From f35075675ddb8ed5974ba666099f0993ecf5c72d Mon Sep 17 00:00:00 2001
From: Igor Rodionov <goruha@gmail.com>
Date: Sat, 1 Jun 2024 15:50:35 +0200
Subject: [PATCH] Added migrations to update release workflow (#99)

* Added migrations to update release workflow

* update language

* add misisng repos

---------

Co-authored-by: Erik Osterman <erik@cloudposse.com>
---
 .github/workflows/shared-release-branches.yml |   5 +
 migrate/migrations/20240529/README.md         |   5 +
 migrate/migrations/20240529/repos-00          |  14 ++
 migrate/migrations/20240529/repos-01          |  15 ++
 migrate/migrations/20240529/repos-02          |  16 ++
 migrate/migrations/20240529/repos-03          |   5 +
 migrate/migrations/20240529/repos.sh          |   5 +
 migrate/migrations/20240529/repos.txt         |  51 ++++++
 migrate/migrations/20240529/script.sh         |   6 +
 migrate/migrations/20240530/README.md         |   5 +
 migrate/migrations/20240530/repos-00          |  16 ++
 migrate/migrations/20240530/repos-01          |  16 ++
 migrate/migrations/20240530/repos-02          |  16 ++
 migrate/migrations/20240530/repos-03          |  16 ++
 migrate/migrations/20240530/repos-04          |  16 ++
 migrate/migrations/20240530/repos-05          |  16 ++
 migrate/migrations/20240530/repos-06          |  16 ++
 migrate/migrations/20240530/repos-07          |  16 ++
 migrate/migrations/20240530/repos-08          |  16 ++
 migrate/migrations/20240530/repos-09          |  16 ++
 migrate/migrations/20240530/repos-10          |   6 +
 migrate/migrations/20240530/repos.sh          |   5 +
 migrate/migrations/20240530/repos.txt         | 165 ++++++++++++++++++
 migrate/migrations/20240530/script.sh         |   6 +
 .../.github/workflows/release.yml             |   1 +
 .../.github/workflows/release.yml             |   5 +-
 26 files changed, 474 insertions(+), 1 deletion(-)
 create mode 100644 migrate/migrations/20240529/README.md
 create mode 100644 migrate/migrations/20240529/repos-00
 create mode 100644 migrate/migrations/20240529/repos-01
 create mode 100644 migrate/migrations/20240529/repos-02
 create mode 100644 migrate/migrations/20240529/repos-03
 create mode 100755 migrate/migrations/20240529/repos.sh
 create mode 100644 migrate/migrations/20240529/repos.txt
 create mode 100644 migrate/migrations/20240529/script.sh
 create mode 100644 migrate/migrations/20240530/README.md
 create mode 100644 migrate/migrations/20240530/repos-00
 create mode 100644 migrate/migrations/20240530/repos-01
 create mode 100644 migrate/migrations/20240530/repos-02
 create mode 100644 migrate/migrations/20240530/repos-03
 create mode 100644 migrate/migrations/20240530/repos-04
 create mode 100644 migrate/migrations/20240530/repos-05
 create mode 100644 migrate/migrations/20240530/repos-06
 create mode 100644 migrate/migrations/20240530/repos-07
 create mode 100644 migrate/migrations/20240530/repos-08
 create mode 100644 migrate/migrations/20240530/repos-09
 create mode 100644 migrate/migrations/20240530/repos-10
 create mode 100755 migrate/migrations/20240530/repos.sh
 create mode 100644 migrate/migrations/20240530/repos.txt
 create mode 100644 migrate/migrations/20240530/script.sh

diff --git a/.github/workflows/shared-release-branches.yml b/.github/workflows/shared-release-branches.yml
index 61b56296..f2873c65 100644
--- a/.github/workflows/shared-release-branches.yml
+++ b/.github/workflows/shared-release-branches.yml
@@ -9,6 +9,11 @@ on:
         required: false
         default: '["ubuntu-latest"]'
 
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
 jobs:
   major-release-tagger:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
diff --git a/migrate/migrations/20240529/README.md b/migrate/migrations/20240529/README.md
new file mode 100644
index 00000000..df9d4bf5
--- /dev/null
+++ b/migrate/migrations/20240529/README.md
@@ -0,0 +1,5 @@
+## what
+- Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR
+
+## why
+- Add comment to PR when it is released
diff --git a/migrate/migrations/20240529/repos-00 b/migrate/migrations/20240529/repos-00
new file mode 100644
index 00000000..4da8a977
--- /dev/null
+++ b/migrate/migrations/20240529/repos-00
@@ -0,0 +1,14 @@
+cloudposse/github-action-test-action
+cloudposse/github-action-atmos-get-setting
+cloudposse/github-action-pre-commit
+cloudposse/github-action-config-levels
+cloudposse/github-action-atmos-terraform-drift-detection
+cloudposse/github-action-matrix-outputs-write
+cloudposse/github-action-setup-atmos
+cloudposse/github-action-docker-build-push
+cloudposse/github-action-docker-image-exists
+cloudposse/github-action-docker-promote
+cloudposse/github-action-deploy-argocd
+cloudposse/github-action-deploy-helmfile
+cloudposse/github-action-auto-release
+cloudposse/github-action-preview-environment-controller
diff --git a/migrate/migrations/20240529/repos-01 b/migrate/migrations/20240529/repos-01
new file mode 100644
index 00000000..7fd48754
--- /dev/null
+++ b/migrate/migrations/20240529/repos-01
@@ -0,0 +1,15 @@
+cloudposse/github-action-kubernetes-environment
+cloudposse/github-action-yaml-config-query
+cloudposse/github-action-run-ecspresso
+cloudposse/github-action-jq
+cloudposse/github-action-auto-format
+cloudposse/github-action-sync-docker-repos
+cloudposse/github-action-matrix-extended
+cloudposse/github-action-atmos-terraform-select-components
+cloudposse/github-action-atmos-terraform-apply
+cloudposse/github-action-atmos-affected-trigger-spacelift
+cloudposse/github-action-matrix-outputs-read
+cloudposse/github-action-release-label-validator
+cloudposse/github-action-atmos-terraform-plan
+cloudposse/github-action-atmos-affected-stacks
+cloudposse/github-action-atmos-terraform-drift-remediation
diff --git a/migrate/migrations/20240529/repos-02 b/migrate/migrations/20240529/repos-02
new file mode 100644
index 00000000..67bb3276
--- /dev/null
+++ b/migrate/migrations/20240529/repos-02
@@ -0,0 +1,16 @@
+cloudposse/github-action-release-branch-manager
+cloudposse/github-action-major-release-tagger
+cloudposse/github-action-validate-codeowners
+cloudposse/github-action-terraform-auto-context
+cloudposse/github-action-atmos-component-updater
+cloudposse/github-action-deploy-ecspresso
+cloudposse/github-action-wait-commit-status
+cloudposse/github-action-secret-outputs
+cloudposse/github-action-interface-environment
+cloudposse/github-action-terratest
+cloudposse/github-action-spacelift-stack-deploy
+cloudposse/github-action-aws-region-reduction-map
+cloudposse/github-action-docker-compose-test-run
+cloudposse/github-action-seek-deployment
+cloudposse/github-action-preview-labels-cleanup
+cloudposse/github-action-monorepo-random-controller
diff --git a/migrate/migrations/20240529/repos-03 b/migrate/migrations/20240529/repos-03
new file mode 100644
index 00000000..5bda2e32
--- /dev/null
+++ b/migrate/migrations/20240529/repos-03
@@ -0,0 +1,5 @@
+cloudposse/github-action-deploy-spacelift
+cloudposse/github-action-telemetry
+cloudposse/github-action-mega-linter
+cloudposse/github-action-datadog-notify
+cloudposse/github-action-pull-request-labeling
diff --git a/migrate/migrations/20240529/repos.sh b/migrate/migrations/20240529/repos.sh
new file mode 100755
index 00000000..1d66be9d
--- /dev/null
+++ b/migrate/migrations/20240529/repos.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+gh repo list cloudposse --limit 500 --json name,owner \
+	--jq '.[] | select(.name | test("^github-action-")) | .owner.login + "/" + .name' > repos.txt
+
+split -d -l 16 repos.txt repos-
diff --git a/migrate/migrations/20240529/repos.txt b/migrate/migrations/20240529/repos.txt
new file mode 100644
index 00000000..752bb58d
--- /dev/null
+++ b/migrate/migrations/20240529/repos.txt
@@ -0,0 +1,51 @@
+cloudposse/github-action-test-action
+cloudposse/github-action-atmos-get-setting
+cloudposse/github-action-pre-commit
+cloudposse/github-action-config-levels
+cloudposse/github-action-atmos-terraform-drift-detection
+cloudposse/github-action-matrix-outputs-write
+cloudposse/github-action-setup-atmos
+cloudposse/github-action-docker-build-push
+cloudposse/github-action-docker-image-exists
+cloudposse/github-action-docker-promote
+cloudposse/github-action-deploy-argocd
+cloudposse/github-action-deploy-helmfile
+cloudposse/github-action-auto-release
+cloudposse/github-action-preview-environment-controller
+cloudposse/github-action-kubernetes-environment
+cloudposse/github-action-yaml-config-query
+cloudposse/github-action-run-ecspresso
+cloudposse/github-action-terraform-plan-storage
+cloudposse/github-action-jq
+cloudposse/github-action-auto-format
+cloudposse/github-action-sync-docker-repos
+cloudposse/github-action-matrix-extended
+cloudposse/github-action-atmos-terraform-select-components
+cloudposse/github-action-atmos-terraform-apply
+cloudposse/github-action-atmos-affected-trigger-spacelift
+cloudposse/github-action-matrix-outputs-read
+cloudposse/github-action-release-label-validator
+cloudposse/github-action-atmos-terraform-plan
+cloudposse/github-action-atmos-affected-stacks
+cloudposse/github-action-atmos-terraform-drift-remediation
+cloudposse/github-action-release-branch-manager
+cloudposse/github-action-major-release-tagger
+cloudposse/github-action-validate-codeowners
+cloudposse/github-action-terraform-auto-context
+cloudposse/github-action-atmos-component-updater
+cloudposse/github-action-deploy-ecspresso
+cloudposse/github-action-wait-commit-status
+cloudposse/github-action-secret-outputs
+cloudposse/github-action-interface-environment
+cloudposse/github-action-terratest
+cloudposse/github-action-spacelift-stack-deploy
+cloudposse/github-action-aws-region-reduction-map
+cloudposse/github-action-docker-compose-test-run
+cloudposse/github-action-seek-deployment
+cloudposse/github-action-preview-labels-cleanup
+cloudposse/github-action-monorepo-random-controller
+cloudposse/github-action-deploy-spacelift
+cloudposse/github-action-telemetry
+cloudposse/github-action-mega-linter
+cloudposse/github-action-datadog-notify
+cloudposse/github-action-pull-request-labeling
diff --git a/migrate/migrations/20240529/script.sh b/migrate/migrations/20240529/script.sh
new file mode 100644
index 00000000..81951b19
--- /dev/null
+++ b/migrate/migrations/20240529/script.sh
@@ -0,0 +1,6 @@
+title "Update release workflow to allow pull-requests: write"
+
+install .github/workflows/release.yml
+
+# Merge the PR
+auto_merge
diff --git a/migrate/migrations/20240530/README.md b/migrate/migrations/20240530/README.md
new file mode 100644
index 00000000..847e45d6
--- /dev/null
+++ b/migrate/migrations/20240530/README.md
@@ -0,0 +1,5 @@
+## what
+- Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR
+
+## why
+- So we can support commenting on PRs with a link to the release
diff --git a/migrate/migrations/20240530/repos-00 b/migrate/migrations/20240530/repos-00
new file mode 100644
index 00000000..4238d731
--- /dev/null
+++ b/migrate/migrations/20240530/repos-00
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-rds
+cloudposse/terraform-aws-ec2-autoscale-group
+cloudposse/terraform-aws-ecs-alb-service-task
+cloudposse/terraform-aws-waf
+cloudposse/terraform-module-test
+cloudposse/terraform-aws-vpn-connection
+cloudposse/terraform-aws-elastic-beanstalk-environment
+cloudposse/terraform-aws-ssm-tls-ssh-key-pair
+cloudposse/terraform-aws-dynamic-subnets
+cloudposse/terraform-spacelift-cloud-infrastructure-automation
+cloudposse/terraform-aws-alb-ingress
+cloudposse/terraform-aws-ecs-web-app
+cloudposse/terraform-aws-eks-fargate-profile
+cloudposse/terraform-aws-eks-node-group
+cloudposse/terraform-aws-iam-policy
+cloudposse/terraform-aws-eks-cluster
diff --git a/migrate/migrations/20240530/repos-01 b/migrate/migrations/20240530/repos-01
new file mode 100644
index 00000000..13ed425b
--- /dev/null
+++ b/migrate/migrations/20240530/repos-01
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-ec2-instance
+cloudposse/terraform-aws-named-subnets
+cloudposse/terraform-aws-documentdb-cluster
+cloudposse/terraform-aws-cloudfront-s3-cdn
+cloudposse/terraform-aws-ec2-bastion-server
+cloudposse/terraform-aws-api-gateway
+cloudposse/terraform-null-smtp-mail
+cloudposse/terraform-aws-ssm-patch-manager
+cloudposse/terraform-aws-iam-user
+cloudposse/terraform-aws-vpc-peering-multi-account
+cloudposse/terraform-aws-step-functions
+cloudposse/terraform-aws-athena
+cloudposse/terraform-aws-ecr-public
+cloudposse/terraform-aws-service-quotas
+cloudposse/terraform-aws-elasticache-memcached
+cloudposse/terraform-aws-macie
diff --git a/migrate/migrations/20240530/repos-02 b/migrate/migrations/20240530/repos-02
new file mode 100644
index 00000000..fd5495f2
--- /dev/null
+++ b/migrate/migrations/20240530/repos-02
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-sso
+cloudposse/terraform-aws-rds-replica
+cloudposse/terraform-aws-eks-spotinst-ocean-nodepool
+cloudposse/terraform-aws-inspector
+cloudposse/terraform-yaml-config
+cloudposse/terraform-opsgenie-incident-management
+cloudposse/terraform-aws-cloudwatch-events
+cloudposse/terraform-aws-transit-gateway
+cloudposse/terraform-aws-sns-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ses
+cloudposse/terraform-aws-ssm-parameter-chamber-reader
+cloudposse/terraform-aws-cloudformation-stack
+cloudposse/terraform-aws-cloudformation-stack-set
+cloudposse/terraform-aws-iam-chamber-s3-role
+cloudposse/terraform-aws-iam-s3-user
+cloudposse/terraform-kubernetes-tfc-cloud-agent
diff --git a/migrate/migrations/20240530/repos-03 b/migrate/migrations/20240530/repos-03
new file mode 100644
index 00000000..2d528598
--- /dev/null
+++ b/migrate/migrations/20240530/repos-03
@@ -0,0 +1,16 @@
+cloudposse/terraform-example-module
+cloudposse/terraform-aws-rds-cluster-instance-group
+cloudposse/terraform-aws-iam-account-settings
+cloudposse/terraform-aws-ecs-launch-template
+cloudposse/terraform-aws-sns-lambda-notify-slack
+cloudposse/terraform-aws-ecs-cloudwatch-autoscaling
+cloudposse/terraform-aws-alb-target-group-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ecs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms
+cloudposse/terraform-aws-ssm-parameter-store-policy-documents
+cloudposse/terraform-aws-ecs-spot-fleet
+cloudposse/terraform-aws-ssm-iam-role
+cloudposse/terraform-aws-sqs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-lambda-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ecs-events
+cloudposse/terraform-aws-ecs-container-definition
diff --git a/migrate/migrations/20240530/repos-04 b/migrate/migrations/20240530/repos-04
new file mode 100644
index 00000000..b70c320b
--- /dev/null
+++ b/migrate/migrations/20240530/repos-04
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-ec2-instance-group
+cloudposse/terraform-aws-rds-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ssm-parameter-store
+cloudposse/terraform-terraform-label
+cloudposse/terraform-tls-ssh-key-pair
+cloudposse/terraform-aws-kms-key
+cloudposse/terraform-aws-dynamodb-autoscaler
+cloudposse/terraform-aws-organization-access-group
+cloudposse/terraform-aws-organization-access-role
+cloudposse/terraform-aws-cloudwatch-flow-logs
+cloudposse/terraform-aws-cloudwatch-logs
+cloudposse/terraform-aws-multi-az-subnets
+cloudposse/terraform-aws-vpc-peering
+cloudposse/terraform-aws-datadog-integration
+cloudposse/terraform-aws-iam-assumed-roles
+cloudposse/terraform-aws-elastic-beanstalk-application
diff --git a/migrate/migrations/20240530/repos-05 b/migrate/migrations/20240530/repos-05
new file mode 100644
index 00000000..3e719052
--- /dev/null
+++ b/migrate/migrations/20240530/repos-05
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-ec2-ami-snapshot
+cloudposse/terraform-aws-ec2-admin-server
+cloudposse/terraform-null-ansible
+cloudposse/terraform-aws-codebuild
+cloudposse/terraform-aws-s3-log-storage
+cloudposse/terraform-aws-route53-cluster-zone
+cloudposse/terraform-aws-route53-alias
+cloudposse/terraform-aws-key-pair
+cloudposse/terraform-aws-efs-backup
+cloudposse/terraform-aws-ecr
+cloudposse/terraform-aws-dynamodb
+cloudposse/terraform-aws-ec2-ami-backup
+cloudposse/terraform-datadog-platform
+cloudposse/terraform-aws-efs
+cloudposse/terraform-aws-sns-topic
+cloudposse/terraform-aws-firewall-manager
diff --git a/migrate/migrations/20240530/repos-06 b/migrate/migrations/20240530/repos-06
new file mode 100644
index 00000000..2903002a
--- /dev/null
+++ b/migrate/migrations/20240530/repos-06
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-config
+cloudposse/terraform-aws-health-events
+cloudposse/terraform-aws-global-accelerator
+cloudposse/terraform-cloudflare-waf-rulesets
+cloudposse/terraform-aws-ssm-tls-self-signed-cert
+cloudposse/terraform-aws-config-storage
+cloudposse/terraform-cloudflare-zone
+cloudposse/terraform-aws-s3-website
+cloudposse/terraform-github-repository-webhooks
+cloudposse/terraform-external-module-artifact
+cloudposse/terraform-aws-code-deploy
+cloudposse/terraform-aws-ses-lambda-forwarder
+cloudposse/terraform-aws-elasticsearch
+cloudposse/terraform-aws-security-hub
+cloudposse/terraform-aws-guardduty
+cloudposse/terraform-aws-mwaa
diff --git a/migrate/migrations/20240530/repos-07 b/migrate/migrations/20240530/repos-07
new file mode 100644
index 00000000..9177f9ba
--- /dev/null
+++ b/migrate/migrations/20240530/repos-07
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-efs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-iam-role
+cloudposse/terraform-aws-cloudfront-cdn
+cloudposse/terraform-null-label
+cloudposse/terraform-aws-alb
+cloudposse/terraform-aws-rds-db-proxy
+cloudposse/terraform-aws-lakeformation
+cloudposse/terraform-aws-glue
+cloudposse/terraform-aws-lambda-function
+cloudposse/terraform-aws-transfer-sftp
+cloudposse/terraform-aws-emr-cluster
+cloudposse/terraform-aws-redshift-cluster
+cloudposse/terraform-aws-route53-resolver-dns-firewall
+cloudposse/terraform-aws-network-firewall
+cloudposse/terraform-aws-route53-cluster-hostname
+cloudposse/terraform-aws-dms
diff --git a/migrate/migrations/20240530/repos-08 b/migrate/migrations/20240530/repos-08
new file mode 100644
index 00000000..18022a77
--- /dev/null
+++ b/migrate/migrations/20240530/repos-08
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-github-action-token-rotator
+cloudposse/terraform-aws-iam-system-user
+cloudposse/terraform-aws-kinesis-stream
+cloudposse/terraform-artifactory-kv-store
+cloudposse/terraform-aws-vpc
+cloudposse/terraform-aws-kv-store
+cloudposse/terraform-aws-nlb
+cloudposse/terraform-aws-refarch-utils
+cloudposse/terraform-aws-batch
+cloudposse/terraform-aws-utils
+cloudposse/terraform-aws-ecs-cluster
+cloudposse/terraform-aws-security-group
+cloudposse/terraform-aws-cicd
+cloudposse/terraform-aws-msk-apache-kafka-cluster
+cloudposse/terraform-aws-tfstate-backend
+cloudposse/terraform-yaml-stack-config
diff --git a/migrate/migrations/20240530/repos-09 b/migrate/migrations/20240530/repos-09
new file mode 100644
index 00000000..2459f39a
--- /dev/null
+++ b/migrate/migrations/20240530/repos-09
@@ -0,0 +1,16 @@
+cloudposse/terraform-aws-lambda-elasticsearch-cleanup
+cloudposse/terraform-aws-mq-broker
+cloudposse/terraform-aws-vpc-flow-logs-s3-bucket
+cloudposse/terraform-aws-datadog-lambda-forwarder
+cloudposse/terraform-aws-helm-release
+cloudposse/terraform-aws-cloudtrail-s3-bucket
+cloudposse/terraform-aws-ec2-client-vpn
+cloudposse/terraform-aws-eks-iam-role
+cloudposse/terraform-aws-s3-bucket
+cloudposse/terraform-aws-rds-cluster
+cloudposse/terraform-aws-backup
+cloudposse/terraform-aws-budgets
+cloudposse/terraform-aws-eks-workers
+cloudposse/terraform-aws-cloudtrail
+cloudposse/terraform-aws-ecs-codepipeline
+cloudposse/terraform-aws-acm-request-certificate
diff --git a/migrate/migrations/20240530/repos-10 b/migrate/migrations/20240530/repos-10
new file mode 100644
index 00000000..647991c4
--- /dev/null
+++ b/migrate/migrations/20240530/repos-10
@@ -0,0 +1,6 @@
+cloudposse/terraform-aws-service-control-policies
+cloudposse/terraform-aws-lb-s3-bucket
+cloudposse/terraform-aws-elasticache-redis
+cloudposse/terraform-aws-amplify-app
+cloudposse/terraform-aws-managed-prometheus
+cloudposse/terraform-aws-managed-grafana
diff --git a/migrate/migrations/20240530/repos.sh b/migrate/migrations/20240530/repos.sh
new file mode 100755
index 00000000..c1c8c967
--- /dev/null
+++ b/migrate/migrations/20240530/repos.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+gh repo list cloudposse --limit 500 --json name,owner \
+    --jq '.[] | select(.name | test("^terraform")) | select(.name | test("^terraform-provider") | not) | select(.name | test("^terraform-aws-components") | not) | .owner.login + "/" + .name' > repos.txt
+
+split -d -l 16 repos.txt repos-
diff --git a/migrate/migrations/20240530/repos.txt b/migrate/migrations/20240530/repos.txt
new file mode 100644
index 00000000..73aabdc8
--- /dev/null
+++ b/migrate/migrations/20240530/repos.txt
@@ -0,0 +1,165 @@
+cloudposse/terraform-aws-rds
+cloudposse/terraform-aws-ec2-autoscale-group
+cloudposse/terraform-aws-ecs-alb-service-task
+cloudposse/terraform-aws-waf
+cloudposse/terraform-module-test
+cloudposse/terraform-aws-vpn-connection
+cloudposse/terraform-aws-elastic-beanstalk-environment
+cloudposse/terraform-aws-ssm-tls-ssh-key-pair
+cloudposse/terraform-aws-dynamic-subnets
+cloudposse/terraform-spacelift-cloud-infrastructure-automation
+cloudposse/terraform-aws-alb-ingress
+cloudposse/terraform-aws-ecs-web-app
+cloudposse/terraform-aws-eks-fargate-profile
+cloudposse/terraform-aws-eks-node-group
+cloudposse/terraform-aws-iam-policy
+cloudposse/terraform-aws-eks-cluster
+cloudposse/terraform-aws-ec2-instance
+cloudposse/terraform-aws-named-subnets
+cloudposse/terraform-aws-documentdb-cluster
+cloudposse/terraform-aws-cloudfront-s3-cdn
+cloudposse/terraform-aws-ec2-bastion-server
+cloudposse/terraform-aws-api-gateway
+cloudposse/terraform-null-smtp-mail
+cloudposse/terraform-aws-ssm-patch-manager
+cloudposse/terraform-aws-iam-user
+cloudposse/terraform-aws-vpc-peering-multi-account
+cloudposse/terraform-aws-step-functions
+cloudposse/terraform-aws-athena
+cloudposse/terraform-aws-ecr-public
+cloudposse/terraform-aws-service-quotas
+cloudposse/terraform-aws-elasticache-memcached
+cloudposse/terraform-aws-macie
+cloudposse/terraform-aws-sso
+cloudposse/terraform-aws-rds-replica
+cloudposse/terraform-aws-eks-spotinst-ocean-nodepool
+cloudposse/terraform-aws-inspector
+cloudposse/terraform-yaml-config
+cloudposse/terraform-opsgenie-incident-management
+cloudposse/terraform-aws-cloudwatch-events
+cloudposse/terraform-aws-transit-gateway
+cloudposse/terraform-aws-sns-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ses
+cloudposse/terraform-aws-ssm-parameter-chamber-reader
+cloudposse/terraform-aws-cloudformation-stack
+cloudposse/terraform-aws-cloudformation-stack-set
+cloudposse/terraform-aws-iam-chamber-s3-role
+cloudposse/terraform-aws-iam-s3-user
+cloudposse/terraform-kubernetes-tfc-cloud-agent
+cloudposse/terraform-example-module
+cloudposse/terraform-aws-rds-cluster-instance-group
+cloudposse/terraform-aws-iam-account-settings
+cloudposse/terraform-aws-ecs-launch-template
+cloudposse/terraform-aws-sns-lambda-notify-slack
+cloudposse/terraform-aws-ecs-cloudwatch-autoscaling
+cloudposse/terraform-aws-alb-target-group-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ecs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms
+cloudposse/terraform-aws-ssm-parameter-store-policy-documents
+cloudposse/terraform-aws-ecs-spot-fleet
+cloudposse/terraform-aws-ssm-iam-role
+cloudposse/terraform-aws-sqs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-lambda-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ecs-events
+cloudposse/terraform-aws-ecs-container-definition
+cloudposse/terraform-aws-ec2-instance-group
+cloudposse/terraform-aws-rds-cloudwatch-sns-alarms
+cloudposse/terraform-aws-ssm-parameter-store
+cloudposse/terraform-terraform-label
+cloudposse/terraform-tls-ssh-key-pair
+cloudposse/terraform-aws-kms-key
+cloudposse/terraform-aws-dynamodb-autoscaler
+cloudposse/terraform-aws-organization-access-group
+cloudposse/terraform-aws-organization-access-role
+cloudposse/terraform-aws-cloudwatch-flow-logs
+cloudposse/terraform-aws-cloudwatch-logs
+cloudposse/terraform-aws-multi-az-subnets
+cloudposse/terraform-aws-vpc-peering
+cloudposse/terraform-aws-datadog-integration
+cloudposse/terraform-aws-iam-assumed-roles
+cloudposse/terraform-aws-elastic-beanstalk-application
+cloudposse/terraform-aws-ec2-ami-snapshot
+cloudposse/terraform-aws-ec2-admin-server
+cloudposse/terraform-null-ansible
+cloudposse/terraform-aws-codebuild
+cloudposse/terraform-aws-s3-log-storage
+cloudposse/terraform-aws-route53-cluster-zone
+cloudposse/terraform-aws-route53-alias
+cloudposse/terraform-aws-key-pair
+cloudposse/terraform-aws-efs-backup
+cloudposse/terraform-aws-ecr
+cloudposse/terraform-aws-dynamodb
+cloudposse/terraform-aws-ec2-ami-backup
+cloudposse/terraform-datadog-platform
+cloudposse/terraform-aws-efs
+cloudposse/terraform-aws-sns-topic
+cloudposse/terraform-aws-firewall-manager
+cloudposse/terraform-aws-config
+cloudposse/terraform-aws-health-events
+cloudposse/terraform-aws-global-accelerator
+cloudposse/terraform-cloudflare-waf-rulesets
+cloudposse/terraform-aws-ssm-tls-self-signed-cert
+cloudposse/terraform-aws-config-storage
+cloudposse/terraform-cloudflare-zone
+cloudposse/terraform-aws-s3-website
+cloudposse/terraform-github-repository-webhooks
+cloudposse/terraform-external-module-artifact
+cloudposse/terraform-aws-code-deploy
+cloudposse/terraform-aws-ses-lambda-forwarder
+cloudposse/terraform-aws-elasticsearch
+cloudposse/terraform-aws-security-hub
+cloudposse/terraform-aws-guardduty
+cloudposse/terraform-aws-mwaa
+cloudposse/terraform-aws-efs-cloudwatch-sns-alarms
+cloudposse/terraform-aws-iam-role
+cloudposse/terraform-aws-cloudfront-cdn
+cloudposse/terraform-null-label
+cloudposse/terraform-aws-alb
+cloudposse/terraform-aws-rds-db-proxy
+cloudposse/terraform-aws-lakeformation
+cloudposse/terraform-aws-glue
+cloudposse/terraform-aws-lambda-function
+cloudposse/terraform-aws-transfer-sftp
+cloudposse/terraform-aws-emr-cluster
+cloudposse/terraform-aws-redshift-cluster
+cloudposse/terraform-aws-route53-resolver-dns-firewall
+cloudposse/terraform-aws-network-firewall
+cloudposse/terraform-aws-route53-cluster-hostname
+cloudposse/terraform-aws-dms
+cloudposse/terraform-aws-github-action-token-rotator
+cloudposse/terraform-aws-iam-system-user
+cloudposse/terraform-aws-kinesis-stream
+cloudposse/terraform-artifactory-kv-store
+cloudposse/terraform-aws-vpc
+cloudposse/terraform-aws-kv-store
+cloudposse/terraform-aws-nlb
+cloudposse/terraform-aws-refarch-utils
+cloudposse/terraform-aws-batch
+cloudposse/terraform-aws-utils
+cloudposse/terraform-aws-ecs-cluster
+cloudposse/terraform-aws-security-group
+cloudposse/terraform-aws-cicd
+cloudposse/terraform-aws-msk-apache-kafka-cluster
+cloudposse/terraform-aws-tfstate-backend
+cloudposse/terraform-yaml-stack-config
+cloudposse/terraform-aws-lambda-elasticsearch-cleanup
+cloudposse/terraform-aws-mq-broker
+cloudposse/terraform-aws-vpc-flow-logs-s3-bucket
+cloudposse/terraform-aws-datadog-lambda-forwarder
+cloudposse/terraform-aws-helm-release
+cloudposse/terraform-aws-cloudtrail-s3-bucket
+cloudposse/terraform-aws-ec2-client-vpn
+cloudposse/terraform-aws-eks-iam-role
+cloudposse/terraform-aws-s3-bucket
+cloudposse/terraform-aws-rds-cluster
+cloudposse/terraform-aws-backup
+cloudposse/terraform-aws-budgets
+cloudposse/terraform-aws-eks-workers
+cloudposse/terraform-aws-cloudtrail
+cloudposse/terraform-aws-ecs-codepipeline
+cloudposse/terraform-aws-acm-request-certificate
+cloudposse/terraform-aws-service-control-policies
+cloudposse/terraform-aws-lb-s3-bucket
+cloudposse/terraform-aws-elasticache-redis
+cloudposse/terraform-aws-spotinst-mrscaler
+cloudposse/terraform-aws-amplify-app
diff --git a/migrate/migrations/20240530/script.sh b/migrate/migrations/20240530/script.sh
new file mode 100644
index 00000000..81951b19
--- /dev/null
+++ b/migrate/migrations/20240530/script.sh
@@ -0,0 +1,6 @@
+title "Update release workflow to allow pull-requests: write"
+
+install .github/workflows/release.yml
+
+# Merge the PR
+auto_merge
diff --git a/migrate/templates/github-action/.github/workflows/release.yml b/migrate/templates/github-action/.github/workflows/release.yml
index 370dce8a..70133602 100644
--- a/migrate/templates/github-action/.github/workflows/release.yml
+++ b/migrate/templates/github-action/.github/workflows/release.yml
@@ -6,6 +6,7 @@ on:
 permissions:
   id-token: write
   contents: write
+  pull-requests: write
 
 jobs:
   github-action:
diff --git a/migrate/templates/terraform-module/.github/workflows/release.yml b/migrate/templates/terraform-module/.github/workflows/release.yml
index f9680681..dc8a7502 100644
--- a/migrate/templates/terraform-module/.github/workflows/release.yml
+++ b/migrate/templates/terraform-module/.github/workflows/release.yml
@@ -5,7 +5,10 @@ on:
     types:
       - published
 
-permissions: {}
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
 
 jobs:
   terraform-module: