diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8296ff5..6f64b5a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -3,6 +3,23 @@ # # Order is important: the last matching pattern has the highest precedence -# This module is used everywhere and changes must be carefully vetted, -# so only allow cloudposse Admins to approve PRs. -* @cloudposse/admins +# These owners will be the default owners for everything +* @cloudposse/engineering @cloudposse/contributors + +# Cloud Posse must review any changes to Makefiles +**/Makefile @cloudposse/engineering +**/Makefile.* @cloudposse/engineering + +# Cloud Posse must review any changes to GitHub actions +.github/* @cloudposse/engineering + +# Cloud Posse must review any changes to standard context definition, +# but some changes can be rubber-stamped. +**/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers + +# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration +.github/mergify.yml @cloudposse/admins +.github/CODEOWNERS @cloudposse/admins diff --git a/.github/auto-release.yml b/.github/auto-release.yml index b45efb7..cc9bf05 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -17,8 +17,8 @@ version-resolver: - 'bugfix' - 'bug' - 'hotfix' - - 'no-release' default: 'minor' +filter-by-commitish: true categories: - title: '🚀 Enhancements' diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000..5c4b54f --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,61 @@ +# https://docs.mergify.io/conditions.html +# https://docs.mergify.io/actions.html +pull_request_rules: +- name: "approve automated PRs that have passed checks" + conditions: + - "base=main" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=terraform-module / ci" + - "and: *common_checks" + - "sender-permission>=write" + actions: + review: + type: "APPROVE" + bot_account: "cloudposse-mergebot" + message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." + +- name: "merge automated PRs when approved and tests pass" + conditions: + - "base=main" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=terraform-module / ci" + - "and: *common_checks" + - "#approved-reviews-by>=1" + - "#changes-requested-reviews-by=0" + - "#commented-reviews-by=0" + - "sender-permission>=write" + actions: + merge: + method: "squash" + +- name: "delete the head branch after merge" + conditions: + - "merged" + actions: + delete_head_branch: {} + +- name: "ask to resolve conflict" + conditions: + - "conflict" + - "-closed" + actions: + comment: + message: "This pull request has conflicts, please resolve." + +- name: "remove outdated reviews" + conditions: + - "base=main" + actions: + dismiss_reviews: + changes_requested: true + approved: true + message: "This Pull Request has been updated, so we're dismissing all reviews." + +- name: "close PRs with no files changed" + conditions: + - "#files=0" + actions: + close: + message: "This pull request has been automatically closed by Mergify because there are no longer any changes." diff --git a/.github/renovate.json b/.github/renovate.json index 010732b..77b736c 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,3 +1,17 @@ { - "enabled": false + "extends": [ + "config:base", + ":preserveSemverRanges" + ], + "labels": ["auto-update"], + "dependencyDashboardAutoclose": true, + "enabledManagers": ["terraform"], + "terraform": { + "ignorePaths": ["**/context.tf", "examples/**"] + }, + "postUpgradeTasks": { + "commands": ["make readme"], + "fileFilters": ["README.md"], + "executionMode": "update" + } } diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml deleted file mode 100644 index c600d60..0000000 --- a/.github/workflows/auto-format.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Auto Format -on: - pull_request_target: - types: [opened, synchronize] - -jobs: - auto-format: - runs-on: ubuntu-latest - container: cloudposse/build-harness:latest - steps: - # Checkout the pull request branch - # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using - # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains - # a workflow configured to run when push events occur." - # However, using a personal access token will cause events to be triggered. - # We need that to ensure a status gets posted after the auto-format commit. - # We also want to trigger tests if the auto-format made no changes. - - uses: actions/checkout@v2 - if: github.event.pull_request.state == 'open' - name: Privileged Checkout - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - # Check out the PR commit, not the merge commit - # Use `ref` instead of `sha` to enable pushing back to `ref` - ref: ${{ github.event.pull_request.head.ref }} - - # Do all the formatting stuff - - name: Auto Format - if: github.event.pull_request.state == 'open' - shell: bash - env: - GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host - - # Commit changes (if any) to the PR branch - - name: Commit changes to the PR branch - if: github.event.pull_request.state == 'open' - shell: bash - id: commit - env: - SENDER: ${{ github.event.sender.login }} - run: | - set -x - output=$(git diff --name-only) - - if [ -n "$output" ]; then - echo "Changes detected. Pushing to the PR branch" - git config --global user.name 'cloudpossebot' - git config --global user.email '11232728+cloudpossebot@users.noreply.github.com' - git add -A - git commit -m "Auto Format" - # Prevent looping by not pushing changes in response to changes from cloudpossebot - [[ $SENDER == "cloudpossebot" ]] || git push - # Set status to fail, because the push should trigger another status check, - # and we use success to indicate the checks are finished. - printf "::set-output name=%s::%s\n" "changed" "true" - exit 1 - else - printf "::set-output name=%s::%s\n" "changed" "false" - echo "No changes detected" - fi - - - name: Auto Test - uses: cloudposse/actions/github/repository-dispatch@0.30.0 - # match users by ID because logins (user names) are inconsistent, - # for example in the REST API Renovate Bot is `renovate[bot]` but - # in GraphQL it is just `renovate`, plus there is a non-bot - # user `renovate` with ID 1832810. - # Mergify bot: 37929162 - # Renovate bot: 29139614 - # Cloudpossebot: 11232728 - # Need to use space separators to prevent "21" from matching "112144" - if: > - contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) - && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - repository: cloudposse/actions - event-type: test-command - client-payload: |- - { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}}, - "pull_request": ${{ toJSON(github.event.pull_request) }}, - "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }}, - "comment": {"id": ""} - } - } - } diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml deleted file mode 100644 index 6f25b8d..0000000 --- a/.github/workflows/auto-readme.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: "auto-readme" -on: - workflow_dispatch: - - schedule: - # Example of job definition: - # .---------------- minute (0 - 59) - # | .------------- hour (0 - 23) - # | | .---------- day of month (1 - 31) - # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... - # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat - # | | | | | - # * * * * * user-name command to be executed - - # Update README.md nightly at 4am UTC - - cron: '0 4 * * *' - -jobs: - update: - if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Find default branch name - id: defaultBranch - shell: bash - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) - printf "::set-output name=defaultBranch::%s\n" "${default_branch}" - printf "defaultBranchRef.name=%s\n" "${default_branch}" - - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}" - run: | - make init - make readme/build - # Ignore changes if they are only whitespace - if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then - git restore README.md - echo Ignoring whitespace-only changes in README - fi - - - name: Create Pull Request - # This action will not create or change a pull request if there are no changes to make. - # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR. - uses: cloudposse/actions/github/create-pull-request@0.30.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs - - ## why - To have most recent changes of README.md and doc from origin templates - - branch: auto-update/readme - base: ${{ steps.defaultBranch.outputs.defaultBranch }} - delete-branch: true - labels: | - auto-update - no-release - readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml deleted file mode 100644 index 3e2b202..0000000 --- a/.github/workflows/auto-release.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: auto-release - -on: - push: - branches: - - master - -jobs: - publish: - runs-on: ubuntu-latest - steps: - # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v5 - with: - publish: false - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml deleted file mode 100644 index 23f96d8..0000000 --- a/.github/workflows/chatops.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: chatops -on: - issue_comment: - types: [created] - -jobs: - default: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - repository: cloudposse/actions - commands: rebuild-readme, terraform-fmt - permission: triage - issue-type: pull-request - - test: - runs-on: ubuntu-latest - steps: - - name: "Checkout commit" - uses: actions/checkout@v2 - - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - repository: cloudposse/actions - commands: test - permission: triage - issue-type: pull-request - reactions: false - - diff --git a/.github/workflows/feature-branch-chatops.yml b/.github/workflows/feature-branch-chatops.yml new file mode 100644 index 0000000..9abfc61 --- /dev/null +++ b/.github/workflows/feature-branch-chatops.yml @@ -0,0 +1,16 @@ +--- +name: feature-branch-chatops +on: + issue_comment: + types: [created] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch-chatops.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml new file mode 100644 index 0000000..e90f9d4 --- /dev/null +++ b/.github/workflows/feature-branch.yml @@ -0,0 +1,19 @@ +--- +name: feature-branch +on: + pull_request: + branches: + - main + - release/** + types: [opened, synchronize, reopened, labeled, unlabeled] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@pass_repo + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml new file mode 100644 index 0000000..3c5ada4 --- /dev/null +++ b/.github/workflows/release-branch.yml @@ -0,0 +1,22 @@ +--- +name: release-branch +on: + push: + branches: + - main + - release/** + paths-ignore: + - '.github/**' + - 'docs/**' + - 'examples/**' + - 'test/**' + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-branch.yml@pass_repo + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml new file mode 100644 index 0000000..f86352b --- /dev/null +++ b/.github/workflows/release-published.yml @@ -0,0 +1,14 @@ +--- +name: release-published +on: + release: + types: + - published + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 0000000..e6331ed --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,17 @@ +--- +name: scheduled +on: + workflow_dispatch: {} # Allows manually trigger this workflow + schedule: + - cron: "0 3 * * *" + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + scheduled: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/scheduled.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml deleted file mode 100644 index 70f829e..0000000 --- a/.github/workflows/validate-codeowners.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Validate Codeowners -on: - workflow_dispatch: - - pull_request: - -jobs: - validate-codeowners: - runs-on: ubuntu-latest - steps: - - name: "Checkout source code at current commit" - uses: actions/checkout@v2 - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name == github.repository - name: "Full check of CODEOWNERS" - with: - # For now, remove "files" check to allow CODEOWNERS to specify non-existent - # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos - # checks: "files,syntax,owners,duppatterns" - checks: "syntax,owners,duppatterns" - owner_checker_allow_unowned_patterns: "false" - # GitHub access token is required only if the `owners` check is enabled - github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name != github.repository - name: "Syntax check of CODEOWNERS" - with: - checks: "syntax,duppatterns" - owner_checker_allow_unowned_patterns: "false" diff --git a/README.md b/README.md index dba9eb5..4540bb1 100644 --- a/README.md +++ b/README.md @@ -926,7 +926,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright) @@ -1013,7 +1013,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] - + [logo]: https://cloudposse.com/logo-300x69.svg [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-null-label&utm_content=docs [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-null-label&utm_content=website @@ -1044,3 +1044,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-null-label [share_email]: mailto:?subject=terraform-null-label&body=https://github.com/cloudposse/terraform-null-label [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-null-label?pixel&cs=github&cm=readme&an=terraform-null-label +