diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index c8ead3b..0000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-# SCT-Engineering/release action
-name: Do Release of Module
-
-# Controls when the workflow will run
-on:
- pull_request:
- types: [opened, reopened, synchronize, labeled, unlabeled]
- push:
- branches:
- - main
- # Allows you to run this workflow manually from the Actions tab
- workflow_dispatch:
-
-permissions:
- id-token: write
- contents: write
- pull-requests: write
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
- # This workflow contains a single job called "Release"
- Release:
- # The type of runner that the job will run on
- runs-on: ["229685449397"]
- if: "!startsWith(github.event.head_commit.message, 'bump:')"
-
- steps:
- - uses: CSVD/gh-actions-checkout@v4
- id: checkout
- with:
- token: "${{ secrets.PERSONAL_ACCESS_TOKEN }}"
- fetch-depth: 0
-
- - name: Setup GITHUB Credentials
- id: github_credentials
- uses: CSVD/gh-auth@main
- with:
- github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
- github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
- github_base_url: "${{ github.server_url }}/"
-
- - name: Create bump and changelog
- uses: CSVD/commitizen-action@main
- with:
- github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- changelog_increment_filename: body.md
-
- - uses: CSVD/gh-actions-checkout@v4
- - run: |
- date > generated.txt
- # Note: the following account information will not work on GHES
- git config user.name "github-actions[bot]"
- git config user.email "{user.id}+{user.login}@users.noreply.github.e.it.census.gov"
- git add .
- git commit -m "generated"
- git push
- # - name: Push doc to Github Page
- # uses: peaceiris/actions-gh-pages@v4
- # with:
- # personal_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- # publish_branch: gh-pages
- # publish_dir: ./site
- # user_name: "github-actions[bot]"
- # user_email: "github-actions[bot]@users.noreply.github.com"
- # - name: Release
- # uses: ncipollo/release-action@v1
- # with:
- # tag: v${{ env.REVISION }}
- # bodyFile: "body.md"
- # skipIfReleaseExists: true
diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml
new file mode 100644
index 0000000..a78523e
--- /dev/null
+++ b/.github/workflows/terragrunt-cicd.yml
@@ -0,0 +1,101 @@
+name: 'Terraform Module CI'
+
+on:
+ push:
+ branches:
+ - main
+ paths:
+ - '**/*.hcl'
+ - '**/*.tf'
+ pull_request:
+ branches:
+ - main
+ paths:
+ - '**/*.hcl'
+ - '**/*.tf'
+
+permissions:
+ contents: read
+ pull-requests: write
+
+jobs:
+ validate:
+ name: 'Validate Module'
+ runs-on: self-hosted
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v2
+ with:
+ terraform_version: 1.5.0
+
+ - name: Terraform Init
+ run: |
+ terraform init -backend=false
+
+ - name: Terraform Format
+ run: |
+ terraform fmt -check
+
+ - name: Terraform Validate
+ run: |
+ terraform validate
+
+ - name: Run tflint
+ uses: terraform-linters/setup-tflint@v3
+ if: github.event_name == 'pull_request'
+
+ - name: Lint Terraform
+ if: github.event_name == 'pull_request'
+ run: |
+ tflint --format compact
+
+ release:
+ name: 'Create Release'
+ needs: validate
+ if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+ runs-on: self-hosted
+ permissions:
+ contents: write
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ token: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Setup Python
+ uses: actions/setup-python@v4
+ with:
+ python-version: '3.9'
+
+ - name: Install Commitizen
+ run: |
+ pip install commitizen
+
+ - name: Configure Git
+ run: |
+ git config --local user.email "action@github.com"
+ git config --local user.name "GitHub Action"
+
+ - name: Bump Version and Generate Changelog
+ id: cz
+ run: |
+ cz bump --yes
+ echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT
+ echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT
+
+ - name: Create Release
+ uses: actions/create-release@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ tag_name: v${{ steps.cz.outputs.new_version }}
+ release_name: Release v${{ steps.cz.outputs.new_version }}
+ draft: false
+ prerelease: false
+ body: ${{ steps.cz.outputs.changelog }}
diff --git a/README.md b/README.md
index 3b34d86..a5e44c0 100644
--- a/README.md
+++ b/README.md
@@ -123,9 +123,9 @@ EOF
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.87.0 |
+| [aws](#provider\_aws) | 5.88.0 |
| [helm](#provider\_helm) | 2.17.0 |
-| [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| [kubernetes](#provider\_kubernetes) | 2.36.0 |
## Modules
@@ -138,7 +138,7 @@ EOF
| Name | Type |
|------|------|
| [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_network_policy.operators_default](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
@@ -170,8 +170,8 @@ EOF
| [module\_name](#output\_module\_name) | The name of this module. |
| [module\_version](#output\_module\_version) | The version of this module. |
| [network\_policies](#output\_network\_policies) | Map of network policies applied to namespaces |
-| [operators\_namespace](#output\_operators\_namespace) | The namespace for the operators. |
-| [operators\_namespace\_labels](#output\_operators\_namespace\_labels) | Labels applied to the operators namespace |
+| [operator\_namespace](#output\_operator\_namespace) | The namespace for the operators. |
+| [operator\_namespace\_labels](#output\_operator\_namespace\_labels) | Labels applied to the operators namespace |
| [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. |
| [rwx\_storage\_class](#output\_rwx\_storage\_class) | Kubernetes storage class that supports read/write many. |
| [storage\_classes](#output\_storage\_classes) | Map of all storage class names and their configurations |
diff --git a/main.tf b/main.tf
index 402b050..336b4a3 100644
--- a/main.tf
+++ b/main.tf
@@ -83,7 +83,7 @@ resource "kubernetes_storage_class" "efs_sc" {
mount_options = ["tls"]
}
-resource "kubernetes_namespace" "operators" {
+resource "kubernetes_namespace" "operator" {
metadata {
name = var.operators_ns
labels = {
@@ -96,7 +96,7 @@ resource "kubernetes_namespace" "operators" {
resource "kubernetes_network_policy" "operators_default" {
metadata {
name = "default-deny"
- namespace = kubernetes_namespace.operators.metadata[0].name
+ namespace = kubernetes_namespace.operator.metadata[0].name
}
spec {
diff --git a/outputs.tf b/outputs.tf
index a28d138..5bb798d 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -73,14 +73,14 @@ output "efs_dns_name" {
# Operators
################################################################################
-output "operators_namespace" {
+output "operator_namespace" {
description = "The namespace for the operators."
- value = kubernetes_namespace.operators.metadata[0].name
+ value = kubernetes_namespace.operator.metadata[0].name
}
-output "operators_namespace_labels" {
+output "operator_namespace_labels" {
description = "Labels applied to the operators namespace"
- value = kubernetes_namespace.operators.metadata[0].labels
+ value = kubernetes_namespace.operator.metadata[0].labels
}
################################################################################