From 3d97619a1b5053c7d39246c966fcb988701cf641 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 18 Oct 2025 09:13:00 -0500 Subject: [PATCH 1/5] fix: Update CI workflow versions to latest --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 88 +++++++++++++++++++++------- .github/workflows/release.yml | 8 +-- .github/workflows/stale-actions.yaml | 2 +- .gitignore | 11 ++-- .pre-commit-config.yaml | 4 +- examples/README.md | 8 +++ 7 files changed, 88 insertions(+), 35 deletions(-) create mode 100644 examples/README.md diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 1e50760e..6419f3aa 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.5.3 + - uses: amannn/action-semantic-pull-request@v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index a19ff831..8c4ea345 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.19.0 - TFLINT_VERSION: v0.53.0 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.14.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,27 +32,50 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +84,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -72,26 +95,49 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a942261..48ea9b01 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,18 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@v5 with: - semantic_version: 23.0.2 + semantic_version: 25.0.0 extra_plugins: | @semantic-release/changelog@6.0.3 @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.0.2 + conventional-changelog-conventionalcommits@7.1.1 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 6ccd0ed8..3e826dcf 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.gitignore b/.gitignore index d5763d01..eca83dd8 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,6 @@ # .tfstate files *.tfstate *.tfstate.* -*.tfplan # Crash log files crash.log @@ -29,9 +28,9 @@ override.tf.json .terraformrc terraform.rc -# Lambda directories -builds/ -__pycache__/ +# Zip archive +*.zip +builds -# Test directories -.tox +.DS_Store +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7b4e83b2..991a8bbf 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.99.4 + rev: v1.103.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - "--args=--only=terraform_workspace_remote" - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..f417c0ad --- /dev/null +++ b/examples/README.md @@ -0,0 +1,8 @@ +# Examples + +Please note - the examples provided serve two primary means: + +1. Show users working examples of the various ways in which the module can be configured and features supported +2. A means of testing/validating module changes + +Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc. From c3c2dabdba3356da3e9175b21ced0d77f0ad291f Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 14:35:34 -0500 Subject: [PATCH 2/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 13 +++++++++---- .github/workflows/release.yml | 17 +++++++++++++---- .gitignore | 5 +++-- .releaserc.json => docs/.releaserc.json | 0 CHANGELOG.md => docs/CHANGELOG.md | 0 5 files changed, 25 insertions(+), 10 deletions(-) rename .releaserc.json => docs/.releaserc.json (100%) rename CHANGELOG.md => docs/CHANGELOG.md (100%) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 8c4ea345..c6e88978 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -50,13 +50,12 @@ jobs: BEFORE=$(getAvailableSpace) ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz - sudo rmz -f /usr/share/dotnet & - sudo rmz -f /usr/local/.ghcup & rmz -f /opt/hostedtoolcache/CodeQL & rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + wait AFTER=$(getAvailableSpace) @@ -113,13 +112,19 @@ jobs: BEFORE=$(getAvailableSpace) ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz - sudo rmz -f /usr/share/dotnet & - sudo rmz -f /usr/local/.ghcup & rmz -f /opt/hostedtoolcache/CodeQL & rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + + if ${{ github.repository }} == 'terraform-aws-modules/terraform-aws-security-group'; + then + sudo rmz -f /usr/local/lib/android & + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + fi + wait AFTER=$(getAvailableSpace) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 48ea9b01..7558cc8a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,13 +25,22 @@ jobs: persist-credentials: false fetch-depth: 0 + - name: Set correct Node.js version + uses: actions/setup-node@v6 + with: + node-version: 24 + + - name: Install dependencies + run: | + npm install \ + @semantic-release/changelog@6.0.3 \ + @semantic-release/git@10.0.1 \ + conventional-changelog-conventionalcommits@9.1.0 + - name: Release uses: cycjimmy/semantic-release-action@v5 with: semantic_version: 25.0.0 - extra_plugins: | - @semantic-release/changelog@6.0.3 - @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.1.1 + working_directory: docs/ env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.gitignore b/.gitignore index eca83dd8..f5abfc78 100644 --- a/.gitignore +++ b/.gitignore @@ -28,9 +28,10 @@ override.tf.json .terraformrc terraform.rc -# Zip archive +# Lambda build artifacts +builds/ +__pycache__/ *.zip -builds .DS_Store .idea diff --git a/.releaserc.json b/docs/.releaserc.json similarity index 100% rename from .releaserc.json rename to docs/.releaserc.json diff --git a/CHANGELOG.md b/docs/CHANGELOG.md similarity index 100% rename from CHANGELOG.md rename to docs/CHANGELOG.md From 8b6857118a667816101d130c31b48ed220e5c4b6 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 15:06:29 -0500 Subject: [PATCH 3/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 8 ++++++-- .gitignore | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c6e88978..cb40825c 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -118,8 +118,7 @@ jobs: rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & - if ${{ github.repository }} == 'terraform-aws-modules/terraform-aws-security-group'; - then + if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then sudo rmz -f /usr/local/lib/android & sudo rmz -f /usr/share/dotnet & sudo rmz -f /usr/local/.ghcup & @@ -141,6 +140,11 @@ jobs: id: minMax uses: clowdhaus/terraform-min-max@v2.1.0 + - name: Hide template dir + # Special to this repo, we don't want to check this dir + if: ${{ github.repository == 'terraform-aws-modules/terraform-aws-security-group' }} + run: rm -rf modules/_templates + - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: diff --git a/.gitignore b/.gitignore index f5abfc78..fd39819e 100644 --- a/.gitignore +++ b/.gitignore @@ -32,6 +32,8 @@ terraform.rc builds/ __pycache__/ *.zip +.tox +# Local editors/macos files .DS_Store .idea From 825c73ea03e44d52afbafc492050c788bd25364a Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 15:39:55 -0500 Subject: [PATCH 4/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb40825c..057b9c42 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -117,11 +117,25 @@ jobs: rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + sudo rmz -f /usr/local/lib/android & if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then - sudo rmz -f /usr/local/lib/android & sudo rmz -f /usr/share/dotnet & sudo rmz -f /usr/local/.ghcup & + sudo apt-get -qq remove -y 'azure-.*' + sudo apt-get -qq remove -y 'cpp-.*' + sudo apt-get -qq remove -y 'dotnet-runtime-.*' + sudo apt-get -qq remove -y 'google-.*' + sudo apt-get -qq remove -y 'libclang-.*' + sudo apt-get -qq remove -y 'libllvm.*' + sudo apt-get -qq remove -y 'llvm-.*' + sudo apt-get -qq remove -y 'mysql-.*' + sudo apt-get -qq remove -y 'postgresql-.*' + sudo apt-get -qq remove -y 'php.*' + sudo apt-get -qq remove -y 'temurin-.*' + sudo apt-get -qq remove -y kubectl firefox mono-devel + sudo apt-get -qq autoremove -y + sudo apt-get -qq clean fi wait From a8f0ef0d73845e542930b0eae5ea70e3a063194c Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 20 Oct 2025 10:06:03 -0500 Subject: [PATCH 5/5] fix: Move changelog back to project root --- .github/workflows/release.yml | 1 - docs/.releaserc.json => .releaserc.json | 0 docs/CHANGELOG.md => CHANGELOG.md | 0 3 files changed, 1 deletion(-) rename docs/.releaserc.json => .releaserc.json (100%) rename docs/CHANGELOG.md => CHANGELOG.md (100%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7558cc8a..e739b790 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,6 +41,5 @@ jobs: uses: cycjimmy/semantic-release-action@v5 with: semantic_version: 25.0.0 - working_directory: docs/ env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/docs/.releaserc.json b/.releaserc.json similarity index 100% rename from docs/.releaserc.json rename to .releaserc.json diff --git a/docs/CHANGELOG.md b/CHANGELOG.md similarity index 100% rename from docs/CHANGELOG.md rename to CHANGELOG.md