From 3e4bba706971447f5479c14e8b361dba64a641c9 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 1 Apr 2025 11:41:03 -0400
Subject: [PATCH 1/2] add module release process

---
 .github/dependabot.yml                    | 11 ++++
 .github/workflows/terraform-release.yaml  | 73 +++++++++++++++++++++++
 .github/workflows/terraform-validate.yaml | 42 +++++++++++++
 3 files changed, 126 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/terraform-release.yaml
 create mode 100644 .github/workflows/terraform-validate.yaml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..867570d
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml
new file mode 100644
index 0000000..90910bc
--- /dev/null
+++ b/.github/workflows/terraform-release.yaml
@@ -0,0 +1,73 @@
+name: Terraform CI/CD
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [closed]
+    branches:
+      - main
+jobs:
+  terraform-ci-cd:
+    runs-on: 229685449397
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout code
+        uses: CSVD/gh-actions-checkout@v4
+
+      - name: Setup Terraform
+        uses: CSVD/gh-actions-setup-terraform@v3
+        with:
+          terraform_version: "1.9.1"
+
+      - name: Setup GITHUB Credentials
+        id: github_credentials
+        uses: CSVD/gh-auth@main
+        with:
+          github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+          github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+          github_app_id: ${{ vars.GH_APP_ID }}
+
+
+      - name: Debug Authentication
+        run: |
+          # Print the GitHub server URL
+          echo "GitHub Server URL: ${{ github.server_url }}"
+
+          # Extract the host from the URL
+          HOST="${{ github.server_url }}"
+          HOST="${HOST#*//}"
+          HOST="${HOST%%/*}"
+          echo "GitHub Host: $HOST"
+
+          # Check if token exists
+          if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then
+            echo "Token generated successfully"
+            # Test the token with a simple GitHub API call (without exposing the token)
+            STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user")
+            echo "API Test Status Code: $STATUS"
+          else
+            echo "No token was generated!"
+          fi
+
+      - name: Setup GitHub CLI
+        run: |
+          # Force manual authentication since setup-git might not work with GitHub Enterprise
+          echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt
+          gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt
+          rm /tmp/token.txt
+
+          # Test GitHub CLI auth status
+          gh auth status || echo "GitHub CLI authentication failed"
+
+      - name: AWS Auth
+        id: aws_auth
+        uses: CSVD/aws-auth@main
+        with:
+          ecs: true
+
+      - name: Run Terraform Module Release Action
+        uses: CSVD/terraform-module-release@main
+        with:
+          github-token: ${{ steps.github_credentials.outputs.github_token }}
+          working-directory: '.'
diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml
new file mode 100644
index 0000000..72829d8
--- /dev/null
+++ b/.github/workflows/terraform-validate.yaml
@@ -0,0 +1,42 @@
+name: Terraform Validate
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+
+  terraform-validate:
+    runs-on: "229685449397"
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: CSVD/gh-actions-checkout@v4
+
+      - name: Setup Terraform
+        uses: CSVD/gh-actions-setup-terraform@v2
+        with:
+          terraform_version: '1.7.3'
+
+      - name: Validate Terraform Configuration
+        id: validate
+        uses: CSVD/terraform-validate@main
+
+      - name: Check Validation/Test Results
+        if: always()
+        run: |
+          # Set default values if outputs are empty
+          IS_VALID="${{ steps.validate.outputs.is_valid }}"
+          TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}"
+
+          # If outputs are empty, set them to false
+          [ -z "$IS_VALID" ] && IS_VALID="false"
+          [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false"
+
+          if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then
+            echo "Validation or test errors found:"
+            echo "${{ steps.validate.outputs.stderr }}"
+            exit 1
+          else
+            echo "All validations and tests passed successfully!"
+          fi

From b8a4275d3d39a10e009ef45d803a49f158573fe8 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 3 Apr 2025 12:06:19 -0400
Subject: [PATCH 2/2] update release action

---
 .github/workflows/terraform-release.yaml | 37 ++----------------------
 1 file changed, 2 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml
index 90910bc..04b96db 100644
--- a/.github/workflows/terraform-release.yaml
+++ b/.github/workflows/terraform-release.yaml
@@ -15,11 +15,6 @@ jobs:
       - name: Checkout code
         uses: CSVD/gh-actions-checkout@v4
 
-      - name: Setup Terraform
-        uses: CSVD/gh-actions-setup-terraform@v3
-        with:
-          terraform_version: "1.9.1"
-
       - name: Setup GITHUB Credentials
         id: github_credentials
         uses: CSVD/gh-auth@main
@@ -28,28 +23,6 @@ jobs:
           github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
           github_app_id: ${{ vars.GH_APP_ID }}
 
-
-      - name: Debug Authentication
-        run: |
-          # Print the GitHub server URL
-          echo "GitHub Server URL: ${{ github.server_url }}"
-
-          # Extract the host from the URL
-          HOST="${{ github.server_url }}"
-          HOST="${HOST#*//}"
-          HOST="${HOST%%/*}"
-          echo "GitHub Host: $HOST"
-
-          # Check if token exists
-          if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then
-            echo "Token generated successfully"
-            # Test the token with a simple GitHub API call (without exposing the token)
-            STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user")
-            echo "API Test Status Code: $STATUS"
-          else
-            echo "No token was generated!"
-          fi
-
       - name: Setup GitHub CLI
         run: |
           # Force manual authentication since setup-git might not work with GitHub Enterprise
@@ -60,14 +33,8 @@ jobs:
           # Test GitHub CLI auth status
           gh auth status || echo "GitHub CLI authentication failed"
 
-      - name: AWS Auth
-        id: aws_auth
-        uses: CSVD/aws-auth@main
-        with:
-          ecs: true
-
-      - name: Run Terraform Module Release Action
-        uses: CSVD/terraform-module-release@main
+      - name: Run Release Action
+        uses: CSVD/releaser@main
         with:
           github-token: ${{ steps.github_credentials.outputs.github_token }}
           working-directory: '.'