lablabs · jaygridley · Jun 27, 2024 · Jun 3, 2024 · Jun 10, 2024 · Jun 26, 2024
diff --git a/.github/RELEASE_DRAFTER.yml b/.github/RELEASE_DRAFTER.yml
@@ -7,11 +7,25 @@ categories:
       - 'enhancement'
   - title: 'Bug Fixes'
     labels:
-      - 'fix'
-      - 'bugfix'
       - 'bug'
   - title: 'Documentation'
     label: 'documentation'
+  - title: 'CI'
+    label: 'ci'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'feature'
+      - 'enhancement'
+  patch:
+    labels:
+      - 'ci'
+      - 'bug'
+      - 'documentation'
+  default: patch
 change-template: '- $TITLE, by @$AUTHOR (#$NUMBER)'
 template: |
   # What's changed

diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,21 @@
+name: pre-commit
+
+permissions:
+  contents: read
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - master
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-22.04
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: asdf-vm/actions/install@v3
+      - uses: pre-commit/[email protected]
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
diff --git a/.github/workflows/release-drafter.yml → .github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yml → .github/workflows/release-drafter.yaml
@@ -1,4 +1,4 @@
-name: Release Drafter
+name: Release drafter
 
 permissions:
   contents: write
@@ -15,7 +15,7 @@ on:
 
 jobs:
   update_release_draft:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: release-drafter/release-drafter@v5
         with:

diff --git a/.github/workflows/template-sync.yaml b/.github/workflows/template-sync.yaml
@@ -0,0 +1,30 @@
+name: Template sync
+
+on:
+  schedule:
+    - cron: '0 0 * * *' # every day at midnight
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  universal-addon:
+    if: github.repository != 'lablabs/terraform-aws-eks-universal-addon'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.TEST_TOKEN }}
+
+      - name: actions-template-sync
+        uses: AndreasAugustin/actions-template-sync@v2
+        with:
+          github_token: ${{ secrets.TEST_TOKEN }}
+          source_repo_path: lablabs/terraform-aws-eks-universal-addon
+          upstream_branch: main
+          pr_labels: kind/sync
+          pr_branch_name_prefix: "feat/universal-addon-sync"
+          pr_title: "feat(sync): sync universal-addon changes"
+          pr_commit_msg: "feat(sync): sync universal-addon changes"
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -1,5 +1,8 @@
 name: Terraform validate
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   pull_request:
@@ -10,11 +13,11 @@ on:
 jobs:
   versionExtract:
     name: Extract min/max Terraform versions
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Extract Terraform min/max versions
         id: minMax
@@ -26,7 +29,7 @@ jobs:
       maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
   terraform-validate:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: versionExtract
     strategy:
       matrix:
@@ -35,17 +38,15 @@ jobs:
           - ${{ needs.versionExtract.outputs.maxVersion }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: hashicorp/setup-terraform@v2
       with:
         terraform_version: ${{ matrix.tf_ver }}
 
-    - name: Validate module
-      run: |
-        terraform init
-        terraform validate
-    - name: Validate example
-      run: |
-        cd examples/basic
-        terraform init
-        terraform validate
+    - name: Terraform Init
+      id: init
+      run: terraform init
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate
diff --git a/.gitignore b/.gitignore
@@ -32,5 +32,3 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
-
-.terraform.lock.hcl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.2.0
+    rev: v4.5.0
     hooks:
       - id: trailing-whitespace
       - id: check-merge-conflict
@@ -10,23 +10,22 @@ repos:
       - id: end-of-file-fixer
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.71.0
+    rev: v1.88.2
     hooks:
-    - id: terraform_fmt
-    - id: terraform_tflint
-    - id: terraform_validate
-    - id: terraform_checkov
-    - id: terraform_docs
-      args:
-        - '--args=--hide providers --sort-by required'
-
-  - repo: https://github.com/pecigonzalo/pre-commit-terraform-vars
-    rev: v1.0.0
-    hooks:
-    - id: terraform-vars
+      - id: terraform_fmt
+      - id: terraform_tflint
+        args:
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
+      - id: terraform_validate
+      - id: terraform_checkov
+        args:
+          - '--args=--skip-check CKV_TF_1' #CKV_TF_1: "Ensure Terraform module sources use a commit hash"
+      - id: terraform_docs
+        args:
+          - '--args=--config=.terraform-docs.yml'
 
   - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.2.0
+    rev: v1.4.0
     hooks:
       - id: detect-secrets
         args: ['--baseline', '.secrets.baseline']

diff --git a/.secrets.baseline b/.secrets.baseline
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0",
+  "version": "1.3.0",
   "plugins_used": [
     {
       "name": "ArtifactoryDetector"
@@ -20,6 +20,9 @@
     {
       "name": "CloudantDetector"
     },
+    {
+      "name": "GitHubTokenDetector"
+    },
     {
       "name": "HexHighEntropyString",
       "limit": 3.0
@@ -46,6 +49,9 @@
     {
       "name": "PrivateKeyDetector"
     },
+    {
+      "name": "SendGridDetector"
+    },
     {
       "name": "SlackDetector"
     },
@@ -66,6 +72,10 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -99,5 +109,5 @@
     }
   ],
   "results": {},
-  "generated_at": "2021-12-09T12:48:22Z"
+  "generated_at": "2022-07-28T10:50:47Z"
 }
diff --git a/.templatesyncignore b/.templatesyncignore
@@ -0,0 +1,6 @@
+modules
+examples/basic/main.tf
+main.tf
+variables.tf
+README.md
+.secrets.baseline
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -0,0 +1,34 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: docs/.footer.md
+
+content: |-
+  {{ .Header }}
+  {{ include "docs/.content.md" }}
+  {{ .Requirements }}
+  {{ .Providers }}
+  {{ .Modules }}
+  {{ .Resources }}
+  {{ include "docs/.inputs.md" }}
+  {{ .Inputs }}
+  {{ .Outputs }}
+  {{ .Footer }}
+
+output:
+  file: README.md
+  mode: replace
+  template: |-
+    {{ .Content }}
+    {{- printf "\n" -}}
+
+sections:
+  hide:
+    - providers
+
+sort:
+  by: required
+
+settings:
+  default: false
+  required: false