feat: prepare v11.0.0 rc.2 (#257)

* remove release-tag updation workflow Signed-off-by: Rishav Dhar <[email protected]> * reorder permissions block Signed-off-by: Rishav Dhar <[email protected]> * rename directory Signed-off-by: Rishav Dhar <[email protected]> * include `arg_or_create: true` Signed-off-by: Rishav Dhar <[email protected]> * replace scripts Signed-off-by: Rishav Dhar <[email protected]> * rename tests Signed-off-by: Rishav Dhar <[email protected]> * update workflow inputs Signed-off-by: Rishav Dhar <[email protected]> * bump deps Signed-off-by: Rishav Dhar <[email protected]> * test old stacks Signed-off-by: Rishav Dhar <[email protected]> * remove old stacks Signed-off-by: Rishav Dhar <[email protected]> * add stg tfbackend Signed-off-by: Rishav Dhar <[email protected]> * reorder workspace select Signed-off-by: Rishav Dhar <[email protected]> * filter sample matrix Signed-off-by: Rishav Dhar <[email protected]> * include dev and stg for bucket Signed-off-by: Rishav Dhar <[email protected]> * complete sample workflow Signed-off-by: Rishav Dhar <[email protected]> * test `pass_character_limit` Signed-off-by: Rishav Dhar <[email protected]> * enable all tests Signed-off-by: Rishav Dhar <[email protected]> * update code ownership and dependency automation Signed-off-by: Rishav Dhar <[email protected]> * simplify `arg_var_file` Signed-off-by: Rishav Dhar <[email protected]> * retry Signed-off-by: Rishav Dhar <[email protected]> * filter sample Signed-off-by: Rishav Dhar <[email protected]> * test sample environment Signed-off-by: Rishav Dhar <[email protected]> * replace stg with qa Signed-off-by: Rishav Dhar <[email protected]> * bump versions Signed-off-by: Rishav Dhar <[email protected]> * update assets Signed-off-by: Rishav Dhar <[email protected]> * replace `stg` with `qa` Signed-off-by: Rishav Dhar <[email protected]> * update example workflows Signed-off-by: Rishav Dhar <[email protected]> * add `arg_lock: false` Signed-off-by: Rishav Dhar <[email protected]> * add `arg_lock: false` Signed-off-by: Rishav Dhar <[email protected]> * add `continue-on-error: true` Signed-off-by: Rishav Dhar <[email protected]> * update wording Signed-off-by: Rishav Dhar <[email protected]> --------- Signed-off-by: Rishav Dhar <[email protected]>
OP5dev · Jul 29, 2024 · 0ffbdb2 · 0ffbdb2
1 parent c5de7cd
commit 0ffbdb2
Show file tree

Hide file tree

Showing 56 changed files with 1,017 additions and 1,766 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,3 +1,3 @@
-# These owners will be the default owners for everything in the repo.
+# Each line is a file pattern followed by one or more owners.
 # Order is important as the last matching pair takes precedence.
-*       @rdhar
+* @rdhar
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -9,7 +9,7 @@ updates:
 
   - package-ecosystem: terraform
     directories:
-      - /stacks/*
+      - /sample/*
     schedule:
       interval: daily
     groups:

diff --git a/.github/examples/pr_merge_matrix.yaml b/.github/examples/pr_merge_matrix.yaml
@@ -0,0 +1,39 @@
+---
+name: Trigger on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy.
+
+on:
+  pull_request:
+  merge_group:
+
+jobs:
+  tf:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read # Required to download repository artifact.
+      checks: write # Required to add status summary.
+      contents: read # Required to checkout repository.
+      pull-requests: write # Required to add PR comment and label.
+
+    strategy:
+      fail-fast: false
+      matrix:
+        deployment: [dev, qa, prod]
+
+    environment: ${{ github.event_name == 'merge_group' && matrix.deployment || '' }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup TF
+        uses: opentofu/setup-opentofu@v1
+
+      - name: Provision TF
+        uses: devsectop/tf-via-pr@v11
+        with:
+          arg_chdir: directory/path
+          arg_command: ${{ github.event_name == 'merge_group' && 'apply' || 'plan' }}
+          arg_var_file: env/${{ matrix.deployment }}.tfvars
+          arg_workspace: ${{ matrix.deployment }}
+          arg_lock: false
diff --git a/.github/examples/pr_push_auth.yaml b/.github/examples/pr_push_auth.yaml
@@ -0,0 +1,37 @@
+---
+name: Trigger on pull_request (plan) and push (apply) events with Terraform and AWS authentication.
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  tf:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read # Required to download repository artifact.
+      checks: write # Required to add status summary.
+      contents: read # Required to checkout repository.
+      id-token: write # Required to authenticate via OIDC.
+      pull-requests: write # Required to add PR comment and label.
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Authenticate AWS
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.AWS_ROLE }}
+
+      - name: Setup TF
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Provision TF
+        uses: devsectop/tf-via-pr@v11
+        with:
+          arg_chdir: directory/path
+          arg_command: ${{ github.event_name == 'push' && 'apply' || 'plan' }}
diff --git a/.github/examples/pr_tenv.yaml b/.github/examples/pr_tenv.yaml
@@ -0,0 +1,27 @@
+---
+name: Trigger on pull_request (plan or apply) event with tenv proxy to avoid TF wrapper.
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, closed]
+
+jobs:
+  tf:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read # Required to download repository artifact.
+      checks: write # Required to add status summary.
+      contents: read # Required to checkout repository.
+      pull-requests: write # Required to add PR comment and label.
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Provision TF
+        uses: devsectop/tf-via-pr@v11
+        with:
+          arg_chdir: directory/path
+          arg_command: ${{ github.event.pull_request.merged && 'apply' || 'plan' }}
+          tf_version: ~> 1.8.0
diff --git a/.github/examples/tf_via_pr_comments.yaml b/.github/examples/tf_via_pr_comments.yaml
diff --git a/.github/examples/tf_via_pr_comments_or_input.yaml b/.github/examples/tf_via_pr_comments_or_input.yaml
diff --git a/.github/examples/tf_via_pr_input.yaml b/.github/examples/tf_via_pr_input.yaml
diff --git a/.github/examples/tf_via_pr_input_matrix.yaml b/.github/examples/tf_via_pr_input_matrix.yaml
diff --git a/.github/workflows/tf_sample.yaml b/.github/workflows/tf_sample.yaml
@@ -1,34 +1,35 @@
 ---
 name: TF Sample
+
 on:
   pull_request:
-    types: [opened, reopened, synchronize, closed]
-    paths: [.github/workflows/tf_sample.yaml, stacks/**]
-
-permissions:
-  actions: read # Required for workflow query and artifact download.
-  checks: write # Required for adding summary to check status.
-  contents: read # Required for repository checkout.
-  id-token: write # Required for assuming AWS role via OIDC provider.
-  pull-requests: write # Required for commenting on PR.
+    paths: [.github/workflows/tf_sample.yaml, sample/**]
+  push:
+    branches: [main]
 
 env:
   AWS_REGION: us-east-1
-  TF_VERSION: ~> 1.7.0
+  TF_VERSION: ~> 1.8.0
   TF_VAR_PREFIX: sample
 
 jobs:
   TF:
     runs-on: ubuntu-latest
-    if: github.event.action != 'closed' || github.event.pull_request.merged
+
+    permissions:
+      actions: read # Required to download repository artifact.
+      checks: write # Required to add status summary.
+      contents: read # Required to checkout repository.
+      id-token: write # Required to authenticate via OIDC.
+      pull-requests: write # Required to add PR comment and label.
 
     strategy:
       fail-fast: false
       matrix:
-        dir: [sample_bucket, sample_instance]
-        env: [dev, stg]
+        dir: [bucket, instance]
+        env: [dev, qa]
 
-    environment: ${{ github.event.pull_request.merged && format('{0}/{1}', matrix.dir, matrix.env) || '' }}
+    environment: ${{ github.event_name == 'push' && format('{0}/{1}', matrix.dir, matrix.env) || '' }}
 
     steps:
       - name: Checkout repository
@@ -41,14 +42,17 @@ jobs:
           role-to-assume: ${{ secrets.AWS_ROLE }}
 
       - name: Setup TF
-        uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
+        uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
         with:
-          terraform_version: ${{ env.TF_VERSION }}
+          tofu_version: ${{ env.TF_VERSION }}
 
       - name: Provision TF
         uses: ./
         with:
-          arg_command: ${{ github.event.action != 'closed' && 'plan' || 'apply' }}
-          arg_chdir: stacks/${{ matrix.dir }}
-          arg_var_file: ${{ contains(matrix.dir, 'instance') && format('env/{0}.tfvars', matrix.env) || '' }}
+          arg_chdir: sample/${{ matrix.dir }}
+          arg_command: ${{ github.event_name == 'push' && 'apply' || 'plan' }}
           arg_backend_config: ${{ contains(matrix.dir, 'bucket') && format('backend/{0}.tfbackend', matrix.env) || '' }}
+          arg_var_file: ${{ contains(matrix.dir, 'instance') && format('env/{0}.tfvars', matrix.env) || '' }}
+          arg_workspace: ${{ matrix.env }}
+          arg_or_create: true
+          arg_lock: false