From 7ced575e3597eef6c86db3e525f3e8a677fab93c Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Fri, 6 Nov 2020 23:13:12 +0600 Subject: [PATCH 01/12] auto-update for context.tf and readme --- .github/Makefile | 5 +++ .github/mergify.yml | 51 +++++++++++++++++++++ .github/workflows/auto-update.yml | 75 +++++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+) create mode 100644 .github/Makefile create mode 100644 .github/mergify.yml create mode 100644 .github/workflows/auto-update.yml diff --git a/.github/Makefile b/.github/Makefile new file mode 100644 index 0000000..1f8f98f --- /dev/null +++ b/.github/Makefile @@ -0,0 +1,5 @@ +# Download most recent context.tf file +# +update/context: + curl -o ../context.tf https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf + diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000..a306720 --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,51 @@ +pull_request_rules: + - name: "approve automated PRs that have passed checks" + conditions: + - "check-success~=test/bats" + - "check-success~=test/readme" + - "check-success~=test/terratest" + - "base=master" + - "author=cloudpossebot" + - "head~=auto-update/.*" + actions: + review: + type: "APPROVE" + message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." + + - name: "merge automated PRs when approved and tests pass" + conditions: + - "check-success~=test/bats" + - "check-success~=test/readme" + - "check-success~=test/terratest" + - "base=master" + - "head~=auto-update/.*" + - "#approved-reviews-by>=1" + - "#changes-requested-reviews-by=0" + - "#commented-reviews-by=0" + - "base=master" + - "author=cloudpossebot" + actions: + merge: + method: "squash" + + - name: "delete the head branch after merge" + conditions: + - "merged" + actions: + delete_head_branch: {} + + - name: "ask to resolve conflict" + conditions: + - "conflict" + actions: + comment: + message: "This pull request is now in conflicts. Could you fix it @{{author}}? 🙏" + + - name: "remove outdated reviews" + conditions: + - "base=master" + actions: + dismiss_reviews: + changes_requested: true + approved: true + message: "This Pull Request has been updated, so we're dismissing all reviews." diff --git a/.github/workflows/auto-update.yml b/.github/workflows/auto-update.yml new file mode 100644 index 0000000..77056dc --- /dev/null +++ b/.github/workflows/auto-update.yml @@ -0,0 +1,75 @@ +name: "auto-update" +on: + schedule: + # Update context.tf and README.md nightly + - cron: '0 0 * * *' + +jobs: + context-update: + if: github.event_name == 'schedule' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Update context.tf + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + make -C .github update/context + + - name: Create Pull Request + uses: cloudposse/actions/github/create-pull-request@0.20.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update context.tf from origin source + title: Update context.tf + body: |- + ## what + This is an auto-generated PR that updates the context.tf file + + ## why + To have most recent changes of `context` + + branch: auto-update/context.tf + base: master + delete-branch: true + labels: | + auto-update + context + + readme-update: + if: github.event_name == 'schedule' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Update readme + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + make init + make readme/build + + - name: Create Pull Request + uses: cloudposse/actions/github/create-pull-request@0.20.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update README.md and docs + title: Update README.md and docs + body: |- + ## what + This is an auto-generated PR that updates the README.md and docs + + ## why + To have most recent changes of README.md and doc from origin templates + + branch: auto-update/readme + base: master + delete-branch: true + labels: | + auto-update + readme From 8cda0c2892d184a6ca86b46c6d967a17175cf2a9 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Wed, 11 Nov 2020 19:23:49 +0600 Subject: [PATCH 02/12] more checks added --- .github/Makefile | 5 ----- .github/workflows/auto-update.yml | 19 ++++++++++++++++++- 2 files changed, 18 insertions(+), 6 deletions(-) delete mode 100644 .github/Makefile diff --git a/.github/Makefile b/.github/Makefile deleted file mode 100644 index 1f8f98f..0000000 --- a/.github/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -# Download most recent context.tf file -# -update/context: - curl -o ../context.tf https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf - diff --git a/.github/workflows/auto-update.yml b/.github/workflows/auto-update.yml index 77056dc..756e8d5 100644 --- a/.github/workflows/auto-update.yml +++ b/.github/workflows/auto-update.yml @@ -17,9 +17,26 @@ jobs: env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | - make -C .github update/context + if [[ -f context.tf ]]; then + echo "context.tf exist! Fetching most recent version to see if there is an update" + curl -o context.tf -s https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf + if git diff --no-patch --exit-code context.tf; then + echo "No changes detected! Exiting the job..." + echo "MAKE_PR=false" >> $GITHUB_ENV + exit 0 + else + echo "context.tf file was updated. Proceeding with PR..." + echo "MAKE_PR=true" >> $GITHUB_ENV + exit 0 + fi + else + echo "context.tf does not exist! It is not enough to fetch context.tf, module requires to be updated to support it." + echo "MAKE_PR=false" >> $GITHUB_ENV + exit 0 + fi - name: Create Pull Request + if: ${{ success() && env.MAKE_PR == 'true' }} uses: cloudposse/actions/github/create-pull-request@0.20.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} From bdfffc871191fbe96d3d9fbed94aaca18eced4d5 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Thu, 12 Nov 2020 14:40:31 +0600 Subject: [PATCH 03/12] workflow spllitted to have different schedule, minur fixes due to PR review --- .github/CODEOWNERS | 3 + .github/workflows/auto-update.yml | 92 ---------------------------- .github/workflows/context-update.yml | 52 ++++++++++++++++ .github/workflows/readme-update.yml | 41 +++++++++++++ 4 files changed, 96 insertions(+), 92 deletions(-) delete mode 100644 .github/workflows/auto-update.yml create mode 100644 .github/workflows/context-update.yml create mode 100644 .github/workflows/readme-update.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 07b38d2..a589641 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -15,3 +15,6 @@ # Cloud Posse must review any changes to standard context definition **/context.tf @cloudposse/engineering + +# Cloud Posse Admins must review all changes to the mergify configuration +.github/mergify.yml @cloudposse/admins diff --git a/.github/workflows/auto-update.yml b/.github/workflows/auto-update.yml deleted file mode 100644 index 756e8d5..0000000 --- a/.github/workflows/auto-update.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: "auto-update" -on: - schedule: - # Update context.tf and README.md nightly - - cron: '0 0 * * *' - -jobs: - context-update: - if: github.event_name == 'schedule' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update context.tf - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - if [[ -f context.tf ]]; then - echo "context.tf exist! Fetching most recent version to see if there is an update" - curl -o context.tf -s https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf - if git diff --no-patch --exit-code context.tf; then - echo "No changes detected! Exiting the job..." - echo "MAKE_PR=false" >> $GITHUB_ENV - exit 0 - else - echo "context.tf file was updated. Proceeding with PR..." - echo "MAKE_PR=true" >> $GITHUB_ENV - exit 0 - fi - else - echo "context.tf does not exist! It is not enough to fetch context.tf, module requires to be updated to support it." - echo "MAKE_PR=false" >> $GITHUB_ENV - exit 0 - fi - - - name: Create Pull Request - if: ${{ success() && env.MAKE_PR == 'true' }} - uses: cloudposse/actions/github/create-pull-request@0.20.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update context.tf from origin source - title: Update context.tf - body: |- - ## what - This is an auto-generated PR that updates the context.tf file - - ## why - To have most recent changes of `context` - - branch: auto-update/context.tf - base: master - delete-branch: true - labels: | - auto-update - context - - readme-update: - if: github.event_name == 'schedule' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - make init - make readme/build - - - name: Create Pull Request - uses: cloudposse/actions/github/create-pull-request@0.20.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs - - ## why - To have most recent changes of README.md and doc from origin templates - - branch: auto-update/readme - base: master - delete-branch: true - labels: | - auto-update - readme diff --git a/.github/workflows/context-update.yml b/.github/workflows/context-update.yml new file mode 100644 index 0000000..61b8918 --- /dev/null +++ b/.github/workflows/context-update.yml @@ -0,0 +1,52 @@ +name: "context-update" +on: + schedule: + # Update context.tf nightly + - cron: '0 0 * * *' + +jobs: + update: + if: github.event_name == 'schedule' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Update context.tf + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + if [[ -f context.tf ]]; then + echo "Discovered existing context.tf! Fetching most recent version to see if there is an update." + curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf + if git diff --no-patch --exit-code context.tf; then + echo "No changes detected! Exiting the job..." + else + echo "context.tf file was updated. Need to rebuild README.md." + make init + make readme/build + fi + else + echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." + fi + + - name: Create Pull Request + uses: cloudposse/actions/github/create-pull-request@0.20.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update context.tf from origin source + title: Update context.tf + body: |- + ## what + This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` + + ## why + To support all the features of the `context` interface. + + branch: auto-update/context.tf + base: master + delete-branch: true + labels: | + auto-update + context diff --git a/.github/workflows/readme-update.yml b/.github/workflows/readme-update.yml new file mode 100644 index 0000000..9368c26 --- /dev/null +++ b/.github/workflows/readme-update.yml @@ -0,0 +1,41 @@ +name: "readme-update" +on: + schedule: + # Update README.md nightly + - cron: '0 1 * * *' + +jobs: + update: + if: github.event_name == 'schedule' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Update readme + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + make init + make readme/build + + - name: Create Pull Request + uses: cloudposse/actions/github/create-pull-request@0.20.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update README.md and docs + title: Update README.md and docs + body: |- + ## what + This is an auto-generated PR that updates the README.md and docs + + ## why + To have most recent changes of README.md and doc from origin templates + + branch: auto-update/readme + base: master + delete-branch: true + labels: | + auto-update + readme From b556a2263375392097a0ae07dd64a9970c61b3e6 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Wed, 18 Nov 2020 00:44:57 +0600 Subject: [PATCH 04/12] updates due to PR review --- .github/workflows/{context-update.yml => auto-context.yml} | 2 +- .github/workflows/{readme-update.yml => auto-readme.yml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{context-update.yml => auto-context.yml} (98%) rename .github/workflows/{readme-update.yml => auto-readme.yml} (97%) diff --git a/.github/workflows/context-update.yml b/.github/workflows/auto-context.yml similarity index 98% rename from .github/workflows/context-update.yml rename to .github/workflows/auto-context.yml index 61b8918..8754158 100644 --- a/.github/workflows/context-update.yml +++ b/.github/workflows/auto-context.yml @@ -1,4 +1,4 @@ -name: "context-update" +name: "auto-context" on: schedule: # Update context.tf nightly diff --git a/.github/workflows/readme-update.yml b/.github/workflows/auto-readme.yml similarity index 97% rename from .github/workflows/readme-update.yml rename to .github/workflows/auto-readme.yml index 9368c26..ad67490 100644 --- a/.github/workflows/readme-update.yml +++ b/.github/workflows/auto-readme.yml @@ -1,4 +1,4 @@ -name: "readme-update" +name: "auto-readme" on: schedule: # Update README.md nightly From a35ab4b585994da9ad9e4f1ca8320ebb2722bc6c Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Thu, 26 Nov 2020 19:41:04 +0600 Subject: [PATCH 05/12] readme update --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index b2439dd..4aa686a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ + # terraform-aws-datadog-integration [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-datadog-integration.svg)](https://github.com/cloudposse/terraform-aws-datadog-integration/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + [![README Header][readme_header_img]][readme_header_link] @@ -319,8 +321,10 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply ### Contributors + | [![Sergey Vasilyev][s2504s_avatar]][s2504s_homepage]
[Sergey Vasilyev][s2504s_homepage] | [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | |---|---|---| + [s2504s_homepage]: https://github.com/s2504s [s2504s_avatar]: https://img.cloudposse.com/150x150/https://github.com/s2504s.png From 1699a10404aad124897c725f67360749d246444f Mon Sep 17 00:00:00 2001 From: Nuru Date: Sun, 6 Dec 2020 22:53:08 -0800 Subject: [PATCH 06/12] Make auto-updates be patch releases --- .github/CODEOWNERS | 5 +++-- .github/auto-release.yml | 4 ++++ .github/workflows/auto-context.yml | 4 +++- .github/workflows/auto-readme.yml | 2 +- README.md | 4 +++- README.yaml | 4 +++- all.tf | 3 ++- core.tf | 3 ++- 8 files changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a589641..e922f65 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -14,7 +14,8 @@ .github/* @cloudposse/engineering # Cloud Posse must review any changes to standard context definition -**/context.tf @cloudposse/engineering +**/context.tf @cloudposse/engineering @cloudposse/merge-bots -# Cloud Posse Admins must review all changes to the mergify configuration +# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration .github/mergify.yml @cloudposse/admins +.github/CODEOWNERS @cloudposse/admins diff --git a/.github/auto-release.yml b/.github/auto-release.yml index 2836185..a2d8b3f 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -11,6 +11,7 @@ version-resolver: - 'enhancement' patch: labels: + - 'auto-update' - 'patch' - 'fix' - 'bugfix' @@ -28,6 +29,9 @@ categories: - 'bugfix' - 'bug' - 'hotfix' + - title: '🤖 Automatic Update' + labels: + - 'auto-update' change-template: |
diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 8754158..33b669d 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -2,7 +2,7 @@ name: "auto-context" on: schedule: # Update context.tf nightly - - cron: '0 0 * * *' + - cron: '0 3 * * *' jobs: update: @@ -26,12 +26,14 @@ jobs: echo "context.tf file was updated. Need to rebuild README.md." make init make readme/build + echo "::set-output name=create_pull_request=true" fi else echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." fi - name: Create Pull Request + if: {{ steps.update.outputs.create_pull_request == 'true' }} uses: cloudposse/actions/github/create-pull-request@0.20.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml index ad67490..0fa802f 100644 --- a/.github/workflows/auto-readme.yml +++ b/.github/workflows/auto-readme.yml @@ -2,7 +2,7 @@ name: "auto-readme" on: schedule: # Update README.md nightly - - cron: '0 1 * * *' + - cron: '0 4 * * *' jobs: update: diff --git a/README.md b/README.md index 4aa686a..6d1405d 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,9 @@ Include this module in your existing terraform code: ```hcl module "datadog_integration" { - source = "git::https://github.com/cloudposse/terraform-aws-datadog-integration.git?ref=master" + source = "cloudposse/datadog-integration/cloudposse" + # Cloud Posse recommends pinning module to a specific version + # version = "x.x.x" namespace = "eg" stage = "test" diff --git a/README.yaml b/README.yaml index 883e3e4..6d94446 100644 --- a/README.yaml +++ b/README.yaml @@ -78,7 +78,9 @@ usage: |- ```hcl module "datadog_integration" { - source = "git::https://github.com/cloudposse/terraform-aws-datadog-integration.git?ref=master" + source = "cloudposse/datadog-integration/cloudposse" + # Cloud Posse recommends pinning module to a specific version + # version = "x.x.x" namespace = "eg" stage = "test" diff --git a/all.tf b/all.tf index 125d4c4..8e0247d 100644 --- a/all.tf +++ b/all.tf @@ -77,7 +77,8 @@ data "aws_iam_policy_document" "all" { } module "all_label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2" + source = "cloudposse/label/null" + version = "0.19.2" attributes = compact(concat(module.this.attributes, ["all"])) diff --git a/core.tf b/core.tf index 6e9926f..dbbcf4d 100644 --- a/core.tf +++ b/core.tf @@ -20,7 +20,8 @@ data "aws_iam_policy_document" "core" { } module "core_label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=0.19.2" + source = "cloudposse/label/null" + version = "0.19.2" attributes = compact(concat(module.this.attributes, ["core"])) From da8b4e81e9b6439d9a71e36e60e3ceb47b5ec5ab Mon Sep 17 00:00:00 2001 From: Nuru Date: Sun, 6 Dec 2020 23:11:39 -0800 Subject: [PATCH 07/12] Update via fixed build script --- README.md | 2 +- README.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6d1405d..2de4551 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ Include this module in your existing terraform code: ```hcl module "datadog_integration" { - source = "cloudposse/datadog-integration/cloudposse" + source = "cloudposse/datadog-integration/aws" # Cloud Posse recommends pinning module to a specific version # version = "x.x.x" diff --git a/README.yaml b/README.yaml index 6d94446..e86d90c 100644 --- a/README.yaml +++ b/README.yaml @@ -78,7 +78,7 @@ usage: |- ```hcl module "datadog_integration" { - source = "cloudposse/datadog-integration/cloudposse" + source = "cloudposse/datadog-integration/aws" # Cloud Posse recommends pinning module to a specific version # version = "x.x.x" From e243adcb52e21bed7950e14ca37e8479f6124f0a Mon Sep 17 00:00:00 2001 From: Nuru Date: Mon, 7 Dec 2020 22:49:37 -0800 Subject: [PATCH 08/12] Updates from build-harness --- .github/workflows/auto-release.yml | 59 +++++++++++++++++++++--------- README.md | 13 +++++-- README.yaml | 2 +- 3 files changed, 53 insertions(+), 21 deletions(-) diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index ccc27be..d0e1329 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -1,19 +1,44 @@ -name: auto-release +name-template: 'v$RESOLVED_VERSION' +tag-template: '$RESOLVED_VERSION' +version-template: '$MAJOR.$MINOR.$PATCH' +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + - 'enhancement' + patch: + labels: + - 'auto-update' + - 'patch' + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' + default: 'minor' -on: - push: - branches: - - master +categories: +- title: '🚀 Enhancements' + labels: + - 'enhancement' +- title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' +- title: '🤖 Automatic Update' + labels: + - 'auto-update' -jobs: - semver: - runs-on: ubuntu-latest - steps: - # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v5 - with: - publish: true - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} +change-template: | +
+ $TITLE @$AUTHOR (#$NUMBER) + + $BODY +
+ +template: | + $CHANGES diff --git a/README.md b/README.md index 2de4551..b8567c7 100644 --- a/README.md +++ b/README.md @@ -64,8 +64,15 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are ## Usage -**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases. -Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-datadog-integration/releases). +**IMPORTANT:** We do not pin modules to versions in our examples because of the +difficulty of keeping the versions in the documentation in sync with the latest released versions. +We highly recommend that in your code you pin the version to the exact version you are +using so that your infrastructure remains stable, and update versions in a +systematic way so that they do not catch you by surprise. + +Also, because of a bug in the Terraform registry (hashicorp/terraform#21417), +the registry shows many of our inputs as required when in fact they are optional. +The table below correctly indicates which inputs are required. @@ -93,7 +100,7 @@ Include this module in your existing terraform code: ```hcl module "datadog_integration" { source = "cloudposse/datadog-integration/aws" - # Cloud Posse recommends pinning module to a specific version + # Cloud Posse recommends pinning every module to a specific version # version = "x.x.x" namespace = "eg" diff --git a/README.yaml b/README.yaml index e86d90c..fbcefa1 100644 --- a/README.yaml +++ b/README.yaml @@ -79,7 +79,7 @@ usage: |- ```hcl module "datadog_integration" { source = "cloudposse/datadog-integration/aws" - # Cloud Posse recommends pinning module to a specific version + # Cloud Posse recommends pinning every module to a specific version # version = "x.x.x" namespace = "eg" From 59af300fbf69dd1315f3fec5168b53aaecd767cf Mon Sep 17 00:00:00 2001 From: Nuru Date: Wed, 9 Dec 2020 21:15:57 -0800 Subject: [PATCH 09/12] terraform 0.14 upgrade --- .github/CODEOWNERS | 9 ++- .github/auto-release.yml | 43 ++++++----- .github/mergify.yml | 93 ++++++++++++----------- .github/workflows/auto-context.yml | 78 +++++++++---------- .github/workflows/auto-readme.yml | 56 +++++++------- .github/workflows/auto-release.yml | 59 +++++--------- .github/workflows/chatops.yml | 4 +- .github/workflows/validate-codeowners.yml | 21 +++++ README.md | 2 +- context.tf | 4 +- examples/complete/context.tf | 4 +- 11 files changed, 189 insertions(+), 184 deletions(-) create mode 100644 .github/workflows/validate-codeowners.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e922f65..ceb4644 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,7 +1,7 @@ # Use this file to define individuals or teams that are responsible for code in a repository. # Read more: # -# Order is important: the last matching pattern takes the most precedence +# Order is important: the last matching pattern has the highest precedence # These owners will be the default owners for everything * @cloudposse/engineering @cloudposse/contributors @@ -13,8 +13,11 @@ # Cloud Posse must review any changes to GitHub actions .github/* @cloudposse/engineering -# Cloud Posse must review any changes to standard context definition -**/context.tf @cloudposse/engineering @cloudposse/merge-bots +# Cloud Posse must review any changes to standard context definition, +# but some changes can be rubber-stamped. +**/context.tf @cloudposse/engineering @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers # Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration .github/mergify.yml @cloudposse/admins diff --git a/.github/auto-release.yml b/.github/auto-release.yml index a2d8b3f..18a1ca6 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -4,34 +4,35 @@ version-template: '$MAJOR.$MINOR.$PATCH' version-resolver: major: labels: - - 'major' + - 'major' minor: labels: - - 'minor' - - 'enhancement' + - 'minor' + - 'enhancement' patch: labels: - - 'auto-update' - - 'patch' - - 'fix' - - 'bugfix' - - 'bug' - - 'hotfix' + - 'auto-update' + - 'patch' + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' default: 'minor' categories: - - title: '🚀 Enhancements' - labels: - - 'enhancement' - - title: '🐛 Bug Fixes' - labels: - - 'fix' - - 'bugfix' - - 'bug' - - 'hotfix' - - title: '🤖 Automatic Update' - labels: - - 'auto-update' +- title: '🚀 Enhancements' + labels: + - 'enhancement' + - 'patch' +- title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' +- title: '🤖 Automatic Updates' + labels: + - 'auto-update' change-template: |
diff --git a/.github/mergify.yml b/.github/mergify.yml index a306720..485982f 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -1,51 +1,52 @@ pull_request_rules: - - name: "approve automated PRs that have passed checks" - conditions: - - "check-success~=test/bats" - - "check-success~=test/readme" - - "check-success~=test/terratest" - - "base=master" - - "author=cloudpossebot" - - "head~=auto-update/.*" - actions: - review: - type: "APPROVE" - message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." +- name: "approve automated PRs that have passed checks" + conditions: + - "check-success~=test/bats" + - "check-success~=test/readme" + - "check-success~=test/terratest" + - "base=master" + - "author=cloudpossebot" + - "head~=auto-update/.*" + actions: + review: + type: "APPROVE" + bot_account: "cloudposse-mergebot" + message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." - - name: "merge automated PRs when approved and tests pass" - conditions: - - "check-success~=test/bats" - - "check-success~=test/readme" - - "check-success~=test/terratest" - - "base=master" - - "head~=auto-update/.*" - - "#approved-reviews-by>=1" - - "#changes-requested-reviews-by=0" - - "#commented-reviews-by=0" - - "base=master" - - "author=cloudpossebot" - actions: - merge: - method: "squash" +- name: "merge automated PRs when approved and tests pass" + conditions: + - "check-success~=test/bats" + - "check-success~=test/readme" + - "check-success~=test/terratest" + - "base=master" + - "head~=auto-update/.*" + - "#approved-reviews-by>=1" + - "#changes-requested-reviews-by=0" + - "#commented-reviews-by=0" + - "base=master" + - "author=cloudpossebot" + actions: + merge: + method: "squash" - - name: "delete the head branch after merge" - conditions: - - "merged" - actions: - delete_head_branch: {} +- name: "delete the head branch after merge" + conditions: + - "merged" + actions: + delete_head_branch: {} - - name: "ask to resolve conflict" - conditions: - - "conflict" - actions: - comment: - message: "This pull request is now in conflicts. Could you fix it @{{author}}? 🙏" +- name: "ask to resolve conflict" + conditions: + - "conflict" + actions: + comment: + message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏" - - name: "remove outdated reviews" - conditions: - - "base=master" - actions: - dismiss_reviews: - changes_requested: true - approved: true - message: "This Pull Request has been updated, so we're dismissing all reviews." +- name: "remove outdated reviews" + conditions: + - "base=master" + actions: + dismiss_reviews: + changes_requested: true + approved: true + message: "This Pull Request has been updated, so we're dismissing all reviews." diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 33b669d..e3f7b56 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -1,54 +1,54 @@ name: "auto-context" on: schedule: - # Update context.tf nightly - - cron: '0 3 * * *' + # Update context.tf nightly + - cron: '0 3 * * *' jobs: update: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2 - - name: Update context.tf - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - if [[ -f context.tf ]]; then - echo "Discovered existing context.tf! Fetching most recent version to see if there is an update." - curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf - if git diff --no-patch --exit-code context.tf; then - echo "No changes detected! Exiting the job..." - else - echo "context.tf file was updated. Need to rebuild README.md." - make init - make readme/build - echo "::set-output name=create_pull_request=true" - fi + - name: Update context.tf + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + if [[ -f context.tf ]]; then + echo "Discovered existing context.tf! Fetching most recent version to see if there is an update." + curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf + if git diff --no-patch --exit-code context.tf; then + echo "No changes detected! Exiting the job..." else - echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." + echo "context.tf file was updated. Need to rebuild README.md." + make init + make readme/build + echo "::set-output name=create_pull_request=true" fi + else + echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." + fi - - name: Create Pull Request - if: {{ steps.update.outputs.create_pull_request == 'true' }} - uses: cloudposse/actions/github/create-pull-request@0.20.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update context.tf from origin source - title: Update context.tf - body: |- - ## what - This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` + - name: Create Pull Request + if: {{ steps.update.outputs.create_pull_request == 'true' }} + uses: cloudposse/actions/github/create-pull-request@0.20.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update context.tf from origin source + title: Update context.tf + body: |- + ## what + This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` - ## why - To support all the features of the `context` interface. + ## why + To support all the features of the `context` interface. - branch: auto-update/context.tf - base: master - delete-branch: true - labels: | - auto-update - context + branch: auto-update/context.tf + base: master + delete-branch: true + labels: | + auto-update + context diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml index 0fa802f..6229e60 100644 --- a/.github/workflows/auto-readme.yml +++ b/.github/workflows/auto-readme.yml @@ -1,41 +1,41 @@ name: "auto-readme" on: schedule: - # Update README.md nightly - - cron: '0 4 * * *' + # Update README.md nightly + - cron: '0 4 * * *' jobs: update: if: github.event_name == 'schedule' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2 - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - make init - make readme/build + - name: Update readme + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + make init + make readme/build - - name: Create Pull Request - uses: cloudposse/actions/github/create-pull-request@0.20.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs + - name: Create Pull Request + uses: cloudposse/actions/github/create-pull-request@0.20.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update README.md and docs + title: Update README.md and docs + body: |- + ## what + This is an auto-generated PR that updates the README.md and docs - ## why - To have most recent changes of README.md and doc from origin templates + ## why + To have most recent changes of README.md and doc from origin templates - branch: auto-update/readme - base: master - delete-branch: true - labels: | - auto-update - readme + branch: auto-update/readme + base: master + delete-branch: true + labels: | + auto-update + readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index d0e1329..ccc27be 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -1,44 +1,19 @@ -name-template: 'v$RESOLVED_VERSION' -tag-template: '$RESOLVED_VERSION' -version-template: '$MAJOR.$MINOR.$PATCH' -version-resolver: - major: - labels: - - 'major' - minor: - labels: - - 'minor' - - 'enhancement' - patch: - labels: - - 'auto-update' - - 'patch' - - 'fix' - - 'bugfix' - - 'bug' - - 'hotfix' - default: 'minor' +name: auto-release -categories: -- title: '🚀 Enhancements' - labels: - - 'enhancement' -- title: '🐛 Bug Fixes' - labels: - - 'fix' - - 'bugfix' - - 'bug' - - 'hotfix' -- title: '🤖 Automatic Update' - labels: - - 'auto-update' +on: + push: + branches: + - master -change-template: | -
- $TITLE @$AUTHOR (#$NUMBER) - - $BODY -
- -template: | - $CHANGES +jobs: + semver: + runs-on: ubuntu-latest + steps: + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v5 + with: + publish: true + prerelease: false + config-name: auto-release.yml + env: + GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml index 0d94310..4ddc067 100644 --- a/.github/workflows/chatops.yml +++ b/.github/workflows/chatops.yml @@ -9,7 +9,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.16.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} @@ -24,7 +24,7 @@ jobs: - name: "Checkout commit" uses: actions/checkout@v2 - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.16.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml new file mode 100644 index 0000000..ebdc5c0 --- /dev/null +++ b/.github/workflows/validate-codeowners.yml @@ -0,0 +1,21 @@ +name: Validate Codeowners +on: + pull_request: + paths: + - '**/CODEOWNERS' + - '.github/workflows/validate-codeowners.yml' + +jobs: + validate-codeowners: + runs-on: ubuntu-latest + steps: + - name: "Checkout source code at current commit" + uses: actions/checkout@v2 + - uses: mszostok/codeowners-validator@v0.5.0 + with: + # For now, remove "files" check to allow CODEOWNERS to specify non-existent + # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos + # checks: "files,syntax,owners,duppatterns" + checks: "syntax,owners,duppatterns" + # GitHub access token is required only if the `owners` check is enabled + github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" diff --git a/README.md b/README.md index b8567c7..72271c8 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ We highly recommend that in your code you pin the version to the exact version y using so that your infrastructure remains stable, and update versions in a systematic way so that they do not catch you by surprise. -Also, because of a bug in the Terraform registry (hashicorp/terraform#21417), +Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)), the registry shows many of our inputs as required when in fact they are optional. The table below correctly indicates which inputs are required. diff --git a/context.tf b/context.tf index bae0cf1..e5734b7 100644 --- a/context.tf +++ b/context.tf @@ -18,8 +18,10 @@ # will be null, and `module.this.delimiter` will be `-` (hyphen). # + module "this" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2" + source = "cloudposse/label/null" + version = "0.22.0" // requires Terraform >= 0.12.26 enabled = var.enabled namespace = var.namespace diff --git a/examples/complete/context.tf b/examples/complete/context.tf index bae0cf1..e5734b7 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -18,8 +18,10 @@ # will be null, and `module.this.delimiter` will be `-` (hyphen). # + module "this" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2" + source = "cloudposse/label/null" + version = "0.22.0" // requires Terraform >= 0.12.26 enabled = var.enabled namespace = var.namespace From 78e9b826daab5a471274c62378914d21d9c1a505 Mon Sep 17 00:00:00 2001 From: Nuru Date: Wed, 9 Dec 2020 21:21:04 -0800 Subject: [PATCH 10/12] Manual update of extra label modules --- all.tf | 2 +- core.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/all.tf b/all.tf index 8e0247d..fc13c46 100644 --- a/all.tf +++ b/all.tf @@ -78,7 +78,7 @@ data "aws_iam_policy_document" "all" { module "all_label" { source = "cloudposse/label/null" - version = "0.19.2" + version = "0.22.0" attributes = compact(concat(module.this.attributes, ["all"])) diff --git a/core.tf b/core.tf index dbbcf4d..f9a6700 100644 --- a/core.tf +++ b/core.tf @@ -21,7 +21,7 @@ data "aws_iam_policy_document" "core" { module "core_label" { source = "cloudposse/label/null" - version = "0.19.2" + version = "0.22.0" attributes = compact(concat(module.this.attributes, ["core"])) From 31caff15b24ce4c2de87be19ccf2e0a57cdc28be Mon Sep 17 00:00:00 2001 From: Nuru Date: Wed, 9 Dec 2020 21:59:16 -0800 Subject: [PATCH 11/12] Make bulid-harness the authority on context.tf --- .github/workflows/auto-context.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index e3f7b56..739a3c9 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -23,8 +23,9 @@ jobs: if git diff --no-patch --exit-code context.tf; then echo "No changes detected! Exiting the job..." else - echo "context.tf file was updated. Need to rebuild README.md." + echo "context.tf file has changed. Update examples and rebuild README.md." make init + make github/init/context.tf make readme/build echo "::set-output name=create_pull_request=true" fi @@ -34,7 +35,7 @@ jobs: - name: Create Pull Request if: {{ steps.update.outputs.create_pull_request == 'true' }} - uses: cloudposse/actions/github/create-pull-request@0.20.0 + uses: cloudposse/actions/github/create-pull-request@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} commit-message: Update context.tf from origin source From 80b7e7c6fbdcf8ff73b895ddb8aa7c05cc742fc7 Mon Sep 17 00:00:00 2001 From: Nuru Date: Thu, 10 Dec 2020 15:33:33 -0800 Subject: [PATCH 12/12] Always validate CODEOWNERS --- .github/workflows/validate-codeowners.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index ebdc5c0..8044289 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -1,9 +1,6 @@ name: Validate Codeowners on: pull_request: - paths: - - '**/CODEOWNERS' - - '.github/workflows/validate-codeowners.yml' jobs: validate-codeowners: