Skip to content

Commit

Permalink
minimum required Terraform version bumped to 0.13.0, context.tf updat…
Browse files Browse the repository at this point in the history
…ed, readme updated (#55)
  • Loading branch information
maximmi authored Feb 4, 2021
1 parent ce9a7b4 commit 86e36f4
Show file tree
Hide file tree
Showing 10 changed files with 231 additions and 22 deletions.
8 changes: 8 additions & 0 deletions .github/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,11 @@ change-template: |
template: |
$CHANGES
replacers:
# Remove irrelevant information from Renovate bot
- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
replace: ''
# Remove Renovate bot banner image
- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
replace: ''
28 changes: 17 additions & 11 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,16 @@
# https://docs.mergify.io/conditions.html
# https://docs.mergify.io/actions.html
pull_request_rules:
- name: "approve automated PRs that have passed checks"
conditions:
- "check-success~=test/bats"
- "check-success~=test/readme"
- "check-success~=test/terratest"
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- "base=master"
- "author=cloudpossebot"
- "head~=auto-update/.*"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
- "check-success=test/readme"
- "check-success=test/terratest"
- "check-success=validate-codeowners"
actions:
review:
type: "APPROVE"
Expand All @@ -15,16 +19,17 @@ pull_request_rules:

- name: "merge automated PRs when approved and tests pass"
conditions:
- "check-success~=test/bats"
- "check-success~=test/readme"
- "check-success~=test/terratest"
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- "base=master"
- "head~=auto-update/.*"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
- "check-success=test/readme"
- "check-success=test/terratest"
- "check-success=validate-codeowners"
- "#approved-reviews-by>=1"
- "#changes-requested-reviews-by=0"
- "#commented-reviews-by=0"
- "base=master"
- "author=cloudpossebot"
actions:
merge:
method: "squash"
Expand All @@ -38,6 +43,7 @@ pull_request_rules:
- name: "ask to resolve conflict"
conditions:
- "conflict"
- "-closed"
actions:
comment:
message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏"
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/auto-context.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
make init
make github/init/context.tf
make readme/build
echo "::set-output name=create_pull_request=true"
echo "::set-output name=create_pull_request::true"
fi
else
echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates."
Expand All @@ -38,6 +38,8 @@ jobs:
uses: cloudposse/actions/github/[email protected]
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
committer: 'cloudpossebot <[email protected]>'
author: 'cloudpossebot <[email protected]>'
commit-message: Update context.tf from origin source
title: Update context.tf
body: |-
Expand Down
86 changes: 86 additions & 0 deletions .github/workflows/auto-format.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: Auto Format
on:
pull_request_target:
types: [opened, synchronize]

jobs:
auto-format:
runs-on: ubuntu-latest
container: cloudposse/build-harness:slim-latest
steps:
# Checkout the pull request branch
# "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
# the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains
# a workflow configured to run when push events occur."
# However, using a personal access token will cause events to be triggered.
# We need that to ensure a status gets posted after the auto-format commit.
# We also want to trigger tests if the auto-format made no changes.
- uses: actions/checkout@v2
if: github.event.pull_request.state == 'open'
name: Privileged Checkout
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# Check out the PR commit, not the merge commit
# Use `ref` instead of `sha` to enable pushing back to `ref`
ref: ${{ github.event.pull_request.head.ref }}

# Do all the formatting stuff
- name: Auto Format
if: github.event.pull_request.state == 'open'
shell: bash
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host

# Commit changes (if any) to the PR branch
- name: Commit changes to the PR branch
if: github.event.pull_request.state == 'open'
shell: bash
id: commit
env:
SENDER: ${{ github.event.sender.login }}
run: |
set -x
output=$(git diff --name-only)
if [ -n "$output" ]; then
echo "Changes detected. Pushing to the PR branch"
git config --global user.name 'cloudpossebot'
git config --global user.email '[email protected]'
git add -A
git commit -m "Auto Format"
# Prevent looping by not pushing changes in response to changes from cloudpossebot
[[ $SENDER == "cloudpossebot" ]] || git push
# Set status to fail, because the push should trigger another status check,
# and we use success to indicate the checks are finished.
printf "::set-output name=%s::%s\n" "changed" "true"
exit 1
else
printf "::set-output name=%s::%s\n" "changed" "false"
echo "No changes detected"
fi
- name: Auto Test
uses: cloudposse/actions/github/[email protected]
# match users by ID because logins (user names) are inconsistent,
# for example in the REST API Renovate Bot is `renovate[bot]` but
# in GraphQL it is just `renovate`, plus there is a non-bot
# user `renovate` with ID 1832810.
# Mergify bot: 37929162
# Renovate bot: 29139614
# Cloudpossebot: 11232728
# Need to use space separators to prevent "21" from matching "112144"
if: >
contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id))
&& steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open'
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: cloudposse/actions
event-type: test-command
client-payload: |-
{ "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}},
"pull_request": ${{ toJSON(github.event.pull_request) }},
"github":{"payload":{"repository": ${{ toJSON(github.event.repository) }},
"comment": {"id": ""}
}
}
}
2 changes: 1 addition & 1 deletion .github/workflows/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:
- master

jobs:
semver:
publish:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
Expand Down
25 changes: 23 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,25 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are



## Security & Compliance [<img src="https://cloudposse.com/wp-content/uploads/2020/11/bridgecrew.svg" width="250" align="right" />](https://bridgecrew.io/)

Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.

| Benchmark | Description |
|--------|---------------|
| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance |
| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance |
| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance |
| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance |
| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance |
| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance |
| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance |
| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=SOC2)| Service Organization Control 2 Compliance |
| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance |
| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-s3-website/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-s3-website&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance |



## Usage


Expand Down Expand Up @@ -135,7 +154,7 @@ Available targets:

| Name | Version |
|------|---------|
| terraform | >= 0.12.26 |
| terraform | >= 0.13.0 |
| aws | >= 2.0 |
| local | >= 1.2 |

Expand All @@ -151,7 +170,7 @@ Available targets:
|------|-------------|------|---------|:--------:|
| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
| context | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | <pre>object({<br> enabled = bool<br> namespace = string<br> environment = string<br> stage = string<br> name = string<br> delimiter = string<br> attributes = list(string)<br> tags = map(string)<br> additional_tag_map = map(string)<br> regex_replace_chars = string<br> label_order = list(string)<br> id_length_limit = number<br> })</pre> | <pre>{<br> "additional_tag_map": {},<br> "attributes": [],<br> "delimiter": null,<br> "enabled": true,<br> "environment": null,<br> "id_length_limit": null,<br> "label_order": [],<br> "name": null,<br> "namespace": null,<br> "regex_replace_chars": null,<br> "stage": null,<br> "tags": {}<br>}</pre> | no |
| context | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | <pre>object({<br> enabled = bool<br> namespace = string<br> environment = string<br> stage = string<br> name = string<br> delimiter = string<br> attributes = list(string)<br> tags = map(string)<br> additional_tag_map = map(string)<br> regex_replace_chars = string<br> label_order = list(string)<br> id_length_limit = number<br> label_key_case = string<br> label_value_case = string<br> })</pre> | <pre>{<br> "additional_tag_map": {},<br> "attributes": [],<br> "delimiter": null,<br> "enabled": true,<br> "environment": null,<br> "id_length_limit": null,<br> "label_key_case": null,<br> "label_order": [],<br> "label_value_case": null,<br> "name": null,<br> "namespace": null,<br> "regex_replace_chars": null,<br> "stage": null,<br> "tags": {}<br>}</pre> | no |
| cors\_allowed\_headers | List of allowed headers | `list(string)` | <pre>[<br> "*"<br>]</pre> | no |
| cors\_allowed\_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) | `list(string)` | <pre>[<br> "GET"<br>]</pre> | no |
| cors\_allowed\_origins | List of allowed origins (e.g. example.com, test.com) | `list(string)` | <pre>[<br> "*"<br>]</pre> | no |
Expand All @@ -168,7 +187,9 @@ Available targets:
| hostname | Name of website bucket in `fqdn` format (e.g. `test.example.com`). IMPORTANT! Do not add trailing dot (`.`) | `string` | n/a | yes |
| id\_length\_limit | Limit `id` to this many characters.<br>Set to `0` for unlimited length.<br>Set to `null` for default, which is `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
| index\_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders | `string` | `"index.html"` | no |
| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.<br>Possible values: `lower`, `title`, `upper`. <br>Default value: `title`. | `string` | `null` | no |
| label\_order | The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation). <br>Default value: `lower`. | `string` | `null` | no |
| lifecycle\_rule\_enabled | Enable or disable lifecycle rule | `bool` | `false` | no |
| logs\_expiration\_days | Number of days after which to expunge the objects | `number` | `90` | no |
| logs\_glacier\_transition\_days | Number of days after which to move the data to the glacier storage tier | `number` | `60` | no |
Expand Down
46 changes: 44 additions & 2 deletions context.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,9 @@
# will be null, and `module.this.delimiter` will be `-` (hyphen).
#


module "this" {
source = "cloudposse/label/null"
version = "0.22.0" // requires Terraform >= 0.12.26
version = "0.23.0" // requires Terraform >= 0.13.0

enabled = var.enabled
namespace = var.namespace
Expand Down Expand Up @@ -55,6 +54,8 @@ variable "context" {
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
label_key_case = string
label_value_case = string
})
default = {
enabled = true
Expand All @@ -69,6 +70,8 @@ variable "context" {
regex_replace_chars = null
label_order = []
id_length_limit = null
label_key_case = null
label_value_case = null
}
description = <<-EOT
Single object for setting entire context at once.
Expand All @@ -77,6 +80,16 @@ variable "context" {
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT

validation {
condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
error_message = "Allowed values: `lower`, `title`, `upper`."
}

validation {
condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
}
}

variable "enabled" {
Expand Down Expand Up @@ -166,4 +179,33 @@ variable "id_length_limit" {
EOT
}

variable "label_key_case" {
type = string
default = null
description = <<-EOT
The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`.
EOT

validation {
condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
error_message = "Allowed values: `lower`, `title`, `upper`."
}
}

variable "label_value_case" {
type = string
default = null
description = <<-EOT
The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`.
EOT

validation {
condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
}
}
#### End of copy of cloudposse/terraform-null-label/variables.tf
Loading

0 comments on commit 86e36f4

Please sign in to comment.