lablabs · jaygridley · Aug 12, 2025 · May 27, 2025 · May 28, 2025 · May 28, 2025
diff --git a/.github/workflows/cache-warmup.yaml b/.github/workflows/cache-warmup.yaml
@@ -0,0 +1,57 @@
+name: Cache Warmup
+
+on:
+  push:
+    branches:
+      - main # caches from the main branch are shared with all other branches and pull requests
+
+permissions: {}
+
+env:
+  # renovate: datasource=github-releases depName=asdf-vm/asdf
+  ASDF_VERSION: 0.18.0
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Setup ASDF
+        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
+        with:
+          asdf_version: ${{ env.ASDF_VERSION }}
+
+      - name: Cache ASDF
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        id: asdf-cache
+        with:
+          # https://github.com/asdf-vm/asdf/blob/master/.gitignore
+          path: |
+            ~/.asdf/installs
+            ~/.asdf/plugins
+            ~/.asdf/shims
+            ~/.cache/pip
+          key: ${{ runner.os }}-asdf-${{ hashFiles('.tool-versions') }}-warmup
+          restore-keys: ${{ runner.os }}-asdf-
+
+      - name: Install ASDF
+        uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
+        if: ${{ steps.asdf-cache.outputs.cache-hit != 'true' }}
+        with:
+          asdf_version: ${{ env.ASDF_VERSION }}
+
+      - name: Cache pre-commit
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        with:
+          path: ~/.cache/pre-commit
+          key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-warmup
+          restore-keys: ${{ runner.os }}-pre-commit-
+
+      - name: Run pre-commit
+        run: pre-commit install --install-hooks
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for GH API calls quota
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,69 @@
+name: pre-commit
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - master
+
+permissions:
+  contents: read
+
+concurrency:
+  group: pre-commit-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  # renovate: datasource=github-releases depName=asdf-vm/asdf
+  ASDF_VERSION: 0.18.0
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Setup ASDF
+        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
+        with:
+          asdf_version: ${{ env.ASDF_VERSION }}
+
+      - name: Cache ASDF
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        id: asdf-cache
+        with:
+          # https://github.com/asdf-vm/asdf/blob/master/.gitignore
+          path: |
+            ~/.asdf/installs
+            ~/.asdf/plugins
+            ~/.asdf/shims
+            ~/.cache/pip
+          key: ${{ runner.os }}-asdf-${{ hashFiles('.tool-versions') }}
+          restore-keys: ${{ runner.os }}-asdf-${{ hashFiles('.tool-versions') }}-
+
+      - name: Install ASDF
+        uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
+        if: ${{ steps.asdf-cache.outputs.cache-hit != 'true' }}
+        with:
+          asdf_version: ${{ env.ASDF_VERSION }}
+
+      - name: Reshim installed ASDF tools
+        shell: bash
+        run: asdf reshim
+
+      - name: Cache pre-commit
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        with:
+          path: ~/.cache/pre-commit
+          key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-
+
+      - name: Run pre-commit
+        run: pre-commit run --show-diff-on-failure --color=always --all-files
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for GH API calls quota
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for zizmor
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,31 @@
+name: Pull Request
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  semantic-title:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+            chore
+            ci
+            docs
+            feat
+            fix
+            refactor
+            style
+          requireScope: true
+          subjectPattern: "^.{0,120}$"
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
diff --git a/.github/workflows/template-sync.yaml b/.github/workflows/template-sync.yaml
@@ -0,0 +1,91 @@
+name: Template sync
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *' # every day at midnight
+
+permissions: {}
+
+concurrency:
+  group: pre-commit
+  cancel-in-progress: false
+
+env:
+  # renovate: datasource=github-releases depName=asdf-vm/asdf
+  ASDF_VERSION: 0.18.0
+
+jobs:
+  universal-addon:
+    if: github.repository != 'lablabs/terraform-aws-eks-universal-addon'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Generate GitHub App token
+        id: template-sync-app-token
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        with:
+          app-id: ${{ secrets.LARA_TEMPLATE_SYNC_APP_ID }}
+          private-key: ${{ secrets.LARA_TEMPLATE_SYNC_APP_PRIVATE_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          token: ${{ steps.template-sync-app-token.outputs.token }} # needed for private repositories
+          persist-credentials: false
+
+      - name: Sync universal-addon template
+        uses: AndreasAugustin/actions-template-sync@8ec19a5f2721ffb81ff809aa340ddf75e6a85ea6 # v2.5.2
+        with:
+          source_gh_token: ${{ steps.template-sync-app-token.outputs.token }}
+          source_repo_path: lablabs/terraform-aws-eks-universal-addon
+          upstream_branch: main
+
+          target_gh_token: ${{ steps.template-sync-app-token.outputs.token }}
+
+          git_remote_pull_params: --allow-unrelated-histories --squash --strategy=recursive --no-tags -X theirs
+
+          pr_labels: kind/sync
+          pr_branch_name_prefix: "feat/universal-addon-sync"
+          pr_title: "feat(sync): sync universal-addon changes"
+          pr_commit_msg: "feat(sync): sync universal-addon changes"
+
+          is_pr_cleanup: true
+
+      - name: Setup ASDF
+        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
+        with:
+          asdf_version: ${{ env.ASDF_VERSION }}
+
+      - name: Cache ASDF
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        id: asdf-cache
+        with:
+          # https://github.com/asdf-vm/asdf/blob/master/.gitignore
+          path: |
+            ~/.asdf/installs
+            ~/.asdf/plugins
+            ~/.asdf/shims
+            ~/.cache/pip
+          key: ${{ runner.os }}-asdf-${{ hashFiles('.tool-versions') }}
+          restore-keys: ${{ runner.os }}-asdf-${{ hashFiles('.tool-versions') }}-
+
+      - name: Install ASDF
+        uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
+        if: ${{ steps.asdf-cache.outputs.cache-hit != 'true' }}
+        with:
+          asdf_version: ${{ env.ASDF_VERSION }}
+
+      - name: Reshim installed ASDF tools
+        shell: bash
+        run: asdf reshim
+
+      - name: Update README.md
+        run: pre-commit run --show-diff-on-failure --color=always terraform_docs --all-files || true
+
+      - name: Commit and push README.md
+        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
+        with:
+          add: README.md
+          message: "docs: update README.md"
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -11,42 +11,45 @@ on:
       - master
 
 jobs:
-  versionExtract:
+  extract-version:
     name: Extract min/max Terraform versions
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
 
       - name: Extract Terraform min/max versions
-        id: minMax
-        uses: clowdhaus/terraform-min-max@main
+        id: terraform-min-max
+        uses: clowdhaus/terraform-min-max@04440fe3b2a1e64eb5ad115f8f7c57c4d6a54333 # v1.4.1
         with:
           directory: .
     outputs:
-      minVersion: ${{ steps.minMax.outputs.minVersion }}
-      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
+      minVersion: ${{ steps.terraform-min-max.outputs.minVersion }}
+      maxVersion: ${{ steps.terraform-min-max.outputs.maxVersion }}
 
   terraform-validate:
-    runs-on: ubuntu-22.04
-    needs: versionExtract
+    runs-on: ubuntu-24.04
+    needs: extract-version
     strategy:
       matrix:
         tf_ver:
-          - ${{ needs.versionExtract.outputs.minVersion }}
-          - ${{ needs.versionExtract.outputs.maxVersion }}
-
+          - ${{ needs.extract-version.outputs.minVersion }}
+          - ${{ needs.extract-version.outputs.maxVersion }}
     steps:
-    - uses: actions/checkout@v3
-    - uses: hashicorp/setup-terraform@v2
-      with:
-        terraform_version: ${{ matrix.tf_ver }}
-
-    - name: Terraform Init
-      id: init
-      run: terraform init
-
-    - name: Terraform Validate
-      id: validate
-      run: terraform validate
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+        with:
+          terraform_version: ${{ matrix.tf_ver }}
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Validate
+        run: terraform validate