
new file mode 100644
index 00000000..a5db29bc
--- /dev/null
+++ b/migrate/migrations/20240905/repos-04
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-rds-replica
+cloudposse/terraform-aws-ssm-iam-role
+cloudposse/terraform-aws-budgets
+cloudposse/terraform-aws-iam-assumed-roles
+cloudposse/terraform-aws-iam-role
+cloudposse/terraform-aws-rds-db-proxy
+cloudposse/terraform-aws-sns-cloudwatch-sns-alarms
+cloudposse/terraform-github-repository-webhooks
+cloudposse/terraform-aws-route53-cluster-zone
+cloudposse/terraform-aws-organization-access-group
+cloudposse/terraform-aws-ec2-instance-group
+cloudposse/terraform-aws-lb-s3-bucket
+cloudposse/terraform-aws-ecs-codepipeline
+cloudposse/terraform-aws-nlb
+cloudposse/terraform-aws-elasticsearch
+cloudposse/terraform-aws-elasticache-redis
diff --git a/migrate/migrations/20240905/repos-05 b/migrate/migrations/20240905/repos-05
new file mode 100644
index 00000000..645a2f58
--- /dev/null
+++ b/migrate/migrations/20240905/repos-05
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-vpc-peering-multi-account
+cloudposse/terraform-aws-elasticache-memcached
+cloudposse/terraform-aws-eks-workers
+cloudposse/terraform-aws-ssm-patch-manager
+cloudposse/terraform-aws-s3-bucket
+cloudposse/terraform-aws-firewall-manager
+cloudposse/terraform-aws-utils
+cloudposse/terraform-aws-datadog-lambda-forwarder
+cloudposse/terraform-aws-ecr
+cloudposse/terraform-aws-ecs-alb-service-task
+cloudposse/terraform-aws-config
+cloudposse/terraform-aws-alb
+cloudposse/terraform-aws-ec2-instance
+cloudposse/terraform-yaml-stack-config
+cloudposse/terraform-spacelift-cloud-infrastructure-automation
+cloudposse/terraform-aws-cloudfront-s3-cdn
diff --git a/migrate/migrations/20240905/repos-06 b/migrate/migrations/20240905/repos-06
new file mode 100644
index 00000000..5d310948
--- /dev/null
+++ b/migrate/migrations/20240905/repos-06
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-documentdb-cluster
+cloudposse/terraform-aws-rds-cluster
+cloudposse/terraform-cloudflare-zone
+cloudposse/terraform-aws-eks-node-group
+cloudposse/terraform-aws-eks-fargate-profile
+cloudposse/terraform-aws-eks-cluster
+cloudposse/terraform-aws-mq-broker
+cloudposse/terraform-aws-ec2-autoscale-group
+cloudposse/terraform-example-module
+cloudposse/terraform-yaml-config
+cloudposse/terraform-aws-cloudfront-cdn
+cloudposse/terraform-aws-amplify-app
+cloudposse/terraform-opsgenie-incident-management
+cloudposse/terraform-aws-ec2-bastion-server
+cloudposse/terraform-null-ansible
+cloudposse/terraform-aws-tfstate-backend
diff --git a/migrate/migrations/20240905/repos-07 b/migrate/migrations/20240905/repos-07
new file mode 100644
index 00000000..ab217003
--- /dev/null
+++ b/migrate/migrations/20240905/repos-07
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-eks-spotinst-ocean-nodepool
+cloudposse/terraform-aws-transfer-sftp
+cloudposse/terraform-aws-cloudtrail
+cloudposse/terraform-aws-dynamodb-autoscaler
+cloudposse/terraform-aws-dynamodb
+cloudposse/terraform-aws-cloudwatch-events
+cloudposse/terraform-aws-guardduty
+cloudposse/terraform-aws-vpc-flow-logs-s3-bucket
+cloudposse/terraform-aws-ecs-cluster
+cloudposse/terraform-aws-codebuild
+cloudposse/terraform-aws-iam-chamber-s3-role
+cloudposse/terraform-aws-managed-prometheus
+cloudposse/terraform-aws-rds-cloudwatch-sns-alarms
+cloudposse/terraform-tls-ssh-key-pair
+cloudposse/terraform-aws-lambda-elasticsearch-cleanup
+cloudposse/terraform-aws-transit-gateway
diff --git a/migrate/migrations/20240905/repos-08 b/migrate/migrations/20240905/repos-08
new file mode 100644
index 00000000..94475838
--- /dev/null
+++ b/migrate/migrations/20240905/repos-08
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-ses-lambda-forwarder
+cloudposse/terraform-aws-global-accelerator
+cloudposse/terraform-aws-ses
+cloudposse/terraform-aws-macie
+cloudposse/terraform-aws-health-events
+cloudposse/terraform-aws-ecs-cloudwatch-autoscaling
+cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms
+cloudposse/terraform-aws-ssm-tls-self-signed-cert
+cloudposse/terraform-aws-kms-key
+cloudposse/terraform-aws-cloudwatch-logs
+cloudposse/terraform-aws-cloudformation-stack
+cloudposse/terraform-aws-iam-user
+cloudposse/terraform-aws-service-quotas
+cloudposse/terraform-aws-ec2-ami-backup
+cloudposse/terraform-aws-elastic-beanstalk-application
+cloudposse/terraform-null-smtp-mail
diff --git a/migrate/migrations/20240905/repos-09 b/migrate/migrations/20240905/repos-09
new file mode 100644
index 00000000..100bc1e8
--- /dev/null
+++ b/migrate/migrations/20240905/repos-09
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-redshift-cluster
+cloudposse/terraform-aws-ec2-admin-server
+cloudposse/terraform-aws-dynamic-subnets
+cloudposse/terraform-aws-lakeformation
+cloudposse/terraform-aws-msk-apache-kafka-cluster
+cloudposse/terraform-aws-refarch-utils
+cloudposse/terraform-aws-ssm-parameter-store-policy-documents
+cloudposse/terraform-aws-glue
+cloudposse/terraform-aws-vpc-peering
+cloudposse/terraform-aws-named-subnets
+cloudposse/terraform-aws-route53-cluster-hostname
+cloudposse/terraform-aws-api-gateway
+cloudposse/terraform-aws-inspector
+cloudposse/terraform-aws-ec2-ami-snapshot
+cloudposse/terraform-aws-ecr-public
+cloudposse/terraform-aws-cloudformation-stack-set
diff --git a/migrate/migrations/20240905/repos-10 b/migrate/migrations/20240905/repos-10
new file mode 100644
index 00000000..8a146db8
--- /dev/null
+++ b/migrate/migrations/20240905/repos-10
@@ -0,0 +1,4 @@
+cloudposse/terraform-aws-code-deploy
+cloudposse/terraform-aws-iam-policy
+cloudposse/terraform-artifactory-kv-store
+cloudposse/terraform-aws-batch
diff --git a/migrate/migrations/20240905/repos.sh b/migrate/migrations/20240905/repos.sh
new file mode 100755
index 00000000..c1c8c967
--- /dev/null
+++ b/migrate/migrations/20240905/repos.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+gh repo list cloudposse --limit 500 --json name,owner \
+    --jq '.[] | select(.name | test("^terraform")) | select(.name | test("^terraform-provider") | not) | select(.name | test("^terraform-aws-components") | not) | .owner.login + "/" + .name' > repos.txt
+
+split -d -l 16 repos.txt repos-
diff --git a/migrate/migrations/20240905/repos.txt b/migrate/migrations/20240905/repos.txt
new file mode 100644
index 00000000..b0b3fd25
--- /dev/null
+++ b/migrate/migrations/20240905/repos.txt
@@ -0,0 +1,164 @@
+cloudposse/terraform-module-test
+cloudposse/terraform-aws-ecs-web-app
+cloudposse/terraform-aws-sns-lambda-notify-slack
+cloudposse/terraform-aws-ecs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-dms
+cloudposse/terraform-aws-backup
+cloudposse/terraform-kubernetes-tfc-cloud-agent
+cloudposse/terraform-aws-github-action-token-rotator
+cloudposse/terraform-aws-memorydb
+cloudposse/terraform-aws-vpn-connection
+cloudposse/terraform-aws-lambda-function
+cloudposse/terraform-aws-s3-log-storage
+cloudposse/terraform-aws-service-control-policies
+cloudposse/terraform-aws-step-functions
+cloudposse/terraform-aws-ecs-spot-fleet
+cloudposse/terraform-aws-lambda-cloudwatch-sns-alarms
+cloudposse/terraform-datadog-platform
+cloudposse/terraform-aws-efs
+cloudposse/terraform-external-module-artifact
+cloudposse/terraform-aws-kv-store
+cloudposse/terraform-aws-waf
+cloudposse/terraform-aws-security-group
+cloudposse/terraform-aws-organization-access-role
+cloudposse/terraform-aws-ssm-parameter-chamber-reader
+cloudposse/terraform-aws-cicd
+cloudposse/terraform-aws-elastic-beanstalk-environment
+cloudposse/terraform-aws-datadog-integration
+cloudposse/terraform-aws-helm-release
+cloudposse/terraform-aws-iam-system-user
+cloudposse/terraform-aws-eks-iam-role
+cloudposse/terraform-aws-config-storage
+cloudposse/terraform-aws-sso
+cloudposse/terraform-aws-cloudwatch-flow-logs
+cloudposse/terraform-aws-rds-cluster-instance-group
+cloudposse/terraform-aws-efs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-kinesis-stream
+cloudposse/terraform-aws-acm-request-certificate
+cloudposse/terraform-aws-multi-az-subnets
+cloudposse/terraform-aws-vpc
+cloudposse/terraform-aws-iam-account-settings
+cloudposse/terraform-aws-athena
+cloudposse/terraform-aws-cloudtrail-s3-bucket
+cloudposse/terraform-aws-ssm-parameter-store
+cloudposse/terraform-aws-s3-website
+cloudposse/terraform-aws-security-hub
+cloudposse/terraform-aws-ec2-client-vpn
+cloudposse/terraform-aws-network-firewall
+cloudposse/terraform-aws-ssm-tls-ssh-key-pair
+cloudposse/terraform-terraform-label
+cloudposse/terraform-null-label
+cloudposse/terraform-aws-sns-topic
+cloudposse/terraform-aws-route53-resolver-dns-firewall
+cloudposse/terraform-aws-key-pair
+cloudposse/terraform-cloudflare-waf-rulesets
+cloudposse/terraform-aws-route53-alias
+cloudposse/terraform-aws-managed-grafana
+cloudposse/terraform-aws-emr-cluster
+cloudposse/terraform-aws-ecs-container-definition
+cloudposse/terraform-aws-alb-target-group-cloudwatch-sns-alarms
+cloudposse/terraform-aws-efs-backup
+cloudposse/terraform-aws-rds
+cloudposse/terraform-aws-iam-s3-user
+cloudposse/terraform-aws-mwaa
+cloudposse/terraform-aws-alb-ingress
+cloudposse/terraform-aws-rds-replica
+cloudposse/terraform-aws-ssm-iam-role
+cloudposse/terraform-aws-budgets
+cloudposse/terraform-aws-iam-assumed-roles
+cloudposse/terraform-aws-iam-role
+cloudposse/terraform-aws-rds-db-proxy
+cloudposse/terraform-aws-sns-cloudwatch-sns-alarms
+cloudposse/terraform-github-repository-webhooks
+cloudposse/terraform-aws-route53-cluster-zone
+cloudposse/terraform-aws-organization-access-group
+cloudposse/terraform-aws-ec2-instance-group
+cloudposse/terraform-aws-lb-s3-bucket
+cloudposse/terraform-aws-ecs-codepipeline
+cloudposse/terraform-aws-nlb
+cloudposse/terraform-aws-elasticsearch
+cloudposse/terraform-aws-elasticache-redis
+cloudposse/terraform-aws-vpc-peering-multi-account
+cloudposse/terraform-aws-elasticache-memcached
+cloudposse/terraform-aws-eks-workers
+cloudposse/terraform-aws-ssm-patch-manager
+cloudposse/terraform-aws-s3-bucket
+cloudposse/terraform-aws-firewall-manager
+cloudposse/terraform-aws-utils
+cloudposse/terraform-aws-datadog-lambda-forwarder
+cloudposse/terraform-aws-ecr
+cloudposse/terraform-aws-ecs-alb-service-task
+cloudposse/terraform-aws-config
+cloudposse/terraform-aws-alb
+cloudposse/terraform-aws-ec2-instance
+cloudposse/terraform-yaml-stack-config
+cloudposse/terraform-spacelift-cloud-infrastructure-automation
+cloudposse/terraform-aws-cloudfront-s3-cdn
+cloudposse/terraform-aws-documentdb-cluster
+cloudposse/terraform-aws-rds-cluster
+cloudposse/terraform-cloudflare-zone
+cloudposse/terraform-aws-eks-node-group
+cloudposse/terraform-aws-eks-fargate-profile
+cloudposse/terraform-aws-eks-cluster
+cloudposse/terraform-aws-mq-broker
+cloudposse/terraform-aws-ec2-autoscale-group
+cloudposse/terraform-example-module
+cloudposse/terraform-yaml-config
+cloudposse/terraform-aws-cloudfront-cdn
+cloudposse/terraform-aws-amplify-app
+cloudposse/terraform-opsgenie-incident-management
+cloudposse/terraform-aws-ec2-bastion-server
+cloudposse/terraform-null-ansible
+cloudposse/terraform-aws-tfstate-backend
+cloudposse/terraform-aws-eks-spotinst-ocean-nodepool
+cloudposse/terraform-aws-transfer-sftp
+cloudposse/terraform-aws-cloudtrail
+cloudposse/terraform-aws-dynamodb-autoscaler
+cloudposse/terraform-aws-dynamodb
+cloudposse/terraform-aws-cloudwatch-events
+cloudposse/terraform-aws-guardduty
+cloudposse/terraform-aws-vpc-flow-logs-s3-bucket
+cloudposse/terraform-aws-ecs-cluster
+cloudposse/terraform-aws-codebuild
+cloudposse/terraform-aws-iam-chamber-s3-role
+cloudposse/terraform-aws-managed-prometheus
+cloudposse/terraform-aws-rds-cloudwatch-sns-alarms
+cloudposse/terraform-tls-ssh-key-pair
+cloudposse/terraform-aws-lambda-elasticsearch-cleanup
+cloudposse/terraform-aws-transit-gateway
+cloudposse/terraform-aws-ses-lambda-forwarder
+cloudposse/terraform-aws-global-accelerator
+cloudposse/terraform-aws-ses
+cloudposse/terraform-aws-macie
+cloudposse/terraform-aws-health-events
+cloudposse/terraform-aws-ecs-cloudwatch-autoscaling
+cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms
+cloudposse/terraform-aws-ssm-tls-self-signed-cert
+cloudposse/terraform-aws-kms-key
+cloudposse/terraform-aws-cloudwatch-logs
+cloudposse/terraform-aws-cloudformation-stack
+cloudposse/terraform-aws-iam-user
+cloudposse/terraform-aws-service-quotas
+cloudposse/terraform-aws-ec2-ami-backup
+cloudposse/terraform-aws-elastic-beanstalk-application
+cloudposse/terraform-null-smtp-mail
+cloudposse/terraform-aws-redshift-cluster
+cloudposse/terraform-aws-ec2-admin-server
+cloudposse/terraform-aws-dynamic-subnets
+cloudposse/terraform-aws-lakeformation
+cloudposse/terraform-aws-msk-apache-kafka-cluster
+cloudposse/terraform-aws-refarch-utils
+cloudposse/terraform-aws-ssm-parameter-store-policy-documents
+cloudposse/terraform-aws-glue
+cloudposse/terraform-aws-vpc-peering
+cloudposse/terraform-aws-named-subnets
+cloudposse/terraform-aws-route53-cluster-hostname
+cloudposse/terraform-aws-api-gateway
+cloudposse/terraform-aws-inspector
+cloudposse/terraform-aws-ec2-ami-snapshot
+cloudposse/terraform-aws-ecr-public
+cloudposse/terraform-aws-cloudformation-stack-set
+cloudposse/terraform-aws-code-deploy
+cloudposse/terraform-aws-iam-policy
+cloudposse/terraform-artifactory-kv-store
+cloudposse/terraform-aws-batch
diff --git a/migrate/migrations/20240905/script.sh b/migrate/migrations/20240905/script.sh
new file mode 100644
index 00000000..d3b999ec
--- /dev/null
+++ b/migrate/migrations/20240905/script.sh
@@ -0,0 +1,7 @@
+title "Migrate new test account"
+
+refresh_github_settings
+install .github/workflows
+
+# Merge the PR
+auto_merge
diff --git a/migrate/templates/terraform-module/.github/workflows/chatops.yml b/migrate/templates/terraform-module/.github/workflows/chatops.yml
index c3d47fa6..793a7a68 100644
--- a/migrate/templates/terraform-module/.github/workflows/chatops.yml
+++ b/migrate/templates/terraform-module/.github/workflows/chatops.yml
@@ -8,9 +8,10 @@ permissions:
   pull-requests: write
   id-token: write
   contents: write
+  statuses: write
 
 jobs:
-  terraform-module:
+  test:
     uses: cloudposse/.github/.github/workflows/shared-terraform-chatops.yml@main
-    secrets:
-      github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+    if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/terratest') }}
+    secrets: inherit