Skip to content

chore: sync with template #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
May 13, 2025
Merged

chore: sync with template #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
765b2a8
chore: sync with template
gberenice Apr 30, 2025
cf631c5
chore: update with the latest template state
gberenice Apr 30, 2025
d31bc98
chore: test
gberenice May 6, 2025
519c33c
chore: test
gberenice May 6, 2025
30acfa0
chore: update with the latest template state
gberenice May 13, 2025
a227db0
Merge branch 'main' into chore/sync-with-templat
gberenice May 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 31 additions & 23 deletions .github/renovate.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,9 @@
"config:best-practices",
"github>aquaproj/aqua-renovate-config#2.7.5"
],
"schedule": [
"after 9am on the first day of the month"
],
"assigneesFromCodeOwners": true,
"dependencyDashboardAutoclose": true,
"addLabels": [
"auto-upgrade"
],
"enabledManagers": [
"terraform"
"terraform",
"github-actions"
],
"terraform": {
"ignorePaths": [
Expand All @@ -23,34 +16,49 @@
"\\.tofu$"
]
},
"schedule": [
"after 9am on the first day of the month"
],
"assigneesFromCodeOwners": true,
"dependencyDashboardAutoclose": true,
"addLabels": ["{{manager}}"],
"packageRules": [
{
"matchDepTypes": [
"optionalDependencies"
],
// Allow auto merge if it's not a major version update
"matchUpdateTypes": [
"minor",
"patch",
"pin",
"digest"
],
"automerge": true
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"automerge": true,
"automergeType": "branch",
"groupName": "github-actions-auto-upgrade",
"addLabels": ["auto-upgrade"]
},
{
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["major"],
"groupName": "github-actions-needs-review",
"addLabels": ["needs-review"]
},
{
"matchManagers": ["terraform"],
"groupName": "tf",
"addLabels": ["needs-review"]
},
{
"matchFileNames": ["**/*.tofu", "**/*.tf"],
"matchDatasources": ["terraform-provider", "terraform-module"],
"registryUrls": ["https://registry.opentofu.org"]
"registryUrls": ["https://registry.opentofu.org"],
"groupName": "tf"
},
{
"matchFileNames": ["**/*.tofu"],
"matchDepTypes": ["required_version"],
"registryUrls": ["https://registry.opentofu.org"]
"registryUrls": ["https://registry.opentofu.org"],
"groupName": "tf"
},
{
"matchFileNames": ["**/*.tf"],
"matchDepTypes": ["required_version"],
"registryUrls": ["https://registry.terraform.io"]
"registryUrls": ["https://registry.terraform.io"],
"groupName": "tf"
}
]
}
15 changes: 13 additions & 2 deletions .github/workflows/lint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: Lint

concurrency:
group: lint-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

on: pull_request

permissions:
Expand All @@ -13,6 +17,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out Git repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Trunk Check
uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 #v1.1.19
uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19

conventional-title:
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
49 changes: 4 additions & 45 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,6 @@ permissions:
id-token: write
pull-requests: read

env:
AWS_REGION: us-east-1

jobs:
tf-test:
name: 🧪 ${{ matrix.tf }} test
Expand All @@ -24,46 +21,8 @@ jobs:
matrix:
tf: [tofu, terraform]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Aqua Cache
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
if: ${{ !github.event.act }} # Don't enable the cache step if we're using act for testing
- uses: masterpointio/github-action-tf-test@c3b619f3bca9e4f482b9e0fb3166ab3f02d9d54c # v1.0.0
with:
path: ~/.local/share/aquaproj-aqua
key: v1-aqua-installer-${{runner.os}}-${{runner.arch}}-${{hashFiles('aqua.yaml')}}
restore-keys: |
v1-aqua-installer-${{runner.os}}-${{runner.arch}}-

- name: Install Aqua
uses: aquaproj/aqua-installer@5e54e5cee8a95ee2ce7c04cb993da6dfad13e59c # v3.2.1
with:
aqua_version: v2.48.1

- name: Aqua Install
shell: bash
run: aqua install --tags ${{ matrix.tf }}

- name: Check if TF AWS provider is used
id: check_aws_provider
run: |
if grep -q "aws" $(find . -name "versions.tf" -o -name "versions.tofu" -type f); then
echo "Found aws in versions.tf or versions.tofu files"
echo "contains_hashicorp=true" >> $GITHUB_OUTPUT
else
echo "No versions.tf or versions.tofu files contain aws"
echo "contains_hashicorp=false" >> $GITHUB_OUTPUT
fi

# Assume into the `masterpoint-testing` AWS account with OIDC for testing ONLY if the AWS provider is used
# Not needed for modules that don't use the AWS provider, for example, exclusive Spacelift modules
- name: Configure AWS Credentials on `masterpoint-testing` AWS Account
if: steps.check_aws_provider.outputs.contains_hashicorp == 'true'
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
role-to-assume: arn:aws:iam::115843287071:role/mp-ue1-testing-oidc-github
role-session-name: GitHubActionsOIDC-MP-Infra-Repo
aws-region: ${{ env.AWS_REGION }}

- run: ${{ matrix.tf }} init
- run: ${{ matrix.tf }} test
tf_type: ${{ matrix.tf }}
aws_role_arn: ${{ vars.TF_TEST_AWS_ROLE_ARN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
9 changes: 9 additions & 0 deletions .github/workflows/trunk-upgrade.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,17 @@ jobs:
private_key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}

- name: Upgrade
id: trunk-upgrade
uses: trunk-io/trunk-action/upgrade@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
with:
github-token: ${{ steps.generate-token.outputs.token }}
reviewers: "@masterpointio/masterpoint-internal"
prefix: "chore: "

- name: Merge PR automatically
if: steps.trunk-upgrade.outputs.pull-request-number != ''
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
PR_NUMBER: ${{ steps.trunk-upgrade.outputs.pull-request-number }}
run: |
gh pr merge "$PR_NUMBER" --squash --auto --delete-branch
Comment on lines +37 to +43
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix the if conditional syntax to guard the merge step
The if line is missing the ${{ }} expression wrapper, so it will always evaluate as a non-empty string and run the merge step even when no PR exists. Update it to:

if: ${{ steps.trunk-upgrade.outputs.pull-request-number != '' }}

This ensures the merge runs only when the upgrade action actually opened a PR.

🤖 Prompt for AI Agents (early access) 
In .github/workflows/trunk-upgrade.yaml around lines 37 to 43, the if
conditional for the merge step is missing the ${{ }} expression wrapper, causing
it to always evaluate as true and run the merge even when no PR exists. Fix this
by wrapping the condition in ${{ }}, changing the line to if: ${{
steps.trunk-upgrade.outputs.pull-request-number != '' }} so the merge step only
runs when a PR number is present.

14 changes: 7 additions & 7 deletions .trunk/trunk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
version: 0.1
cli:
version: 1.22.12
version: 1.22.15
# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
plugins:
sources:
Expand All @@ -20,17 +20,17 @@ lint:
# Incompatible with some Terraform features: https://github.com/tenable/terrascan/issues/1331
- terrascan
enabled:
- renovate@39.263.0
- renovate@40.0.6
- tofu@1.9.1
- actionlint@1.7.7
- checkov@3.2.412
- checkov@3.2.420
- git-diff-check
- markdownlint@0.44.0
- prettier@3.5.3
- tflint@0.56.0
- trivy@0.61.1
- trufflehog@3.88.25
- yamllint@1.37.0
- tflint@0.57.0
- trivy@0.62.1
- trufflehog@3.88.29
- yamllint@1.37.1
ignore:
- linters: [tofu]
paths:
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2024 Masterpoint
Copyright 2025 Masterpoint

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
1 change: 0 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ Big shout out to the following projects which this project uses/depends on/menti
1. [cloudposse/terraform-aws-dynamic-subnets](https://github.com/cloudposse/terraform-aws-dynamic-subnets)
1. [cloudposse/terraform-aws-kms-key](https://github.com/cloudposse/terraform-aws-kms-key)
1. [cloudposse/terraform-aws-s3-bucket](https://github.com/cloudposse/terraform-aws-s3-bucket)
1. Cloud Posse's Terratest Setup.

![SSM Agent Session Manager Example](https://i.imgur.com/lWcRiQf.png)

Expand Down