Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update context.tf and github actions #31

Merged
merged 1 commit into from
Dec 22, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Use this file to define individuals or teams that are responsible for code in a repository.
# Read more: <https://help.github.com/articles/about-codeowners/>
#
# Order is important: the last matching pattern takes the most precedence
# Order is important: the last matching pattern has the highest precedence

# These owners will be the default owners for everything
* @cloudposse/engineering @cloudposse/contributors
Expand All @@ -13,5 +13,12 @@
# Cloud Posse must review any changes to GitHub actions
.github/* @cloudposse/engineering

# Cloud Posse must review any changes to standard context definition
**/context.tf @cloudposse/engineering
# Cloud Posse must review any changes to standard context definition,
# but some changes can be rubber-stamped.
**/context.tf @cloudposse/engineering @cloudposse/approvers
README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers

# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration
.github/mergify.yml @cloudposse/admins
.github/CODEOWNERS @cloudposse/admins
47 changes: 30 additions & 17 deletions .github/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,30 +4,35 @@ version-template: '$MAJOR.$MINOR.$PATCH'
version-resolver:
major:
labels:
- 'major'
- 'major'
minor:
labels:
- 'minor'
- 'enhancement'
- 'minor'
- 'enhancement'
patch:
labels:
- 'patch'
- 'fix'
- 'bugfix'
- 'bug'
- 'hotfix'
- 'auto-update'
- 'patch'
- 'fix'
- 'bugfix'
- 'bug'
- 'hotfix'
default: 'minor'

categories:
- title: '🚀 Enhancements'
labels:
- 'enhancement'
- title: '🐛 Bug Fixes'
labels:
- 'fix'
- 'bugfix'
- 'bug'
- 'hotfix'
- title: '🚀 Enhancements'
labels:
- 'enhancement'
- 'patch'
- title: '🐛 Bug Fixes'
labels:
- 'fix'
- 'bugfix'
- 'bug'
- 'hotfix'
- title: '🤖 Automatic Updates'
labels:
- 'auto-update'

change-template: |
<details>
Expand All @@ -38,3 +43,11 @@ change-template: |

template: |
$CHANGES

replacers:
# Remove irrelevant information from Renovate bot
- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
replace: ''
# Remove Renovate bot banner image
- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
replace: ''
58 changes: 58 additions & 0 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# https://docs.mergify.io/conditions.html
# https://docs.mergify.io/actions.html
pull_request_rules:
- name: "approve automated PRs that have passed checks"
conditions:
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- "base=master"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
- "check-success=test/readme"
- "check-success=test/terratest"
- "check-success=validate-codeowners"
actions:
review:
type: "APPROVE"
bot_account: "cloudposse-mergebot"
message: "We've automatically approved this PR because the checks from the automated Pull Request have passed."

- name: "merge automated PRs when approved and tests pass"
conditions:
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- "base=master"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
- "check-success=test/readme"
- "check-success=test/terratest"
- "check-success=validate-codeowners"
- "#approved-reviews-by>=1"
- "#changes-requested-reviews-by=0"
- "#commented-reviews-by=0"
actions:
merge:
method: "squash"

- name: "delete the head branch after merge"
conditions:
- "merged"
actions:
delete_head_branch: {}

- name: "ask to resolve conflict"
conditions:
- "conflict"
- "-closed"
actions:
comment:
message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏"

- name: "remove outdated reviews"
conditions:
- "base=master"
actions:
dismiss_reviews:
changes_requested: true
approved: true
message: "This Pull Request has been updated, so we're dismissing all reviews."
12 changes: 12 additions & 0 deletions .github/renovate.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"extends": [
"config:base",
":preserveSemverRanges"
],
"labels": ["auto-update"],
"enabledManagers": ["terraform"],
"terraform": {
"ignorePaths": ["**/context.tf", "examples/**"]
}
}

55 changes: 55 additions & 0 deletions .github/workflows/auto-context.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: "auto-context"
on:
schedule:
# Update context.tf nightly
- cron: '0 3 * * *'

jobs:
update:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

- name: Update context.tf
shell: bash
id: update
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
if [[ -f context.tf ]]; then
echo "Discovered existing context.tf! Fetching most recent version to see if there is an update."
curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf
if git diff --no-patch --exit-code context.tf; then
echo "No changes detected! Exiting the job..."
else
echo "context.tf file has changed. Update examples and rebuild README.md."
make init
make github/init/context.tf
make readme/build
echo "::set-output name=create_pull_request=true"
fi
else
echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates."
fi

- name: Create Pull Request
if: steps.update.outputs.create_pull_request == 'true'
uses: cloudposse/actions/github/[email protected]
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
commit-message: Update context.tf from origin source
title: Update context.tf
body: |-
## what
This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label`

## why
To support all the features of the `context` interface.

branch: auto-update/context.tf
base: master
delete-branch: true
labels: |
auto-update
context
86 changes: 86 additions & 0 deletions .github/workflows/auto-format.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: Auto Format
on:
pull_request_target:
types: [opened, synchronize]

jobs:
auto-format:
runs-on: ubuntu-latest
container: cloudposse/build-harness:slim-latest
steps:
# Checkout the pull request branch
# "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
# the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains
# a workflow configured to run when push events occur."
# However, using a personal access token will cause events to be triggered.
# We need that to ensure a status gets posted after the auto-format commit.
# We also want to trigger tests if the auto-format made no changes.
- uses: actions/checkout@v2
if: github.event.pull_request.state == 'open'
name: Privileged Checkout
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# Check out the PR commit, not the merge commit
# Use `ref` instead of `sha` to enable pushing back to `ref`
ref: ${{ github.event.pull_request.head.ref }}

# Do all the formatting stuff
- name: Auto Format
if: github.event.pull_request.state == 'open'
shell: bash
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host

# Commit changes (if any) to the PR branch
- name: Commit changes to the PR branch
if: github.event.pull_request.state == 'open'
shell: bash
id: commit
env:
SENDER: ${{ github.event.sender.login }}
run: |
set -x
output=$(git diff --name-only)

if [ -n "$output" ]; then
echo "Changes detected. Pushing to the PR branch"
git config --global user.name 'cloudpossebot'
git config --global user.email '[email protected]'
git add -A
git commit -m "Auto Format"
# Prevent looping by not pushing changes in response to changes from cloudpossebot
[[ $SENDER == "cloudpossebot" ]] || git push
# Set status to fail, because the push should trigger another status check,
# and we use success to indicate the checks are finished.
printf "::set-output name=%s::%s\n" "changed" "true"
exit 1
else
printf "::set-output name=%s::%s\n" "changed" "false"
echo "No changes detected"
fi

- name: Auto Test
uses: cloudposse/actions/github/[email protected]
# match users by ID because logins (user names) are inconsistent,
# for example in the REST API Renovate Bot is `renovate[bot]` but
# in GraphQL it is just `renovate`, plus there is a non-bot
# user `renovate` with ID 1832810.
# Mergify bot: 37929162
# Renovate bot: 29139614
# Cloudpossebot: 11232728
# Need to use space separators to prevent "21" from matching "112144"
if: >
contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id))
&& steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open'
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: cloudposse/actions
event-type: test-command
client-payload: |-
{ "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}},
"pull_request": ${{ toJSON(github.event.pull_request) }},
"github":{"payload":{"repository": ${{ toJSON(github.event.repository) }},
"comment": {"id": ""}
}
}
}
20 changes: 10 additions & 10 deletions .github/workflows/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,17 @@ name: auto-release
on:
push:
branches:
- master
- master

jobs:
semver:
publish:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@v5
with:
publish: true
prerelease: false
config-name: auto-release.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@v5
with:
publish: true
prerelease: false
config-name: auto-release.yml
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
4 changes: 2 additions & 2 deletions .github/workflows/chatops.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: "Handle common commands"
uses: cloudposse/actions/github/slash-command-dispatch@0.16.0
uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -24,7 +24,7 @@ jobs:
- name: "Checkout commit"
uses: actions/checkout@v2
- name: "Run tests"
uses: cloudposse/actions/github/slash-command-dispatch@0.16.0
uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
25 changes: 25 additions & 0 deletions .github/workflows/validate-codeowners.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Validate Codeowners
on:
pull_request:

jobs:
validate-codeowners:
runs-on: ubuntu-latest
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v2
- uses: mszostok/[email protected]
if: github.event.pull_request.head.repo.full_name == github.repository
name: "Full check of CODEOWNERS"
with:
# For now, remove "files" check to allow CODEOWNERS to specify non-existent
# files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos
# checks: "files,syntax,owners,duppatterns"
checks: "syntax,owners,duppatterns"
# GitHub access token is required only if the `owners` check is enabled
github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
- uses: mszostok/[email protected]
if: github.event.pull_request.head.repo.full_name != github.repository
name: "Syntax check of CODEOWNERS"
with:
checks: "syntax,duppatterns"
3 changes: 2 additions & 1 deletion context.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@
#

module "this" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.22.0"
source = "cloudposse/label/null"
version = "0.22.1" // requires Terraform >= 0.12.26

enabled = var.enabled
namespace = var.namespace
Expand Down
3 changes: 2 additions & 1 deletion examples/complete/context.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@
#

module "this" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2"
source = "cloudposse/label/null"
version = "0.22.1" // requires Terraform >= 0.12.26

enabled = var.enabled
namespace = var.namespace
Expand Down