fix: Add release

.github/workflows/release.yaml

@@ -7,58 +7,79 @@ on:
 
 env:
   AWS_REGION: us-west-1
-  TERRAFORM_VERSION: 1.5.7
+  AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test
 
-permissions:
-  id-token: write
-  contents: write
-  pull-requests: write
-  issues: write
+permissions: write-all
 
 jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - name: release-please
+      - uses: google-github-actions/release-please-action@v3
         id: release-please
-        uses: google-github-actions/release-please-action@v3
         with:
           release-type: terraform-module
           pull-request-title-pattern: "chore${scope}: release${component} ${version}"
-
-      - name: 'Remind to wait'
-        uses: peter-evans/create-or-update-comment@v3
+      - uses: peter-evans/create-or-update-comment@v3
+        name: 'Remind to wait'
         if: steps.release-please.outputs.pr
         with:
           issue-number: ${{ fromJson(steps.release-please.outputs.pr).number }}
           body: |
             Please make sure e2e tests pass before merging this PR!
             ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-
-      - name: 'Configure AWS credentials'
-        uses: aws-actions/configure-aws-credentials@v4
+      - uses: actions/checkout@v4
+        if: steps.release-please.outputs.pr
+        with:
+          token: ${{secrets.GITHUB_TOKEN}}
+      - uses: DeterminateSystems/nix-installer-action@main
+        if: steps.release-please.outputs.pr
+      - name: 'Restore Nix Store Cache'
+        if: steps.release-please.outputs.pr
+        id: cache-nix-store-restore
+        uses: actions/cache/restore@v3
+        with:
+          path: /nix/store
+          key: nix-store
+      - uses: nicknovitski/nix-develop@v1
+        if: steps.release-please.outputs.pr
+      - name: 'Cache Nix Store'
         if: steps.release-please.outputs.pr
+        id: cache-nix-store-save
+        uses: actions/cache/save@v3
         with:
-          role-to-assume: arn:aws:iam::270074865685:role/terraform-module-ci-test
+          path: /nix/store
+          key: ${{ steps.cache-nix-store-restore.outputs.cache-primary-key }}
+      - uses: aws-actions/configure-aws-credentials@v4
+        if: steps.release-please.outputs.pr
+        with:
+          role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
           aws-region: ${{env.AWS_REGION}}
-
-      - uses: actions/checkout@v4
+      - name: 'Restore Terraform Cache'
         if: steps.release-please.outputs.pr
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+        id: cache-terraform-restore
+        uses: actions/cache/restore@v3
+        with:
+          path: ${{ github.workspace }}/.terraform
+          key: terraform
+      - run: terraform init -upgrade
+        if: steps.release-please.outputs.pr
+      - name: 'Cache Terraform'
         if: steps.release-please.outputs.pr
+        id: cache-terraform-save
+        uses: actions/cache/save@v3
         with:
-          terraform_version: ${{env.TERRAFORM_VERSION}}
-          terraform_wrapper: false
-
-      - name: 'Run Terratest'
+          path: ${{ github.workspace }}/.terraform
+          key: ${{ steps.cache-terraform-restore.outputs.cache-primary-key }}
+      - run: cd ./tests && go test -v -timeout=40m -parallel=10
+        name: 'Terratest'
         if: steps.release-please.outputs.pr
-        run: cd ./tests && go test -v -timeout=40m -parallel=10
-
-      - name: 'Report Success'
-        uses: peter-evans/create-or-update-comment@v3
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          GITHUB_OWNER: rancher
+      - uses: peter-evans/create-or-update-comment@v3
+        name: 'Report Success'
         if: steps.release-please.outputs.pr
         with:
           issue-number: ${{ fromJson(steps.release-please.outputs.pr).number }}

.github/workflows/tests.yaml

@@ -4,57 +4,45 @@ on:
   pull_request:
     branches:
       - main
-env:
-  TERRAFORM_VERSION: 1.5.7
 
 jobs:
   terraform:
     name: 'Terraform'
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v3
-      with:
-        terraform_version: ${{env.TERRAFORM_VERSION}}
-        terraform_wrapper: false
-
-    - name: Init Basic
-      run: cd examples/basic && terraform init -upgrade
-
-    - name: Validate Basic
-      run: cd examples/basic && terraform validate
+    - uses: actions/checkout@v4
+    - uses: DeterminateSystems/nix-installer-action@main
+    - uses: DeterminateSystems/magic-nix-cache-action@main
+    - uses: nicknovitski/nix-develop@v1
+    - run: cd examples/basic && terraform version && terraform init -upgrade && terraform validate
+
+  actionlint:
+    name: 'Lint Workflows'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: DeterminateSystems/nix-installer-action@main
+    - uses: DeterminateSystems/magic-nix-cache-action@main
+    - uses: nicknovitski/nix-develop@v1
+    - run: actionlint
 
   tflint:
     name: 'TFLint'
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
+    - uses: actions/checkout@v4
     - uses: terraform-linters/setup-tflint@v4
-      name: Setup TFLint
       with:
         tflint_version: latest
-
-    - name: Show version
-      run: tflint --version
-
-    - name: Init TFLint
-      run: tflint --init
-
-    - name: Run TFLint
-      run: tflint -f compact
+    - run: tflint --version
+    - run: tflint --init
+    - run: tflint -f compact
 
   shellcheck:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@master
+      - uses: ludeeus/action-shellcheck@master
 
   validate-commit-message:
     name: Validate Commit Message

.github/workflows/updatecli.yaml

@@ -15,7 +15,7 @@ permissions:
 jobs:
   updatecli:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/master'
+    if: github.ref == 'refs/heads/main'
     steps:
       - name: Checkout
         uses: actions/checkout@v4

README.md

@@ -1,9 +1,5 @@
 # Terraform AWS Access
 
-WARNING! This is a work in progress and not ready to be used.
-
-This is an "Independent" module, please see [terraform.md](./terraform.md) for more information.
-
 ## AWS Access
 
 The first step to using the AWS modules is having an AWS account, [here](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html) is a document describing this process.
@@ -48,9 +44,8 @@ These tools are not necessary, but they can make it much simpler to collaborate.
 * I navigate to the `tests` directory and run `go test -v -timeout=5m -parallel=10`
 * To run an individual test I nvaigate to the `tests` directory and run `go test -v -timeout=5m -run <test function name>`
   * eg. `go test -v -timeout=5m -run TestBasic`
-* I use `override.tf` files to change the values of `examples` to personalized data so that I can run them
 
-Our continuous integration tests in the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md), which has many different things installed.
+Our continuous integration tests in the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md), which has many different things installed, we use nix to add dependencies.
 
 ### Override Tests
 

flake.nix

@@ -1,8 +1,8 @@
 {
   # validate a flake with 'nix flake check .'
   # alias the use of flakes with: "alias nix='nix --extra-experimental-features nix-command --extra-experimental-features flakes'"
-  #  you can also set a config file at ~/.config/nix/nix.conf or /etc/nix.conf, but I wanted to remove that dependency
 
+  # WARNING! this is linux/mac only!
   description = "A reliable testing environment";
 
   # https://status.nixos.org/ has the latest channels, it is recommended to use a commit hash
@@ -19,29 +19,59 @@
   #inputs.nixpkgs.follows = "nixpkgs/0228346f7b58f1a284fdb1b72df6298b06677495";
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-    nixpkgs-terraform.url = "github:/NixOS/nixpkgs/39ed4b64ba5929e8e9221d06b719a758915e619b";
     flake-utils.url = "github:numtide/flake-utils";
   };
-  outputs = { self, nixpkgs, nixpkgs-terraform, flake-utils }:
+  outputs = { self, nixpkgs, flake-utils, ... }:
     flake-utils.lib.eachDefaultSystem (system:
       # 'legacy' is not bad, it looks for previously imported nixpkgs
       #  this allows idempotent loading of nixpkgs in dependent flakes
       # https://discourse.nixos.org/t/using-nixpkgs-legacypackages-system-vs-import/17462/8
       let
         pkgs = nixpkgs.legacyPackages.${system};
-        pkgs-terraform = nixpkgs-terraform.legacyPackages.${system};
+
+        # get "leftovers" bin from release and add it to shell
+        leftovers-version = {
+          # remember when updating the version to also update the shas
+          # to get the sha, download the file and run 'nix hash file <file>'
+          "selected" = "v0.70.0";
+        };
+        leftovers-urls = {
+          "x86_64-darwin" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-amd64";
+          "aarch64-darwin" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-arm64";
+          "x86_64-linux" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-linux-amd64";
+        };
+        leftovers-shas = {
+          "x86_64-linux" = "sha256-D2OPjLlV5xR3f+dVHu0ld6bQajD5Rv9GLCMCk9hXlu8=";
+          "x86_64-darwin" = "sha256-HV12kHqB14lGDm1rh9nD1n7Jvw0rCnxmjC9gusw7jfo=";
+          "aarch64-darwin" = "sha256-Tw7G538RYZrwIauN7kI68u6aKS4d/0Efh+dirL/kzoM=";
+        };
+        leftovers = pkgs.runCommand "leftovers-${leftovers-version.selected}" {} ''
+          cp ${pkgs.fetchurl {
+            url = leftovers-urls."${system}";
+            sha256 = leftovers-shas."${system}";
+          }} $out
+          chmod +x $out
+        '';
+        leftovers-wrapper = pkgs.writeShellScriptBin "leftovers" ''
+          exec ${leftovers} "$@"
+        '';
       in
       {
-        devShell = pkgs.mkShell {
-          buildInputs = with pkgs; with pkgs-terraform; [
+        devShells.default = pkgs.mkShell {
+          buildInputs = with pkgs; [
             bashInteractive
             git
-            terraform
             tflint
             shellcheck
+            tfswitch
+            actionlint
+            act
           ];
           shellHook = ''
-            source .envrc
+            rm -rf "/usr/local/bin/switched-terraform"
+            install -d "/usr/local/bin/switched-terraform"
+            tfswitch -b "/usr/local/bin/switched-terraform/terraform" -d "1.5.7" 1.5.7 > /dev/null;
+            export PATH="$PATH:${leftovers-wrapper}/bin:/usr/local/bin/switched-terraform";
           '';
         };
       }

modules/vpc/main.tf

@@ -21,12 +21,21 @@ resource "aws_vpc" "new" {
   }
   assign_generated_ipv6_cidr_block = true
 }
+
 resource "aws_internet_gateway" "new" {
   count  = local.create
+  depends_on = [
+    aws_vpc.new,
+  ]
   vpc_id = aws_vpc.new[0].id
 }
+
 resource "aws_route" "public" {
   count                  = local.create
+  depends_on = [
+    aws_internet_gateway.new,
+    aws_vpc.new,
+  ]
   route_table_id         = aws_vpc.new[0].default_route_table_id
   gateway_id             = aws_internet_gateway.new[0].id
   destination_cidr_block = "0.0.0.0/0"