Merge branch 'aws-ia:main' into main

.github/workflows/dependency-review.yml

@@ -24,4 +24,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.5.4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
+        uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4

.github/workflows/e2e-parallel-destroy.yml

@@ -28,7 +28,7 @@ jobs:
         include:
           - example_path: patterns/agones-game-controller
           - example_path: patterns/fargate-serverless
-          - example_path: patterns/argocd
+          - example_path: patterns/gitops/getting-started-argocd
           - example_path: patterns/ipv6-eks-cluster
           - example_path: patterns/karpenter
           - example_path: patterns/multi-tenancy-with-teams
@@ -56,7 +56,7 @@ jobs:
           role-session-name: GithubActions-Session
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.0.0
 
@@ -65,6 +65,7 @@ jobs:
         run: |
           terraform init -upgrade=true
           terraform destroy -target=module.eks_blueprints_kubernetes_addons  -no-color -input=false -auto-approve
-          terraform destroy -target=module.eks_blueprints  -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks_blueprints_addons -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks_blueprints -no-color -input=false -auto-approve
           terraform destroy -target=module.eks -no-color -input=false -auto-approve
           terraform destroy -no-color -input=false -auto-approve

.github/workflows/e2e-parallel-full.yml

@@ -62,7 +62,7 @@ jobs:
         include:
           - example_path: patterns/agones-game-controller
           - example_path: patterns/fargate-serverless
-          - example_path: patterns/argocd
+          - example_path: patterns/gitops/getting-started-argocd
           - example_path: patterns/ipv6-eks-cluster
           - example_path: patterns/karpenter
           - example_path: patterns/multi-tenancy-with-teams
@@ -99,7 +99,7 @@ jobs:
           echo "iamlive_pid=$IAMLIVE_PID" >> $GITHUB_ENV
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.0.0
 
@@ -115,6 +115,7 @@ jobs:
           terraform apply -target=module.eks_blueprints -no-color -input=false -auto-approve
           terraform apply -target=module.eks -no-color -input=false -auto-approve
           terraform apply -target=module.eks_blueprints_kubernetes_addons -no-color -input=false -auto-approve
+          terraform apply -target=module.eks_blueprints_addons -no-color -input=false -auto-approve
           terraform apply -no-color -input=false -auto-approve
 
       - name: Terraform Destroy
@@ -125,9 +126,10 @@ jobs:
           export AWS_CSM_ENABLED=true
           export AWS_CSM_PORT=31000
           export AWS_CSM_HOST=127.0.0.1
-          terraform destroy -target=module.eks_blueprints_kubernetes_addons  -no-color -input=false -auto-approve
-          terraform destroy -target=module.eks_blueprints  -no-color -input=false -auto-approve
-          terraform destroy -target=module.eks  -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks_blueprints_kubernetes_addons -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks_blueprints_addons -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks_blueprints -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks -no-color -input=false -auto-approve
           terraform destroy -no-color -input=false -auto-approve
 
       - name: Fail if TF apply failed

.github/workflows/markdown-link-check.yml

@@ -26,7 +26,7 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: '16.x'
       - name: install markdown-link-check

.github/workflows/plan-examples.yml

@@ -1,10 +1,6 @@
 name: plan-examples
 
 on:
-  # Review https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ and better understand the risks of using pull_request_target before making major changes to this workflow.
-  pull_request_target:
-    branches:
-      - main
   workflow_dispatch:
 
 concurrency:
@@ -97,7 +93,7 @@ jobs:
           role-session-name: GithubActions-Session
 
       - name: Terraform Job
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
         if: steps.changes.outputs.src== 'true'
         with:
           terraform_version: 1.0.0

.github/workflows/pr-title.yml

@@ -23,7 +23,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: amannn/action-semantic-pull-request@v5.3.0
+      - uses: amannn/action-semantic-pull-request@v5.4.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/publish-docs.yml

@@ -28,7 +28,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
 

.github/workflows/scorecards.yml

@@ -41,7 +41,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -63,14 +63,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           sarif_file: results.sarif

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: trailing-whitespace
         args: ['--markdown-linebreak-ext=md']
@@ -10,7 +10,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.83.4
+    rev: v1.83.5
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

docs/patterns/gitops-getting-started-argocd.md

@@ -0,0 +1,7 @@
+---
+title: GitOps Getting Started (ArgoCD)
+---
+
+{%
+   include-markdown "../../patterns/gitops/getting-started-argocd/README.md"
+%}

docs/patterns/gitops-multi-cluster-hub-spoke-argocd.md

@@ -0,0 +1,7 @@
+---
+title: GitOps Multi-Cluster Hub-Spoke Topology (ArgoCD)
+---
+
+{%
+   include-markdown "../../patterns/gitops/multi-cluster-hub-spoke-argocd/README.md"
+%}