Partial implementation

modules/terraform/Makefile

@@ -3,6 +3,9 @@ TERRAFORM ?= $(BUILD_HARNESS_PATH)/vendor/terraform
 TERRAFORM_VERSION ?= 0.12.26
 TERRAFORM_URL ?= https://releases.hashicorp.com/terraform/$(TERRAFORM_VERSION)/terraform_$(TERRAFORM_VERSION)_$(OS)_$(BUILD_HARNESS_ARCH).zip
 
+terraform/nightly-update:
+	$(BUILD_HARNESS_PATH)/modules/terraform/scripts/nightly-update
+
 ## Install terraform
 terraform/install:
 	@[ -x $(TERRAFORM) ] || ( \

modules/terraform/scripts/nightly-update

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+export THIS_UPDATE_SHA=
+export LATEST_NULL_LABEL_VERSION=
+
+export CREATE_PR=false
+export CREATE_RELEASE=false
+export PR_LABELS=auto-update
+
+# Use/parse a JSON file to limit damage from malicious content
+export CHECKPOINT_FILE=".github/last-update.json"
+CHECKPOINT_TEMPLATE='{ "LAST_UPDATE_SHA": "%s", "LAST_NULL_LABEL_VERSION": "%s" }\n'
+
+function set_outputs() {
+	printf "::set-output name=create_pull_request::%s\n" "${CREATE_PR}"
+	[[ "${CREATE_RELEASE}" == "true" ]] || PR_LABELS+=,no-release
+	printf "::set-output name=pull_request_labels::%s\n" "${PR_LABELS}"
+	printf "::set-output name=nightly_update_sha::%s\n" "${THIS_UPDATE_SHA}"
+	printf "::set-output name=null_label_version::%s\n" "${LATEST_NULL_LABEL_VERSION}"
+}
+
+trap set_outputs EXIT RETURN
+
+if [[ -r $CHECKPOINT_FILE ]]; then
+	LAST_UPDATE_SHA=$(jq -r .LAST_UPDATE_SHA <x)
+	if [[ "${LAST_UPDATE_SHA}" == "${THIS_UPDATE_SHA}" ]]; then
+		printf "Already updated to %s. Exiting.\n" "$LAST_UPDATE_SHA"
+		exit 0
+	fi
+else
+	touch "$CHECKPOINT_FILE"
+fi
+
+if [[ -f context.tf && "${LATEST_NULL_LABEL_VERSION}" != $(terraform-config-inspect --json | jq '.module_calls.this.version') ]]; then
+	/usr/bin/make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness github/init/context.tf
+	CREATE_PR=true
+
+	# TODO update all usages of null label
+	# for files in in $(terraform-config-inspect --json | jq -cr '.module_calls[] | select(.source == "cloudposse/label/null" and .name != "this") | .pos.filename' | sort | uniq); do
+
+fi

templates/Makefile.build-harness

@@ -95,7 +95,7 @@ build-harness/shell builder: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE
 build-harness/shell builder: build-harness/runner
 	@exit 0
 
-.PHONY: build-harness/shell-slim builder-slim pr/auto-format pr/auto-format/host tf14-upgrade
+.PHONY: build-harness/shell-slim builder-slim pr/auto-format pr/auto-format/host tf14-upgrade terraform/nightly terraform/nightly/host
 
 build-harness/shell-slim builder-slim pr/auto-format tf14-upgrade: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE)
 
@@ -109,11 +109,12 @@ build-harness/shell-slim builder-slim: ARGS := $(if $(TARGETS),$(TARGETS),-l ||
 build-harness/shell-slim builder-slim: ENTRYPOINT := $(if $(TARGETS),/usr/bin/make,/bin/bash)
 build-harness/shell-slim builder-slim: build-harness/runner
 
-pr/auto-format tf14-upgrade : ENTRYPOINT := /usr/bin/make
+pr/auto-format tf14-upgrade terraform/nightly : ENTRYPOINT := /usr/bin/make
 
 pr/auto-format pr/auto-format/host: ARGS := terraform/fmt readme
-pr/auto-format: build-harness/runner
-pr/auto-format/host: 
+terraform/nightly terraform/nightly/host: ARGS := terraform/nightly-update
+pr/auto-format terraform/nightly: build-harness/runner
+pr/auto-format/host terraform/nightly/host:
 	$(MAKE) $(ARGS)
 
 tf14-upgrade: export TERRAFORM_FORCE_README := true

templates/terraform/.github/workflows/auto-format.yml

@@ -31,7 +31,7 @@ jobs:
       shell: bash
       env:
         GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
-      run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
+      run: /usr/bin/make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
 
     # Commit changes (if any) to the PR branch
     - name: Commit changes to the PR branch

templates/terraform/.github/workflows/nightly-update-terraform.yml

@@ -0,0 +1,40 @@
+name: "nightly"
+on:
+  schedule:
+  # Update Terraform modules nightly
+  - cron:  '0 3 * * *'
+
+jobs:
+  update:
+    if: github.event_name == 'schedule'
+    runs-on: ubuntu-latest
+    container: cloudposse/build-harness:latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Nightly Update
+      id: nightly
+      if: github.event_name == 'schedule'
+      shell: bash
+      run: /usr/bin/make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness terraform/nightly/host
+
+    - name: Create Pull Request
+      if: steps.nightly.outputs.create_pull_request == 'true'
+      uses: cloudposse/actions/github/[email protected]
+      with:
+        token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+        committer: 'cloudpossebot <[email protected]>'
+        author: 'cloudpossebot <[email protected]>'
+        commit-message: Nightly update null ${{ steps.nightly.outputs.null_label_version }}/SHA ${{ steps.nightly.outputs.nightly_update_sha }}
+        title: Nightly update null ${{ steps.nightly.outputs.null_label_version }}/SHA ${{ steps.nightly.outputs.nightly_update_sha }}
+        body: |-
+          ## what
+          This is an auto-generated PR that keeps this module up-to-date
+
+          ## why
+          Keep everythign in sync
+
+        branch: auto-update/nightly
+        base: master
+        delete-branch: true
+        labels: ${{ steps.nightly.outputs.pull_request_labels }}