From 97d7e7d976ffd16fbcf372d4c5ff643da7999cb8 Mon Sep 17 00:00:00 2001
From: Erik Reinert <4638629+erikreinert@users.noreply.github.com>
Date: Sat, 13 Jul 2024 13:20:01 -0700
Subject: [PATCH] Updated provider version (#9)
* feat: updates build templates and providers
* fix(ci): update secret reference for Cachix auth token in terraform workflow
Updated the secret reference from `ALTF4LLC_CACHIX_AUTH_TOKEN` to `CACHIX_AUTH_TOKEN` in the GitHub Actions workflow for Terraform to ensure proper authentication with Cachix.
---
.github/renovate.json | 16 +++++++++++++
.github/workflows/flake.yaml | 36 -----------------------------
.github/workflows/terraform.yaml | 39 ++++++++++++++++++++++++++++++++
.gitignore | 11 ++++-----
README.md | 8 +++----
build-configs.yaml | 9 ++++++++
flake.lock | 32 +++++++++++---------------
flake.nix | 29 ++++++++----------------
justfile | 20 +++-------------
makefile | 4 ----
versions.tf | 2 +-
11 files changed, 98 insertions(+), 108 deletions(-)
create mode 100644 .github/renovate.json
delete mode 100644 .github/workflows/flake.yaml
create mode 100644 .github/workflows/terraform.yaml
create mode 100644 build-configs.yaml
delete mode 100644 makefile
diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 0000000..44e75fc
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,16 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "config:base",
+ ":semanticCommitTypeAll(chore)"
+ ],
+ "lockFileMaintenance": {
+ "enabled": true,
+ "extends": [
+ "schedule:weekly"
+ ]
+ },
+ "nix": {
+ "enabled": true
+ }
+}
diff --git a/.github/workflows/flake.yaml b/.github/workflows/flake.yaml
deleted file mode 100644
index 09f7ee5..0000000
--- a/.github/workflows/flake.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-name: flake
-
-on:
- pull_request:
- push:
- branches:
- - main
-
-jobs:
- check:
- runs-on: ubuntu-latest
- steps:
- - uses: DeterminateSystems/nix-installer-action@main
- - uses: cachix/cachix-action@v12
- with:
- authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: altf4llc-os
- - uses: actions/checkout@v3
- - run: cachix use altf4llc-os
- - run: nix develop -c just check
- - run: nix develop -c just cache-inputs
- - run: nix develop -c just cache-shell
-
- build:
- needs:
- - check
- runs-on: ubuntu-latest
- steps:
- - uses: DeterminateSystems/nix-installer-action@main
- - uses: cachix/cachix-action@v12
- with:
- authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: altf4llc-os
- - uses: actions/checkout@v4
- - run: cachix use altf4llc-os
- - run: nix develop -c just cache-build
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
new file mode 100644
index 0000000..fe24035
--- /dev/null
+++ b/.github/workflows/terraform.yaml
@@ -0,0 +1,39 @@
+name: terraform
+
+on:
+ pull_request:
+ push:
+ branches:
+ - main
+
+env:
+ CACHIX_BINARY_CACHE: altf4llc-os
+
+jobs:
+ check:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: cachix/install-nix-action@v27
+ with:
+ nix_path: nixpkgs=channel:nixos-unstable
+ - uses: cachix/cachix-action@v15
+ with:
+ authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+ name: ${{ env.CACHIX_BINARY_CACHE }}
+ - uses: actions/checkout@v4
+ - run: nix develop -c just check
+
+ package:
+ needs:
+ - check
+ runs-on: ubuntu-latest
+ steps:
+ - uses: cachix/install-nix-action@v27
+ with:
+ nix_path: nixpkgs=channel:nixos-unstable
+ - uses: cachix/cachix-action@v15
+ with:
+ authToken: ${{ secrets.ALTF4LLC_CACHIX_AUTH_TOKEN }}
+ name: ${{ env.CACHIX_BINARY_CACHE }}
+ - uses: actions/checkout@v4
+ - run: nix develop -c just package
diff --git a/.gitignore b/.gitignore
index c1a7e17..7f9219f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,9 @@
-# Nix directories
.direnv
-result
+*.tfplan
# Local .terraform directories
**/.terraform/*
-# Terraform lockfile
-.terraform.lock.hcl
-
# .tfstate files
*.tfstate
*.tfstate.*
@@ -17,8 +13,8 @@ crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version
-# control as they are data points which are potentially sensitive and subject
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
@@ -39,3 +35,4 @@ override.tf.json
# Ignore CLI configuration files
.terraformrc
terraform.rc
+.terraform.lock.hcl
diff --git a/README.md b/README.md
index f3b1054..989178f 100644
--- a/README.md
+++ b/README.md
@@ -6,13 +6,13 @@ Terraform module which creates GitHub team resources.
| Name | Version |
|------|---------|
-| [github](#requirement\_github) | 6.0.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [github](#provider\_github) | 6.0.0 |
+| [github](#provider\_github) | 6.2.1 |
## Modules
@@ -22,8 +22,8 @@ No modules.
| Name | Type |
|------|------|
-| [github_team.self](https://registry.terraform.io/providers/integrations/github/6.0.0/docs/resources/team) | resource |
-| [github_team_membership.self](https://registry.terraform.io/providers/integrations/github/6.0.0/docs/resources/team_membership) | resource |
+| [github_team.self](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team) | resource |
+| [github_team_membership.self](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_membership) | resource |
## Inputs
diff --git a/build-configs.yaml b/build-configs.yaml
new file mode 100644
index 0000000..5257356
--- /dev/null
+++ b/build-configs.yaml
@@ -0,0 +1,9 @@
+---
+name: terraform-github-team
+template: terraform-module
+parameters:
+ nix:
+ cachix:
+ binaryCache: altf4llc-os
+ providers:
+ - github
diff --git a/flake.lock b/flake.lock
index 7f8bc00..04ed228 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
- "lastModified": 1706830856,
- "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
+ "lastModified": 1719994518,
+ "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
+ "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
@@ -19,36 +19,30 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1708984720,
- "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
+ "lastModified": 1720691131,
+ "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
+ "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
+ "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
- "dir": "lib",
- "lastModified": 1706550542,
- "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
- "type": "github"
+ "lastModified": 1719876945,
+ "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=",
+ "type": "tarball",
+ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
},
"original": {
- "dir": "lib",
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
+ "type": "tarball",
+ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
}
},
"root": {
diff --git a/flake.nix b/flake.nix
index 214e08b..1dd80a8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,7 +1,5 @@
{
- description = "terraform-github-team";
-
- inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
outputs = inputs @ {
flake-parts,
@@ -9,25 +7,17 @@
...
}:
flake-parts.lib.mkFlake {inherit inputs;} {
- systems = ["x86_64-linux" "aarch64-darwin" "x86_64-darwin"];
+ systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin"];
+
perSystem = {
config,
- self',
- inputs',
pkgs,
system,
...
}: let
- inherit (pkgs) just terraform-docs;
- terraform = pkgs.terraform.withPlugins (p: [
- (pkgs.terraform-providers.mkProvider {
- hash = "sha256-y8DMpNSySMbe7E+sGVQcQdEyulq4Wnp5ryYD7FQO/fc=";
- homepage = "https://registry.terraform.io/providers/integrations/github";
- owner = "integrations";
- repo = "terraform-provider-github";
- rev = "v6.0.0";
- vendorHash = null;
- })
+ inherit (pkgs) just mkShell terraform-docs;
+ terraform = pkgs.terraform.withPlugins (ps: [
+ ps.github
]);
in {
_module.args.pkgs = import nixpkgs {
@@ -36,10 +26,10 @@
};
devShells = {
- default = pkgs.mkShell {
- buildInputs = [
+ default = mkShell {
+ inputsFrom = [config.packages.default];
+ nativeBuildInputs = [
just
- terraform
terraform-docs
];
};
@@ -53,7 +43,6 @@
} ''
mkdir -p $out
cp -R $src/*.tf $out
-
${terraform}/bin/terraform -chdir="$out" init
${terraform}/bin/terraform -chdir="$out" validate
'';
diff --git a/justfile b/justfile
index fd671ea..3cd8c53 100644
--- a/justfile
+++ b/justfile
@@ -1,23 +1,6 @@
_default:
just --list
-build:
- nix build --json --no-link --print-build-logs
-
-cache-build cache_name="altf4llc-os":
- just build \
- | jq -r '.[].outputs | to_entries[].value' \
- | cachix push {{ cache_name }}
-
-cache-inputs cache_name="altf4llc-os":
- nix flake archive --json \
- | jq -r '.path,(.inputs|to_entries[].value.path)' \
- | cachix push "{{ cache_name }}"
-
-cache-shell cache_name="altf4llc-os":
- nix develop --profile "dev-profile" -c true
- cachix push "{{ cache_name }}" "dev-profile"
-
check:
nix flake check
@@ -29,5 +12,8 @@ docs:
init:
terraform init
+package:
+ nix build --json --no-link --print-build-logs .
+
validate:
terraform validate
diff --git a/makefile b/makefile
deleted file mode 100644
index 2d6ad33..0000000
--- a/makefile
+++ /dev/null
@@ -1,4 +0,0 @@
-docs:
- terraform-docs markdown table \
- --output-file README.md \
- --output-mode inject .
diff --git a/versions.tf b/versions.tf
index 02fee5d..1cfc34c 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.0.0"
+ version = "~> 6.0"
}
}
}