(github actions) generated latest snippets

examples/snippets/.github/workflows/atmos-components-updater.yml

@@ -0,0 +1,40 @@
+name: "Atmos Component Updater"
+
+on:
+  workflow_dispatch: {}
+
+  schedule:
+    - cron: 0 8 * * *
+
+jobs:
+  update:
+    environment: atmos
+    runs-on: ["self-hosted", "default"]
+    steps:
+      - name: "Checkout source code at current commit"
+        uses: actions/checkout@v4
+
+      - name: Generate a token
+        id: github-app
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.ATMOS_APP_ID }}
+          private-key: ${{ secrets.ATMOS_PRIVATE_KEY }}
+
+      - name: Update Atmos Components
+        uses: cloudposse/github-action-atmos-component-updater@v2
+        env:
+          ATMOS_CLI_CONFIG_PATH: ${{ github.workspace }}/rootfs/usr/local/etc/atmos/
+        with:
+          github-access-token: ${{ steps.github-app.outputs.token }}
+          log-level: INFO
+          vendoring-enabled: true
+          max-number-of-prs: 5
+
+      - name: Delete abandoned update branches
+        uses: phpdocker-io/github-actions-delete-abandoned-branches@v2
+        with:
+          github_token: ${{ steps.github-app.outputs.token }}
+          last_commit_age_days: 0
+          allowed_prefixes: "component-update/"
+          dry_run: no

examples/snippets/.github/workflows/atmos-terraform-apply-matrix.yaml

@@ -1 +1,53 @@
-PLACEHOLDER
+name: 👽 Atmos Terraform Apply Matrix (Reusable)
+run-name: 👽 Atmos Terraform Apply Matrix (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      stacks:
+        description: "Stacks"
+        required: true
+        type: string
+      sha:
+        description: "Commit SHA to apply. Default: github.sha"
+        type: string
+        required: false
+        default: "${{ github.event.pull_request.head.sha }}"
+      atmos-version:
+        description: The version of atmos to install
+        required: false
+        default: ">= 1.63.0"
+        type: string
+      atmos-config-path:
+        description: The path to the atmos.yaml file
+        required: true
+        type: string
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read  # This is required for actions/checkout
+
+jobs:
+  atmos-apply:
+    if: ${{ inputs.stacks != '{include:[]}' }}
+    name: ${{ matrix.stack_slug }}
+    runs-on: ["self-hosted", "terraform"]
+    strategy:
+      max-parallel: 10
+      fail-fast: false # Don't fail fast to avoid locking TF State
+      matrix: ${{ fromJson(inputs.stacks) }}
+    ## Avoid running the same stack in parallel mode (from different workflows)
+    concurrency:
+      group: ${{ matrix.stack_slug }}
+      cancel-in-progress: false
+    steps:
+      - uses: unfor19/install-aws-cli-action@v1
+
+      - name: Apply Atmos Component
+        uses: cloudposse/github-action-atmos-terraform-apply@v2
+        with:
+          component: ${{ matrix.component }}
+          stack: ${{ matrix.stack }}
+          sha: ${{ inputs.sha }}
+          atmos-version: ${{ inputs.atmos-version }}
+          atmos-config-path: ${{ inputs.atmos-config-path }}

examples/snippets/.github/workflows/atmos-terraform-apply.yaml

@@ -1 +1,100 @@
-PLACEHOLDER
+name: 👽 Atmos Terraform Apply
+run-name: 👽 Atmos Terraform Apply
+
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  pr:
+    name: PR Context
+    runs-on:
+      - "self-hosted"
+      - "amd64"
+      - "common"
+    steps:
+      - uses: 8BitJonny/[email protected]
+        id: pr
+
+    outputs:
+      base: ${{ fromJSON(steps.pr.outputs.pr).base.sha }}
+      head: ${{ fromJSON(steps.pr.outputs.pr).head.sha }}
+      auto-apply: ${{ contains( fromJSON(steps.pr.outputs.pr).labels.*.name, 'auto-apply') }}
+      no-apply: ${{ contains( fromJSON(steps.pr.outputs.pr).labels.*.name, 'no-apply') }}
+
+  atmos-affected:
+    name: Determine Affected Stacks
+    if: needs.pr.outputs.no-apply == 'false'
+    needs: ["pr"]
+    runs-on: ["self-hosted", "terraform"]
+    steps:
+      - id: affected
+        uses: cloudposse/github-action-atmos-affected-stacks@v3
+        with:
+          base-ref: ${{ github.event.pull_request.base.sha }}
+          head-ref: ${{ github.event.pull_request.head.sha }}
+          atmos-version: ${{ vars.ATMOS_VERSION }}
+          atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+    outputs:
+      stacks: ${{ steps.affected.outputs.matrix }}
+      has-affected-stacks: ${{ steps.affected.outputs.has-affected-stacks }}
+
+  plan-atmos-components:
+    needs: ["atmos-affected", "pr"]
+    if: |
+      needs.atmos-affected.outputs.has-affected-stacks == 'true' && needs.pr.outputs.auto-apply != 'true'
+    name: Validate plan (${{ matrix.name }})
+    uses: ./.github/workflows/atmos-terraform-plan-matrix.yaml
+    strategy:
+      matrix: ${{ fromJson(needs.atmos-affected.outputs.stacks) }}
+      max-parallel: 1 # This is important to avoid ddos GHA API
+      fail-fast: false # Don't fail fast to avoid locking TF State
+    with:
+      stacks: ${{ matrix.items }}
+      drift-detection-mode-enabled: "true"
+      continue-on-error: 'true'
+      atmos-version: ${{ vars.ATMOS_VERSION }}
+      atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+      sha: ${{ needs.pr.outputs.head }}
+    secrets: inherit
+
+  drift-detection:
+    needs: ["atmos-affected", "plan-atmos-components", "pr"]
+    if: |
+      always() && needs.atmos-affected.outputs.has-affected-stacks == 'true' && needs.pr.outputs.auto-apply != 'true'
+    name: Reconcile issues
+    runs-on:
+      - "self-hosted"
+      - "amd64"
+      - "common"
+    steps:
+      - name: Drift Detection
+        uses: cloudposse/github-action-atmos-terraform-drift-detection@v2
+        with:
+          max-opened-issues: '-1'
+          process-all: 'false'
+
+  auto-apply:
+    needs: ["atmos-affected", "pr"]
+    if: |
+      needs.atmos-affected.outputs.has-affected-stacks == 'true' && needs.pr.outputs.auto-apply == 'true'
+    name: Apply (${{ matrix.name }})
+    uses: ./.github/workflows/atmos-terraform-apply-matrix.yaml
+    strategy:
+      max-parallel: 1
+      fail-fast: false # Don't fail fast to avoid locking TF State
+      matrix: ${{ fromJson(needs.atmos-affected.outputs.stacks) }}
+    with:
+      stacks: ${{ matrix.items }}
+      sha: ${{ needs.pr.outputs.head }}
+      atmos-version: ${{ vars.ATMOS_VERSION }}
+      atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+    secrets: inherit

examples/snippets/.github/workflows/atmos-terraform-dispatch.yaml

@@ -1 +1,63 @@
-PLACEHOLDER
+name: 👽 Atmos Terraform Dispatch
+run-name: 👽 Atmos Terraform Dispatch
+
+on:
+  workflow_dispatch:
+    inputs:
+      component:
+        description: "Atmos Component"
+        type: string
+      stack:
+        description: "Atmos Stack"
+        type: string
+      plan:
+        description: "Terraform Plan"
+        type: boolean
+        default: true
+      apply:
+        description: "Terraform Apply"
+        type: boolean
+        default: false
+      distinct_id:
+        description: "Distinct ID"
+
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  dispatch-id:
+    runs-on: ["self-hosted", "terraform"]
+    steps:
+      - name: echo Distinct ID ${{ github.event.inputs.distinct_id }}
+        run: echo ${{ github.event.inputs.distinct_id }}
+
+  atmos-plan:
+    needs: [ "dispatch-id" ]
+    if: ${{ inputs.plan }}
+    name: Plan (${{ inputs.stack }})
+    uses: ./.github/workflows/atmos-terraform-plan-matrix.yaml
+    with:
+      atmos-version: ${{ vars.ATMOS_VERSION }}
+      atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+      stacks: |
+        {"include": [
+          {"component": "${{ inputs.component }}", "stack": "${{ inputs.stack }}", "stack_slug": "${{ inputs.stack }}-${{ inputs.component }}"}
+        ]}
+    secrets: inherit
+
+  atmos-apply:
+    needs: ["atmos-plan"]
+    if: ${{ inputs.apply }}
+    name: Apply (${{ inputs.stack }})
+    uses: ./.github/workflows/atmos-terraform-apply-matrix.yaml
+    with:
+      atmos-version: ${{ vars.ATMOS_VERSION }}
+      atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+      stacks: |
+        {"include": [
+          {"component": "${{ inputs.component }}", "stack": "${{ inputs.stack }}", "stack_slug": "${{ inputs.stack }}-${{ inputs.component }}"}
+        ]}
+    secrets: inherit
+

examples/snippets/.github/workflows/atmos-terraform-drift-detection.yaml

@@ -1 +1,61 @@
-PLACEHOLDER
+name: 👽 Atmos Terraform Drift Detection
+run-name: 👽 Atmos Terraform Drift Detection
+
+on:
+  # push:
+  #   branches:
+  #     - main   # this is for debugging only
+  workflow_dispatch: {}
+  schedule:
+  - cron: "0 */12 * * *"
+
+permissions:
+  id-token: write
+  contents: write
+  issues: write
+
+jobs:
+  select-components:
+    name: Select Components
+    runs-on: ["self-hosted", "terraform"]
+    steps:
+      - name: Selected Components
+        id: components
+        uses: cloudposse/github-action-atmos-terraform-select-components@v2
+        with:
+          select-filter: '.settings.github.actions_enabled and .metadata.type != "abstract"'
+          atmos-version: ${{ vars.ATMOS_VERSION }}
+          atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+    outputs:
+      stacks: ${{ steps.components.outputs.matrix }}
+      has-selected-components: ${{ steps.components.outputs.has-selected-components }}
+
+  plan-atmos-components:
+    needs: ["select-components"]
+    if: ${{ needs.select-components.outputs.has-selected-components == 'true' }}
+    name: Detect Drift (${{ matrix.name }})
+    uses: ./.github/workflows/atmos-terraform-plan-matrix.yaml
+    strategy:
+      max-parallel: 1 # This is important to avoid ddos GHA API
+      fail-fast: false # Don't fail fast to avoid locking TF State
+      matrix: ${{ fromJson(needs.select-components.outputs.stacks) }}
+    with:
+      stacks: ${{ matrix.items }}
+      sha: ${{ github.sha }}
+      drift-detection-mode-enabled: "true"
+      continue-on-error: true
+      atmos-version: ${{ vars.ATMOS_VERSION }}
+      atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+    secrets: inherit
+
+  drift-detection:
+    needs: ["plan-atmos-components"]
+    if: always()
+    name: Reconcile issues
+    runs-on: ["self-hosted", "terraform"]
+    steps:
+      - name: Drift Detection
+        uses: cloudposse/github-action-atmos-terraform-drift-detection@v2
+        with:
+          max-opened-issues: '25'
+          process-all: 'true'

examples/snippets/.github/workflows/atmos-terraform-drift-remediation.yaml

@@ -1 +1,45 @@
-PLACEHOLDER
+name: 👽 Atmos Terraform Drift Remediation
+run-name: 👽 Atmos Terraform Drift Remediation
+
+on:
+  issues:
+    types:
+      - labeled
+      - closed
+
+permissions:
+  id-token: write
+  contents: read
+  issues: write
+
+jobs:
+  remediate-drift:
+    if: github.event.action == 'labeled' && contains(github.event.issue.labels.*.name, 'apply')
+    name: Remediate Drift
+    runs-on: ["self-hosted", "terraform"]
+    steps:
+      - name: Remediate Drift
+        uses: cloudposse/github-action-atmos-terraform-drift-remediation@v2
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          action: remediate
+          atmos-version: ${{ vars.ATMOS_VERSION }}
+          atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+
+  discard-drift:
+    if: >
+      github.event.action == 'closed' && (
+        contains(github.event.issue.labels.*.name, 'drift') ||
+        contains(github.event.issue.labels.*.name, 'error')
+      ) &&
+      !contains(github.event.issue.labels.*.name, 'remediated')
+    name: Discard Drift
+    runs-on: ["self-hosted", "terraform"]
+    steps:
+      - name: Discard Drift
+        uses: cloudposse/github-action-atmos-terraform-drift-remediation@v2
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          action: discard
+          atmos-version: ${{ vars.ATMOS_VERSION }}
+          atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}