chore: sync with template (#37)

gberenice · web-flow · commit 2a72ece2fac3 · 2025-05-13T18:46:49.000+03:00
## what - Updates the module with the recent config changes in [terraform-module-template](https://github.com/masterpointio/terraform-module-template) ## why - Housekeeping. ## references - [INT-66](https://www.notion.so/masterpoint/Keep-terraform-template-module-up-to-latest-good-practices-1dd859758a568002b398c2a0fc2cb67d?pvs=4)  ## Summary by CodeRabbit - **Chores** - Updated dependency and workflow management configurations for improved grouping, labeling, and automation of updates. - Upgraded versions for Trunk CLI and several linter plugins. - **Style** - Standardized comment formatting in workflow files. - **Documentation** - Updated the README by removing a reference in the acknowledgments section. - **Refactor** - Simplified the test workflow by consolidating multiple steps into a single composite action. - Enhanced the trunk upgrade workflow to support automatic merging of upgrade pull requests.
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -3,16 +3,9 @@
     "config:best-practices",
     "github>aquaproj/aqua-renovate-config#2.7.5"
   ],
-  "schedule": [
-    "after 9am on the first day of the month"
-  ],
-  "assigneesFromCodeOwners": true,
-  "dependencyDashboardAutoclose": true,
-  "addLabels": [
-    "auto-upgrade"
-  ],
   "enabledManagers": [
-    "terraform"
+    "terraform",
+    "github-actions"
   ],
   "terraform": {
     "ignorePaths": [
@@ -23,34 +16,49 @@
       "\\.tofu$"
     ]
   },
+  "schedule": [
+    "after 9am on the first day of the month"
+  ],
+  "assigneesFromCodeOwners": true,
+  "dependencyDashboardAutoclose": true,
+  "addLabels": ["{{manager}}"],
   "packageRules": [
     {
-      "matchDepTypes": [
-        "optionalDependencies"
-      ],
-      // Allow auto merge if it's not a major version update
-      "matchUpdateTypes": [
-        "minor",
-        "patch",
-        "pin",
-        "digest"
-      ],
-      "automerge": true
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "automerge": true,
+      "automergeType": "branch",
+      "groupName": "github-actions-auto-upgrade",
+      "addLabels": ["auto-upgrade"]
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["major"],
+      "groupName": "github-actions-needs-review",
+      "addLabels": ["needs-review"]
+    },
+    {
+      "matchManagers": ["terraform"],
+      "groupName": "tf",
+      "addLabels": ["needs-review"]
     },
     {
       "matchFileNames": ["**/*.tofu", "**/*.tf"],
       "matchDatasources": ["terraform-provider", "terraform-module"],
-      "registryUrls": ["https://registry.opentofu.org"]
+      "registryUrls": ["https://registry.opentofu.org"],
+      "groupName": "tf"
     },
     {
       "matchFileNames": ["**/*.tofu"],
       "matchDepTypes": ["required_version"],
-      "registryUrls": ["https://registry.opentofu.org"]
+      "registryUrls": ["https://registry.opentofu.org"],
+      "groupName": "tf"
     },
     {
       "matchFileNames": ["**/*.tf"],
       "matchDepTypes": ["required_version"],
-      "registryUrls": ["https://registry.terraform.io"]
+      "registryUrls": ["https://registry.terraform.io"],
+      "groupName": "tf"
     }
   ]
 }
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -1,5 +1,9 @@
 name: Lint
 
+concurrency:
+  group: lint-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 on: pull_request
 
 permissions:
@@ -13,6 +17,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Trunk Check
-        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 #v1.1.19
+        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
+
+  conventional-title:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -13,9 +13,6 @@ permissions:
   id-token: write
   pull-requests: read
 
-env:
-  AWS_REGION: us-east-1
-
 jobs:
   tf-test:
     name: 🧪 ${{ matrix.tf }} test
@@ -24,46 +21,8 @@ jobs:
       matrix:
         tf: [tofu, terraform]
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Aqua Cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
-        if: ${{ !github.event.act }} # Don't enable the cache step if we're using act for testing
+      - uses: masterpointio/github-action-tf-test@c3b619f3bca9e4f482b9e0fb3166ab3f02d9d54c # v1.0.0
         with:
-          path: ~/.local/share/aquaproj-aqua
-          key: v1-aqua-installer-${{runner.os}}-${{runner.arch}}-${{hashFiles('aqua.yaml')}}
-          restore-keys: |
-            v1-aqua-installer-${{runner.os}}-${{runner.arch}}-
-
-      - name: Install Aqua
-        uses: aquaproj/aqua-installer@5e54e5cee8a95ee2ce7c04cb993da6dfad13e59c # v3.2.1
-        with:
-          aqua_version: v2.48.1
-
-      - name: Aqua Install
-        shell: bash
-        run: aqua install --tags ${{ matrix.tf }}
-
-      - name: Check if TF AWS provider is used
-        id: check_aws_provider
-        run: |
-          if grep -q "aws" $(find . -name "versions.tf" -o -name "versions.tofu" -type f); then
-            echo "Found aws in versions.tf or versions.tofu files"
-            echo "contains_hashicorp=true" >> $GITHUB_OUTPUT
-          else
-            echo "No versions.tf or versions.tofu files contain aws"
-            echo "contains_hashicorp=false" >> $GITHUB_OUTPUT
-          fi
-
-      # Assume into the `masterpoint-testing` AWS account with OIDC for testing ONLY if the AWS provider is used
-      # Not needed for modules that don't use the AWS provider, for example, exclusive Spacelift modules
-      - name: Configure AWS Credentials on `masterpoint-testing` AWS Account
-        if: steps.check_aws_provider.outputs.contains_hashicorp == 'true'
-        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
-        with:
-          role-to-assume: arn:aws:iam::115843287071:role/mp-ue1-testing-oidc-github
-          role-session-name: GitHubActionsOIDC-MP-Infra-Repo
-          aws-region: ${{ env.AWS_REGION }}
-
-      - run: ${{ matrix.tf }} init
-      - run: ${{ matrix.tf }} test
+          tf_type: ${{ matrix.tf }}
+          aws_role_arn: ${{ vars.TF_TEST_AWS_ROLE_ARN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/trunk-upgrade.yaml b/.github/workflows/trunk-upgrade.yaml
@@ -27,8 +27,17 @@ jobs:
           private_key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
 
       - name: Upgrade
+        id: trunk-upgrade
         uses: trunk-io/trunk-action/upgrade@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           reviewers: "@masterpointio/masterpoint-internal"
           prefix: "chore: "
+
+      - name: Merge PR automatically
+        if: steps.trunk-upgrade.outputs.pull-request-number != ''
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+          PR_NUMBER: ${{ steps.trunk-upgrade.outputs.pull-request-number }}
+        run: |
+          gh pr merge "$PR_NUMBER" --squash --auto --delete-branch
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -2,7 +2,7 @@
 # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
 version: 0.1
 cli:
-  version: 1.22.12
+  version: 1.22.15
 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
 plugins:
   sources:
@@ -20,17 +20,17 @@ lint:
     # Incompatible with some Terraform features: https://github.com/tenable/terrascan/issues/1331
     - terrascan
   enabled:
-    - renovate@39.263.0
+    - renovate@40.0.6
     - tofu@1.9.1
     - actionlint@1.7.7
-    - checkov@3.2.412
+    - checkov@3.2.420
     - git-diff-check
     - markdownlint@0.44.0
     - prettier@3.5.3
-    - tflint@0.56.0
-    - trivy@0.61.1
-    - trufflehog@3.88.25
-    - yamllint@1.37.0
+    - tflint@0.57.0
+    - trivy@0.62.1
+    - trufflehog@3.88.29
+    - yamllint@1.37.1
   ignore:
     - linters: [tofu]
       paths:
diff --git a/LICENSE b/LICENSE
@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2024 Masterpoint
+   Copyright 2025 Masterpoint
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/README.md b/README.md
@@ -20,7 +20,6 @@ Big shout out to the following projects which this project uses/depends on/menti
 1. [cloudposse/terraform-aws-dynamic-subnets](https://github.com/cloudposse/terraform-aws-dynamic-subnets)
 1. [cloudposse/terraform-aws-kms-key](https://github.com/cloudposse/terraform-aws-kms-key)
 1. [cloudposse/terraform-aws-s3-bucket](https://github.com/cloudposse/terraform-aws-s3-bucket)
-1. Cloud Posse's Terratest Setup.
 
 ![SSM Agent Session Manager Example](https://i.imgur.com/lWcRiQf.png)
 
