diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml
new file mode 100644
index 0000000..04b96db
--- /dev/null
+++ b/.github/workflows/terraform-release.yaml
@@ -0,0 +1,40 @@
+name: Terraform CI/CD
+on:
+ workflow_dispatch:
+ pull_request:
+ types: [closed]
+ branches:
+ - main
+jobs:
+ terraform-ci-cd:
+ runs-on: 229685449397
+ permissions:
+ contents: write
+
+ steps:
+ - name: Checkout code
+ uses: CSVD/gh-actions-checkout@v4
+
+ - name: Setup GITHUB Credentials
+ id: github_credentials
+ uses: CSVD/gh-auth@main
+ with:
+ github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+ github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+ github_app_id: ${{ vars.GH_APP_ID }}
+
+ - name: Setup GitHub CLI
+ run: |
+ # Force manual authentication since setup-git might not work with GitHub Enterprise
+ echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt
+ gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt
+ rm /tmp/token.txt
+
+ # Test GitHub CLI auth status
+ gh auth status || echo "GitHub CLI authentication failed"
+
+ - name: Run Release Action
+ uses: CSVD/releaser@main
+ with:
+ github-token: ${{ steps.github_credentials.outputs.github_token }}
+ working-directory: '.'
diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml
new file mode 100644
index 0000000..72829d8
--- /dev/null
+++ b/.github/workflows/terraform-validate.yaml
@@ -0,0 +1,42 @@
+name: Terraform Validate
+on:
+ pull_request:
+ workflow_dispatch:
+
+jobs:
+
+ terraform-validate:
+ runs-on: "229685449397"
+ permissions:
+ contents: write
+ steps:
+ - name: Checkout code
+ uses: CSVD/gh-actions-checkout@v4
+
+ - name: Setup Terraform
+ uses: CSVD/gh-actions-setup-terraform@v2
+ with:
+ terraform_version: '1.7.3'
+
+ - name: Validate Terraform Configuration
+ id: validate
+ uses: CSVD/terraform-validate@main
+
+ - name: Check Validation/Test Results
+ if: always()
+ run: |
+ # Set default values if outputs are empty
+ IS_VALID="${{ steps.validate.outputs.is_valid }}"
+ TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}"
+
+ # If outputs are empty, set them to false
+ [ -z "$IS_VALID" ] && IS_VALID="false"
+ [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false"
+
+ if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then
+ echo "Validation or test errors found:"
+ echo "${{ steps.validate.outputs.stderr }}"
+ exit 1
+ else
+ echo "All validations and tests passed successfully!"
+ fi
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2675093..0e4a8bc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -49,7 +49,7 @@ repos:
# Terraform Hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.97.3 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ rev: v1.98.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
hooks:
- id: terraform_fmt
args:
@@ -106,6 +106,6 @@ repos:
# - --hook-config=--parallelism-ci-cpu-cores=2
- repo: https://github.com/ljnsn/cz-conventional-gitmoji
- rev: v0.6.1
+ rev: v0.7.0
hooks:
- id: conventional-gitmoji
diff --git a/.tflint.hcl b/.tflint.hcl
index 684d807..ab8ea66 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -4,18 +4,18 @@ config {
disabled_by_default = false
}
-rule "aws_instance_invalid_type" {
- enabled = true
-}
+# rule "aws_instance_invalid_type" {
+# enabled = true
+# }
-plugin "aws" {
- enabled = true
- version = "0.32.0"
- source = "github.com/terraform-linters/tflint-ruleset-aws"
-}
+# plugin "aws" {
+# enabled = true
+# version = "0.32.0"
+# source = "github.com/terraform-linters/tflint-ruleset-aws"
+# }
-plugin "terraform" {
- enabled = true
- version = "0.9.0"
- source = "github.com/terraform-linters/tflint-ruleset-terraform"
-}
+# plugin "terraform" {
+# enabled = true
+# version = "0.9.0"
+# source = "github.com/terraform-linters/tflint-ruleset-terraform"
+# }
diff --git a/README.md b/README.md
index 79d81de..2917130 100644
--- a/README.md
+++ b/README.md
@@ -87,15 +87,15 @@ have a istio proxy configured, prevent communication with that pod.)
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.86.1 |
+| [aws](#provider\_aws) | 5.89.0 |
| [helm](#provider\_helm) | 2.17.0 |
-| [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| [kubernetes](#provider\_kubernetes) | 2.36.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+| [images](#module\_images) | git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
## Resources
diff --git a/copy_images.tf b/copy_images.tf
index 1c49fdc..ed05587 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -25,7 +25,7 @@ locals {
}
module "images" {
- source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
+ source = "git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
profile = var.profile
application_name = var.cluster_name
diff --git a/main.tf b/main.tf
index 062d18f..c3cc98c 100644
--- a/main.tf
+++ b/main.tf
@@ -166,6 +166,46 @@ resource "helm_release" "ingress" {
}
}
+ set {
+ name = "autoscaling.enabled"
+ value = "true"
+ }
+
+ set {
+ name = "autoscaling.minReplicas"
+ value = "2"
+ }
+
+ set {
+ name = "autoscaling.maxReplicas"
+ value = "5"
+ }
+
+ set {
+ name = "autoscaling.targetCPUUtilizationPercentage"
+ value = "80"
+ }
+
+ set {
+ name = "resources.requests.cpu"
+ value = "100m"
+ }
+
+ set {
+ name = "resources.requests.memory"
+ value = "128Mi"
+ }
+
+ set {
+ name = "resources.limits.cpu"
+ value = "2000m"
+ }
+
+ set {
+ name = "resources.limits.memory"
+ value = "1Gi"
+ }
+
timeout = 90
}