diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index dab48e9..b8da0f2 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -4,11 +4,10 @@ on: pull_request: push: branches: - - main - develop + - main jobs: -# Min Terraform version(s) getDirectories: name: Get root directories runs-on: ubuntu-latest @@ -25,13 +24,13 @@ jobs: - name: Build matrix id: matrix run: | - DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") + DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/providers.tf', '') for x in glob.glob('./**/providers.tf', recursive=True)]))") echo "::set-output name=directories::$DIRS" outputs: directories: ${{ steps.matrix.outputs.directories }} preCommitMinVersions: - name: Min TF validate + name: Min validate needs: getDirectories runs-on: ubuntu-latest strategy: @@ -58,11 +57,9 @@ jobs: with: terraform_version: ${{ steps.minMax.outputs.minVersion }} - - name: Install pre-commit dependencies + - name: Install pre-commit run: pip install pre-commit - -# Max Terraform version getBaseVersion: name: Module max TF version runs-on: ubuntu-latest @@ -78,7 +75,7 @@ jobs: maxVersion: ${{ steps.minMax.outputs.maxVersion }} preCommitMaxVersion: - name: Max TF pre-commit + name: Max pre-commit runs-on: ubuntu-latest needs: getBaseVersion strategy: @@ -105,10 +102,59 @@ jobs: run: | pip install pre-commit pip install checkov - curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v1.0.1-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit - # Run all pre-commit checks on max version supported - if: ${{ matrix.version == needs.getBaseVersion.outputs.maxVersion }} - run: pre-commit run --color=always --show-diff-on-failure --all-files + continue-on-error: true # To avoid pre-commit failure + run: | + pre-commit run --color=always --show-diff-on-failure --all-files + + - name: Get current branch name + id: vars + run: | + echo ::set-output name=branch_name::${GITHUB_REF##*/} + + - name: "Get branch name and save to env" + env: + IS_PR: ${{ github.EVENT_NAME == 'pull_request' }} + run: | + if ${IS_PR}; then + BRANCH_NAME="${GITHUB_HEAD_REF}" + else + BRANCH_NAME="${GITHUB_REF##*/}" + fi + echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV + + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs and commit changes + if: ${{ env.BRANCH_NAME }} == 'develop' + uses: terraform-docs/gh-actions@main + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" + + - name: Commit pre-commit modified files + if: ${{ env.BRANCH_NAME }} == 'develop' + run: | + git config --local user.email "terraform+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + git diff-index --quiet HEAD || (git add -A && git commit -m'[bot] update files' --allow-empty && git push -f) + + - uses: actions/checkout@v2 + - name: Create PR + continue-on-error: true + uses: repo-sync/pull-request@v2 + if: ${{ env.BRANCH_NAME }} == 'develop' + with: + source_branch: "develop" + destination_branch: "main" + pr_title: "Pulling ${{ github.ref }} into main" + pr_body: ":crown: *Automated PR*" + pr_label: "auto-pr" + pr_allow_empty: false + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale-actions.yml b/.github/workflows/stale-actions.yml new file mode 100644 index 0000000..e54077c --- /dev/null +++ b/.github/workflows/stale-actions.yml @@ -0,0 +1,32 @@ +name: "Mark or close stale issues and PRs" +on: + schedule: + - cron: "0 0 10 * *" + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v4 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # Staling issues and PR's + days-before-stale: 30 + stale-issue-label: stale + stale-pr-label: stale + stale-issue-message: | + This issue has been automatically marked as stale because it has been open 30 days + with no activity. Remove stale label or comment or this issue will be closed in 10 days + stale-pr-message: | + This PR has been automatically marked as stale because it has been open 30 days + with no activity. Remove stale label or comment or this PR will be closed in 10 days + # Not stale if have this labels or part of milestone + exempt-issue-labels: bug,wip,on-hold + exempt-pr-labels: bug,wip,on-hold + exempt-all-milestones: true + # Close issue operations + # Label will be automatically removed if the issues are no longer closed nor locked. + days-before-close: 10 + delete-branch: false + close-issue-message: This issue was automatically closed because of stale in 10 days + close-pr-message: This PR was automatically closed because of stale in 10 days diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7032bd4..60da21a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.60.0 + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.64.0 hooks: - id: terraform_fmt - id: terraform_tflint @@ -12,7 +12,7 @@ repos: - '--args=--only=terraform_documented_outputs' - '--args=--only=terraform_documented_variables' - '--args=--only=terraform_typed_variables' - - '--args=--only=terraform_module_pinned_source' + #- '--args=--only=terraform_module_pinned_source' - '--args=--only=terraform_naming_convention' - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' @@ -35,4 +35,4 @@ repos: hooks: - id: checkov verbose: true - args: [-d, '.', --framework, 'terraform', --download-external-modules, 'True', '--skip-check', "CKV2_AWS_6,CKV2_AWS_11,CKV2_AWS_12,CKV_AWS_18,CKV2_AWS_19,CKV_AWS_130,CKV_AWS_144,CKV_AWS_145"] + args: [-d, '.', --framework,'terraform'] diff --git a/README.md b/README.md index 758a6df..fbc011d 100644 --- a/README.md +++ b/README.md @@ -171,6 +171,8 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio ![iam_role_trust_error](https://github.com/tomarv2/terraform-databricks-aws-workspace/raw/main/docs/images/iam_role_trust_error.png) + + ## Requirements | Name | Version | @@ -185,12 +187,12 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.74.3 | +| [aws](#provider\_aws) | ~> 3.63 | | [databricks](#provider\_databricks) | 0.5.1 | | [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | | [databricks.mws](#provider\_databricks.mws) | 0.5.1 | -| [random](#provider\_random) | 3.1.0 | -| [time](#provider\_time) | 0.7.2 | +| [random](#provider\_random) | ~> 3.1 | +| [time](#provider\_time) | ~> 0.7 | ## Modules @@ -260,3 +262,4 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio | [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | | [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | | [workspace\_url](#output\_workspace\_url) | databricks workspace url | + diff --git a/versions.tf b/providers.tf similarity index 100% rename from versions.tf rename to providers.tf