From 3e4bba706971447f5479c14e8b361dba64a641c9 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 11:41:03 -0400 Subject: [PATCH 1/6] add module release process --- .github/dependabot.yml | 11 ++++ .github/workflows/terraform-release.yaml | 73 +++++++++++++++++++++++ .github/workflows/terraform-validate.yaml | 42 +++++++++++++ 3 files changed, 126 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/terraform-release.yaml create mode 100644 .github/workflows/terraform-validate.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..867570d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "terraform" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml new file mode 100644 index 0000000..90910bc --- /dev/null +++ b/.github/workflows/terraform-release.yaml @@ -0,0 +1,73 @@ +name: Terraform CI/CD +on: + workflow_dispatch: + pull_request: + types: [closed] + branches: + - main +jobs: + terraform-ci-cd: + runs-on: 229685449397 + permissions: + contents: write + + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v3 + with: + terraform_version: "1.9.1" + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_app_id: ${{ vars.GH_APP_ID }} + + + - name: Debug Authentication + run: | + # Print the GitHub server URL + echo "GitHub Server URL: ${{ github.server_url }}" + + # Extract the host from the URL + HOST="${{ github.server_url }}" + HOST="${HOST#*//}" + HOST="${HOST%%/*}" + echo "GitHub Host: $HOST" + + # Check if token exists + if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then + echo "Token generated successfully" + # Test the token with a simple GitHub API call (without exposing the token) + STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user") + echo "API Test Status Code: $STATUS" + else + echo "No token was generated!" + fi + + - name: Setup GitHub CLI + run: | + # Force manual authentication since setup-git might not work with GitHub Enterprise + echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt + gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt + rm /tmp/token.txt + + # Test GitHub CLI auth status + gh auth status || echo "GitHub CLI authentication failed" + + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + + - name: Run Terraform Module Release Action + uses: CSVD/terraform-module-release@main + with: + github-token: ${{ steps.github_credentials.outputs.github_token }} + working-directory: '.' diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml new file mode 100644 index 0000000..72829d8 --- /dev/null +++ b/.github/workflows/terraform-validate.yaml @@ -0,0 +1,42 @@ +name: Terraform Validate +on: + pull_request: + workflow_dispatch: + +jobs: + + terraform-validate: + runs-on: "229685449397" + permissions: + contents: write + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: '1.7.3' + + - name: Validate Terraform Configuration + id: validate + uses: CSVD/terraform-validate@main + + - name: Check Validation/Test Results + if: always() + run: | + # Set default values if outputs are empty + IS_VALID="${{ steps.validate.outputs.is_valid }}" + TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" + + # If outputs are empty, set them to false + [ -z "$IS_VALID" ] && IS_VALID="false" + [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" + + if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then + echo "Validation or test errors found:" + echo "${{ steps.validate.outputs.stderr }}" + exit 1 + else + echo "All validations and tests passed successfully!" + fi From b8a4275d3d39a10e009ef45d803a49f158573fe8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 3 Apr 2025 12:06:19 -0400 Subject: [PATCH 2/6] update release action --- .github/workflows/terraform-release.yaml | 37 ++---------------------- 1 file changed, 2 insertions(+), 35 deletions(-) diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml index 90910bc..04b96db 100644 --- a/.github/workflows/terraform-release.yaml +++ b/.github/workflows/terraform-release.yaml @@ -15,11 +15,6 @@ jobs: - name: Checkout code uses: CSVD/gh-actions-checkout@v4 - - name: Setup Terraform - uses: CSVD/gh-actions-setup-terraform@v3 - with: - terraform_version: "1.9.1" - - name: Setup GITHUB Credentials id: github_credentials uses: CSVD/gh-auth@main @@ -28,28 +23,6 @@ jobs: github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} github_app_id: ${{ vars.GH_APP_ID }} - - - name: Debug Authentication - run: | - # Print the GitHub server URL - echo "GitHub Server URL: ${{ github.server_url }}" - - # Extract the host from the URL - HOST="${{ github.server_url }}" - HOST="${HOST#*//}" - HOST="${HOST%%/*}" - echo "GitHub Host: $HOST" - - # Check if token exists - if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then - echo "Token generated successfully" - # Test the token with a simple GitHub API call (without exposing the token) - STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user") - echo "API Test Status Code: $STATUS" - else - echo "No token was generated!" - fi - - name: Setup GitHub CLI run: | # Force manual authentication since setup-git might not work with GitHub Enterprise @@ -60,14 +33,8 @@ jobs: # Test GitHub CLI auth status gh auth status || echo "GitHub CLI authentication failed" - - name: AWS Auth - id: aws_auth - uses: CSVD/aws-auth@main - with: - ecs: true - - - name: Run Terraform Module Release Action - uses: CSVD/terraform-module-release@main + - name: Run Release Action + uses: CSVD/releaser@main with: github-token: ${{ steps.github_credentials.outputs.github_token }} working-directory: '.' From 2be2d988089122a81f11e3d2cc5a6b2157a1c3f3 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 17 Apr 2025 23:39:10 -0400 Subject: [PATCH 3/6] dynamic version --- README.md | 12 ++++++++---- requirements.tf | 4 ++++ version.tf | 27 +++++++++++++++++++++++++-- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 9a596d4..228e81e 100644 --- a/README.md +++ b/README.md @@ -22,15 +22,17 @@ Change logs are auto-generated with commitizen. |------|---------| | [terraform](#requirement\_terraform) | >= 1.5 | | [aws](#requirement\_aws) | >= 5.14.0 | +| [null](#requirement\_null) | >= 3.2.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.87.0 | -| [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.87.0 | -| [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.87.0 | -| [aws.self](#provider\_aws.self) | 5.87.0 | +| [aws](#provider\_aws) | >= 5.14.0 | +| [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | >= 5.14.0 | +| [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | >= 5.14.0 | +| [aws.self](#provider\_aws.self) | >= 5.14.0 | +| [null](#provider\_null) | >= 3.2.1 | ## Modules @@ -50,6 +52,8 @@ No modules. | [aws_route53_zone_association.central_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | +| [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.module_name](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | diff --git a/requirements.tf b/requirements.tf index 94a08f3..7f4f431 100644 --- a/requirements.tf +++ b/requirements.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = ">= 5.14.0" } + null = { + source = "hashicorp/null" + version = ">= 3.2.1" + } } } diff --git a/version.tf b/version.tf index b25f43f..5e10369 100644 --- a/version.tf +++ b/version.tf @@ -1,4 +1,27 @@ +resource "null_resource" "git_version" { + triggers = { + # Force this to run on every apply to get the latest tag value + always_run = timestamp() + } + + provisioner "local-exec" { + command = "git describe --tags --abbrev=0 2>/dev/null || echo 'unknown' > ${path.module}/.git_tag" + on_failure = continue + } +} + +resource "null_resource" "module_name" { + triggers = { + module_path = path.module + } + + provisioner "local-exec" { + command = "basename $(pwd) > ${path.module}/.module_name" + on_failure = continue + } +} + locals { - module_name = "tfmod-eks-dns" - module_version = "0.1.1" + module_name = fileexists("${path.module}/.module_name") ? trimspace(file("${path.module}/.module_name")) : "tfmod-eks-dns" + module_version = fileexists("${path.module}/.git_tag") ? trimspace(file("${path.module}/.git_tag")) : "latest" } From fc45158df7c4462c2b56242deb748bb942a64833 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 21 Apr 2025 11:41:59 -0400 Subject: [PATCH 4/6] ensure workflows are current --- terraform-release.yaml | 40 +++++++++++++++++++++++++++++++++++++++ terraform-validate.yaml | 42 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 terraform-release.yaml create mode 100644 terraform-validate.yaml diff --git a/terraform-release.yaml b/terraform-release.yaml new file mode 100644 index 0000000..3f67574 --- /dev/null +++ b/terraform-release.yaml @@ -0,0 +1,40 @@ +name: Terraform Module Release +on: + workflow_dispatch: + pull_request: + types: [closed] + branches: + - main +jobs: + terraform-release: + runs-on: "229685449397" + permissions: + contents: write + + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_app_id: ${{ vars.GH_APP_ID }} + + - name: Setup GitHub CLI + run: | + # Force manual authentication since setup-git might not work with GitHub Enterprise + echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt + gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt + rm /tmp/token.txt + + # Test GitHub CLI auth status + gh auth status || echo "GitHub CLI authentication failed" + + - name: Run Release Action + uses: CSVD/releaser@main + with: + github-token: ${{ steps.github_credentials.outputs.github_token }} + working-directory: '.' diff --git a/terraform-validate.yaml b/terraform-validate.yaml new file mode 100644 index 0000000..ac349eb --- /dev/null +++ b/terraform-validate.yaml @@ -0,0 +1,42 @@ +name: Terraform Validate +on: + pull_request: + workflow_dispatch: + +jobs: + + terraform-validate: + runs-on: "229685449397" + permissions: + contents: write + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: '1.10.5' + + - name: Validate Terraform Configuration + id: validate + uses: CSVD/terraform-validate@main + + - name: Check Validation/Test Results + if: always() + run: | + # Set default values if outputs are empty + IS_VALID="${{ steps.validate.outputs.is_valid }}" + TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" + + # If outputs are empty, set them to false + [ -z "$IS_VALID" ] && IS_VALID="false" + [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" + + if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then + echo "Validation or test errors found:" + echo "${{ steps.validate.outputs.stderr }}" + exit 1 + else + echo "All validations and tests passed successfully!" + fi From b4f754cff7075138880ba51f4cb7c78c80886202 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 21 Apr 2025 15:42:37 -0400 Subject: [PATCH 5/6] ensure workflows are current --- .github/workflows/terraform-release.yaml | 6 ++-- .github/workflows/terraform-validate.yaml | 2 +- terraform-release.yaml | 40 --------------------- terraform-validate.yaml | 42 ----------------------- 4 files changed, 4 insertions(+), 86 deletions(-) delete mode 100644 terraform-release.yaml delete mode 100644 terraform-validate.yaml diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml index 04b96db..3f67574 100644 --- a/.github/workflows/terraform-release.yaml +++ b/.github/workflows/terraform-release.yaml @@ -1,4 +1,4 @@ -name: Terraform CI/CD +name: Terraform Module Release on: workflow_dispatch: pull_request: @@ -6,8 +6,8 @@ on: branches: - main jobs: - terraform-ci-cd: - runs-on: 229685449397 + terraform-release: + runs-on: "229685449397" permissions: contents: write diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml index 72829d8..ac349eb 100644 --- a/.github/workflows/terraform-validate.yaml +++ b/.github/workflows/terraform-validate.yaml @@ -16,7 +16,7 @@ jobs: - name: Setup Terraform uses: CSVD/gh-actions-setup-terraform@v2 with: - terraform_version: '1.7.3' + terraform_version: '1.10.5' - name: Validate Terraform Configuration id: validate diff --git a/terraform-release.yaml b/terraform-release.yaml deleted file mode 100644 index 3f67574..0000000 --- a/terraform-release.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: Terraform Module Release -on: - workflow_dispatch: - pull_request: - types: [closed] - branches: - - main -jobs: - terraform-release: - runs-on: "229685449397" - permissions: - contents: write - - steps: - - name: Checkout code - uses: CSVD/gh-actions-checkout@v4 - - - name: Setup GITHUB Credentials - id: github_credentials - uses: CSVD/gh-auth@main - with: - github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} - github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} - github_app_id: ${{ vars.GH_APP_ID }} - - - name: Setup GitHub CLI - run: | - # Force manual authentication since setup-git might not work with GitHub Enterprise - echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt - gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt - rm /tmp/token.txt - - # Test GitHub CLI auth status - gh auth status || echo "GitHub CLI authentication failed" - - - name: Run Release Action - uses: CSVD/releaser@main - with: - github-token: ${{ steps.github_credentials.outputs.github_token }} - working-directory: '.' diff --git a/terraform-validate.yaml b/terraform-validate.yaml deleted file mode 100644 index ac349eb..0000000 --- a/terraform-validate.yaml +++ /dev/null @@ -1,42 +0,0 @@ -name: Terraform Validate -on: - pull_request: - workflow_dispatch: - -jobs: - - terraform-validate: - runs-on: "229685449397" - permissions: - contents: write - steps: - - name: Checkout code - uses: CSVD/gh-actions-checkout@v4 - - - name: Setup Terraform - uses: CSVD/gh-actions-setup-terraform@v2 - with: - terraform_version: '1.10.5' - - - name: Validate Terraform Configuration - id: validate - uses: CSVD/terraform-validate@main - - - name: Check Validation/Test Results - if: always() - run: | - # Set default values if outputs are empty - IS_VALID="${{ steps.validate.outputs.is_valid }}" - TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" - - # If outputs are empty, set them to false - [ -z "$IS_VALID" ] && IS_VALID="false" - [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" - - if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then - echo "Validation or test errors found:" - echo "${{ steps.validate.outputs.stderr }}" - exit 1 - else - echo "All validations and tests passed successfully!" - fi From 215ccd4f40e684bafe9e2b5d1f81809348295cf1 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 22 Apr 2025 00:04:17 -0400 Subject: [PATCH 6/6] ensure committed --- README.md | 1 - version.tf | 13 +------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/README.md b/README.md index 228e81e..2992eeb 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,6 @@ No modules. | [aws_route53_zone_association.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.module_name](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | diff --git a/version.tf b/version.tf index 5e10369..d6eeccb 100644 --- a/version.tf +++ b/version.tf @@ -10,18 +10,7 @@ resource "null_resource" "git_version" { } } -resource "null_resource" "module_name" { - triggers = { - module_path = path.module - } - - provisioner "local-exec" { - command = "basename $(pwd) > ${path.module}/.module_name" - on_failure = continue - } -} - locals { - module_name = fileexists("${path.module}/.module_name") ? trimspace(file("${path.module}/.module_name")) : "tfmod-eks-dns" + module_name = "tfmod-eks-dns" module_version = fileexists("${path.module}/.git_tag") ? trimspace(file("${path.module}/.git_tag")) : "latest" }