From 97d7e7d976ffd16fbcf372d4c5ff643da7999cb8 Mon Sep 17 00:00:00 2001 From: Erik Reinert <4638629+erikreinert@users.noreply.github.com> Date: Sat, 13 Jul 2024 13:20:01 -0700 Subject: [PATCH] Updated provider version (#9) * feat: updates build templates and providers * fix(ci): update secret reference for Cachix auth token in terraform workflow Updated the secret reference from `ALTF4LLC_CACHIX_AUTH_TOKEN` to `CACHIX_AUTH_TOKEN` in the GitHub Actions workflow for Terraform to ensure proper authentication with Cachix. --- .github/renovate.json | 16 +++++++++++++ .github/workflows/flake.yaml | 36 ----------------------------- .github/workflows/terraform.yaml | 39 ++++++++++++++++++++++++++++++++ .gitignore | 11 ++++----- README.md | 8 +++---- build-configs.yaml | 9 ++++++++ flake.lock | 32 +++++++++++--------------- flake.nix | 29 ++++++++---------------- justfile | 20 +++------------- makefile | 4 ---- versions.tf | 2 +- 11 files changed, 98 insertions(+), 108 deletions(-) create mode 100644 .github/renovate.json delete mode 100644 .github/workflows/flake.yaml create mode 100644 .github/workflows/terraform.yaml create mode 100644 build-configs.yaml delete mode 100644 makefile diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..44e75fc --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,16 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + ":semanticCommitTypeAll(chore)" + ], + "lockFileMaintenance": { + "enabled": true, + "extends": [ + "schedule:weekly" + ] + }, + "nix": { + "enabled": true + } +} diff --git a/.github/workflows/flake.yaml b/.github/workflows/flake.yaml deleted file mode 100644 index 09f7ee5..0000000 --- a/.github/workflows/flake.yaml +++ /dev/null @@ -1,36 +0,0 @@ -name: flake - -on: - pull_request: - push: - branches: - - main - -jobs: - check: - runs-on: ubuntu-latest - steps: - - uses: DeterminateSystems/nix-installer-action@main - - uses: cachix/cachix-action@v12 - with: - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: altf4llc-os - - uses: actions/checkout@v3 - - run: cachix use altf4llc-os - - run: nix develop -c just check - - run: nix develop -c just cache-inputs - - run: nix develop -c just cache-shell - - build: - needs: - - check - runs-on: ubuntu-latest - steps: - - uses: DeterminateSystems/nix-installer-action@main - - uses: cachix/cachix-action@v12 - with: - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: altf4llc-os - - uses: actions/checkout@v4 - - run: cachix use altf4llc-os - - run: nix develop -c just cache-build diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml new file mode 100644 index 0000000..fe24035 --- /dev/null +++ b/.github/workflows/terraform.yaml @@ -0,0 +1,39 @@ +name: terraform + +on: + pull_request: + push: + branches: + - main + +env: + CACHIX_BINARY_CACHE: altf4llc-os + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: cachix/install-nix-action@v27 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v15 + with: + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + name: ${{ env.CACHIX_BINARY_CACHE }} + - uses: actions/checkout@v4 + - run: nix develop -c just check + + package: + needs: + - check + runs-on: ubuntu-latest + steps: + - uses: cachix/install-nix-action@v27 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v15 + with: + authToken: ${{ secrets.ALTF4LLC_CACHIX_AUTH_TOKEN }} + name: ${{ env.CACHIX_BINARY_CACHE }} + - uses: actions/checkout@v4 + - run: nix develop -c just package diff --git a/.gitignore b/.gitignore index c1a7e17..7f9219f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,9 @@ -# Nix directories .direnv -result +*.tfplan # Local .terraform directories **/.terraform/* -# Terraform lockfile -.terraform.lock.hcl - # .tfstate files *.tfstate *.tfstate.* @@ -17,8 +13,8 @@ crash.log crash.*.log # Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject # to change depending on the environment. *.tfvars *.tfvars.json @@ -39,3 +35,4 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc +.terraform.lock.hcl diff --git a/README.md b/README.md index f3b1054..989178f 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,13 @@ Terraform module which creates GitHub team resources. | Name | Version | |------|---------| -| [github](#requirement\_github) | 6.0.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers | Name | Version | |------|---------| -| [github](#provider\_github) | 6.0.0 | +| [github](#provider\_github) | 6.2.1 | ## Modules @@ -22,8 +22,8 @@ No modules. | Name | Type | |------|------| -| [github_team.self](https://registry.terraform.io/providers/integrations/github/6.0.0/docs/resources/team) | resource | -| [github_team_membership.self](https://registry.terraform.io/providers/integrations/github/6.0.0/docs/resources/team_membership) | resource | +| [github_team.self](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team) | resource | +| [github_team_membership.self](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_membership) | resource | ## Inputs diff --git a/build-configs.yaml b/build-configs.yaml new file mode 100644 index 0000000..5257356 --- /dev/null +++ b/build-configs.yaml @@ -0,0 +1,9 @@ +--- +name: terraform-github-team +template: terraform-module +parameters: + nix: + cachix: + binaryCache: altf4llc-os + providers: + - github diff --git a/flake.lock b/flake.lock index 7f8bc00..04ed228 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1706830856, - "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -19,36 +19,30 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708984720, - "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", + "lastModified": 1720691131, + "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", + "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1706550542, - "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", - "type": "github" + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, "root": { diff --git a/flake.nix b/flake.nix index 214e08b..1dd80a8 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,5 @@ { - description = "terraform-github-team"; - - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; outputs = inputs @ { flake-parts, @@ -9,25 +7,17 @@ ... }: flake-parts.lib.mkFlake {inherit inputs;} { - systems = ["x86_64-linux" "aarch64-darwin" "x86_64-darwin"]; + systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin"]; + perSystem = { config, - self', - inputs', pkgs, system, ... }: let - inherit (pkgs) just terraform-docs; - terraform = pkgs.terraform.withPlugins (p: [ - (pkgs.terraform-providers.mkProvider { - hash = "sha256-y8DMpNSySMbe7E+sGVQcQdEyulq4Wnp5ryYD7FQO/fc="; - homepage = "https://registry.terraform.io/providers/integrations/github"; - owner = "integrations"; - repo = "terraform-provider-github"; - rev = "v6.0.0"; - vendorHash = null; - }) + inherit (pkgs) just mkShell terraform-docs; + terraform = pkgs.terraform.withPlugins (ps: [ + ps.github ]); in { _module.args.pkgs = import nixpkgs { @@ -36,10 +26,10 @@ }; devShells = { - default = pkgs.mkShell { - buildInputs = [ + default = mkShell { + inputsFrom = [config.packages.default]; + nativeBuildInputs = [ just - terraform terraform-docs ]; }; @@ -53,7 +43,6 @@ } '' mkdir -p $out cp -R $src/*.tf $out - ${terraform}/bin/terraform -chdir="$out" init ${terraform}/bin/terraform -chdir="$out" validate ''; diff --git a/justfile b/justfile index fd671ea..3cd8c53 100644 --- a/justfile +++ b/justfile @@ -1,23 +1,6 @@ _default: just --list -build: - nix build --json --no-link --print-build-logs - -cache-build cache_name="altf4llc-os": - just build \ - | jq -r '.[].outputs | to_entries[].value' \ - | cachix push {{ cache_name }} - -cache-inputs cache_name="altf4llc-os": - nix flake archive --json \ - | jq -r '.path,(.inputs|to_entries[].value.path)' \ - | cachix push "{{ cache_name }}" - -cache-shell cache_name="altf4llc-os": - nix develop --profile "dev-profile" -c true - cachix push "{{ cache_name }}" "dev-profile" - check: nix flake check @@ -29,5 +12,8 @@ docs: init: terraform init +package: + nix build --json --no-link --print-build-logs . + validate: terraform validate diff --git a/makefile b/makefile deleted file mode 100644 index 2d6ad33..0000000 --- a/makefile +++ /dev/null @@ -1,4 +0,0 @@ -docs: - terraform-docs markdown table \ - --output-file README.md \ - --output-mode inject . diff --git a/versions.tf b/versions.tf index 02fee5d..1cfc34c 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.0.0" + version = "~> 6.0" } } }