masterpointio
diff --git a/‎.coderabbit.yaml
Lines changed: 9 additions & 4 deletions b/‎.coderabbit.yaml
Lines changed: 9 additions & 4 deletions
diff --git a/‎.editorconfig
Lines changed: 0 additions & 11 deletions b/‎.editorconfig
Lines changed: 0 additions & 11 deletions
diff --git a/‎.github/CODEOWNERS
Lines changed: 1 addition & 1 deletion b/‎.github/CODEOWNERS
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md
Lines changed: 9 additions & 7 deletions b/‎.github/PULL_REQUEST_TEMPLATE.md
Lines changed: 9 additions & 7 deletions
diff --git a/‎.github/renovate.json5
Lines changed: 64 additions & 0 deletions b/‎.github/renovate.json5
Lines changed: 64 additions & 0 deletions
diff --git a/‎.github/workflows/lint.yaml
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/lint.yaml
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/release-please.yaml
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/release-please.yaml
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/test.yaml
Lines changed: 28 additions & 0 deletions b/‎.github/workflows/test.yaml
Lines changed: 28 additions & 0 deletions
diff --git a/‎.github/workflows/trunk-upgrade.yaml
Lines changed: 28 additions & 10 deletions b/‎.github/workflows/trunk-upgrade.yaml
Lines changed: 28 additions & 10 deletions
diff --git a/‎.gitignore
Lines changed: 37 additions & 12 deletions b/‎.gitignore
Lines changed: 37 additions & 12 deletions
@@ -7,6 +7,7 @@ language: en
 tone_instructions: |
   Provide feedback in a professional, friendly, constructive, and concise tone.
   Offer clear, specific suggestions and best practices to help enhance the code quality and promote learning.
+  Be concise and only comment on significant issues.
 
 early_access: true
 
@@ -26,21 +27,25 @@ knowledge_base:
 reviews:
   profile: chill
   auto_review:
-    # Ignore reviewing if the title of the pull request contains any of these keywords (case-insensitive)
+    # Disable incremental code review on each push
+    auto_incremental_review: false
+    # The keywords are case-insensitive
     ignore_title_keywords:
       - wip
       - draft
       - test
-  # Set the commit status to 'pending' when the review is in progress and 'success' when it is complete.
   commit_status: false
-  # Post review details on each review. Additionally, post a review status when a review is skipped in certain cases.
-  review_status: false
   path_instructions:
     - path: "**/*.tf"
       instructions: |
         You're a Terraform expert who has thoroughly studied all the documentation from Hashicorp https://developer.hashicorp.com/terraform/docs and OpenTofu https://opentofu.org/docs/.
         You have a strong grasp of Terraform syntax and prioritize providing accurate and insightful code suggestions.
         As a fan of the Cloud Posse / SweetOps ecosystem, you incorporate many of their best practices https://docs.cloudposse.com/best-practices/terraform/ while balancing them with general Terraform guidelines.
+  changed_files_summary: false
+  poem: false
+  # Don't post review details on each review.
+  review_status: false
+  sequence_diagrams: false
   tools:
     # By default, all tools are enabled.
     # Masterpoint uses Trunk (https://trunk.io) so we do not need a lot of this feedback due to overlap.
 
@@ -7,19 +7,8 @@ indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true
 
-[*.{tf,tfvars}]
-indent_size = 2
-indent_style = space
-
 [*.md]
 max_line_length = 0
-trim_trailing_whitespace = false
-
-# Override for Makefile
-[{Makefile, makefile, GNUmakefile, Makefile.*}]
-tab_width = 2
-indent_style = tab
-indent_size = 4
 
 [COMMIT_EDITMSG]
 max_line_length = 0
@@ -4,4 +4,4 @@
 # Order is important: the last matching pattern takes the most precedence
 
 # These owners will be the default owners for everything
-*             @masterpointio/masterpoint-internal
+*             @masterpointio/masterpoint-open-source
@@ -1,13 +1,15 @@
 ## what
-* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
-* Use bullet points to be concise and to the point.
+
+- Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
+- Use bullet points to be concise and to the point.
 
 ## why
-* Provide the justifications for the changes (e.g. business case). 
-* Describe why these changes were made (e.g. why do these commits fix the problem?)
-* Use bullet points to be concise and to the point.
+
+- Provide the justifications for the changes (e.g. business case).
+- Describe why these changes were made (e.g. why do these commits fix the problem?)
+- Use bullet points to be concise and to the point.
 
 ## references
-* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). 
-* Use `closes #123`, if this PR closes a GitHub issue `#123`
 
+- Link to any supporting GitHub issues or helpful documentation to add some context (e.g. Stackoverflow).
+- Use `closes #123`, if this PR closes a GitHub issue `#123`
@@ -0,0 +1,64 @@
+{
+  "extends": [
+    "config:best-practices",
+    "github>aquaproj/aqua-renovate-config#2.7.5"
+  ],
+  "enabledManagers": [
+    "terraform",
+    "github-actions"
+  ],
+  "terraform": {
+    "ignorePaths": [
+      "**/context.tf" // Mixin file https://github.com/cloudposse/terraform-null-label/blob/main/exports/context.tf
+    ],
+    "fileMatch": [
+      "\\.tf$",
+      "\\.tofu$"
+    ]
+  },
+  "schedule": [
+    "after 9am on the first day of the month"
+  ],
+  "assigneesFromCodeOwners": true,
+  "dependencyDashboardAutoclose": true,
+  "addLabels": ["{{manager}}"],
+  "packageRules": [
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "automerge": true,
+      "automergeType": "branch",
+      "groupName": "github-actions-auto-upgrade",
+      "addLabels": ["auto-upgrade"]
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["major"],
+      "groupName": "github-actions-needs-review",
+      "addLabels": ["needs-review"]
+    },
+    {
+      "matchManagers": ["terraform"],
+      "groupName": "tf",
+      "addLabels": ["needs-review"]
+    },
+    {
+      "matchFileNames": ["**/*.tofu", "**/*.tf"],
+      "matchDatasources": ["terraform-provider", "terraform-module"],
+      "registryUrls": ["https://registry.opentofu.org"],
+      "groupName": "tf"
+    },
+    {
+      "matchFileNames": ["**/*.tofu"],
+      "matchDepTypes": ["required_version"],
+      "registryUrls": ["https://registry.opentofu.org"],
+      "groupName": "tf"
+    },
+    {
+      "matchFileNames": ["**/*.tf"],
+      "matchDepTypes": ["required_version"],
+      "registryUrls": ["https://registry.terraform.io"],
+      "groupName": "tf"
+    }
+  ]
+}
@@ -13,17 +13,17 @@ permissions:
   pull-requests: read
 
 jobs:
-  trunk-check:
+  lint:
     runs-on: ubuntu-latest
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Trunk Check
-        uses: trunk-io/trunk-action@86b68ffae610a05105e90b1f52ad8c549ef482c2
+        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
 
   conventional-title:
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -8,11 +8,12 @@ on:
 permissions:
   contents: write
   pull-requests: write
+  issues: write
 
 jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
-      - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f
+      - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f #v4.1.3
         with:
           release-type: terraform-module
@@ -0,0 +1,28 @@
+name: TF Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  actions: read
+  checks: write
+  contents: read
+  id-token: write
+  pull-requests: read
+
+jobs:
+  tf-test:
+    name: 🧪 ${{ matrix.tf }} test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        tf: [tofu, terraform]
+    steps:
+      - uses: masterpointio/github-action-tf-test@c3b619f3bca9e4f482b9e0fb3166ab3f02d9d54c # v1.0.0
+        with:
+          tf_type: ${{ matrix.tf }}
+          aws_role_arn: ${{ vars.TF_TEST_AWS_ROLE_ARN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -1,25 +1,43 @@
-name: Monthly Trunk Upgrade
+name: Trunk Upgrade
+
 on:
   schedule:
     # On the first day of every month @ 8am
     - cron: 0 8 1 * *
-    # Allows us to manually run the workflow from Actions UI
   workflow_dispatch: {}
+
 permissions: read-all
+
 jobs:
-  trunk_upgrade:
-    name: Upgrade Trunk
+  trunk-upgrade:
     runs-on: ubuntu-latest
     permissions:
-      contents: write # For trunk to create PRs
-      pull-requests: write # For trunk to create PRs
+      # For trunk to create PRs
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Trunk Upgrade
-        uses: trunk-io/trunk-action/upgrade@2eaee169140ec559bd556208f9f99cdfdf468da8 # v1.1.18
+      - name: Create Token for MasterpointBot App
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
+        id: generate-token
         with:
-          base: main
+          app_id: ${{ secrets.MP_BOT_APP_ID }}
+          private_key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
+
+      - name: Upgrade
+        id: trunk-upgrade
+        uses: trunk-io/trunk-action/upgrade@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
           reviewers: "@masterpointio/masterpoint-internal"
           prefix: "chore: "
+
+      - name: Merge PR automatically
+        if: steps.trunk-upgrade.outputs.pull-request-number != ''
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+          PR_NUMBER: ${{ steps.trunk-upgrade.outputs.pull-request-number }}
+        run: |
+          gh pr merge "$PR_NUMBER" --squash --auto --delete-branch
@@ -1,21 +1,46 @@
-#  Local .terraform directories
-**/.terraform/*
+# Ignore override files as they are usually used to override resources locally
+*override.tf
+*override.tf.json
 
 # .tfstate files
 *.tfstate
 *.tfstate.*
-.terraform
-.terraform.tfstate.lock.info
 
-# Cloud Posse Build Harness https://github.com/cloudposse/build-harness
-**/.build-harness
-**/build-harness
+# Local .terraform directories
+**/.terraform/*
 
-# Crash log files
-crash.log
-test.log
+# Ignore the root .terraform.lock.hcl file (Child modules don't want this)
+.terraform.lock.hcl
+!examples/**/.terraform.lock.hcl
 
-# Random
+# IDE/Editor settings
 **/.idea
 **/*.iml
-.DS_Store
+.vscode/
+*.orig
+*.draft
+*~
+
+# Build Harness https://github.com/cloudposse/build-harness
+**/.build-harness
+**/build-harness
+
+# Log files
+*.log
+
+# Output from other tools that might be used alongside Terraform/OpenTofu
+*.tfvars.json
+backend.tf.json
+
+# Taskit files
+.taskit/
+.task/
+.env.taskit-secrets
+
+# Other
+**/*.backup
+***/*.tmp
+**/*.temp
+**/*.bak
+**/*.*swp
+**/.DS_Store