Init settings for CI/CD

Add Codeowner file Add self approval action
matchan26 · Dec 16, 2023 · c26b8dd · c26b8dd
1 parent a3ce823
commit c26b8dd
Show file tree

Hide file tree

Showing 56 changed files with 1,792 additions and 10 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# repository owner
+@matchan26
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,28 @@
+<!-- Please refer to our contributing docs for any questions on submitting a pull request -->
+<!-- Issues are required for both bug fixes and features. -->
+Resolves #ISSUE_NUMBER
+
+----
+
+### Before the change?
+<!-- Please describe the current behavior that you are modifying. -->
+
+* 
+
+### After the change?
+<!-- Please describe the behavior or changes that are being added by this PR. -->
+
+* 
+
+### Pull request checklist
+- [ ] Tests for the changes have been added (for bug fixes / features)
+- [ ] Docs have been reviewed and added / updated if needed (for bug fixes / features)
+
+### Does this introduce a breaking change?
+<!-- If this introduces a breaking change make sure to note it here any what the impact might be -->
+
+
+- [ ] Yes
+- [ ] No
+
+----
diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml
@@ -0,0 +1,20 @@
+---
+name: actionlint
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - .github/**
+      - aqua/actionlint.yaml
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: read
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+      - uses: suzuki-shunsuke/github-action-actionlint@60449a33b52da4f92a069b8af50d04515d6177bf # v0.1.3
diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml
@@ -0,0 +1,87 @@
+---
+name: apply
+on:
+  push:
+    branches: [main] # Disabled. CHANGEME Replace dummy with main
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  TFACTION_IS_APPLY: 'true'
+permissions:
+  id-token: write
+  contents: read
+  issues: read # this is required to `gh pr list`'s `-l` option
+  pull-requests: write
+  actions: read
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.list-targets.outputs.targets }}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+
+      - uses: suzuki-shunsuke/tfaction/list-targets@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        id: list-targets
+
+  apply:
+    name: "apply (${{matrix.target.target}})"
+    runs-on: ${{matrix.target.runs_on}}
+    needs: setup
+    # if services is empty, the build job is skipped
+    if: "join(fromJSON(needs.setup.outputs.targets), '') != ''"
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{fromJSON(needs.setup.outputs.targets)}}
+    env:
+      TFACTION_TARGET: ${{matrix.target.target}}
+      TFACTION_JOB_TYPE: ${{matrix.target.job_type}}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+
+      - uses: suzuki-shunsuke/tfaction/export-secrets@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          secrets: ${{ toJSON(secrets) }}
+
+      # This is required to download private modules in `terraform init`
+      - run: gh auth setup-git
+        env:
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+
+      - run: tfaction get-or-create-drift-issue
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+
+      - uses: suzuki-shunsuke/tfaction/setup@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_app_token: ${{ steps.generate_token.outputs.token }}
+          ssh_key: ${{ secrets.TERRAFORM_PRIVATE_MODULE_SSH_KEY }} # This isn't needed if you don't use SSH key to checkout private Terraform Modules
+
+      - uses: suzuki-shunsuke/tfaction/apply@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_app_token: ${{ steps.generate_token.outputs.token }}
+
+      - uses: suzuki-shunsuke/tfaction/create-follow-up-pr@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        if: failure()
+        with:
+          github_app_token: ${{ steps.generate_token.outputs.token }}
+
+      - uses: suzuki-shunsuke/tfaction/update-drift-issue@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        if: always()
+        with:
+          status: ${{job.status}}
+          github_token: ${{steps.generate_token.outputs.token}}
diff --git a/.github/workflows/release-module.yaml b/.github/workflows/release-module.yaml
@@ -0,0 +1,30 @@
+---
+name: Release a Terraform Module
+run-name: Release a Terraform Module (${{inputs.module_path}} ${{inputs.version}})
+on:
+  workflow_dispatch:
+    inputs:
+      module_path:
+        description: 'Module path'
+        required: true
+      version:
+        description: 'Module version'
+        required: true
+permissions:
+  contents: write
+env:
+  TFACTION_TARGET: ${{github.event.inputs.module_path}}
+jobs:
+  release-module:
+    name: "release-module (${{github.event.inputs.module_path}})"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+
+      - uses: suzuki-shunsuke/tfaction/release-module@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          version: ${{ github.event.inputs.version }}
+          module_path: ${{ github.event.inputs.module_path }}
diff --git a/.github/workflows/scaffold-module.yaml b/.github/workflows/scaffold-module.yaml
@@ -0,0 +1,32 @@
+---
+name: Scaffold Terraform Module
+run-name: Scaffold Terraform Module (${{inputs.module_path}})
+on:
+  workflow_dispatch:
+    inputs:
+      module_path:
+        description: 'module path'
+        required: true
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  scaffold:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - uses: suzuki-shunsuke/tfaction/scaffold-module@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_token: ${{ steps.generate_token.outputs.token }}
+          module_path: ${{ github.event.inputs.module_path }}
diff --git a/.github/workflows/scaffold-tfmigrate.yaml b/.github/workflows/scaffold-tfmigrate.yaml
@@ -0,0 +1,44 @@
+---
+name: Scaffold tfmigrate
+run-name: Scaffold tfmigrate (${{inputs.target}})
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: 'target'
+        required: true
+      migration_name:
+        description: 'migration name. e.g. "import_foo"'
+        required: true
+      pr_number:
+        description: Pull Request Number
+        required: false
+env:
+  TFACTION_TARGET: ${{github.event.inputs.target}}
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  scaffold:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{secrets.APP_ID}}
+          private_key: ${{secrets.APP_PRIVATE_KEY}}
+
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+        env:
+          GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
+
+      - uses: suzuki-shunsuke/tfaction/scaffold-tfmigrate@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_app_token: ${{steps.generate_token.outputs.token}}
+          migration_name: ${{github.event.inputs.migration_name}}
+          pr_number: ${{inputs.pr_number}}
diff --git a/.github/workflows/scaffold-working-directory.yaml b/.github/workflows/scaffold-working-directory.yaml
@@ -0,0 +1,36 @@
+---
+name: Scaffold a working directory
+run-name: Scaffold a working directory (${{inputs.working_dir}})
+on:
+  workflow_dispatch:
+    inputs:
+      working_dir:
+        description: working directory
+        required: true
+env:
+  TFACTION_WORKING_DIR: ${{github.event.inputs.working_dir}}
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+jobs:
+  scaffold:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+
+      - uses: suzuki-shunsuke/tfaction/scaffold-working-dir@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - uses: suzuki-shunsuke/tfaction/create-scaffold-pr@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_app_token: ${{ steps.generate_token.outputs.token }}
diff --git a/.github/workflows/schedule-create-drift-issues.yaml b/.github/workflows/schedule-create-drift-issues.yaml
@@ -0,0 +1,18 @@
+name: Create drift issues
+on:
+  workflow_dispatch:
+    inputs: {}
+  # schedule:
+  #   # daily
+  #   - cron: '0 0 * * *'
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+      - run: tfaction create-drift-issues
+        env:
+          GITHUB_TOKEN: ${{github.token}}
diff --git a/.github/workflows/schedule-detect-drifts.yaml b/.github/workflows/schedule-detect-drifts.yaml
@@ -0,0 +1,81 @@
+name: Detect drift
+on:
+  workflow_dispatch:
+    inputs: {}
+  # schedule:
+  #   # hourly
+  #   - cron: '0 * * * *'
+jobs:
+  pick-out-drift-issues:
+    runs-on: ubuntu-latest
+    outputs:
+      issues: ${{steps.pick-out-drift-issues.outputs.issues}}
+      has_issues: ${{steps.pick-out-drift-issues.outputs.has_issues}}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+      - run: tfaction pick-out-drift-issues
+        id: pick-out-drift-issues
+        env:
+          GITHUB_TOKEN: ${{github.token}}
+
+  detect-drift:
+    name: "detect-drift (${{matrix.issue.target}})"
+    runs-on: ${{matrix.issue.runs_on}}
+    needs: pick-out-drift-issues
+    permissions:
+      issues: write # For github-comment and tfcmt
+      contents: write # To push commits
+      id-token: write # For OIDC
+    if: fromJSON(needs.pick-out-drift-issues.outputs.has_issues)
+    strategy:
+      fail-fast: false
+      matrix:
+        issue: ${{fromJSON(needs.pick-out-drift-issues.outputs.issues)}}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{secrets.APP_ID}}
+          private_key: ${{secrets.APP_PRIVATE_KEY}}
+
+      - uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
+        with:
+          aqua_version: v2.17.2
+        env:
+          GITHUB_TOKEN: ${{github.token}}
+
+      - uses: suzuki-shunsuke/tfaction/set-drift-env@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          issue: ${{toJSON(matrix.issue)}}
+
+      - uses: suzuki-shunsuke/tfaction/setup@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_token: ${{steps.generate_token.outputs.token}}
+          github_app_token: ${{steps.generate_token.outputs.token}}
+        env:
+          GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
+
+      - uses: suzuki-shunsuke/tfaction/test@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_token: ${{steps.generate_token.outputs.token}}
+          github_app_token: ${{steps.generate_token.outputs.token}}
+        env:
+          GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
+
+      - uses: suzuki-shunsuke/tfaction/terraform-plan@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        with:
+          github_token: ${{steps.generate_token.outputs.token}}
+          github_app_token: ${{steps.generate_token.outputs.token}}
+        env:
+          GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
+
+      - uses: suzuki-shunsuke/tfaction/update-drift-issue@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
+        if: always()
+        with:
+          status: ${{job.status}}
+          github_token: ${{steps.generate_token.outputs.token}}