From e5ab8f475b53a6802465a18f1c185c270bb70470 Mon Sep 17 00:00:00 2001
From: Nuru <Nuru@users.noreply.github.com>
Date: Mon, 8 Feb 2021 10:03:31 -0800
Subject: [PATCH] Partial implementation

---
 modules/terraform/Makefile                    |  3 +
 modules/terraform/scripts/nightly-update      | 41 +++++++++++++
 templates/Makefile.build-harness              |  9 +--
 .../.github/workflows/auto-context.yml        | 57 -------------------
 .../.github/workflows/auto-format.yml         |  2 +-
 .../workflows/nightly-update-terraform.yml    | 40 +++++++++++++
 6 files changed, 90 insertions(+), 62 deletions(-)
 create mode 100644 modules/terraform/scripts/nightly-update
 delete mode 100644 templates/terraform/.github/workflows/auto-context.yml
 create mode 100644 templates/terraform/.github/workflows/nightly-update-terraform.yml

diff --git a/modules/terraform/Makefile b/modules/terraform/Makefile
index d5eefe7d4..daf4bea7a 100644
--- a/modules/terraform/Makefile
+++ b/modules/terraform/Makefile
@@ -3,6 +3,9 @@ TERRAFORM ?= $(BUILD_HARNESS_PATH)/vendor/terraform
 TERRAFORM_VERSION ?= 0.12.26
 TERRAFORM_URL ?= https://releases.hashicorp.com/terraform/$(TERRAFORM_VERSION)/terraform_$(TERRAFORM_VERSION)_$(OS)_$(BUILD_HARNESS_ARCH).zip
 
+terraform/nightly-update:
+	$(BUILD_HARNESS_PATH)/modules/terraform/scripts/nightly-update
+
 ## Install terraform
 terraform/install:
 	@[ -x $(TERRAFORM) ] || ( \
diff --git a/modules/terraform/scripts/nightly-update b/modules/terraform/scripts/nightly-update
new file mode 100644
index 000000000..aac92847f
--- /dev/null
+++ b/modules/terraform/scripts/nightly-update
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+export THIS_UPDATE_SHA=
+export LATEST_NULL_LABEL_VERSION=
+
+export CREATE_PR=false
+export CREATE_RELEASE=false
+export PR_LABELS=auto-update
+
+# Use/parse a JSON file to limit damage from malicious content
+export CHECKPOINT_FILE=".github/last-update.json"
+CHECKPOINT_TEMPLATE='{ "LAST_UPDATE_SHA": "%s", "LAST_NULL_LABEL_VERSION": "%s" }\n'
+
+function set_outputs() {
+	printf "::set-output name=create_pull_request::%s\n" "${CREATE_PR}"
+	[[ "${CREATE_RELEASE}" == "true" ]] || PR_LABELS+=,no-release
+	printf "::set-output name=pull_request_labels::%s\n" "${PR_LABELS}"
+	printf "::set-output name=nightly_update_sha::%s\n" "${THIS_UPDATE_SHA}"
+	printf "::set-output name=null_label_version::%s\n" "${LATEST_NULL_LABEL_VERSION}"
+}
+
+trap set_outputs EXIT RETURN
+
+if [[ -r $CHECKPOINT_FILE ]]; then
+	LAST_UPDATE_SHA=$(jq -r .LAST_UPDATE_SHA <x)
+	if [[ "${LAST_UPDATE_SHA}" == "${THIS_UPDATE_SHA}" ]]; then
+		printf "Already updated to %s. Exiting.\n" "$LAST_UPDATE_SHA"
+		exit 0
+	fi
+else
+	touch "$CHECKPOINT_FILE"
+fi
+
+if [[ -f context.tf && "${LATEST_NULL_LABEL_VERSION}" != $(terraform-config-inspect --json | jq '.module_calls.this.version') ]]; then
+	/usr/bin/make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness github/init/context.tf
+	CREATE_PR=true
+
+	# TODO update all usages of null label
+	# for files in in $(terraform-config-inspect --json | jq -cr '.module_calls[] | select(.source == "cloudposse/label/null" and .name != "this") | .pos.filename' | sort | uniq); do
+
+fi
diff --git a/templates/Makefile.build-harness b/templates/Makefile.build-harness
index 09b5f21a1..95bbee01e 100644
--- a/templates/Makefile.build-harness
+++ b/templates/Makefile.build-harness
@@ -95,7 +95,7 @@ build-harness/shell builder: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE
 build-harness/shell builder: build-harness/runner
 	@exit 0
 
-.PHONY: build-harness/shell-slim builder-slim pr/auto-format pr/auto-format/host tf14-upgrade
+.PHONY: build-harness/shell-slim builder-slim pr/auto-format pr/auto-format/host tf14-upgrade terraform/nightly terraform/nightly/host
 
 build-harness/shell-slim builder-slim pr/auto-format tf14-upgrade: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE)
 
@@ -109,11 +109,12 @@ build-harness/shell-slim builder-slim: ARGS := $(if $(TARGETS),$(TARGETS),-l ||
 build-harness/shell-slim builder-slim: ENTRYPOINT := $(if $(TARGETS),/usr/bin/make,/bin/bash)
 build-harness/shell-slim builder-slim: build-harness/runner
 
-pr/auto-format tf14-upgrade : ENTRYPOINT := /usr/bin/make
+pr/auto-format tf14-upgrade terraform/nightly : ENTRYPOINT := /usr/bin/make
 
 pr/auto-format pr/auto-format/host: ARGS := terraform/fmt readme
-pr/auto-format: build-harness/runner
-pr/auto-format/host: 
+terraform/nightly terraform/nightly/host: ARGS := terraform/nightly-update
+pr/auto-format terraform/nightly: build-harness/runner
+pr/auto-format/host terraform/nightly/host:
 	$(MAKE) $(ARGS)
 
 tf14-upgrade: export TERRAFORM_FORCE_README := true
diff --git a/templates/terraform/.github/workflows/auto-context.yml b/templates/terraform/.github/workflows/auto-context.yml
deleted file mode 100644
index ab979e0eb..000000000
--- a/templates/terraform/.github/workflows/auto-context.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-name: "auto-context"
-on:
-  schedule:
-  # Update context.tf nightly
-  - cron:  '0 3 * * *'
-
-jobs:
-  update:
-    if: github.event_name == 'schedule'
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Update context.tf
-      shell: bash
-      id: update
-      env:
-        GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-      run: |
-        if [[ -f context.tf ]]; then
-          echo "Discovered existing context.tf! Fetching most recent version to see if there is an update."
-          curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf
-          if git diff --no-patch --exit-code context.tf; then
-            echo "No changes detected! Exiting the job..."
-          else
-            echo "context.tf file has changed. Update examples and rebuild README.md."
-            make init
-            make github/init/context.tf
-            make readme/build
-            echo "::set-output name=create_pull_request::true"
-          fi
-        else
-          echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates."
-        fi
-
-    - name: Create Pull Request
-      if: steps.update.outputs.create_pull_request == 'true'
-      uses: cloudposse/actions/github/create-pull-request@0.22.0
-      with:
-        token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
-        committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
-        author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
-        commit-message: Update context.tf from origin source
-        title: Update context.tf
-        body: |-
-          ## what
-          This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label`
-
-          ## why
-          To support all the features of the `context` interface.
-
-        branch: auto-update/context.tf
-        base: master
-        delete-branch: true
-        labels: |
-          auto-update
-          context
diff --git a/templates/terraform/.github/workflows/auto-format.yml b/templates/terraform/.github/workflows/auto-format.yml
index 375d0fd47..1ac496895 100644
--- a/templates/terraform/.github/workflows/auto-format.yml
+++ b/templates/terraform/.github/workflows/auto-format.yml
@@ -31,7 +31,7 @@ jobs:
       shell: bash
       env:
         GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
-      run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
+      run: /usr/bin/make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
 
     # Commit changes (if any) to the PR branch
     - name: Commit changes to the PR branch
diff --git a/templates/terraform/.github/workflows/nightly-update-terraform.yml b/templates/terraform/.github/workflows/nightly-update-terraform.yml
new file mode 100644
index 000000000..a4dcff5aa
--- /dev/null
+++ b/templates/terraform/.github/workflows/nightly-update-terraform.yml
@@ -0,0 +1,40 @@
+name: "nightly"
+on:
+  schedule:
+  # Update Terraform modules nightly
+  - cron:  '0 3 * * *'
+
+jobs:
+  update:
+    if: github.event_name == 'schedule'
+    runs-on: ubuntu-latest
+    container: cloudposse/build-harness:latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Nightly Update
+      id: nightly
+      if: github.event_name == 'schedule'
+      shell: bash
+      run: /usr/bin/make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness terraform/nightly/host
+
+    - name: Create Pull Request
+      if: steps.nightly.outputs.create_pull_request == 'true'
+      uses: cloudposse/actions/github/create-pull-request@0.28.1
+      with:
+        token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+        committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
+        author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
+        commit-message: Nightly update null ${{ steps.nightly.outputs.null_label_version }}/SHA ${{ steps.nightly.outputs.nightly_update_sha }}
+        title: Nightly update null ${{ steps.nightly.outputs.null_label_version }}/SHA ${{ steps.nightly.outputs.nightly_update_sha }}
+        body: |-
+          ## what
+          This is an auto-generated PR that keeps this module up-to-date
+
+          ## why
+          Keep everythign in sync
+
+        branch: auto-update/nightly
+        base: master
+        delete-branch: true
+        labels: ${{ steps.nightly.outputs.pull_request_labels }}