feat: add some error handling

Author: gberenice

.github/workflows/trunk-upgrade.yaml

@@ -19,93 +19,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Create Token for MasterpointBot App
-        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
-        id: generate-token
+      - name: Run Trunk Upgrade
+        uses: masterpointio/github-action-trunk-upgrade@v0.1.0
         with:
-          app_id: ${{ secrets.MP_BOT_APP_ID }}
-          private_key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
-
-      - name: Upgrade
-        id: trunk-upgrade
-        uses: trunk-io/trunk-action/upgrade@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          app-id: ${{ secrets.MP_BOT_APP_ID }}
+          app-private-key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
+          github-token: ${{ secrets.MASTERPOINT_TEAM_PAT }}
           reviewers: "@masterpointio/masterpoint-internal"
-          prefix: "chore: "
-
-      - name: Wait for checks to pass + Merge PR
-        if: steps.trunk-upgrade.outputs.pull-request-number != ''
-        env:
-          GH_TOKEN: ${{ secrets.MASTERPOINT_TEAM_PAT }}
-          PR_NUMBER: ${{ steps.trunk-upgrade.outputs.pull-request-number }}
-        run: |
-          echo "Waiting for status checks to pass on PR #$PR_NUMBER..."
-
-          # Wait a bit for checks to start
-          echo "Waiting 30 seconds for checks to initialize..."
-          sleep 30
-
-          # Try to get all checks first to see if any exist
-          ALL_CHECKS_JSON=$(gh pr checks "$PR_NUMBER" --json state,bucket || echo "[]")
-          echo "All checks: $ALL_CHECKS_JSON"
-
-          # Get required checks
-          REQUIRED_CHECKS_JSON=$(gh pr checks "$PR_NUMBER" --required --json state,bucket || echo "[]")
-          echo "Required checks: $REQUIRED_CHECKS_JSON"
-
-          # Check if we have any required checks
-          REQUIRED_CHECKS_COUNT=$(echo "$REQUIRED_CHECKS_JSON" | jq '. | length')
-          ALL_CHECKS_COUNT=$(echo "$ALL_CHECKS_JSON" | jq '. | length')
-
-          if [ "$REQUIRED_CHECKS_COUNT" -eq 0 ] && [ "$ALL_CHECKS_COUNT" -eq 0 ]; then
-            echo "No status checks found. This might be expected if no checks are configured."
-            echo "Proceeding with auto-approval and merge..."
-
-            # Auto-approve the PR
-            gh pr review "$PR_NUMBER" --approve --body "Auto-approved by trunk upgrade workflow (no status checks configured)"
-
-            # Merge the PR
-            gh pr merge "$PR_NUMBER" --squash --delete-branch --admin
-            exit 0
-          fi
-
-          # If we have required checks, wait for them. Otherwise, wait for all checks.
-          if [ "$REQUIRED_CHECKS_COUNT" -gt 0 ]; then
-            echo "Waiting for $REQUIRED_CHECKS_COUNT required status checks..."
-            CHECKS_TO_MONITOR="required"
-          else
-            echo "No required checks configured. Waiting for all $ALL_CHECKS_COUNT status checks..."
-            CHECKS_TO_MONITOR="all"
-          fi
-
-          # Wait for checks to complete
-          while true; do
-            if [ "$CHECKS_TO_MONITOR" = "required" ]; then
-              CHECKS_JSON=$(gh pr checks "$PR_NUMBER" --required --json state,bucket)
-            else
-              CHECKS_JSON=$(gh pr checks "$PR_NUMBER" --json state,bucket)
-            fi
-
-            echo "Current checks status: $CHECKS_JSON"
-
-            if echo "$CHECKS_JSON" | jq -e '.[] | select(.bucket=="fail")' > /dev/null; then
-              echo "One or more checks have failed. Exiting..."
-              exit 1
-            fi
-
-            FAILED_OR_PENDING_CHECKS=$(echo "$CHECKS_JSON" | jq '[.[] | select(.state!="SUCCESS" or .bucket!="pass")] | length')
-            if [ "$FAILED_OR_PENDING_CHECKS" -eq 0 ]; then
-              echo "All checks passed. Auto-approving and merging PR https://github.com/${{ github.repository }}/pull/$PR_NUMBER..."
-
-              # Auto-approve the PR
-              gh pr review "$PR_NUMBER" --approve --body "Auto-approved by trunk upgrade workflow"
-
-              # Merge the PR
-              gh pr merge "$PR_NUMBER" --squash --delete-branch --admin
-              break
-            else
-              echo "Some checks are still running or pending. Retrying in 30s..."
-              sleep 30
-            fi
-          done

.gitignore

@@ -4,3 +4,4 @@
 # Therefore, configs specific to their coding practices are their responsibilty to judiciously manage.
 .claude/*
 
+.tmp-template-sync/

lib/os-modules/Taskfile.yaml

@@ -14,9 +14,33 @@ vars:
     terraform-spacelift-aws-integrations \
     terraform-spacelift-events-collector-audit-trail \
     terraform-spacelift-policies
+
+  # Configuration constants
   SYNC_BRANCH: chore/sync-with-template
   SHARED_TMP_DIR: .tmp-template-sync
+  TEMPLATE_REPO: https://github.com/masterpointio/terraform-module-template.git
+  TEMPLATE_OWNER: masterpointio
+  SYNC_MESSAGE: "chore: sync with latest template state"
+
+  # Files to synchronize
+  SYNC_FILES: >-
+    .checkov.yaml
+    .coderabbit.yaml
+    .editorconfig
+    .gitignore
+    .github
+    .markdownlint.yaml
+    .terraform-docs.yaml
+    .tflint.hcl
+    .trunk
+    .yamllint.yaml
+    LICENSE
+    aqua.yaml
 tasks:
+  # ============================================================================
+  # File Synchronization Tasks
+  # ============================================================================
+
   sync:
     desc: |
       Sync files from `terraform-module-template` to specified Terraform open-source module repos.
@@ -31,33 +55,24 @@ tasks:
 
     vars:
       MODULES: "{{if .CLI_ARGS}}{{.CLI_ARGS}}{{else}}{{.DEFAULT_MODULES}}{{end}}"
-      FILES: >-
-        .checkov.yaml
-        .coderabbit.yaml
-        .editorconfig
-        .gitignore
-        .github
-        .markdownlint.yaml
-        .terraform-docs.yaml
-        .tflint.hcl
-        .trunk
-        .yamllint.yaml
-        LICENSE
-        aqua.yaml
     cmds:
       - |
         # Convert newlines to spaces and remove backslashes
         modules=$(echo "{{.MODULES}}" | tr '\n' ' ' | sed 's/\\//g')
         for module in $modules
         do
           echo "Syncing files to ../$module ..."
-          for file in {{.FILES}}
+          for file in {{.SYNC_FILES}}
           do
             echo "  Syncing $file"
             rsync -av --delete {{.SHARED_TMP_DIR}}/$file ../$module/
           done
         done
 
+  # ============================================================================
+  # Git Branch Management Tasks
+  # ============================================================================
+
   pull-and-branch:
     desc: |
       Pull main branch and create a sync branch for specified Terraform open-source module repos.
@@ -81,7 +96,7 @@ tasks:
           echo -e "\n\n🚀 Processing ---------------- $module \n"
           if [ ! -d ../$module ]; then
             echo "🧲 Cloning repository..."
-            git clone "git@github.com:masterpointio/$module.git" ../$module
+            git clone "git@github.com:{{.TEMPLATE_OWNER}}/$module.git" ../$module
           fi
           cd ../$module
 
@@ -117,6 +132,10 @@ tasks:
           cd -
         done
 
+  # ============================================================================
+  # Commit and Push Tasks
+  # ============================================================================
+
   push:
     desc: |
       Commit and push changes with the specified commit message.
@@ -140,14 +159,25 @@ tasks:
           cd ../$module
           echo "🔄 Checking out {{.SYNC_BRANCH}} branch..."
           git checkout {{.SYNC_BRANCH}}
-          echo "📝 Committing changes..."
+          echo "📝 Staging changes..."
           git add .
-          git commit -m "chore: update with the latest template state"
-          echo "⬆️ Pushing changes..."
-          git push origin {{.SYNC_BRANCH}}
+
+          # Check if there are any changes to commit
+          if git diff --staged --quiet; then
+            echo "⚠️  No changes to commit in $module, skipping..."
+          else
+            echo "📝 Committing changes..."
+            git commit -m "{{.SYNC_MESSAGE}}"
+            echo "⬆️ Pushing changes..."
+            git push origin {{.SYNC_BRANCH}}
+          fi
           cd -
         done
 
+  # ============================================================================
+  # Pull Request Management Tasks
+  # ============================================================================
+
   pr:
     desc: |
       Create pull requests for the changes pushed to SYNC_BRANCH.
@@ -161,18 +191,24 @@ tasks:
 
     vars:
       MODULES: "{{if .CLI_ARGS}}{{.CLI_ARGS}}{{else}}{{.DEFAULT_MODULES}}{{end}}"
-      PR_TITLE: "chore: sync with latest template state"
-      PR_BODY: |
-        This PR syncs the repository with the latest state from `terraform-module-template`.
-
-        **Changes include:**
-        - Updated configuration files (.checkov.yaml, .markdownlint.yaml, etc.)
-        - Updated GitHub workflows and templates
-        - Updated linting and formatting configurations
-        - Updated documentation templates
-
     cmds:
       - |
+        # Get the latest commit SHA from terraform-module-template
+        echo "🔍 Fetching latest commit SHA from terraform-module-template..."
+        template_sha=$(git ls-remote {{.TEMPLATE_REPO}} HEAD | cut -f1)
+        template_short_sha=$(echo $template_sha | cut -c1-7)
+
+        # Try to get the latest tag from terraform-module-template
+        echo "🏷️  Fetching latest tag from terraform-module-template..."
+        template_tag=$(git ls-remote --tags --sort=-version:refname {{.TEMPLATE_REPO}} | head -n1 | sed 's/.*refs\/tags\///' | sed 's/\^{}//')
+
+        # If no tag found, use "no tags"
+        if [ -z "$template_tag" ]; then
+          template_tag="no tags"
+        fi
+
+        echo "📝 Template info: Tag: $template_tag, SHA: $template_short_sha"
+
         # Convert newlines to spaces and remove backslashes
         modules=$(echo "{{.MODULES}}" | tr '\n' ' ' | sed 's/\\//g')
         for module in $modules
@@ -187,35 +223,72 @@ tasks:
             git checkout {{.SYNC_BRANCH}}
           fi
 
+          # Check if there are commits ahead of main
           commits_ahead=$(git rev-list --count main..{{.SYNC_BRANCH}})
           if [ "$commits_ahead" -eq 0 ]; then
             echo "⏭️  No commits ahead of main, skipping PR creation for $module"
             cd -
             continue
           fi
 
+          # Ensure remote branch exists
+          if ! git ls-remote --heads origin {{.SYNC_BRANCH}} | grep -q {{.SYNC_BRANCH}}; then
+            echo "📤 Remote branch doesn't exist, pushing {{.SYNC_BRANCH}} to origin..."
+            git push origin {{.SYNC_BRANCH}}
+          fi
+
+          # Check if PR already exists
+          existing_pr=$(gh pr list --head {{.SYNC_BRANCH}} --base main --json number --jq '.[0].number' 2>/dev/null || echo "")
+          if [ -n "$existing_pr" ]; then
+            echo "📋 PR already exists (#$existing_pr), skipping PR creation for $module"
+            cd -
+            continue
+          fi
+
+          # Create PR body with template version info
           echo "📋 Creating pull request..."
+
+          # Create PR body using printf to properly handle multi-line formatting
+          pr_body=$(printf "%s\n\n%s\n%s\n%s\n\n%s\n%s\n%s\n%s\n%s" \
+            "This PR syncs the repository with the latest state from [terraform-module-template]({{.TEMPLATE_REPO}})." \
+            "**Template Version:**" \
+            "- **Tag:** [$template_tag]({{.TEMPLATE_REPO}}/releases/tag/$template_tag)" \
+            "- **Commit SHA:** $template_short_sha" \
+            "**Changes include:**" \
+            "- Updated configuration files (.checkov.yaml, .markdownlint.yaml, etc.)" \
+            "- Updated GitHub workflows and templates" \
+            "- Updated linting and formatting configurations" \
+            "- Updated documentation templates")
+
           gh pr create \
-            --title "{{.PR_TITLE}}" \
-            --body "{{.PR_BODY}}" \
+            --title "{{.SYNC_MESSAGE}}" \
+            --body "$pr_body" \
             --base main \
             --head {{.SYNC_BRANCH}} \
-            --repo "masterpointio/$module"
+            --repo "{{.TEMPLATE_OWNER}}/$module"
 
           cd -
         done
 
+  # ============================================================================
+  # Template Management Tasks
+  # ============================================================================
+
   setup-template:
     desc: Set up the template repository in a shared temporary directory
     cmds:
       - task: cleanup-template
-      - git clone --depth 1 https://github.com/masterpointio/terraform-module-template.git {{.SHARED_TMP_DIR}}
+      - git clone --depth 1 {{.TEMPLATE_REPO}} {{.SHARED_TMP_DIR}}
 
   cleanup-template:
     desc: Clean up the shared temporary directory
     cmds:
       - rm -rf {{.SHARED_TMP_DIR}}
 
+  # ============================================================================
+  # Composite Workflow Tasks
+  # ============================================================================
+
   sync-all:
     desc: |
       Pull main branch, create a sync branch, and sync with template for specified Terraform open-source module repos.