From 4af77d5a9faf7503f475eca0e811e5910173aeee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ramon=20R=C3=BCttimann?= Date: Thu, 23 Nov 2023 14:35:46 +0100 Subject: [PATCH] chore: add Github action to build provider We want to get rid of the provider-build step in CSE, building the providers in their own repos makes more sense. This Github Action creates a release for every commit that is named `v0.0.0-` and attaches a linux/amd64 and darwin/arm64 binary to it. This commit also removes all unneeded actions that came from / with the fork. --- .github/workflows/README.md | 28 -- .github/workflows/acctest-terraform-lint.yml | 74 ----- .github/workflows/changelog.yml | 58 ---- .github/workflows/changelog_misspell.yml | 28 -- .github/workflows/community-check.yml | 58 ---- .github/workflows/copyright.yml | 47 --- .github/workflows/dependencies.yml | 83 ----- .github/workflows/documentation.yml | 51 --- .github/workflows/examples.yml | 111 ------- .github/workflows/firewatch.yml | 25 -- .github/workflows/gen-teamcity.yml | 26 -- .github/workflows/generate_changelog.yml | 31 -- .github/workflows/golangci-lint.yml | 69 ----- .github/workflows/goreleaser-ci.yml | 73 ----- .github/workflows/issue_comment.yml | 35 --- .github/workflows/issues.yml | 173 ----------- .github/workflows/library_versions.yml | 64 ---- .github/workflows/lock.yml | 23 -- .github/workflows/milestone.yml | 42 --- .github/workflows/mkdocs.yml | 20 -- .github/workflows/post_publish.yml | 54 ---- .github/workflows/provider.yml | 309 ------------------- .github/workflows/providerlint.yml | 39 --- .github/workflows/pull_request_feed.yml | 79 ----- .github/workflows/pull_request_target.yml | 258 ---------------- .github/workflows/regressions.yml | 41 --- .github/workflows/release-tag.yml | 28 -- .github/workflows/release.yml | 159 ++++------ .github/workflows/resource-counts.yml | 49 --- .github/workflows/semgrep-ci.yml | 107 ------- .github/workflows/skaff.yml | 43 --- .github/workflows/snapshot.yml | 42 --- .github/workflows/stale.yml | 27 -- .github/workflows/team_slack_bot.yml | 21 -- .github/workflows/website.yml | 198 ------------ .github/workflows/workflow-lint.yml | 22 -- .github/workflows/yamllint.yml | 21 -- 37 files changed, 60 insertions(+), 2556 deletions(-) delete mode 100644 .github/workflows/README.md delete mode 100644 .github/workflows/acctest-terraform-lint.yml delete mode 100644 .github/workflows/changelog.yml delete mode 100644 .github/workflows/changelog_misspell.yml delete mode 100644 .github/workflows/community-check.yml delete mode 100644 .github/workflows/copyright.yml delete mode 100644 .github/workflows/dependencies.yml delete mode 100644 .github/workflows/documentation.yml delete mode 100644 .github/workflows/examples.yml delete mode 100644 .github/workflows/firewatch.yml delete mode 100644 .github/workflows/gen-teamcity.yml delete mode 100644 .github/workflows/generate_changelog.yml delete mode 100644 .github/workflows/golangci-lint.yml delete mode 100644 .github/workflows/goreleaser-ci.yml delete mode 100644 .github/workflows/issue_comment.yml delete mode 100644 .github/workflows/issues.yml delete mode 100644 .github/workflows/library_versions.yml delete mode 100644 .github/workflows/lock.yml delete mode 100644 .github/workflows/milestone.yml delete mode 100644 .github/workflows/mkdocs.yml delete mode 100644 .github/workflows/post_publish.yml delete mode 100644 .github/workflows/provider.yml delete mode 100644 .github/workflows/providerlint.yml delete mode 100644 .github/workflows/pull_request_feed.yml delete mode 100644 .github/workflows/pull_request_target.yml delete mode 100644 .github/workflows/regressions.yml delete mode 100644 .github/workflows/release-tag.yml delete mode 100644 .github/workflows/resource-counts.yml delete mode 100644 .github/workflows/semgrep-ci.yml delete mode 100644 .github/workflows/skaff.yml delete mode 100644 .github/workflows/snapshot.yml delete mode 100644 .github/workflows/stale.yml delete mode 100644 .github/workflows/team_slack_bot.yml delete mode 100644 .github/workflows/website.yml delete mode 100644 .github/workflows/workflow-lint.yml delete mode 100644 .github/workflows/yamllint.yml diff --git a/.github/workflows/README.md b/.github/workflows/README.md deleted file mode 100644 index 7ead0edfdea..00000000000 --- a/.github/workflows/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# GitHub Workflows - -## Using the `setup-terraform` action - -By default, the [`setup-terraform` action](https://github.com/hashicorp/setup-terraform) adds a wrapper for the `terraform` command that allows passing results to subsequent steps. This will prevent using the output of a `terraform` command as the input to another command in the same step. - -The wrapper can be turned off by using - -```yaml -steps: -- uses: hashicorp/setup-terraform@v1 - with: - terraform_wrapper: false -``` - -## Testing workflows locally - -The tool [`act`](https://github.com/nektos/act) can be used to test GitHub workflows locally. The default container [intentionally does not have feature parity](https://github.com/nektos/act#default-runners-are-intentionally-incomplete) with the containers used in GitHub due to the size of a full container. - -The file `./actrc` configures `act` to use a fully-featured container. - -## Running the static checker on workflows - -Check your code for errors in syntax, usage, etc. using the following directive found in the `GNUMakefile` in this repository. - -```console -% make gh-workflows-lint -``` diff --git a/.github/workflows/acctest-terraform-lint.yml b/.github/workflows/acctest-terraform-lint.yml deleted file mode 100644 index 8dcd065b0f0..00000000000 --- a/.github/workflows/acctest-terraform-lint.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: Acceptance Test Linting -on: - push: - branches: - - main - - "release/**" - pull_request: - paths: - - .github/workflows/acctest-terraform-lint.yml - - .ci/.tflint.hcl - - .ci/scripts/validate-terraform.sh - - .ci/tools/go.mod - - go.sum - - 'internal/service/**/*_test.go' - -jobs: - terrafmt: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - - run: cd .ci/tools && go install github.com/katbyte/terrafmt - - - run: | - find ./internal/service -type f -name '*_test.go' \ - | sort -u \ - | xargs -I {} terrafmt diff --check --fmtcompat {} - - tflint: - name: Validate Acceptance Tests - runs-on: [custom, linux, xl] - strategy: - matrix: - path: ['[a-f]', '[g-z]'] - env: - TEST_FILES_PARTITION: '\./internal/service/${{ matrix.path }}.*/.*_test\.go' - - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - name: Cache plugin dir - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/.tflint.d/plugins - key: ${{ runner.os }}-tflint-${{ hashFiles('.ci/.tflint.hcl') }} - - - run: cd .ci/tools && go install github.com/katbyte/terrafmt - - run: cd .ci/tools && go install github.com/terraform-linters/tflint - - - run: tflint --config .ci/.tflint.hcl --init - - - run: echo -n "File count $( find ./internal -type f -regextype egrep -regex ${{ env.TEST_FILES_PARTITION }} | wc -l | xargs )" - - run: | - find ./internal -type f -regextype egrep -regex ${{ env.TEST_FILES_PARTITION }} \ - | .ci/scripts/validate-terraform.sh diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml deleted file mode 100644 index 656693a63fd..00000000000 --- a/.github/workflows/changelog.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: CHANGELOG Checks -on: - push: - branches: - - main - - 'release/**' - pull_request_target: - -jobs: - community_check: - if: github.event_name == 'pull_request_target' - uses: ./.github/workflows/community-check.yml - secrets: inherit - with: - username: ${{ github.event.pull_request.user.login }} - - changes: - needs: community_check - name: Filter Changes - runs-on: ubuntu-latest - outputs: - changed: ${{ steps.filter.outputs.changed }} - steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - if: needs.community_check.outputs.maintainer == 'false' - id: filter - with: - filters: | - changed: - - CHANGELOG.md - - comment: - needs: changes - if: needs.changes.outputs.changed == 'true' - name: Comment - runs-on: ubuntu-latest - steps: - - name: Find Existing PR Comment - id: prc - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: "github-actions[bot]" - body-includes: "Please note that the `CHANGELOG.md` file contents are handled by the maintainers during merge" - - run: echo ${{ steps.prc.outputs.comment-id }} - - name: PR Comment - if: steps.prc.outputs.comment-id == '' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - issue-number: ${{ github.event.pull_request.number }} - body: |- - Thank you for your contribution! :rocket: - - Please note that the `CHANGELOG.md` file contents are handled by the maintainers during merge. This is to prevent pull request merge conflicts, especially for contributions which may not be merged immediately. Please see the [Contributing Guide](https://github.com/hashicorp/terraform-provider-aws/blob/main/docs/contributing) for additional pull request review items. - - Remove any changes to the `CHANGELOG.md` file and commit them in this pull request to prevent delays with reviewing and potentially merging this pull request. diff --git a/.github/workflows/changelog_misspell.yml b/.github/workflows/changelog_misspell.yml deleted file mode 100644 index 601eff4bbee..00000000000 --- a/.github/workflows/changelog_misspell.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: CHANGELOG Misspell -on: - push: - branches: - - main - - 'release/**' - pull_request: - paths: - - .changelog/* - - go.sum - - CHANGELOG.md - -jobs: - misspell: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: cd .ci/tools && go install github.com/client9/misspell/cmd/misspell - - run: misspell -error -source text CHANGELOG.md .changelog diff --git a/.github/workflows/community-check.yml b/.github/workflows/community-check.yml deleted file mode 100644 index cf18e5ca6e4..00000000000 --- a/.github/workflows/community-check.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Community Check - -on: - workflow_call: - inputs: - username: - description: The username to check the association of - type: string - required: true - - outputs: - core_contributor: - description: Whether or not the user is a core contributor - value: ${{ jobs.community_check.outputs.is_core_contributor }} - maintainer: - description: Whether or not the user is a maintainer - value: ${{ jobs.community_check.outputs.is_maintainer }} - partner: - description: Whether or not the user is a partner - value: ${{ jobs.community_check.outputs.is_partner }} - -jobs: - community_check: - name: Check community lists for username - runs-on: ubuntu-latest - outputs: - is_core_contributor: ${{ steps.determination.outputs.is_core_contributor }} - is_maintainer: ${{ steps.determination.outputs.is_maintainer }} - is_partner: ${{ steps.determination.outputs.is_partner }} - steps: - - name: Decode user lists from secrets - id: decode - env: - CORE_CONTRIBUTORS: ${{ secrets.CORE_CONTRIBUTORS }} - MAINTAINERS: ${{ secrets.MAINTAINERS }} - PARTNERS: ${{ secrets.PARTNERS }} - run: | - # Create shell variables to hold decoded values - CORE_CONTRIBUTORS_DECODED=$(echo $CORE_CONTRIBUTORS | base64 -d | jq '. | tojson') - MAINTAINERS_DECODED=$(echo $MAINTAINERS | base64 -d | jq '. | tojson') - PARTNERS_DECODED=$(echo $PARTNERS | base64 -d | jq '. | tojson') - - # Mask the variables so the values aren't exposed - echo "::add-mask::$CORE_CONTRIBUTORS_DECODED" - echo "::add-mask::$MAINTAINERS_DECODED" - echo "::add-mask::$PARTNERS_DECODED" - - # Set outputs - echo "core_contributors_list=$CORE_CONTRIBUTORS_DECODED" >> $GITHUB_OUTPUT - echo "maintainers_list=$MAINTAINERS_DECODED" >> $GITHUB_OUTPUT - echo "partners_list=$PARTNERS_DECODED" >> $GITHUB_OUTPUT - - - name: Determine if user is in lists - id: determination - run: | - echo "is_core_contributor="${{ contains(fromJSON(steps.decode.outputs.core_contributors_list), inputs.username) }} >> $GITHUB_OUTPUT - echo "is_maintainer="${{ contains(fromJSON(steps.decode.outputs.maintainers_list), inputs.username) }} >> $GITHUB_OUTPUT - echo "is_partner="${{ contains(fromJSON(steps.decode.outputs.partners_list), inputs.username) }} >> $GITHUB_OUTPUT diff --git a/.github/workflows/copyright.yml b/.github/workflows/copyright.yml deleted file mode 100644 index 86df1593529..00000000000 --- a/.github/workflows/copyright.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Copyright Checks - -on: - push: - branches: - - main - - "release/**" - pull_request: - paths-ignore: - - .ci/** - - .github/** - - .teamcity/** - - .release/** - - infrastructure/repository/labels-service.tf - - .goreleaser.yml - -jobs: - go_generate: - name: add headers check - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - # See also: https://github.com/actions/setup-go/issues/54 - - name: go env - run: | - echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: go install github.com/hashicorp/copywrite@latest - - run: copywrite headers - - name: Check for Git Differences - run: | - git diff --compact-summary --exit-code || \ - (echo; echo "Unexpected difference in directories after adding copyright headers. Run 'copywrite headers' command and commit."; exit 1) diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml deleted file mode 100644 index 70fd17e0d11..00000000000 --- a/.github/workflows/dependencies.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Dependency Checks - -on: - push: - branches: - - main - - 'release/**' - pull_request_target: - -jobs: - community_check: - if: github.event_name == 'pull_request_target' - uses: ./.github/workflows/community-check.yml - secrets: inherit - with: - username: ${{ github.event.pull_request.user.login }} - - changes: - needs: community_check - name: Filter Changes - runs-on: ubuntu-latest - outputs: - changed: ${{ steps.filter.outputs.changed }} - steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - if: needs.community_check.outputs.maintainer == 'false' - id: filter - with: - filters: | - changed: - - .ci/providerlint/** - - go.mod - - go.sum - - comment: - needs: changes - if: needs.changes.outputs.changed == 'true' - name: Comment - runs-on: ubuntu-latest - steps: - - name: Find Existing PR Comment - id: prc - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: "github-actions[bot]" - body-includes: "Please note that typically Go dependency changes" - - run: echo ${{ steps.prc.outputs.comment-id }} - - name: PR Comment - if: steps.prc.outputs.comment-id == '' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - issue-number: ${{ github.event.pull_request.number }} - body: |- - Thank you for your contribution! :rocket: - - Please note that typically Go dependency changes are handled in this repository by dependabot or the maintainers. This is to prevent pull request merge conflicts and further delay reviews of contributions. Remove any changes to the `go.mod` or `go.sum` files and commit them into this pull request. - - Additional details: - - * Check [open pull requests with the `dependencies` label](https://github.com/hashicorp/terraform-provider-aws/pulls?q=is%3Aopen+is%3Apr+label%3Adependencies) to view other dependency updates. - * If this pull request includes an update the AWS Go SDK (or any other dependency) version, only updates submitted via dependabot will be merged. This pull request will need to remove these changes and will need to be rebased after the existing dependency update via dependabot has been merged for this pull request to be reviewed. - * If this pull request is for supporting a new AWS service: - * Ensure the new AWS service changes are following the [Contributing Guide section on new services](https://github.com/hashicorp/terraform-provider-aws/blob/main/docs/add-a-new-service.md), in particular that the dependency addition and initial provider support are in a separate pull request from other changes (e.g. new resources). Contributions not following this item will not be reviewed until the changes are split. - * If this pull request is already a separate pull request from the above item, you can ignore this message. - - go_mod: - name: go mod - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: .go-version - - name: go mod - run: | - gover=go`cat .go-version | xargs` - go install golang.org/dl/${gover}@latest - ${gover} download - echo "Using make to check dependencies" - make depscheck diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml deleted file mode 100644 index 0db983d5fc7..00000000000 --- a/.github/workflows/documentation.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Documentation Checks -on: - push: - branches: - - main - pull_request: - paths: - - .ci/.markdownlinkcheck.json - - .markdownlint.yml - - .github/workflows/documentation.yml - - docs/** - - go.mod - -jobs: - markdown-link-check: - runs-on: ubuntu-latest - env: - UV_THREADPOOL_SIZE: 128 - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: YakDriver/md-check-links@7450f426b758f0bf97f99ceb1aadcf57640a9ede # v2.0.6 - with: - use-quiet-mode: 'yes' - use-verbose-mode: 'yes' - config-file: '.ci/.markdownlinkcheck.json' - folder-path: 'docs' - file-extension: '.md' - base-branch: "main" - check-modified-files-only: "yes" - markdown-lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0 - with: - args: 'docs' - misspell: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: cd .ci/tools && go install github.com/client9/misspell/cmd/misspell - - run: misspell -error -source text docs/ diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml deleted file mode 100644 index 671428e5455..00000000000 --- a/.github/workflows/examples.yml +++ /dev/null @@ -1,111 +0,0 @@ -name: Examples Checks -on: - push: - branches: - - main - pull_request: - paths: - - .github/workflows/examples.yml - - .ci/.tflint.hcl - - .ci/tools/go.mod - - examples/** - - go.mod - -env: - AWS_DEFAULT_REGION: us-west-2 - -jobs: - tflint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - - name: install tflint - run: cd .ci/tools && go install github.com/terraform-linters/tflint - - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - name: Cache plugin dir - with: - path: ~/.tflint.d/plugins - key: ${{ runner.os }}-tflint-${{ hashFiles('.ci/.tflint.hcl') }} - - - run: tflint --config .ci/.tflint.hcl --init - - - name: tflint - run: | - exit_code=0 - TFLINT_CONFIG="$(pwd -P)/.ci/.tflint.hcl" - for DIR in $(find ./examples -type f -name '*.tf' -exec dirname {} \; | sort -u); do - pushd "$DIR" - tflint --config="$TFLINT_CONFIG" \ - --enable-rule=terraform_comment_syntax \ - --enable-rule=terraform_deprecated_index \ - --enable-rule=terraform_deprecated_interpolation \ - --enable-rule=terraform_required_version \ - --disable-rule=terraform_required_providers \ - --disable-rule=terraform_typed_variables \ - || exit_code=1 - popd - done - exit $exit_code - - validate-terraform: - runs-on: [custom, linux, large] - strategy: - fail-fast: false - matrix: - terraform_version: ["0.12.31", "1.0.6"] - env: - TF_IN_AUTOMATION: "1" - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - name: go build - run: go build -o terraform-plugin-dir/terraform-provider-aws_v99.99.99_x5 . - - name: override plugin - run: | - # For Terraform v0.12 - mkdir -p ~/.terraform.d/plugins - cp terraform-plugin-dir/terraform-provider-aws_v99.99.99_x5 ~/.terraform.d/plugins - # For newer versions - mkdir -p ~/.terraform.d/plugins/registry.terraform.io/hashicorp/aws/99.99.99/"$(go env GOOS)"_"$(go env GOARCH)"/ - cp terraform-plugin-dir/terraform-provider-aws_v99.99.99_x5 ~/.terraform.d/plugins/registry.terraform.io/hashicorp/aws/99.99.99/"$(go env GOOS)"_"$(go env GOARCH)"/ - - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 - with: - terraform_version: ${{ matrix.terraform_version }} - # Needed to use the output of `terraform validate -json` - terraform_wrapper: false - - - name: terraform - run: | - for DIR in $(find ./examples -type f -name '*.tf' -exec dirname {} \; | sort -u); do - pushd "$DIR" - if [ -f terraform.template.tfvars ]; then - cp terraform.template.tfvars terraform.tfvars - fi - echo; echo -e "\e[1;35m===> Initializing Example: $DIR <===\e[0m"; echo - terraform init - echo; echo -e "\e[1;35m===> Format Checking Example: $DIR <===\e[0m"; echo - terraform fmt -check - echo; echo -e "\e[1;35m===> Validating Example: $DIR <===\e[0m"; echo - # Catch errors - terraform validate - popd - done diff --git a/.github/workflows/firewatch.yml b/.github/workflows/firewatch.yml deleted file mode 100644 index 4ecdb31e262..00000000000 --- a/.github/workflows/firewatch.yml +++ /dev/null @@ -1,25 +0,0 @@ -on: - schedule: - - cron: '0 * * * *' - workflow_dispatch: -name: Firewatch -jobs: - FirewatchJob: - if: github.repository_owner == 'hashicorp' - runs-on: ubuntu-latest - steps: - - name: Firewatch - uses: breathingdust/firewatch@d44ea4b76b7ed38b97cfe8b0388cfc249ef1c7f2 # v2.0.4 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - alert_threshold: 10 - issue_age_months: 3 - slack_token: ${{ secrets.SLACK_BOT_TOKEN }} - slack_channel: ${{ secrets.SLACK_CHANNEL }} - - name: UploadArtifact - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: firewatch - path: firewatch.data - if-no-files-found: error - retention-days: 1 diff --git a/.github/workflows/gen-teamcity.yml b/.github/workflows/gen-teamcity.yml deleted file mode 100644 index 5dc7e73fb28..00000000000 --- a/.github/workflows/gen-teamcity.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: TeamCity Config Generator -on: - push: - branches: - - main - - "release/**" - pull_request: - paths: - - .teamcity/** - -jobs: - validate-teamcity-config: - name: Validate TeamCity Configuration - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 - with: - distribution: adopt - java-version: 17 - cache: maven - - name: Build TeamCity Configuration - run: | - cd .teamcity - make tools - make validate diff --git a/.github/workflows/generate_changelog.yml b/.github/workflows/generate_changelog.yml deleted file mode 100644 index 9e59cd273d2..00000000000 --- a/.github/workflows/generate_changelog.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Generate CHANGELOG -on: - pull_request: - types: [closed] - workflow_dispatch: -jobs: - GenerateChangelog: - if: github.event.pull_request.merged || github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: .ci/tools/go.mod - - run: cd .ci/tools && go install github.com/hashicorp/go-changelog/cmd/changelog-build - - run: ./.ci/scripts/generate-changelog.sh - - run: | - if [[ `git status --porcelain` ]]; then - if ${{github.event_name == 'workflow_dispatch'}}; then - MSG="Update CHANGELOG.md (Manual Trigger)" - else - MSG="Update CHANGELOG.md for #${{ github.event.pull_request.number }}" - fi - git config --local user.email changelogbot@hashicorp.com - git config --local user.name changelogbot - git add CHANGELOG.md - git commit -m "$MSG" - git push - fi diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml deleted file mode 100644 index 02c9b4c4f02..00000000000 --- a/.github/workflows/golangci-lint.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: golangci-lint Checks - -on: - push: - branches: - - main - - 'release/**' - pull_request: - paths: - - .github/workflows/golangci-lint.yml - - .ci/.golangci*.yml - - .ci/tools/** - - internal/** - - go.sum - - main.go - - names/** - - tools/** - -jobs: - golangci-linta: - name: 1 of 2 - runs-on: [custom, linux, large] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - cache: false - - id: golangci-lint-version - working-directory: .ci/tools - run: >- - echo "version=$( - go list -m all | - grep github.com/golangci/golangci-lint | - awk '{print $2}' - )" >> $GITHUB_OUTPUT - - name: golangci-lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v3.7.1 - with: - version: "${{ steps.golangci-lint-version.outputs.version }}" - args: --config .ci/.golangci.yml - golangci-lintb: - name: 2 of 2 - needs: [golangci-linta] - runs-on: [custom, linux, xl] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - cache: false - - id: golangci-lint-version - working-directory: .ci/tools - run: >- - echo "version=$( - go list -m all | - grep github.com/golangci/golangci-lint | - awk '{print $2}' - )" >> $GITHUB_OUTPUT - - name: golangci-lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v3.7.1 - with: - version: "${{ steps.golangci-lint-version.outputs.version }}" - args: --config .ci/.golangci2.yml - env: - # Trigger garbage collection more frequently to reduce the likelihood - # of OOM errors. - # ref: https://golangci-lint.run/usage/performance/#memory-usage - GOGC: "50" diff --git a/.github/workflows/goreleaser-ci.yml b/.github/workflows/goreleaser-ci.yml deleted file mode 100644 index efd4a506400..00000000000 --- a/.github/workflows/goreleaser-ci.yml +++ /dev/null @@ -1,73 +0,0 @@ -# Continuous integration handling for GoReleaser -name: GoReleaser CI - -on: - push: - branches: - - main - - 'release/**' - pull_request: - paths: - - .github/workflows/goreleaser-ci.yml - - .goreleaser.yml - - go.sum - - main.go - - internal/** - - names/** - - skaff/** - - tools/** - -jobs: - changes: - runs-on: ubuntu-latest - outputs: - goreleaser: ${{ steps.filter.outputs.goreleaser }} - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - filters: | - goreleaser: - - '.github/workflows/goreleaser-ci.yml' - - '.goreleaser.yml' - - check: - needs: changes - if: ${{ needs.changes.outputs.goreleaser == 'true' }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - name: goreleaser check - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 - with: - args: check - - build-32-bit: - # Run a single compiler check for 32-bit architecture (FreeBSD/ARM) - # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/8988 - runs-on: [custom, linux, small] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - name: goreleaser build - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 - with: - args: build --config .github/goreleaser-cross-compiler-test.yml --id 32-bit-arch --snapshot diff --git a/.github/workflows/issue_comment.yml b/.github/workflows/issue_comment.yml deleted file mode 100644 index bd4b2609c57..00000000000 --- a/.github/workflows/issue_comment.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: 'Process issue_comment Events' - -on: - issue_comment: - types: [created] - -jobs: - community_check: - name: 'Community Check' - uses: ./.github/workflows/community-check.yml - secrets: inherit - with: - username: ${{ github.event.comment.user.login }} - - automation_labeler: - name: 'Automation Labeler' - needs: community_check - runs-on: ubuntu-latest - # Since the only step in this job requires non-maintainer, skip the job entirely if that's not met. - if: needs.community_check.outputs.maintainer == 'false' - env: - # This is a ternary that sets the variable to the assigned user's login on assigned events, - # and otherwise sets it to the username of the pull request's author. For more information: - # https://docs.github.com/en/actions/learn-github-actions/expressions#example - # - # issue_comment events are triggered by comments on issues and pull requests. Checking the - # value of github.event.issue.pull_request tells us whether the issue is an issue or is - # actually a pull request, allowing us to dynamically set the gh subcommand: - # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment-on-issues-only-or-pull-requests-only - COMMAND: ${{ github.event.issue.pull_request && 'pr' || 'issue' }} - GH_TOKEN: ${{ github.token }} - steps: - - name: 'Remove stale and waiting-response on non-maintainer comment' - # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment-on-issues-only-or-pull-requests-only - run: gh ${{ env.COMMAND }} edit ${{ github.event.issue.html_url }} --remove-label stale,waiting-response diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml deleted file mode 100644 index b7fc8b68ab1..00000000000 --- a/.github/workflows/issues.yml +++ /dev/null @@ -1,173 +0,0 @@ -name: 'Process issues Events' - -on: - issues: - types: - - assigned - - closed - - edited - - opened - - labeled - -jobs: - community_check: - name: 'Community Check' - uses: ./.github/workflows/community-check.yml - secrets: inherit - with: - # This is a ternary that sets the variable to the assigned user's login on assigned events, - # and otherwise sets it to the username of the pull request's author. For more information: - # https://docs.github.com/en/actions/learn-github-actions/expressions#example - username: ${{ github.event.action == 'assigned' && github.event.assignee.login || github.event.issue.user.login }} - - automation_labeler: - name: 'Automation Labeler' - needs: community_check - runs-on: ubuntu-latest - env: - ISSUE_URL: ${{ github.event.issue.html_url }} - steps: - - name: 'Generate Token' - id: token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - installation_retrieval_mode: id - installation_retrieval_payload: ${{ secrets.INSTALLATION_ID }} - private_key: ${{ secrets.APP_PEM }} - - - name: 'Add needs-triage for non-maintainer' - if: github.event.action == 'opened' && needs.community_check.outputs.maintainer == 'false' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh issue edit ${{ env.ISSUE_URL }} --add-label needs-triage - - - name: 'Add prioritized when assigned to maintainers' - if: github.event.action == 'assigned' && needs.community_check.outputs.maintainer == 'true' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh issue edit ${{ env.ISSUE_URL }} --add-label prioritized - - - name: 'Add prioritized to regressions' - if: github.event.label.name == 'regression' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh issue edit ${{ env.ISSUE_URL }} --add-label prioritized - - - name: 'Remove unnecessary labels on closure' - if: github.event.action == 'closed' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh issue edit ${{ env.ISSUE_URL }} --remove-label needs-triage,waiting-response - - service_labeler: - name: 'Service Labeler' - if: contains(fromJSON('["opened", "edited"]'), github.event.action) - runs-on: ubuntu-latest - steps: - - name: 'Apply Labels' - uses: github/issue-labeler@c1b0f9f52a63158c4adc09425e858e87b32e9685 # v3.4 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - configuration-path: .github/labeler-issue-triage.yml - enable-versioned-regex: 0 - include-title: 1 - - add_to_project: - name: 'Add to Project' - runs-on: ubuntu-latest - needs: community_check - env: - # Some gh project calls take the project's ID, some take the project's number - PROJECT_ID: "PVT_kwDOAAuecM4AF-7h" - PROJECT_NUMBER: "196" - STATUS_FIELD_ID: "PVTSSF_lADOAAuecM4AF-7hzgDcsQA" - VIEW_FIELD_ID: "PVTSSF_lADOAAuecM4AF-7hzgMRB34" - ITEM_URL: ${{ github.event.issue.html_url }} - steps: - - name: 'Generate Token' - id: token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - installation_retrieval_mode: id - installation_retrieval_payload: ${{ secrets.INSTALLATION_ID }} - private_key: ${{ secrets.APP_PEM }} - - - name: 'Assigned to Maintainer' - if: github.event.action == 'assigned' && needs.community_check.outputs.maintainer == 'true' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.STATUS_FIELD_ID }} --single-select-option-id ${{ vars.team_project_status_in_progress }} - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_working_board }} - - - name: 'Labeled Prioritized' - if: github.event.label.name == 'prioritized' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_working_board }} - - - name: 'Labeled Regression' - if: github.event.label.name == 'regression' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_working_board }} - - gh api graphql -F itemId="$PROJECT_ITEM_ID" -F projectId=${{ env.PROJECT_ID }} -f query=' - mutation($itemId:ID!, $projectId:ID!) { - updateProjectV2ItemPosition(input:{itemId:$itemId, projectId:$projectId}) { - clientMutationId - } - }' - - - name: 'Labeled Engineering Initiative' - if: github.event.label.name == 'engineering-initiative' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_engineering_initiative }} - - community_note: - name: 'Add Community Note' - if: github.event.action == 'opened' - runs-on: ubuntu-latest - steps: - - name: 'Add community note to new Issues' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - with: - issue-number: ${{ github.event.issue.number }} - body: | - # Community Note - - **Voting for Prioritization** - - * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original post to help the community and maintainers prioritize this request. - * Please see our [prioritization guide](https://hashicorp.github.io/terraform-provider-aws/prioritization/) for information on how we prioritize. - * Please **do not** leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request. - - **Volunteering to Work on This Issue** - - * If you are interested in working on this issue, please leave a comment. - * If this would be your first contribution, please review the [contribution guide](https://hashicorp.github.io/terraform-provider-aws/). - - closed_issue_comment: - name: 'Closed Issue Comment' - if: github.event.action == 'closed' - runs-on: ubuntu-latest - steps: - - name: 'Add comment on closed issues' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - with: - issue-number: ${{ github.event.issue.number }} - body: | - > [!WARNING] - > This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them. - > - > Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the [AWS Provider forum](https://discuss.hashicorp.com/c/terraform-providers/tf-aws/33), is recommended. If you have additional concerns, please open a new issue, referencing this one where needed. diff --git a/.github/workflows/library_versions.yml b/.github/workflows/library_versions.yml deleted file mode 100644 index b1b779b686c..00000000000 --- a/.github/workflows/library_versions.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Preferred Library Version Check - -# This check verifies that preferred library versions are used in development -# of net-new resources. This is done by inspecting the pull request diff for any -# occurrence of a non-preferred library name, typically seen in an import block. -# At this time the only check is for AWS SDK for Go V1, but it may be extended -# in the future. This check will not fail if a non-preferred library version is -# detected, but will leave a comment on the pull request linking to the relevant -# contributor documentation. - -on: - pull_request_target: - branches: - - main - -jobs: - diffgrep: - runs-on: ubuntu-latest - outputs: - found: ${{ steps.diff.outputs.found }} - steps: - # checkout base ref - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - # checkout pull request head ref - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: ${{ github.event.pull_request.head.repo.full_name }} - ref: ${{ github.event.pull_request.head.ref }} - - - name: Check diff for AWS SDK Go V1 - id: diff - run: | - git diff origin/${{ github.event.pull_request.base.ref }} internal/ | - (grep '^\+\s*"github.com/aws/aws-sdk-go/' && echo "found=true" >> "$GITHUB_OUTPUT") || echo "found=false" >> "$GITHUB_OUTPUT" - - comment: - runs-on: ubuntu-latest - needs: diffgrep - if: needs.diffgrep.outputs.found == 'true' - steps: - - name: Find Existing PR Comment - id: prc - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: "github-actions[bot]" - body-includes: "A new usage of AWS SDK for Go V1 was detected" - - - run: echo ${{ steps.prc.outputs.comment-id }} - - - name: PR Comment - if: steps.prc.outputs.comment-id == '' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - issue-number: ${{ github.event.pull_request.number }} - body: |- - Thank you for your contribution! :rocket: - - A new usage of AWS SDK for Go V1 was detected. Please prefer AWS SDK for Go V2 for all net-new services. If this is an enhancement or bug fix to an existing AWS SDK Go V1 based resource, this comment can be safely ignored. - - For additional information refer to the [AWS SDK for Go Versions](https://hashicorp.github.io/terraform-provider-aws/aws-go-sdk-versions/) page in the contributor guide. diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml deleted file mode 100644 index 4fe232874eb..00000000000 --- a/.github/workflows/lock.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: 'Lock Threads' - -on: - schedule: - - cron: '50 1 * * *' - -jobs: - lock: - runs-on: ubuntu-latest - steps: - - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1 - with: - github-token: ${{ github.token }} - issue-comment: > - I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues. - - If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. - issue-inactive-days: '30' - pr-comment: > - I'm going to lock this pull request because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues. - - If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. - pr-inactive-days: '30' diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml deleted file mode 100644 index d93afbe1863..00000000000 --- a/.github/workflows/milestone.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: 'Process milestone Events' - -on: - milestone: - types: [closed] - -permissions: - issues: write - pull-requests: write - -jobs: - Comment: - name: 'Post-Release Comment' - runs-on: ubuntu-latest - steps: - - uses: bflad/action-milestone-comment@ae6c9fdf5778064d4e09b4632604a16b7289096c # v1.0.2 - with: - body: | - This functionality has been released in [${{ github.event.milestone.title }} of the Terraform AWS Provider](https://github.com/${{ github.repository }}/blob/${{ github.event.milestone.title }}/CHANGELOG.md). Please see the [Terraform documentation on provider versioning](https://www.terraform.io/docs/configuration/providers.html#provider-versions) or reach out if you need any assistance upgrading. - - For further feature requests or bug reports with this functionality, please create a [new GitHub issue](https://github.com/${{ github.repository }}/issues/new/choose) following the template. Thank you! - - archive_and_unlabel: - name: 'Archive Project Items & Remove Label on Milestone Closed' - runs-on: ubuntu-latest - env: - MILESTONE: ${{ github.event.milestone.number }} - steps: - - name: 'Checkout Repo' - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: 'Remove Prioritized Label' - env: - GH_TOKEN: ${{ github.token }} - shell: bash - run: ./.ci/scripts/unlabel-on-milestone-closed.sh - - - name: 'Archive Project Items' - env: - GH_TOKEN: ${{ secrets.PROJECT_SCOPED_TOKEN }} - shell: bash - run: ./.ci/scripts/archive-on-milestone-closed.sh diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml deleted file mode 100644 index 297d0662ec8..00000000000 --- a/.github/workflows/mkdocs.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Publish docs via GitHub Pages -on: - push: - branches: - - main - workflow_dispatch: - -jobs: - build: - name: Deploy docs - runs-on: ubuntu-latest - steps: - - name: Checkout main - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Deploy docs - uses: mhausenblas/mkdocs-deploy-gh-pages@d77dd03172e96abbcdb081d8c948224762033653 # 1.26 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CONFIG_FILE: mkdocs.yml diff --git a/.github/workflows/post_publish.yml b/.github/workflows/post_publish.yml deleted file mode 100644 index f692ea70743..00000000000 --- a/.github/workflows/post_publish.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Post Publish -on: - workflow_dispatch: - inputs: - release-tag: - type: string - description: 'Semver release tag e.g. v1.1.0' - required: true - workflow_run: - workflows: [Release] - types: - - completed -jobs: - on-success-or-workflow-dispatch: - runs-on: ubuntu-latest - if: github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' - outputs: - release-tag: ${{ steps.release-tag.outputs.tag }} - steps: - - if: github.event_name == 'workflow_run' - name: Download Artifact from Release workflow - uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0 - with: - workflow: release.yml - name: release-tag - - name: Output Release Tag - id: release-tag - run: | - if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - echo "tag=${{ github.event.inputs.release-tag }}" >> "$GITHUB_OUTPUT" - else - value=`cat release-tag.data` - echo "tag=$value" >> "$GITHUB_OUTPUT" - fi - tidy-jira: - needs: [on-success-or-workflow-dispatch] - runs-on: ubuntu-latest - steps: - - name: Tidy Jira - uses: breathingdust/github-jira-tidy@77daa2cf0f0574bb7be001eb6380939c1af31672 # v0.9.0 - with: - jira_host: 'hashicorp.atlassian.net' - jira_username: 'sdavis@hashicorp.com' - jira_password: ${{ secrets.jira_password }} - jira_jql_filter: ${{ secrets.jira_jql_filter }} - jira_closed_id: '371' - jira_github_url_field_id: 'cf[10089]' - github_release_name: ${{ needs.on-success-or-workflow-dispatch.outputs.release-tag }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - on-failure: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'failure' }} - steps: - - run: echo 'The triggering workflow failed' diff --git a/.github/workflows/provider.yml b/.github/workflows/provider.yml deleted file mode 100644 index a45e470ae98..00000000000 --- a/.github/workflows/provider.yml +++ /dev/null @@ -1,309 +0,0 @@ -name: Provider Checks - -on: - push: - branches: - - main - - "release/**" - pull_request: - paths: - - .github/workflows/provider.yml - - .ci/.golangci.yml - - .ci/tools/go.mod - - .markdownlint.yml - - internal/** - - docs/index.md - - docs/data-sources/** - - docs/guides/** - - docs/resources/** - - go.sum - - GNUmakefile - - main.go - - names/** - - website/** - -env: - AWS_DEFAULT_REGION: us-west-2 - TERRAFORM_VERSION: "1.0.6" - -jobs: - go_mod_download: - name: go mod download - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - id: cache-go-pkg-mod - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' - run: go mod download - - go_build: - name: go build - needs: [go_mod_download] - runs-on: [custom, linux, medium] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - id: cache-terraform-plugin-dir - timeout-minutes: 2 - with: - path: terraform-plugin-dir - key: ${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - # See also: https://github.com/actions/setup-go/issues/54 - - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - name: go env - run: | - echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - name: go build - run: go build -o terraform-plugin-dir/registry.terraform.io/hashicorp/aws/99.99.99/$(go env GOOS)_$(go env GOARCH)/terraform-provider-aws . - - go_generate: - name: go generate - needs: [go_build] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - # See also: https://github.com/actions/setup-go/issues/54 - - name: go env - run: | - echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: go install golang.org/x/tools/cmd/goimports@latest - - run: make gen - - name: Check for Git Differences - run: | - git diff --compact-summary --exit-code || \ - (echo; echo "Unexpected difference in directories after code generation. Run 'make gen' command and commit."; exit 1) - - go_test: - name: go test - needs: [go_build] - runs-on: [custom, linux, xl] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - # See also: https://github.com/actions/setup-go/issues/54 - - name: go env - run: | - echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - name: Go Test - run: go test ./... - - importlint: - needs: [go_build] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - # See also: https://github.com/actions/setup-go/issues/54 - - name: go env - run: | - echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: cd .ci/tools && go install github.com/pavius/impi/cmd/impi - - run: impi --local . --scheme stdThirdPartyLocal ./... - - # validate_sweepers_unlinked checks that the sweeper functions are not linked in the provider binary. - # As a pre-check, to validate that the check will work, it confirms that `strings` will find the function - # names in the compiled sweeper binary. - validate_sweepers_unlinked: - name: Sweeper Functions Not Linked - needs: [go_build] - runs-on: [custom, linux, medium] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - # See also: https://github.com/actions/setup-go/issues/54 - - name: go env - run: | - echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - - name: Pre-Check sweeper binary - run: | - go test -c -o ./sweeper-bin ./internal/sweep/ - count=$(strings ./sweeper-bin | \ - grep --count --extended-regexp 'internal/service/[a-zA-Z0-9]+\.sweep[a-zA-Z0-9]+$') - [ $count -gt 0 ] || \ - (echo; echo "Expected `strings` to detect sweeper function names in sweeper binary."; exit 1) - - # Use cached provider or rebuild - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 - continue-on-error: true - id: cache-terraform-plugin-dir - timeout-minutes: 2 - with: - path: terraform-plugin-dir - key: ${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' - name: go build - run: go build -o terraform-plugin-dir/registry.terraform.io/hashicorp/aws/99.99.99/$(go env GOOS)_$(go env GOARCH)/terraform-provider-aws . - - - name: Check provider binary - run: | - # grep returns the exit code 1 if there are no results. Disable immediate exit. - set +e - count=$(strings "terraform-plugin-dir/registry.terraform.io/hashicorp/aws/99.99.99/$(go env GOOS)_$(go env GOARCH)/terraform-provider-aws" | \ - grep --count --extended-regexp 'internal/service/[a-zA-Z0-9]+\.sweep[a-zA-Z0-9]+$') - set -e - [ $count -eq 0 ] || \ - (echo; echo "Expected `strings` to detect no sweeper function names in provider binary."; exit 1) - - terraform_providers_schema: - name: terraform providers schema - needs: [go_build] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - id: cache-terraform-providers-schema - timeout-minutes: 2 - with: - path: terraform-providers-schema - key: ${{ runner.os }}-terraform-providers-schema-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - timeout-minutes: 2 - with: - path: terraform-plugin-dir - key: ${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 - with: - terraform_version: ${{ env.TERRAFORM_VERSION }} - terraform_wrapper: false - - if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' - name: terraform init - run: | - # We need a file to initialize the provider - echo 'data "aws_partition" "example" {}' > example.tf - terraform init -plugin-dir terraform-plugin-dir - - if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' - name: terraform providers schema - run: | - mkdir terraform-providers-schema - terraform providers schema -json > terraform-providers-schema/schema.json - - tfproviderdocs: - needs: [terraform_providers_schema] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: cd .ci/tools && go install github.com/YakDriver/tfproviderdocs - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - timeout-minutes: 2 - with: - path: terraform-providers-schema - key: ${{ runner.os }}-terraform-providers-schema-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - name: tfproviderdocs check - run: | - tfproviderdocs check \ - -allowed-resource-subcategories-file website/allowed-subcategories.txt \ - -enable-contents-check \ - -ignore-file-missing-data-sources aws_alb,aws_alb_listener,aws_alb_target_group,aws_alb_trust_store,aws_alb_trust_store_revocation,aws_albs \ - -ignore-file-missing-resources aws_alb,aws_alb_listener,aws_alb_listener_certificate,aws_alb_listener_rule,aws_alb_target_group,aws_alb_target_group_attachment,aws_alb_trust_store,aws_alb_trust_store_revocation \ - -provider-source registry.terraform.io/hashicorp/aws \ - -providers-schema-json terraform-providers-schema/schema.json \ - -require-resource-subcategory \ - -ignore-cdktf-missing-files - - markdown-lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0 - with: - args: "." - ignore: "./docs ./website/docs ./CHANGELOG.md ./internal/service/cloudformation/testdata/examplecompany-exampleservice-exampleresource/docs" diff --git a/.github/workflows/providerlint.yml b/.github/workflows/providerlint.yml deleted file mode 100644 index c1ca232e4eb..00000000000 --- a/.github/workflows/providerlint.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: ProviderLint Checks - -on: - push: - branches: - - main - - 'release/**' - pull_request: - paths: - - .github/workflows/providerlint.yml - - GNUmakefile - - go.sum - - internal/** - - names/** - -jobs: - providerlint: - runs-on: [custom, linux, medium] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - name: go env - run: echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: cd .ci/providerlint && go install -buildvcs=false . - - run: make providerlint diff --git a/.github/workflows/pull_request_feed.yml b/.github/workflows/pull_request_feed.yml deleted file mode 100644 index 2cad34116b0..00000000000 --- a/.github/workflows/pull_request_feed.yml +++ /dev/null @@ -1,79 +0,0 @@ -name: "Pull Request Feed" - -on: - pull_request_target: - types: [opened, closed] - -env: - SLACK_WEBHOOK_URL: ${{ secrets.FEED_SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - GH_TOKEN: ${{ github.token }} - -jobs: - community_check: - uses: ./.github/workflows/community-check.yml - secrets: inherit - with: - username: ${{ github.event.pull_request.user.login }} - - NotificationPRMerged: - if: github.event.pull_request.merged == true - runs-on: ubuntu-latest - steps: - - name: Notification PR Merged - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 - with: - payload: | - { - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":merged: <${{ github.event.pull_request.merged_by.html_url }}|${{ github.event.pull_request.merged_by.login }}> merged <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>" - } - } - ] - } - - NotificationMaintainerPROpened: - needs: community_check - runs-on: ubuntu-latest - steps: - - name: Notification Maintainer PR Opened - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 - if: github.event.action == 'opened' && needs.community_check.outputs.maintainer == 'true' && github.actor != 'dependabot[bot]' - with: - payload: | - { - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":open: <${{ github.event.pull_request.user.html_url }}|${{ github.event.pull_request.user.login }}> opened <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>" - } - } - ] - } - - NotificationPartnerPROpened: - needs: community_check - runs-on: ubuntu-latest - steps: - - name: Notification Partner PR Opened - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 - if: github.event.action == 'opened' && needs.community_check.outputs.partner == 'true' - with: - payload: | - { - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":open: :aws: contributor <${{ github.event.pull_request.user.html_url }}|${{ github.event.pull_request.user.login }}> opened <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>" - } - } - ] - } diff --git a/.github/workflows/pull_request_target.yml b/.github/workflows/pull_request_target.yml deleted file mode 100644 index 3708e50bed3..00000000000 --- a/.github/workflows/pull_request_target.yml +++ /dev/null @@ -1,258 +0,0 @@ -name: Process pull_request_target Events - -on: - pull_request_target: - types: - - assigned - - closed - - edited - - labeled - - opened - - ready_for_review - -jobs: - community_check: - name: 'Community Check' - uses: ./.github/workflows/community-check.yml - secrets: inherit - with: - # This is a ternary that sets the variable to the assigned user's login on assigned events, - # and otherwise sets it to the username of the pull request's author. For more information: - # https://docs.github.com/en/actions/learn-github-actions/expressions#example - username: ${{ github.event.action == 'assigned' && github.event.assignee.login || github.event.pull_request.user.login }} - - labeler: - name: 'Automation Labeler' - needs: community_check - runs-on: ubuntu-latest - env: - PR_URL: ${{ github.event.pull_request.html_url }} - steps: - - name: 'Generate Token' - id: token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - installation_retrieval_mode: id - installation_retrieval_payload: ${{ secrets.INSTALLATION_ID }} - private_key: ${{ secrets.APP_PEM }} - - - name: 'Add needs-triage for non-maintainers' - if: github.event.action == 'opened' && needs.community_check.outputs.maintainer == 'false' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh pr edit ${{ env.PR_URL }} --add-label needs-triage - - - name: 'Add prioritized to pull requests authored by or assigned to maintainers' - # This conditional is basically an exact copy of an example provided by GitHub: - # https://docs.github.com/en/actions/learn-github-actions/expressions#example-matching-an-array-of-strings - if: contains(fromJSON('["opened", "assigned"]'), github.event.action) && needs.community_check.outputs.maintainer == 'true' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh pr edit ${{ env.PR_URL }} --add-label prioritized - - - name: 'Add partner to partner pull requests' - if: github.event.action == 'opened' && needs.community_check.outputs.partner == 'true' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh pr edit ${{ env.PR_URL }} --add-label partner - - - name: 'Add external-maintainer to external maintainer pull requests' - if: github.event.action == 'opened' && needs.community_check.outputs.core_contributor == 'true' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh pr edit ${{ env.PR_URL }} --add-label external-maintainer - - - name: 'Add prioritized to regressions' - if: github.event.label.name == 'regression' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh pr edit ${{ env.PR_URL }} --add-label prioritized - - - name: 'Remove unnecessary labels on closure' - if: github.event.action == 'closed' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: gh pr edit ${{ env.PR_URL }} --remove-label needs-triage,waiting-response - - service_labeler: - name: 'Service Labeler' - if: contains(fromJSON('["opened", "edited"]'), github.event.action) - runs-on: ubuntu-latest - steps: - - name: 'Checkout Repo' - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: 'Apply Labels' - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 - with: - configuration-path: .github/labeler-pr-triage.yml - repo-token: ${{ secrets.GITHUB_TOKEN }} - - size_labeler: - name: 'Size Labeler' - if: contains(fromJSON('["opened", "edited"]'), github.event.action) - runs-on: ubuntu-latest - steps: - - name: 'Apply Size Labels' - uses: codelytv/pr-size-labeler@f2aafc4d8735009c6de18acefe15eecbfbfae56f # v1.9.0 - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - xs_label: 'size/XS' - xs_max_size: '30' - s_label: 'size/S' - s_max_size: '60' - m_label: 'size/M' - m_max_size: '150' - l_label: 'size/L' - l_max_size: '300' - xl_label: 'size/XL' - message_if_xl: '' - - add_to_project: - name: 'Add to Project' - runs-on: ubuntu-latest - needs: community_check - env: - # Some gh project calls take the project's ID, some take the project's number - PROJECT_ID: "PVT_kwDOAAuecM4AF-7h" - PROJECT_NUMBER: "196" - STATUS_FIELD_ID: "PVTSSF_lADOAAuecM4AF-7hzgDcsQA" - VIEW_FIELD_ID: "PVTSSF_lADOAAuecM4AF-7hzgMRB34" - ITEM_URL: ${{ github.event.pull_request.html_url }} - steps: - - name: 'Generate Token' - id: token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - installation_retrieval_mode: id - installation_retrieval_payload: ${{ secrets.INSTALLATION_ID }} - private_key: ${{ secrets.APP_PEM }} - - - name: 'Maintainer Pull Requests' - if: github.event.action == 'opened' && needs.community_check.outputs.maintainer == 'true' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - # In order to update the item's Status field, we need to capture the project item id from the output - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.STATUS_FIELD_ID }} --single-select-option-id ${{ vars.team_project_status_maintainer_pr }} - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_working_board }} - - - name: 'Assigned to Maintainers' - if: github.event.action == 'assigned' && needs.community_check.outputs.maintainer == 'true' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.STATUS_FIELD_ID }} --single-select-option-id ${{ vars.team_project_status_in_progress }} - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_working_board }} - - - name: 'Labeled Prioritized' - if: github.event.label.name == 'prioritized' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_working_board }} - - - name: 'Labeled Regression' - if: github.event.label.name == 'regression' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_working_board }} - - gh api graphql -F itemId="$PROJECT_ITEM_ID" -F projectId=${{ env.PROJECT_ID }} -f query=' - mutation($itemId:ID!, $projectId:ID!) { - updateProjectV2ItemPosition(input:{itemId:$itemId, projectId:$projectId}) { - clientMutationId - } - }' - - - name: 'Labeled Engineering Initiative' - if: github.event.label.name == 'engineering-initiative' - env: - GH_TOKEN: ${{ steps.token.outputs.token }} - run: | - PROJECT_ITEM_ID=$(gh project item-add ${{ env.PROJECT_NUMBER }} --owner "hashicorp" --url ${{ env.ITEM_URL }} --format json | jq '.id') - gh project item-edit --id "$PROJECT_ITEM_ID" --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.VIEW_FIELD_ID }} --single-select-option-id ${{ vars.team_project_view_engineering_initiative }} - - add_to_milestone: - name: 'Add Merged Pull Requests and Related Issues to Milestone' - if: github.event.action == 'closed' && github.event.pull_request.merged - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: 'Get Current Milestone Name' - id: get-current-milestone - run: echo "current_milestone=v$(head -1 CHANGELOG.md | cut -d " " -f 2)" >> "$GITHUB_OUTPUT" - - - name: 'Add Items to Milestone' - env: - GH_TOKEN: ${{ github.token }} - MILESTONE: ${{ steps.get-current-milestone.outputs.current_milestone }} - PR_NUMBER: ${{ github.event.pull_request.number }} - shell: bash - run: ./.ci/scripts/add-to-milestone.sh - - community_note: - name: 'Community Note' - if: github.event.action == 'opened' - runs-on: ubuntu-latest - steps: - - name: 'Add community note to new Pull Requests' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - with: - issue-number: ${{ github.event.pull_request.number }} - body: | - # Community Note - - **Voting for Prioritization** - - * Please vote on this pull request by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original post to help the community and maintainers prioritize this pull request. - * Please see our [prioritization guide](https://hashicorp.github.io/terraform-provider-aws/prioritization/) for information on how we prioritize. - * Please **do not** leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request. - - **For Submitters** - - * Review the [contribution guide](https://hashicorp.github.io/terraform-provider-aws/) relating to the type of change you are making to ensure all of the necessary steps have been taken. - * For new resources and data sources, use [skaff](https://hashicorp.github.io/terraform-provider-aws/skaff/) to generate scaffolding with comments detailing common expectations. - * Whether or not the branch has been rebased will **not** impact prioritization, but doing so is always a welcome surprise. - - first_contribution_note: - name: 'New Contributor Note' - if: github.event.action == 'opened' - runs-on: ubuntu-latest - steps: - - name: 'Add comment to add helpful context for new contributors' - uses: actions/first-interaction@34f15e814fe48ac9312ccf29db4e74fa767cbab7 # v1.3.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - pr-message: |- - Welcome @${{github.actor}} :wave: - - It looks like this is your first Pull Request submission to the [Terraform AWS Provider](https://github.com/hashicorp/terraform-provider-aws)! If you haven’t already done so please make sure you have checked out our [CONTRIBUTOR](https://hashicorp.github.io/terraform-provider-aws/) guide and [FAQ](https://hashicorp.github.io/terraform-provider-aws/faq/) to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval. - - Also take a look at our [FAQ](https://hashicorp.github.io/terraform-provider-aws/faq/) which details how we prioritize Pull Requests for inclusion. - - Thanks again, and welcome to the community! :smiley: - - permissions_check: - name: 'Verify Maintainers Editable' - needs: community_check - if: github.event.action == 'opened' && needs.community_check.outputs.maintainer == 'false' && !github.event.pull_request.maintainer_can_modify - runs-on: ubuntu-latest - steps: - - name: 'Comment if maintainers cannot edit' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - with: - issue-number: ${{ github.event.pull_request.number }} - body: | - Hey @${{ github.actor }} :wave: Thank you very much for your contribution! At times, our maintainers need to make direct edits to pull requests in order to help get it ready to be merged. Your current settings do not allow maintainers to make such edits. To help facilitate this, update your pull request to allow such edits as described in GitHub's [Allowing changes to a pull request branch created from a fork][1] documentation. (If you're using a fork owned by an organization, your organization may not allow you to change this setting. If that is the case, let us know.) - - [1]: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork diff --git a/.github/workflows/regressions.yml b/.github/workflows/regressions.yml deleted file mode 100644 index 1811ffe4318..00000000000 --- a/.github/workflows/regressions.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "Regressions Slack Notifier" -on: - issues: - types: - - labeled - pull_request: - types: - - labeled -jobs: - slack-notification: - name: Slack Notifier - if: github.event.label.name == 'regression' - runs-on: ubuntu-latest - steps: - - name: Send Slack Notification - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - EVENT_URL: ${{ github.event.issue.html_url || github.event.pull_request.html_url }} - EVENT_TITLE: ${{ toJSON(github.event.issue.title || github.event.pull_request.title) }} - with: - channel-id: ${{ secrets.SLACK_CHANNEL }} - payload: | - { - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":warning: The following has been labeled as a regression:" - } - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ${{ toJSON(format('<{0}|{1}>', env.EVENT_URL, env.EVENT_TITLE)) }} - } - } - ] - } diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml deleted file mode 100644 index 1716959c2f4..00000000000 --- a/.github/workflows/release-tag.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: "Feed: Release Tag" -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+*' -jobs: - tag-created: - runs-on: ubuntu-latest - steps: - - name: Notify Slack - id: slack - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 - with: - payload: | - { - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":tag: pushed tag " - } - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.FEED_SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e98ab09c312..d5afdce5011 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,110 +1,71 @@ -name: Release +name: Build TF Provider -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+*' - -permissions: - contents: write +on: [push] jobs: - release-notes: - runs-on: macos-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - name: Generate Release Notes - run: sed -n -e "1{/# /d;}" -e "2{/^$/d;}" -e "/# $(git describe --abbrev=0 --exclude="$(git describe --abbrev=0 --match='v*.*.*' --tags)" --match='v*.*.*' --tags | tr -d v)/q;p" CHANGELOG.md > release-notes.txt - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: release-notes - path: release-notes.txt - retention-days: 1 - terraform-provider-release: - name: 'Terraform Provider Release' - needs: [release-notes] - uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@v3 - secrets: - hc-releases-key-prod: '${{ secrets.HC_RELEASES_KEY_PROD }}' - hc-releases-key-staging: '${{ secrets.HC_RELEASES_KEY_STAGING }}' - hc-releases-github-token: '${{ secrets.HASHI_RELEASES_GITHUB_TOKEN }}' - hc-releases-terraform-registry-sync-token: '${{ secrets.TF_PROVIDER_RELEASE_TERRAFORM_REGISTRY_SYNC_TOKEN }}' - setup-signore-github-token: '${{ secrets.HASHI_SIGNORE_GITHUB_TOKEN }}' - signore-client-id: '${{ secrets.SIGNORE_CLIENT_ID }}' - signore-client-secret: '${{ secrets.SIGNORE_CLIENT_SECRET }}' - hc-releases-host-staging: '${{ secrets.HC_RELEASES_HOST_STAGING }}' - hc-releases-host-prod: '${{ secrets.HC_RELEASES_HOST_PROD }}' - with: - goreleaser-release-args: '--timeout 3h --parallelism 4' - release-notes: true - setup-go-version-file: go.mod - # Product Version (e.g. v1.2.3 or github.ref_name) - product-version: '${{ github.ref_name }}' - highest-version-tag: - needs: [terraform-provider-release] - runs-on: macos-latest - outputs: - tag: ${{ steps.highest-version-tag.outputs.tag }} + build: + # we need to use the same Ubuntu version as our final Docker (base) image + # is using in order to match glibc versions. We need glibc because we + # compile a dynamically-linked binary with boringcrypto. + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: rm -rf /opt/hostedtoolcache + - uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v4 with: - # Allow tag to be fetched when ref is a commit - fetch-depth: 0 - - name: Output highest version tag - id: highest-version-tag + go-version: 1.21.3 + - name: Install C toolchain run: | - HIGHEST=$(git tag | sort -V | tail -1) - echo "tag=$HIGHEST" >> "$GITHUB_OUTPUT" - changelog-newversion: - needs: [terraform-provider-release, highest-version-tag] - # write new changelog header only if release tag is the $HIGHEST i.e. exists on main - # and not a backport release branch (e.g. release/3.x). This results in - # manually updating the CHANGELOG header if releasing from the non-default branch. - # TODO: find a more deterministic way to determine release branch from tag commit - if: github.ref_name == needs.highest-version-tag.outputs.tag - runs-on: macos-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + sudo apt-get update + sudo apt install -y gcc-x86-64-linux-gnu + mkdir bin + - name: Cache Binaries + uses: actions/cache@v2 + env: + cache-name: cache-binaries with: - fetch-depth: 0 - ref: main - - name: Update Changelog Header + path: bin + key: ${{ github.sha }} + restore-keys: ${{ github.sha }} + - name: Build Linux x86_64 binary with Boringcrypto run: | - CHANGELOG_FILE_NAME="CHANGELOG.md" - PREVIOUS_RELEASE_TAG=${{ github.ref_name }} - - # Add Release Date - RELEASE_DATE=`date +%B' '%e', '%Y` - sed -i -e "1 s/Unreleased/$RELEASE_DATE/" $CHANGELOG_FILE_NAME - - # Prepend next release line - echo Previous release is: $PREVIOUS_RELEASE_TAG - - NEW_RELEASE_LINE=$(echo $PREVIOUS_RELEASE_TAG | awk -F. '{ - $1 = substr($1,2) - $2 += 1 - printf("%s.%01d.0\n\n", $1, $2); - }') - - echo New minor version is: v$NEW_RELEASE_LINE - - echo -e "## $NEW_RELEASE_LINE (Unreleased)\n$(cat $CHANGELOG_FILE_NAME)" > $CHANGELOG_FILE_NAME - - run: | - git config --local user.email changelogbot@hashicorp.com - git config --local user.name changelogbot - git add CHANGELOG.md - git commit -m "Update CHANGELOG.md after ${{ github.ref_name }}" - git push - upload-tag-before-post-publish: - needs: [terraform-provider-release] + CC=x86_64-linux-gnu-gcc CGO_ENABLED=1 GOARCH=amd64 GOOS=linux GOEXPERIMENT=boringcrypto \ + go build -o bin/terraform-provider-aws.linux.amd64 . + - name: Verify Boringcrypto + run: | + go run rsc.io/goversion@master -crypto bin/terraform-provider-aws.linux.amd64 | grep -q '(boring crypto)' + # boringcrypto isn't available for darwin, so we can also disable CGO. + - name: Build Darwin arm64 binary without Boringcrypto + run: | + CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin \ + go build -o bin/terraform-provider-aws.darwin.arm64 . + - name: Build Darwin x86_64 binary without Boringcrypto + run: | + CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin \ + go build -o bin/terraform-provider-aws.darwin.amd64 . + release: runs-on: ubuntu-latest + needs: build + if: github.ref == 'refs/heads/snyk' + permissions: + contents: write steps: - - name: Save Release Tag - run: echo ${{ github.ref_name }} > release-tag.data - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + - uses: actions/checkout@v4 + - name: Cache Binaries + uses: actions/cache@v2 + env: + cache-name: cache-binaries + with: + path: bin + key: ${{ github.sha }} + restore-keys: ${{ github.sha }} + - name: Create Release + uses: ncipollo/release-action@v1 with: - name: release-tag - path: release-tag.data - retention-days: 1 + tag: v0.0.0-${{ github.sha }} + commit: ${{ github.sha }} + artifacts: bin/terraform-provider-aws.*.* + makeLatest: true diff --git a/.github/workflows/resource-counts.yml b/.github/workflows/resource-counts.yml deleted file mode 100644 index 3bfcb15b5c1..00000000000 --- a/.github/workflows/resource-counts.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Resource Counts -on: - workflow_dispatch: {} - schedule: - - cron: '0 9 * * WED' -permissions: - contents: write - pull-requests: write -jobs: - coverage: - runs-on: ubuntu-latest - steps: - - name: Generate Token - id: generate_token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - installation_retrieval_mode: id - installation_retrieval_payload: ${{ secrets.INSTALLATION_ID }} - private_key: ${{secrets.APP_PEM }} - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: | - touch main.tf - cat << EOF > main.tf - terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - } - EOF - - run: terraform init - - run: | - datasources=$(terraform providers schema -json | jq '.provider_schemas[] .data_source_schemas | length') - resources=$(terraform providers schema -json | jq '.provider_schemas[] .resource_schemas | length') - sed -r -i "s/There are currently ([0-9]+) resources and ([0-9]+)(.*)/There are currently $resources resources and $datasources\3/" website/docs/index.html.markdown - - run: | - rm main.tf - rm .terraform.lock.hcl - rm -rf .terraform - - name: Create Pull Request - uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4 - with: - token: ${{ steps.generate_token.outputs.token }} - branch: "resource-counts" - commit-message: "docs: update resource counts" - title: "docs: update resource counts" - body: "This PR updates the resource/data source counts included on the provider documentation index page." diff --git a/.github/workflows/semgrep-ci.yml b/.github/workflows/semgrep-ci.yml deleted file mode 100644 index c4b53b0fce1..00000000000 --- a/.github/workflows/semgrep-ci.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: Semgrep Checks - -on: - push: - branches: - - main - - 'release/**' - pull_request: - paths: - - internal/** - - .semgrep*yml - - .github/workflows/semgrep-ci.yml - -env: - SEMGREP_SEND_METRICS: "off" - SEMGREP_ENABLE_VERSION_CHECK: false - SEMGREP_TIMEOUT: 300 - COMMON_PARAMS: --error --quiet - -jobs: - semgrep: - name: Code Quality Scan - runs-on: ubuntu-latest - container: - image: "returntocorp/semgrep:1.52.0" - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: | - semgrep --validate \ - --config .ci/.semgrep.yml \ - --config .ci/semgrep/ - - run: | - semgrep $COMMON_PARAMS \ - --config .ci/.semgrep.yml \ - --config .ci/semgrep/ \ - --config 'r/dgryski.semgrep-go.badnilguard' \ - --config 'r/dgryski.semgrep-go.errnilcheck' \ - --config 'r/dgryski.semgrep-go.marshaljson' \ - --config 'r/dgryski.semgrep-go.nilerr' \ - --config 'r/dgryski.semgrep-go.oddifsequence' \ - --config 'r/dgryski.semgrep-go.oserrors' - - naming_cae: - name: Naming Scan Caps/AWS/EC2 - runs-on: ubuntu-latest - container: - image: "returntocorp/semgrep:1.52.0" - if: (github.action != 'dependabot[bot]') - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: semgrep --validate --config .ci/.semgrep-caps-aws-ec2.yml - - run: semgrep $COMMON_PARAMS --config .ci/.semgrep-caps-aws-ec2.yml - - naming_tests: - name: Test Configs Scan - runs-on: ubuntu-latest - container: - image: "returntocorp/semgrep:1.52.0" - if: (github.action != 'dependabot[bot]') - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: semgrep --validate --config .ci/.semgrep-configs.yml - - run: semgrep $COMMON_PARAMS --config .ci/.semgrep-configs.yml - - naming_semgrep0: - name: Service Name Scan A-C - runs-on: ubuntu-latest - container: - image: "returntocorp/semgrep:1.52.0" - if: (github.action != 'dependabot[bot]') - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: semgrep --validate --config .ci/.semgrep-service-name0.yml - - run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name0.yml - - naming_semgrep1: - name: Service Name Scan C-I - runs-on: ubuntu-latest - container: - image: "returntocorp/semgrep:1.52.0" - if: (github.action != 'dependabot[bot]') - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: semgrep --validate --config .ci/.semgrep-service-name1.yml - - run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name1.yml - - naming_semgrep2: - name: Service Name Scan I-Q - runs-on: ubuntu-latest - container: - image: "returntocorp/semgrep:1.52.0" - if: (github.action != 'dependabot[bot]') - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: semgrep --validate --config .ci/.semgrep-service-name2.yml - - run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name2.yml - - naming_semgrep3: - name: Service Name Scan Q-Z - runs-on: ubuntu-latest - container: - image: "returntocorp/semgrep:1.52.0" - if: (github.action != 'dependabot[bot]') - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - run: semgrep --validate --config .ci/.semgrep-service-name3.yml - - run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name3.yml diff --git a/.github/workflows/skaff.yml b/.github/workflows/skaff.yml deleted file mode 100644 index a268dba296f..00000000000 --- a/.github/workflows/skaff.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Skaff Checks - -on: - push: - branches: - - main - - 'release/**' - pull_request: - paths: - - names/** - - skaff/** - -jobs: - compile_skaff: - name: Compile skaff - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: skaff/go.mod - # See also: https://github.com/actions/setup-go/issues/54 - - name: go env - run: | - echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ${{ env.GOCACHE }} - key: ${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**') }} - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - name: Try building - run: | - cd skaff - go build diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml deleted file mode 100644 index 2c72f16dafd..00000000000 --- a/.github/workflows/snapshot.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Snapshot - -on: - schedule: - - cron: '15 5 * * *' - workflow_dispatch: - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - name: goreleaser release - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 - with: - args: release --rm-dist --skip-sign --snapshot --timeout 2h - - name: artifact naming - id: naming - run: | - case $GITHUB_REF in - refs/heads/*) - ARTIFACT="${GITHUB_REF#refs/heads/}";; - refs/pull/*) - ARTIFACT="pr-${GITHUB_REF#refs/pull/}" - ARTIFACT="${ARTIFACT%/merge}";; - *) - ARTIFACT="${GITHUB_REF}";; - esac - echo "artifact=$ARTIFACT-$(date -u +'%Y-%m-%dT%H-%M')" >> "$GITHUB_OUTPUT" - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: ${{steps.naming.outputs.artifact}} - path: dist/*.zip diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 68b2f8d8680..00000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: "Stale issues and pull requests" -on: - schedule: - - cron: "40 17 * * *" - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - days-before-stale: 720 - days-before-close: 30 - exempt-issue-labels: 'needs-triage' - exempt-pr-labels: 'needs-triage' - operations-per-run: 150 - stale-issue-label: 'stale' - stale-issue-message: | - Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label. - - If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you! - stale-pr-label: 'stale' - stale-pr-message: | - Marking this pull request as stale due to inactivity. This helps our maintainers find and focus on the active pull requests. If this pull request receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label. - - If this pull request was automatically closed and you feel this pull request should be reopened, we encourage creating a new pull request linking back to this one for added context. Thank you! diff --git a/.github/workflows/team_slack_bot.yml b/.github/workflows/team_slack_bot.yml deleted file mode 100644 index 0252f3b154c..00000000000 --- a/.github/workflows/team_slack_bot.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: team-slack-bot - -on: - schedule: - - cron: '0 15 * * 1-5' - -jobs: - open-pr-stats: - runs-on: ubuntu-latest - name: open-pr-stats - if: github.repository_owner == 'hashicorp' - steps: - - name: open-pr-stats - uses: breathingdust/github-team-slackbot@8f1053f9b472b94e6564ebc499a92136c48ace1f # v18.5.1 - with: - github_token: ${{ secrets.ORGSCOPED_GITHUB_TOKEN}} - org: hashicorp - repo: terraform-provider-aws - team_slug: terraform-aws - slack_token: ${{ secrets.SLACK_BOT_TOKEN }} - slack_channel: ${{ secrets.SLACK_CHANNEL }} diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml deleted file mode 100644 index 406bec9ef16..00000000000 --- a/.github/workflows/website.yml +++ /dev/null @@ -1,198 +0,0 @@ -## These checks will be superseded by documentation.yml -## when the provider documentation layout is moved to -## the Terraform Registry layout. -name: Website Checks -on: - push: - branches: - - main - - "release/**" - pull_request: - paths: - - .github/workflows/website.yml - - .ci/.markdownlinkcheck.json - - .ci/.tflint.hcl - - .ci/tools/go.mod - - .markdownlint.yml - - website/docs/** - -jobs: - markdown-link-check-a-h-markdown: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: YakDriver/md-check-links@7450f426b758f0bf97f99ceb1aadcf57640a9ede # v2.0.6 - name: markdown-link-check website/docs/**/[a-h].markdown - with: - use-quiet-mode: "yes" - use-verbose-mode: "yes" - config-file: ".ci/.markdownlinkcheck.json" - folder-path: "website/docs/r, website/docs/d" - file-prefix: "[a-h]" - file-extension: ".markdown" - base-branch: "main" - check-modified-files-only: "no" - - markdown-link-check-i-z-markdown: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: YakDriver/md-check-links@7450f426b758f0bf97f99ceb1aadcf57640a9ede # v2.0.6 - name: markdown-link-check website/docs/**/[i-z].markdown - with: - use-quiet-mode: "yes" - use-verbose-mode: "yes" - config-file: ".ci/.markdownlinkcheck.json" - folder-path: "website/docs/r, website/docs/d" - file-prefix: "[i-z]" - file-extension: ".markdown" - base-branch: "main" - check-modified-files-only: "no" - - markdown-link-check-md: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: YakDriver/md-check-links@7450f426b758f0bf97f99ceb1aadcf57640a9ede # v2.0.6 - name: markdown-link-check website/docs/**/*.md - with: - use-quiet-mode: "yes" - use-verbose-mode: "yes" - config-file: ".ci/.markdownlinkcheck.json" - folder-path: "website/docs" - # Don't check CDKTF translated guides, e.g. website/docs/cdktf/typescript/guides/version-4-upgrade.html.md. - max-depth: 2 - file-extension: ".md" - # Checking only modified files in the PR does not respect 'mex-depth'. - # base-branch: "main" - # check-modified-files-only: "yes" - - markdown-lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0 - with: - args: "website/docs" - # Ignore CDKTF translated guides. - ignore: "website/docs/cdktf/*/guides/*" - - misspell: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: .ci/tools/go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: cd .ci/tools && go install github.com/client9/misspell/cmd/misspell - - run: misspell -error -source text website/ - - terrafmt: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: .ci/tools/go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - run: cd .ci/tools && go install github.com/katbyte/terrafmt - - run: terrafmt diff ./website --check --pattern '*.markdown' - - tflint: - runs-on: [custom, linux, xl] - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - fetch-depth: 0 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: .ci/tools/go.mod - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - continue-on-error: true - timeout-minutes: 2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }} - - - run: cd .ci/tools && go install github.com/katbyte/terrafmt - - run: cd .ci/tools && go install github.com/terraform-linters/tflint - - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - name: Cache plugin dir - with: - path: ~/.tflint.d/plugins - key: ${{ runner.os }}-tflint-${{ hashFiles('.ci/.tflint.hcl') }} - - - run: tflint --config .ci/.tflint.hcl --init - - - run: | - exit_code=0 - - # Configure the rules for tflint. - # The *_invalid_* rules disabled here prevent evaluation of expressions. - # Do not disable *_invalid_name rules, since these are good checks for e.g. "%s" formatting verbs - # being carried over from test cases. - shared_rules=( - "--enable-rule=terraform_comment_syntax" - "--disable-rule=aws_cloudwatch_event_target_invalid_arn" - "--disable-rule=aws_db_instance_default_parameter_group" - "--disable-rule=aws_elasticache_cluster_default_parameter_group" - "--disable-rule=aws_elasticache_replication_group_default_parameter_group" - "--disable-rule=aws_iam_policy_sid_invalid_characters" - "--disable-rule=aws_iam_saml_provider_invalid_saml_metadata_document" - "--disable-rule=aws_iam_server_certificate_invalid_certificate_body" - "--disable-rule=aws_iam_server_certificate_invalid_private_key" - "--disable-rule=aws_iot_certificate_invalid_csr" - "--disable-rule=aws_lb_invalid_load_balancer_type" - "--disable-rule=aws_lb_target_group_invalid_protocol" - "--disable-rule=aws_networkfirewall_rule_group_invalid_rules" - "--disable-rule=aws_s3_object_copy_invalid_source" - "--disable-rule=aws_servicecatalog_portfolio_share_invalid_type" - "--disable-rule=aws_transfer_ssh_key_invalid_body" - "--disable-rule=aws_worklink_website_certificate_authority_association_invalid_certificate" - "--disable-rule=terraform_required_providers" - "--disable-rule=terraform_unused_declarations" - "--disable-rule=terraform_typed_variables" - ) - while read -r filename; do - rules=("${shared_rules[@]}") - if [[ "$filename" == "./website/docs/guides/version-2-upgrade.html.md" ]]; then - # ./website/docs/guides/version-2-upgrade.html.md should still include pre-0.12 syntax, - # since v1.0 does not support Terraform 0.12. - rules+=( - "--disable-rule=terraform_deprecated_index" - "--disable-rule=terraform_deprecated_interpolation" - ) - elif [[ "$filename" == "./website/docs/guides/version-3-upgrade.html.md" ]]; then - # ./website/docs/guides/version-3-upgrade.html.md has one example showing migration from - # pre-0.12 syntax to 0.12 syntax. We can't customize rules per block, and adding a - # tflint-ignore directive to documentation is not ideal. - rules+=( - "--enable-rule=terraform_deprecated_index" - "--disable-rule=terraform_deprecated_interpolation" - ) - else - rules+=( - "--enable-rule=terraform_deprecated_index" - "--enable-rule=terraform_deprecated_interpolation" - ) - fi - - # We need to capture the output and error code here. We don't want to exit on the first error - set +e - ./.ci/scripts/validate-terraform-file.sh "$filename" "${rules[@]}" || exit_code=1 - set -e - done < <(find ./website/docs -type f \( -name '*.md' -o -name '*.markdown' \) | sort -u) - - exit $exit_code diff --git a/.github/workflows/workflow-lint.yml b/.github/workflows/workflow-lint.yml deleted file mode 100644 index 5deee0b50b4..00000000000 --- a/.github/workflows/workflow-lint.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Workflow Linting -on: - push: - branches: - - main - - "release/**" - pull_request: - paths: - - .github/workflows/* - - .ci/tools/go.mod -jobs: - actionlint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version-file: .ci/tools/go.mod - - name: Install actionlint - run: cd .ci/tools && go install github.com/rhysd/actionlint/cmd/actionlint - - name: Run actionlint on workflow files - run: actionlint -shellcheck= diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml deleted file mode 100644 index d49d69cb86b..00000000000 --- a/.github/workflows/yamllint.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: YAML Linting -on: - push: - branches: - - main - - "release/**" - pull_request: - paths: - - "**/*.yml" - - ".yamllint" -jobs: - yamllint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Run yamllint - uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1 - with: - format: github - env: - LANG: C.UTF-8