diff --git a/.github/auto-release.yml b/.github/auto-release.yml
index 9976e10..b45efb7 100644
--- a/.github/auto-release.yml
+++ b/.github/auto-release.yml
@@ -47,7 +47,7 @@ template: |
replacers:
# Remove irrelevant information from Renovate bot
-- search: '/(?<=---\s+)+^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
replace: ''
# Remove Renovate bot banner image
- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml
index ab979e0..665833a 100644
--- a/.github/workflows/auto-context.yml
+++ b/.github/workflows/auto-context.yml
@@ -35,7 +35,7 @@ jobs:
- name: Create Pull Request
if: steps.update.outputs.create_pull_request == 'true'
- uses: cloudposse/actions/github/create-pull-request@0.22.0
+ uses: cloudposse/actions/github/create-pull-request@0.30.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml
index 375d0fd..c600d60 100644
--- a/.github/workflows/auto-format.yml
+++ b/.github/workflows/auto-format.yml
@@ -62,7 +62,7 @@ jobs:
fi
- name: Auto Test
- uses: cloudposse/actions/github/repository-dispatch@0.22.0
+ uses: cloudposse/actions/github/repository-dispatch@0.30.0
# match users by ID because logins (user names) are inconsistent,
# for example in the REST API Renovate Bot is `renovate[bot]` but
# in GraphQL it is just `renovate`, plus there is a non-bot
diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml
new file mode 100644
index 0000000..6f25b8d
--- /dev/null
+++ b/.github/workflows/auto-readme.yml
@@ -0,0 +1,71 @@
+name: "auto-readme"
+on:
+ workflow_dispatch:
+
+ schedule:
+ # Example of job definition:
+ # .---------------- minute (0 - 59)
+ # | .------------- hour (0 - 23)
+ # | | .---------- day of month (1 - 31)
+ # | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
+ # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+ # | | | | |
+ # * * * * * user-name command to be executed
+
+ # Update README.md nightly at 4am UTC
+ - cron: '0 4 * * *'
+
+jobs:
+ update:
+ if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Find default branch name
+ id: defaultBranch
+ shell: bash
+ env:
+ GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+ run: |
+ default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name)
+ printf "::set-output name=defaultBranch::%s\n" "${default_branch}"
+ printf "defaultBranchRef.name=%s\n" "${default_branch}"
+
+ - name: Update readme
+ shell: bash
+ id: update
+ env:
+ GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+ DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}"
+ run: |
+ make init
+ make readme/build
+ # Ignore changes if they are only whitespace
+ if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then
+ git restore README.md
+ echo Ignoring whitespace-only changes in README
+ fi
+
+ - name: Create Pull Request
+ # This action will not create or change a pull request if there are no changes to make.
+ # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR.
+ uses: cloudposse/actions/github/create-pull-request@0.30.0
+ with:
+ token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ commit-message: Update README.md and docs
+ title: Update README.md and docs
+ body: |-
+ ## what
+ This is an auto-generated PR that updates the README.md and docs
+
+ ## why
+ To have most recent changes of README.md and doc from origin templates
+
+ branch: auto-update/readme
+ base: ${{ steps.defaultBranch.outputs.defaultBranch }}
+ delete-branch: true
+ labels: |
+ auto-update
+ no-release
+ readme
diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml
index 4ddc067..23f96d8 100644
--- a/.github/workflows/chatops.yml
+++ b/.github/workflows/chatops.yml
@@ -9,7 +9,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: "Handle common commands"
- uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
+ uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,7 +24,7 @@ jobs:
- name: "Checkout commit"
uses: actions/checkout@v2
- name: "Run tests"
- uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
+ uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index c5193b6..70f829e 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -10,7 +10,7 @@ jobs:
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v2
- - uses: mszostok/codeowners-validator@v0.5.0
+ - uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name == github.repository
name: "Full check of CODEOWNERS"
with:
@@ -18,10 +18,12 @@ jobs:
# files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos
# checks: "files,syntax,owners,duppatterns"
checks: "syntax,owners,duppatterns"
+ owner_checker_allow_unowned_patterns: "false"
# GitHub access token is required only if the `owners` check is enabled
github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
- - uses: mszostok/codeowners-validator@v0.5.0
+ - uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name != github.repository
name: "Syntax check of CODEOWNERS"
with:
checks: "syntax,duppatterns"
+ owner_checker_allow_unowned_patterns: "false"
diff --git a/README.md b/README.md
index 36e223f..f64d341 100644
--- a/README.md
+++ b/README.md
@@ -146,7 +146,7 @@ Available targets:
| Name | Source | Version |
|------|--------|---------|
| [log\_group\_label](#module\_log\_group\_label) | cloudposse/label/null | 0.25.0 |
-| [role](#module\_role) | cloudposse/iam-role/aws | 0.15.0 |
+| [role](#module\_role) | cloudposse/iam-role/aws | 0.16.1 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
## Resources
@@ -170,6 +170,7 @@ Available targets:
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
| [iam\_role\_enabled](#input\_iam\_role\_enabled) | Whether to create an IAM role which is able to write logs to the CloudWatch Logs log group | `bool` | `true` | no |
+| [iam\_tags\_enabled](#input\_iam\_tags\_enabled) | Enable/disable tags on IAM roles and policies | `string` | `true` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS Key to use when encrypting log data.
Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group.
All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | `string` | `""` | no |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index e3aaa70..86eb8c6 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -17,7 +17,7 @@
| Name | Source | Version |
|------|--------|---------|
| [log\_group\_label](#module\_log\_group\_label) | cloudposse/label/null | 0.25.0 |
-| [role](#module\_role) | cloudposse/iam-role/aws | 0.15.0 |
+| [role](#module\_role) | cloudposse/iam-role/aws | 0.16.1 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
## Resources
@@ -41,6 +41,7 @@
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
| [iam\_role\_enabled](#input\_iam\_role\_enabled) | Whether to create an IAM role which is able to write logs to the CloudWatch Logs log group | `bool` | `true` | no |
+| [iam\_tags\_enabled](#input\_iam\_tags\_enabled) | Enable/disable tags on IAM roles and policies | `string` | `true` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS Key to use when encrypting log data.
Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group.
All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | `string` | `""` | no |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
diff --git a/iam.tf b/iam.tf
index ffe5217..d886daa 100644
--- a/iam.tf
+++ b/iam.tf
@@ -4,7 +4,7 @@ locals {
module "role" {
source = "cloudposse/iam-role/aws"
- version = "0.15.0"
+ version = "0.16.1"
enabled = local.iam_role_enabled
@@ -20,6 +20,8 @@ module "role" {
]
permissions_boundary = var.permissions_boundary
+ tags_enabled = var.iam_tags_enabled
+
context = module.this.context
}
diff --git a/variables.tf b/variables.tf
index 0226c1d..c00d969 100644
--- a/variables.tf
+++ b/variables.tf
@@ -50,3 +50,9 @@ variable "permissions_boundary" {
default = ""
description = "ARN of the policy that is used to set the permissions boundary for the IAM role"
}
+
+variable "iam_tags_enabled" {
+ type = string
+ description = "Enable/disable tags on IAM roles and policies"
+ default = true
+}