Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into lock-repo-on-apply
Browse files Browse the repository at this point in the history
  • Loading branch information
peikk0 committed May 17, 2024
2 parents f656818 + 271f89e commit 244fb3f
Show file tree
Hide file tree
Showing 177 changed files with 4,709 additions and 4,323 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
# that flag starts the download asynchronously so we'd have a race
# condition.
# renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp
TERRAFORM_VERSION: 1.7.5
TERRAFORM_VERSION: 1.8.3
steps:
- checkout
- run: make build-service
Expand Down
12 changes: 12 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
root = true

[*]
charset = utf-8
end_of_line = lf
trim_trailing_whitespace = true
insert_final_newline = true

[*.md]
indent_style = space
indent_size = 3
trim_trailing_whitespace = false
2 changes: 1 addition & 1 deletion .github/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ provider/gitlab:

website:
- changed-files:
- any-glob-to-any-file: 'runatlantis.io/.vuepress/**/*'
- any-glob-to-any-file: 'runatlantis.io/.vitepress/**/*'
- any-glob-to-any-file: 'package.json'
- any-glob-to-any-file: 'pnpm-lock.yaml'
134 changes: 71 additions & 63 deletions .github/renovate.json5
Original file line number Diff line number Diff line change
@@ -1,108 +1,116 @@
{
extends: [
"config:base",
"schedule:daily",
'config:best-practices',
':separateMultipleMajorReleases',
'schedule:daily',
],
commitMessageSuffix: " in {{packageFile}}",
commitMessageSuffix: ' in {{packageFile}}',
dependencyDashboardAutoclose: true,
automerge: true,
baseBranches: ["main", "/^release\-.*/"],
baseBranches: [
'main',
'/^release-.*/',
],
platformAutomerge: true,
labels: ["dependencies"],
labels: [
'dependencies',
],
postUpdateOptions: [
"gomodTidy",
"gomodUpdateImportPaths",
"pnpmDedupe",
'gomodTidy',
'gomodUpdateImportPaths',
'pnpmDedupe',
],
// needed so e2e tests do not stomp over each other
prHourlyLimit: 1,
lockFileMaintenance: {
enabled: true,
},
osvVulnerabilityAlerts: true,
vulnerabilityAlerts: {
enabled: true,
labels: [
"security",
'security',
],
},
packageRules: [
// For vuepress
{
"matchPackageNames": ["vuepress", "@vuepress/client", "@vuepress/markdown", "@vuepress/utils"],
"groupName": "vuepress",
"allowedVersions": "!/pre.*$/",
"matchFileNames": ["package.json"],
"enabled": false
},
// e2e test depends on testing/Dockefile testing-image which has conftest specific version.
// to upgrade conftest versions, we need following PRs.
// 1. update testing/Dockerfile conftest version
// 2. update testing-env tag
// 3. update e2e conftest version
// This will allow conftest version updates in testing/Dockefile
{
matchPaths: ["testing/**"],
matchPackagePatterns: ["conftest"],
additionalBranchPrefix: "{{baseDir}}-",
groupName: "conftest-testing",
/*
prBodyNotes: [
":warning: Upgrade testing-env conftest and then upgrade other conftest versions for e2e :warning:",
matchFileNames: [
'testing/**',
],
matchPackagePatterns: [
'conftest',
],
*/
additionalBranchPrefix: '{{packageFileDir}}-',
groupName: 'conftest-testing',
},
{
ignorePaths: ["testing/**"],
matchPackagePatterns: ["github-actions"],
groupName: "github-",
ignorePaths: [
'testing/**',
],
matchPackagePatterns: [
'github-actions',
],
groupName: 'github-',
},
/*
// This tag is currently latest so we can skip this check for now unless we need to pin it again.
{
// we need to upgrade testing-env on ci quickly
matchPackageNames: ["ghcr.io/runatlantis/testing-env"],
groupName: "testing-env-ci-test",
schedule: ["every 1 hour after 00:00 and before 23:59 every day"],
matchDatasources: [
'docker',
],
matchPackageNames: [
'node',
'cimg/node',
],
versioning: 'node',
},
*/
{
// use LTS node version for node docker image
matchDatasources: ["docker"],
matchPackageNames: ["node", "cimg/node"],
versioning: "node",
matchPackageNames: [
'go',
'golang',
],
versioning: 'go',
groupName: 'go'
},
],
// https://docs.renovatebot.com/modules/manager/regex/
regexManagers: [
customManagers: [
{
fileMatch: ["(^|/)Dockerfile$", "(^|/)Dockerfile\\.[^/]*$"],
customType: 'regex',
fileMatch: [
'(^|/)Dockerfile$',
'(^|/)Dockerfile\\.[^/]*$',
],
matchStrings: [
// example:
// renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp
// # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp
// ENV DEFAULT_TERRAFORM_VERSION=x.x.x
"renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\sENV .*?_VERSION=(?<currentValue>.*)\\s",
// # renovate: datasource=github-releases depName=open-policy-agent/conftest
// ARG DEFAULT_CONFTEST_VERSION=x.x.x
"renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s(ARG|ENV) .*?_VERSION=(?<currentValue>.*)\\s",
],
versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
versioningTemplate: '{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}',
extractVersionTemplate: '^v(?<version>\\d+\\.\\d+\\.\\d+)',
},
{
fileMatch: [".*go$"],
customType: 'regex',
fileMatch: [
'.*go$',
],
matchStrings: [
// example:
// const ConftestVersion = "x.x.x" // renovate: datasource=github-releases depName=open-policy-agent/conftest
"\\sconst .*Version = \"(?<currentValue>.*)\"\\s// renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s",
'\\sconst .*Version = "(?<currentValue>.*)"\\s// renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s',
],
versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
versioningTemplate: '{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}',
extractVersionTemplate: '^v(?<version>\\d+\\.\\d+\\.\\d+)',
},
{
fileMatch: [".circleci/config.yml$"],
customType: 'regex',
fileMatch: [
'.circleci/config.yml$',
'^\\.github/workflows/[^/]+\\.ya?ml$',
],
matchStrings: [
// example:
// # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp
// TRRAFORM_VERSION: x.x.x
"renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.*?_VERSION: (?<currentValue>.*)\\s",
'renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.*?_VERSION: (?<currentValue>.*)\\s',
],
versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
versioningTemplate: '{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}',
extractVersionTemplate: '^v(?<version>\\d+\\.\\d+\\.\\d+)',
},
]
],
}
23 changes: 14 additions & 9 deletions .github/workflows/atlantis-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ on:
branches:
- 'main'
- 'release-**'
types:
- opened
- reopened
- synchronize
- ready_for_review
workflow_dispatch:

concurrency:
Expand All @@ -25,8 +30,8 @@ jobs:
if: github.event.pull_request.draft == false
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: changes
with:
filters: |
Expand All @@ -52,22 +57,22 @@ jobs:
PUSH: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) }}

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4

# Lint the Dockerfile first before setting anything up
- name: Lint Dockerfile
uses: hadolint/hadolint-action@v3.1.0
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: "Dockerfile"

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
with:
image: tonistiigi/binfmt:latest
platforms: arm64,arm

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
# https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515
with:
driver-opts: |
Expand All @@ -81,7 +86,7 @@ jobs:
# if it's v0.10.0 and debian, it will do v0.10.0-debian, latest-debian
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
env:
SUFFIX: ${{ format('-{0}', matrix.image_type) }}
with:
Expand Down Expand Up @@ -113,7 +118,7 @@ jobs:
# Suffix is not used here since there's no way to disable it above
- name: Login to Packages Container registry
uses: docker/login-action@v3
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
Expand All @@ -126,7 +131,7 @@ jobs:

- name: "Build ${{ env.PUSH == 'true' && 'and push' || '' }} ${{ env.DOCKER_REPO }} image"
if: contains(fromJson('["push", "pull_request"]'), github.event_name)
uses: docker/build-push-action@v5
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
with:
cache-from: type=gha
cache-to: type=gha,mode=max
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ jobs:
if: github.event.pull_request.draft == false
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: changes
with:
filters: |
Expand Down Expand Up @@ -67,11 +67,11 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -85,7 +85,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -98,7 +98,7 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3
with:
category: "/language:${{matrix.language}}"

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ jobs:
if: github.event.pull_request.draft == false
runs-on: ubuntu-22.04
steps:
- uses: actions/labeler@v5
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
10 changes: 5 additions & 5 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ jobs:
if: github.event.pull_request.draft == false
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: changes
with:
filters: |
Expand All @@ -39,15 +39,15 @@ jobs:
name: Linting
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4

# need to setup go toolchain explicitly
- uses: actions/setup-go@v5
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
with:
go-version-file: go.mod

- name: golangci-lint
uses: reviewdog/action-golangci-lint@v2
uses: reviewdog/action-golangci-lint@00311c26a97213f93f2fd3a3524d66762e956ae0 # v2
with:
tool_name: golangci-lint

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ jobs:
name: Validate PR title
runs-on: ubuntu-22.04
steps:
- uses: amannn/action-semantic-pull-request@v5
- uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Loading

0 comments on commit 244fb3f

Please sign in to comment.