Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(versioning/hashicorp): support version excludes != #22417

Closed
secustor opened this issue May 24, 2023 · 1 comment · Fixed by #23492
Closed

feat(versioning/hashicorp): support version excludes != #22417

secustor opened this issue May 24, 2023 · 1 comment · Fixed by #23492
Assignees
Labels
priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality) versioning:hashicorp Hashicorp versioning

Comments

@secustor
Copy link
Collaborator

secustor commented May 24, 2023

What would you like Renovate to be able to do?

We currently do not support exclusions ( != ) as these have no equivalent in NPM to which we currently translate ranges.

To support the full syntax this functionality is needed.

If you have any ideas on how this should be implemented, please tell us here.

To implement this functionality we have to remove exclusions before converting and than removing the matching versions.

Context: #22414

Is this a feature you are interested in implementing yourself?

Maybe

@secustor secustor added type:feature Feature (new functionality) priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others status:ready versioning:hashicorp Hashicorp versioning labels May 24, 2023
@MaxymVlasov
Copy link

MaxymVlasov commented Jun 14, 2023

As a workaround, we use:

.github/.pre-commit-tf-lockfiles.yaml
repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.81.0
    hooks:
      - id: terraform_validate
        args:
          - --hook-config=--retry-once-with-cleanup=true
          - --tf-init-args=-upgrade
        files: '\.terraform\.lock\.hcl$'

      - id: terraform_providers_lock
        args:
        - --hook-config=--mode=always-regenerate-lockfile
        - --args=-platform=linux_arm64
        - --args=-platform=linux_amd64
        - --args=-platform=darwin_amd64
        - --args=-platform=darwin_arm64
.github/workflows/auto-update_pre-commit-tf-lockfile.yaml
name: Maintain TF lockfile up-to-date
# It need at least until Renovate will fix https://github.com/renovatebot/renovate/issues/22417

on:
  workflow_dispatch: {}

  schedule:
    - cron: '0 4 * * 1' # Execute every Monday at 04:00

permissions:
  contents: write
  pull-requests: write


env:
  # Prevent GH API rate-limit issue
  GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

jobs:
  pre-commit-tf-lockfile:
    runs-on: [self-hosted, eks-runner, corp, large]
    container: python:3.11-slim
    steps:
    - name: Install container pre-requirements
      run: |
        apt update
        apt install -y \
            git \
            curl \
            unzip \
            jq \
            nodejs # Needed for Terraform installation
        curl -L https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 > /usr/bin/yq &&\
          chmod +x /usr/bin/yq
    - name: Checkout
      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      with:
        ref: ${{ github.base_ref }}

    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
    - run: |
        git config --global --add safe.directory /__w/infrastructure/infrastructure
        git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*

    - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
      with:
        terraform_version: ~1.3

    - name: Execute pre-commit
      uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0
      with:
        extra_args: >
          --all-files
          --config .github/.pre-commit-tf-lockfiles.yaml
          --color=always --show-diff-on-failure

    - name: Create Pull Request
      if: failure()
      id: cpr
      uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1
      with:
        commit-message: 'chore(deps): Update terraform lockfiles'
        branch: pre-commit/update-tf-lockfiles
        delete-branch: true
        title: 'chore(deps): Update terraform lockfiles'
        body: >
          This PR update provider versions in Terraform lockfiles to their most resent values

          > **Warning**: Before merge, please, make sure that all Spacelift jobs pass successfully.
        labels: auto-update
        branch-suffix: timestamp

    - name: Pull Request number and link
      if: failure() && steps.cpr.outputs.pull-request-number > 0
      run: |
        echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
        echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
.pre-commit-config.yaml
repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.81.0
    hooks:
      - id: terraform_providers_lock
        args:
        - --hook-config=--mode=only-check-is-current-lockfile-cross-platform
        - --args=-platform=linux_arm64
        - --args=-platform=linux_amd64
        - --args=-platform=darwin_amd64
        - --args=-platform=darwin_arm64

Also, it provides zh: checksums too, and adds/check all versions constraints, not only specified in current versions.tf. Example:

  • renovate result:

    provider "registry.terraform.io/hashicorp/aws" {
      version     = "5.2.0"
      constraints = "~> 5.0"
  • pre-commit result:

    provider "registry.terraform.io/hashicorp/aws" {
      version     = "5.2.0"
      constraints = ">= 2.0.0, >= 3.0.0, >= 3.64.0, >= 4.0.0, >= 4.9.0, >= 4.18.0, >= 4.22.0, >= 4.23.0, >= 4.49.0, ~> 5.0"

More here: https://grem1.in/post/terraform-lockfiles-maxymvlasov/

@RahulGautamSingh RahulGautamSingh self-assigned this Jul 20, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality) versioning:hashicorp Hashicorp versioning
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants