Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch s3 bucket to module #91

Closed
wants to merge 6 commits into from
Closed
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@

# Cloud Posse must review any changes to standard context definition,
# but some changes can be rubber-stamped.
**/*.tf @cloudposse/engineering @cloudposse/approvers
README.yaml @cloudposse/engineering @cloudposse/approvers
**/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers

Expand Down
3 changes: 2 additions & 1 deletion .github/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ version-resolver:
- 'bugfix'
- 'bug'
- 'hotfix'
- 'no-release'
default: 'minor'

categories:
Expand Down Expand Up @@ -46,7 +47,7 @@ template: |

replacers:
# Remove irrelevant information from Renovate bot
- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
replace: ''
# Remove Renovate bot banner image
- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
Expand Down
7 changes: 7 additions & 0 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,10 @@ pull_request_rules:
changes_requested: true
approved: true
message: "This Pull Request has been updated, so we're dismissing all reviews."

- name: "close Pull Requests without files changed"
conditions:
- "#files=0"
actions:
close:
message: "This pull request has been automatically closed by Mergify because there are no longer any changes."
2 changes: 1 addition & 1 deletion .github/workflows/auto-context.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:

- name: Create Pull Request
if: steps.update.outputs.create_pull_request == 'true'
uses: cloudposse/actions/github/create-pull-request@0.22.0
uses: cloudposse/actions/github/create-pull-request@0.30.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/auto-format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:
jobs:
auto-format:
runs-on: ubuntu-latest
container: cloudposse/build-harness:slim-latest
container: cloudposse/build-harness:latest
steps:
# Checkout the pull request branch
# "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
Expand All @@ -29,6 +29,8 @@ jobs:
- name: Auto Format
if: github.event.pull_request.state == 'open'
shell: bash
env:
GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host

# Commit changes (if any) to the PR branch
Expand Down Expand Up @@ -60,7 +62,7 @@ jobs:
fi

- name: Auto Test
uses: cloudposse/actions/github/repository-dispatch@0.22.0
uses: cloudposse/actions/github/repository-dispatch@0.30.0
# match users by ID because logins (user names) are inconsistent,
# for example in the REST API Renovate Bot is `renovate[bot]` but
# in GraphQL it is just `renovate`, plus there is a non-bot
Expand Down
55 changes: 55 additions & 0 deletions .github/workflows/auto-readme.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: "auto-readme"
on:
schedule:
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed

# Update README.md nightly at 4am UTC
- cron: '0 4 * * *'

jobs:
update:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

- name: Update readme
shell: bash
id: update
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
make init
make readme/build
# Ignore changes if they are only whitespace
git diff --ignore-all-space --ignore-blank-lines --quiet README.md && { git restore README.md; echo Ignoring whitespace-only changes in README; }

- name: Create Pull Request
# This action will not create or change a pull request if there are no changes to make.
# If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR.
uses: cloudposse/actions/github/create-pull-request@0.30.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
commit-message: Update README.md and docs
title: Update README.md and docs
body: |-
## what
This is an auto-generated PR that updates the README.md and docs

## why
To have most recent changes of README.md and doc from origin templates

branch: auto-update/readme
base: main
delete-branch: true
labels: |
auto-update
no-release
readme
25 changes: 16 additions & 9 deletions .github/workflows/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,24 @@ name: auto-release
on:
push:
branches:
- master
- main
- master
- production

jobs:
publish:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@v5
with:
publish: true
prerelease: false
config-name: auto-release.yml
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
# Get PR from merged commit to master
- uses: actions-ecosystem/action-get-merged-pull-request@v1
id: get-merged-pull-request
with:
github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
# Drafts your next Release notes as Pull Requests are merged into "main"
- uses: release-drafter/release-drafter@v5
with:
publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }}
prerelease: false
config-name: auto-release.yml
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
4 changes: 2 additions & 2 deletions .github/workflows/chatops.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: "Handle common commands"
uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -24,7 +24,7 @@ jobs:
- name: "Checkout commit"
uses: actions/checkout@v2
- name: "Run tests"
uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
8 changes: 6 additions & 2 deletions .github/workflows/validate-codeowners.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: Validate Codeowners
on:
workflow_dispatch:

pull_request:

jobs:
Expand All @@ -8,18 +10,20 @@ jobs:
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v2
- uses: mszostok/codeowners-validator@v0.5.0
- uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name == github.repository
name: "Full check of CODEOWNERS"
with:
# For now, remove "files" check to allow CODEOWNERS to specify non-existent
# files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos
# checks: "files,syntax,owners,duppatterns"
checks: "syntax,owners,duppatterns"
owner_checker_allow_unowned_patterns: "false"
# GitHub access token is required only if the `owners` check is enabled
github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
- uses: mszostok/codeowners-validator@v0.5.0
- uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name != github.repository
name: "Syntax check of CODEOWNERS"
with:
checks: "syntax,duppatterns"
owner_checker_allow_unowned_patterns: "false"
5 changes: 2 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,6 @@ Available targets:
| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.2 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |

## Providers

Expand All @@ -225,6 +224,7 @@ Available targets:

| Name | Source | Version |
|------|--------|---------|
| <a name="module_artifact_store_bucket"></a> [artifact\_store\_bucket](#module\_artifact\_store\_bucket) | cloudposse/s3-bucket/aws | 0.49.0 |
| <a name="module_codebuild"></a> [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 0.37.1 |
| <a name="module_codebuild_label"></a> [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.25.0 |
| <a name="module_codepipeline_assume_role_label"></a> [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.25.0 |
Expand All @@ -251,7 +251,6 @@ Available targets:
| [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
Expand Down Expand Up @@ -438,7 +437,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

## Copyright

Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright)
Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)



Expand Down
3 changes: 1 addition & 2 deletions docs/terraform.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.2 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |

## Providers

Expand All @@ -21,6 +20,7 @@

| Name | Source | Version |
|------|--------|---------|
| <a name="module_artifact_store_bucket"></a> [artifact\_store\_bucket](#module\_artifact\_store\_bucket) | cloudposse/s3-bucket/aws | 0.49.0 |
| <a name="module_codebuild"></a> [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 0.37.1 |
| <a name="module_codebuild_label"></a> [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.25.0 |
| <a name="module_codepipeline_assume_role_label"></a> [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.25.0 |
Expand All @@ -47,7 +47,6 @@
| [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
Expand Down
4 changes: 0 additions & 4 deletions examples/complete/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,6 @@ terraform {
source = "hashicorp/aws"
version = ">= 2.0"
}
template = {
source = "hashicorp/template"
version = ">= 2.0"
}
local = {
source = "hashicorp/local"
version = ">= 1.2"
Expand Down
15 changes: 9 additions & 6 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,12 @@ module "codepipeline_label" {
context = module.this.context
}

resource "aws_s3_bucket" "default" {
module "artifact_store_bucket" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm this is a bit of scope creep. I don't think we want to use the s3 bucket module in this PR. Let's keep that separated.

source = "cloudposse/s3-bucket/aws"
version = "0.49.0"

count = module.this.enabled ? 1 : 0
bucket = module.codepipeline_label.id
bucket_name = module.codepipeline_label.id
acl = "private"
force_destroy = var.s3_bucket_force_destroy
tags = module.codepipeline_label.tags
Expand Down Expand Up @@ -114,8 +117,8 @@ data "aws_iam_policy_document" "s3" {
]

resources = [
join("", aws_s3_bucket.default.*.arn),
"${join("", aws_s3_bucket.default.*.arn)}/*"
join("", module.artifact_store_bucket.*.bucket_arn),
"${join("", module.artifact_store_bucket.*.bucket_arn)}/*"
]

effect = "Allow"
Expand Down Expand Up @@ -246,7 +249,7 @@ resource "aws_codepipeline" "default" {
role_arn = join("", aws_iam_role.default.*.arn)

artifact_store {
location = join("", aws_s3_bucket.default.*.bucket)
location = join("", module.artifact_store_bucket.*.bucket_arn)
type = "S3"
}

Expand Down Expand Up @@ -328,7 +331,7 @@ resource "aws_codepipeline" "bitbucket" {
role_arn = join("", aws_iam_role.default.*.arn)

artifact_store {
location = join("", aws_s3_bucket.default.*.bucket)
location = join("", module.artifact_store_bucket.*.bucket_arn)
type = "S3"
}

Expand Down
4 changes: 0 additions & 4 deletions versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,6 @@ terraform {
source = "hashicorp/aws"
version = ">= 2.0"
}
template = {
source = "hashicorp/template"
version = ">= 2.0"
}
local = {
source = "hashicorp/local"
version = ">= 1.2"
Expand Down