Skip to content

Commit

Permalink
fix: Update CI workflow versions to remove deprecated runtime warnings (
Browse files Browse the repository at this point in the history
  • Loading branch information
bryantbiggs authored Mar 7, 2024
1 parent 68ec75c commit 6cacac5
Show file tree
Hide file tree
Showing 9 changed files with 82 additions and 69 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/lock.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
lock:
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@v4
- uses: dessant/lock-threads@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
issue-comment: >
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-title.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- uses: amannn/action-semantic-pull-request@v5.0.2
- uses: amannn/action-semantic-pull-request@v5.4.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
36 changes: 26 additions & 10 deletions .github/workflows/pre-commit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:

env:
TERRAFORM_DOCS_VERSION: v0.16.0
TFLINT_VERSION: v0.44.1
TFLINT_VERSION: v0.50.3

jobs:
collectInputs:
Expand All @@ -18,11 +18,11 @@ jobs:
directories: ${{ steps.dirs.outputs.directories }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Get root directories
id: dirs
uses: clowdhaus/terraform-composite-actions/directories@v1.8.3
uses: clowdhaus/terraform-composite-actions/directories@v1.9.0

preCommitMinVersions:
name: Min TF pre-commit
Expand All @@ -32,19 +32,27 @@ jobs:
matrix:
directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
steps:
# https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- name: Delete huge unnecessary tools folder
run: |
rm -rf /opt/hostedtoolcache/CodeQL
rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
rm -rf /opt/hostedtoolcache/Ruby
rm -rf /opt/hostedtoolcache/go
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.2.4
uses: clowdhaus/terraform-min-max@v1.3.0
with:
directory: ${{ matrix.directory }}

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
Expand All @@ -53,7 +61,7 @@ jobs:
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
Expand All @@ -64,18 +72,26 @@ jobs:
runs-on: ubuntu-latest
needs: collectInputs
steps:
# https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- name: Delete huge unnecessary tools folder
run: |
rm -rf /opt/hostedtoolcache/CodeQL
rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
rm -rf /opt/hostedtoolcache/Ruby
rm -rf /opt/hostedtoolcache/go
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{github.event.pull_request.head.repo.full_name}}

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.2.4
uses: clowdhaus/terraform-min-max@v1.3.0

- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,18 @@ jobs:
if: github.repository_owner == 'terraform-aws-modules'
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
persist-credentials: false
fetch-depth: 0

- name: Release
uses: cycjimmy/semantic-release-action@v3
uses: cycjimmy/semantic-release-action@v4
with:
semantic_version: 18.0.0
semantic_version: 23.0.2
extra_plugins: |
@semantic-release/[email protected].0
@semantic-release/[email protected].0
conventional-changelog-conventionalcommits@4.6.3
@semantic-release/[email protected].3
@semantic-release/[email protected].1
conventional-changelog-conventionalcommits@7.0.2
env:
GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/stale-actions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v6
- uses: actions/stale@v9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Staling issues and PR's
Expand Down
8 changes: 5 additions & 3 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.81.2
rev: v1.88.0
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each
- id: terraform_validate
- id: terraform_docs
args:
- '--args=--lockfile=false'
Expand All @@ -23,8 +22,11 @@ repos:
- '--args=--only=terraform_required_providers'
- '--args=--only=terraform_standard_module_structure'
- '--args=--only=terraform_workspace_remote'
- '--args=--only=terraform_unused_required_providers'
- id: terraform_validate
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
rev: v4.5.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
- id: trailing-whitespace
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,6 @@ $ terraform apply
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.1 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |

## Providers

Expand Down
4 changes: 0 additions & 4 deletions versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,5 @@ terraform {
source = "hashicorp/aws"
version = ">= 5.1"
}
random = {
source = "hashicorp/random"
version = ">= 2.0"
}
}
}
84 changes: 42 additions & 42 deletions wrappers/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,44 +3,19 @@ module "wrapper" {

for_each = var.items

create_graphql_api = try(each.value.create_graphql_api, var.defaults.create_graphql_api, true)
logging_enabled = try(each.value.logging_enabled, var.defaults.logging_enabled, false)
domain_name_association_enabled = try(each.value.domain_name_association_enabled, var.defaults.domain_name_association_enabled, false)
caching_enabled = try(each.value.caching_enabled, var.defaults.caching_enabled, false)
xray_enabled = try(each.value.xray_enabled, var.defaults.xray_enabled, false)
name = try(each.value.name, var.defaults.name, "")
schema = try(each.value.schema, var.defaults.schema, "")
visibility = try(each.value.visibility, var.defaults.visibility, null)
authentication_type = try(each.value.authentication_type, var.defaults.authentication_type, "API_KEY")
create_logs_role = try(each.value.create_logs_role, var.defaults.create_logs_role, true)
logs_role_name = try(each.value.logs_role_name, var.defaults.logs_role_name, null)
log_cloudwatch_logs_role_arn = try(each.value.log_cloudwatch_logs_role_arn, var.defaults.log_cloudwatch_logs_role_arn, null)
log_field_log_level = try(each.value.log_field_log_level, var.defaults.log_field_log_level, null)
log_exclude_verbose_content = try(each.value.log_exclude_verbose_content, var.defaults.log_exclude_verbose_content, false)
lambda_authorizer_config = try(each.value.lambda_authorizer_config, var.defaults.lambda_authorizer_config, {})
openid_connect_config = try(each.value.openid_connect_config, var.defaults.openid_connect_config, {})
user_pool_config = try(each.value.user_pool_config, var.defaults.user_pool_config, {})
additional_authentication_provider = try(each.value.additional_authentication_provider, var.defaults.additional_authentication_provider, {})
graphql_api_tags = try(each.value.graphql_api_tags, var.defaults.graphql_api_tags, {})
logs_role_tags = try(each.value.logs_role_tags, var.defaults.logs_role_tags, {})
tags = try(each.value.tags, var.defaults.tags, {})
domain_name = try(each.value.domain_name, var.defaults.domain_name, "")
domain_name_description = try(each.value.domain_name_description, var.defaults.domain_name_description, null)
certificate_arn = try(each.value.certificate_arn, var.defaults.certificate_arn, "")
caching_behavior = try(each.value.caching_behavior, var.defaults.caching_behavior, "FULL_REQUEST_CACHING")
cache_type = try(each.value.cache_type, var.defaults.cache_type, "SMALL")
cache_ttl = try(each.value.cache_ttl, var.defaults.cache_ttl, 1)
cache_at_rest_encryption_enabled = try(each.value.cache_at_rest_encryption_enabled, var.defaults.cache_at_rest_encryption_enabled, false)
cache_transit_encryption_enabled = try(each.value.cache_transit_encryption_enabled, var.defaults.cache_transit_encryption_enabled, false)
api_keys = try(each.value.api_keys, var.defaults.api_keys, {})
lambda_allowed_actions = try(each.value.lambda_allowed_actions, var.defaults.lambda_allowed_actions, ["lambda:invokeFunction"])
dynamodb_allowed_actions = try(each.value.dynamodb_allowed_actions, var.defaults.dynamodb_allowed_actions, ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:UpdateItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem"])
elasticsearch_allowed_actions = try(each.value.elasticsearch_allowed_actions, var.defaults.elasticsearch_allowed_actions, ["es:ESHttpDelete", "es:ESHttpHead", "es:ESHttpGet", "es:ESHttpPost", "es:ESHttpPut"])
opensearchservice_allowed_actions = try(each.value.opensearchservice_allowed_actions, var.defaults.opensearchservice_allowed_actions, ["es:ESHttpDelete", "es:ESHttpHead", "es:ESHttpGet", "es:ESHttpPost", "es:ESHttpPut"])
eventbridge_allowed_actions = try(each.value.eventbridge_allowed_actions, var.defaults.eventbridge_allowed_actions, ["events:PutEvents"])
relational_database_allowed_actions = try(each.value.relational_database_allowed_actions, var.defaults.relational_database_allowed_actions, ["rds-data:BatchExecuteStatement", "rds-data:BeginTransaction", "rds-data:CommitTransaction", "rds-data:ExecuteStatement", "rds-data:RollbackTransaction"])
secrets_manager_allowed_actions = try(each.value.secrets_manager_allowed_actions, var.defaults.secrets_manager_allowed_actions, ["secretsmanager:GetSecretValue"])
iam_permissions_boundary = try(each.value.iam_permissions_boundary, var.defaults.iam_permissions_boundary, null)
additional_authentication_provider = try(each.value.additional_authentication_provider, var.defaults.additional_authentication_provider, {})
api_keys = try(each.value.api_keys, var.defaults.api_keys, {})
authentication_type = try(each.value.authentication_type, var.defaults.authentication_type, "API_KEY")
cache_at_rest_encryption_enabled = try(each.value.cache_at_rest_encryption_enabled, var.defaults.cache_at_rest_encryption_enabled, false)
cache_transit_encryption_enabled = try(each.value.cache_transit_encryption_enabled, var.defaults.cache_transit_encryption_enabled, false)
cache_ttl = try(each.value.cache_ttl, var.defaults.cache_ttl, 1)
cache_type = try(each.value.cache_type, var.defaults.cache_type, "SMALL")
caching_behavior = try(each.value.caching_behavior, var.defaults.caching_behavior, "FULL_REQUEST_CACHING")
caching_enabled = try(each.value.caching_enabled, var.defaults.caching_enabled, false)
certificate_arn = try(each.value.certificate_arn, var.defaults.certificate_arn, "")
create_graphql_api = try(each.value.create_graphql_api, var.defaults.create_graphql_api, true)
create_logs_role = try(each.value.create_logs_role, var.defaults.create_logs_role, true)
datasources = try(each.value.datasources, var.defaults.datasources, {})
direct_lambda_request_template = try(each.value.direct_lambda_request_template, var.defaults.direct_lambda_request_template, <<-EOF
{
"version" : "2017-02-28",
Expand All @@ -67,8 +42,33 @@ module "wrapper" {
$util.toJson($ctx.result)
EOF
)
resolver_caching_ttl = try(each.value.resolver_caching_ttl, var.defaults.resolver_caching_ttl, 60)
datasources = try(each.value.datasources, var.defaults.datasources, {})
resolvers = try(each.value.resolvers, var.defaults.resolvers, {})
functions = try(each.value.functions, var.defaults.functions, {})
domain_name = try(each.value.domain_name, var.defaults.domain_name, "")
domain_name_association_enabled = try(each.value.domain_name_association_enabled, var.defaults.domain_name_association_enabled, false)
domain_name_description = try(each.value.domain_name_description, var.defaults.domain_name_description, null)
dynamodb_allowed_actions = try(each.value.dynamodb_allowed_actions, var.defaults.dynamodb_allowed_actions, ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:UpdateItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem"])
elasticsearch_allowed_actions = try(each.value.elasticsearch_allowed_actions, var.defaults.elasticsearch_allowed_actions, ["es:ESHttpDelete", "es:ESHttpHead", "es:ESHttpGet", "es:ESHttpPost", "es:ESHttpPut"])
eventbridge_allowed_actions = try(each.value.eventbridge_allowed_actions, var.defaults.eventbridge_allowed_actions, ["events:PutEvents"])
functions = try(each.value.functions, var.defaults.functions, {})
graphql_api_tags = try(each.value.graphql_api_tags, var.defaults.graphql_api_tags, {})
iam_permissions_boundary = try(each.value.iam_permissions_boundary, var.defaults.iam_permissions_boundary, null)
lambda_allowed_actions = try(each.value.lambda_allowed_actions, var.defaults.lambda_allowed_actions, ["lambda:invokeFunction"])
lambda_authorizer_config = try(each.value.lambda_authorizer_config, var.defaults.lambda_authorizer_config, {})
log_cloudwatch_logs_role_arn = try(each.value.log_cloudwatch_logs_role_arn, var.defaults.log_cloudwatch_logs_role_arn, null)
log_exclude_verbose_content = try(each.value.log_exclude_verbose_content, var.defaults.log_exclude_verbose_content, false)
log_field_log_level = try(each.value.log_field_log_level, var.defaults.log_field_log_level, null)
logging_enabled = try(each.value.logging_enabled, var.defaults.logging_enabled, false)
logs_role_name = try(each.value.logs_role_name, var.defaults.logs_role_name, null)
logs_role_tags = try(each.value.logs_role_tags, var.defaults.logs_role_tags, {})
name = try(each.value.name, var.defaults.name, "")
openid_connect_config = try(each.value.openid_connect_config, var.defaults.openid_connect_config, {})
opensearchservice_allowed_actions = try(each.value.opensearchservice_allowed_actions, var.defaults.opensearchservice_allowed_actions, ["es:ESHttpDelete", "es:ESHttpHead", "es:ESHttpGet", "es:ESHttpPost", "es:ESHttpPut"])
relational_database_allowed_actions = try(each.value.relational_database_allowed_actions, var.defaults.relational_database_allowed_actions, ["rds-data:BatchExecuteStatement", "rds-data:BeginTransaction", "rds-data:CommitTransaction", "rds-data:ExecuteStatement", "rds-data:RollbackTransaction"])
resolver_caching_ttl = try(each.value.resolver_caching_ttl, var.defaults.resolver_caching_ttl, 60)
resolvers = try(each.value.resolvers, var.defaults.resolvers, {})
schema = try(each.value.schema, var.defaults.schema, "")
secrets_manager_allowed_actions = try(each.value.secrets_manager_allowed_actions, var.defaults.secrets_manager_allowed_actions, ["secretsmanager:GetSecretValue"])
tags = try(each.value.tags, var.defaults.tags, {})
user_pool_config = try(each.value.user_pool_config, var.defaults.user_pool_config, {})
visibility = try(each.value.visibility, var.defaults.visibility, null)
xray_enabled = try(each.value.xray_enabled, var.defaults.xray_enabled, false)
}

0 comments on commit 6cacac5

Please sign in to comment.