From 965754eee149c131a9e4b158a328310f344c6432 Mon Sep 17 00:00:00 2001 From: mamrajyadav Date: Thu, 7 Dec 2023 21:52:12 +0530 Subject: [PATCH 1/6] feat: update github/workflows --- .deepsource.toml | 4 ++ .github/CODEOWNERS | 12 +--- .github/dependabot.yml | 31 ++++++++++- .github/workflows/auto_assignee.yml | 14 +++++ .github/workflows/changelog.yml | 6 +- .github/workflows/readme.yml | 11 ++-- .github/workflows/semantic-releaser.yml | 30 ---------- .github/workflows/static-checks.yml | 74 ------------------------- .github/workflows/tf-checks.yml | 15 +++++ .github/workflows/tflint.yml | 11 ++++ .github/workflows/tfsec.yml | 4 +- README.yaml | 32 ++++++----- _example/example.tf | 11 ++-- main.tf | 4 +- variables.tf | 10 +++- versions.tf | 4 +- 16 files changed, 120 insertions(+), 153 deletions(-) create mode 100644 .deepsource.toml create mode 100644 .github/workflows/auto_assignee.yml delete mode 100644 .github/workflows/semantic-releaser.yml delete mode 100644 .github/workflows/static-checks.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml diff --git a/.deepsource.toml b/.deepsource.toml new file mode 100644 index 0000000..18b001a --- /dev/null +++ b/.deepsource.toml @@ -0,0 +1,4 @@ +version = 1 + +[[analyzers]] +name = "terraform" \ No newline at end of file diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 70a33a6..231c9a6 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,10 +1,2 @@ -# Use this file to define individuals or teams that are responsible for code in a repository. -# Read more: -# -# Order is important: the last matching pattern has the highest precedence - -# These owners will be the default owners for everything -* @clouddrove/approvers @clouddrove/contributors - -# Admins must review all changes to CODEOWNERS or the mergify configuration -.github/CODEOWNERS @anmolnagpal +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove/approvers @clouddrove-ci diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6f6a30d..85ca8ee 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,12 +5,39 @@ version: 2 updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 3 + assignees: + - "clouddrove-ci" + reviewers: + - "approvers" + - package-ecosystem: "terraform" # See documentation for possible values directory: "/" # Location of package manifests schedule: interval: "weekly" + # Add assignees + assignees: + - "clouddrove-ci" + # Add reviewer + reviewers: + - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example" # Location of package manifests + directory: "/_example/" # Location of package manifests schedule: interval: "weekly" - + # Add assignees + assignees: + - "clouddrove-ci" + # Add reviewer + reviewers: + - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..4625a8b --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,14 @@ +name: Auto Assign PRs + +on: + pull_request: + types: [opened, reopened] + + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.8 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 3e88b85..a80dbf1 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -6,8 +6,8 @@ on: - "*" workflow_dispatch: jobs: - call-workflow-changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + changelog: + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.8 secrets: inherit with: - branch: 'master' \ No newline at end of file + branch: 'master' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 083c63e..1eb0243 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -13,29 +13,28 @@ jobs: uses: actions/checkout@master - name: 'Set up Python 3.7' - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.1' + uses: 'clouddrove/github-actions@9.0.3' with: actions_subcommand: 'readme' github_token: '${{ secrets.GITHUB }}' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: 'pre-commit check errors' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'pre-commit fix erros' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.1' + uses: 'clouddrove/github-actions@9.0.3' continue-on-error: true with: actions_subcommand: 'push' diff --git a/.github/workflows/semantic-releaser.yml b/.github/workflows/semantic-releaser.yml deleted file mode 100644 index 6e685a0..0000000 --- a/.github/workflows/semantic-releaser.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Release - -on: - push: - branches: - - main - paths: - - '**.tf' - - '!examples/**.tf' - -jobs: - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - persist-credentials: false - - - name: Setup Node.js - uses: actions/setup-node@v1 - with: - node-version: 14 - - - name: Release - env: - GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} - run: npx semantic-release diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml deleted file mode 100644 index 6e5f16b..0000000 --- a/.github/workflows/static-checks.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/ - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB_TOKEN }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive -check=true diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..92aac7c --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,15 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + basic: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.8 + with: + working_directory: './_example/basic/' + complete: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.8 + with: + working_directory: './_example/complete/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..3eafee9 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.8 + secrets: + GITHUB: ${{ secrets.GITHUB }} diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 9aaf588..52ad25a 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.8 secrets: inherit with: - working_directory: '.' \ No newline at end of file + working_directory: '.' diff --git a/README.yaml b/README.yaml index 9325a56..4d9a863 100644 --- a/README.yaml +++ b/README.yaml @@ -16,9 +16,12 @@ github_repo: clouddrove/terraform-azure-resource-group # Badges to display badges: - - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v1.0.0-green" - url: "https://www.terraform.io" + - name: "Latest Release" + image: "https://img.shields.io/github/release/clouddrove/terraform-azure-resource-group.svg" + url: "https://github.com/clouddrove/terraform-azure-resource-group/releases/latest" + - name: "tfsec" + image: "https://github.com/clouddrove/terraform-azure-resource-group/actions/workflows/tfsec.yml/badge.svg" + url: "https://github.com/clouddrove/terraform-azure-resource-group/actions/workflows/tfsec.yml" - name: "Licence" image: "https://img.shields.io/badge/License-APACHE-blue.svg" url: "LICENSE.md" @@ -36,13 +39,16 @@ include: usage: |- ### Simple Example Here is an example of how you can use this module in your inventory structure: - ```hcl - module "resource_group" { - source = "terraform/resource-group/azure" - version = "1.0.0" - environment = "test" - label_order = ["name","environment"] - name = "example" - location = "North Europe" - } - ``` + ```hcl + module "resource_group" { + source = "terraform/resource-group/azure" + version = "1.0.0" + name = "example" + environment = "test" + location = "North Europe" + + #resource lock + resource_lock_enabled = true + lock_level = "CanNotDelete" + } + ``` diff --git a/_example/example.tf b/_example/example.tf index 6d88e1e..74a2c96 100644 --- a/_example/example.tf +++ b/_example/example.tf @@ -3,13 +3,10 @@ provider "azurerm" { } module "resource_group" { - source = "../" - - environment = "tested" - label_order = ["name", "environment", ] - - name = "example" - location = "North Europe" + source = "../" + name = "example" + environment = "test" + location = "North Europe" #resource lock resource_lock_enabled = true diff --git a/main.tf b/main.tf index da3d33d..86a3957 100644 --- a/main.tf +++ b/main.tf @@ -36,5 +36,5 @@ resource "azurerm_management_lock" "resource-group-level" { name = format("%s-rg-lock", var.lock_level) scope = azurerm_resource_group.default.*.id[0] lock_level = var.lock_level - notes = "This Resource Group is locked by terrafrom" -} \ No newline at end of file + notes = var.notes +} diff --git a/variables.tf b/variables.tf index d0ba3f8..9759054 100644 --- a/variables.tf +++ b/variables.tf @@ -26,7 +26,7 @@ variable "environment" { variable "label_order" { type = list(any) - default = [] + default = ["name", "environment", ] description = "Label order, e.g. `name`,`application`." } @@ -108,4 +108,10 @@ variable "resource_lock_enabled" { variable "lock_level" { type = string default = "CanNotDelete" -} \ No newline at end of file +} + +variable "notes" { + type = string + default = "This Resource Group is locked by terrafrom" + description = "Specifies some notes about the lock. Maximum of 512 characters. Changing this forces a new resource to be created." +} diff --git a/versions.tf b/versions.tf index 55c5a8f..f5b95bc 100644 --- a/versions.tf +++ b/versions.tf @@ -1,13 +1,13 @@ # Terraform version terraform { - required_version = ">= 1.0.0" + required_version = ">= 1.6.5" } terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=2.90.0" + version = ">=3.83.0" } } } From 3f3b5c8daddb2e4b44759a0005c07db6725eb4ea Mon Sep 17 00:00:00 2001 From: mamrajyadav Date: Thu, 7 Dec 2023 22:26:14 +0530 Subject: [PATCH 2/6] fix: update tf-checks --- .github/workflows/tf-checks.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index 92aac7c..b548e40 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -5,11 +5,7 @@ on: pull_request: workflow_dispatch: jobs: - basic: + example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.8 with: - working_directory: './_example/basic/' - complete: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.8 - with: - working_directory: './_example/complete/' + working_directory: './_example/' From 6dcd48486183c9cca7aa7fb246de9d18cfeff87e Mon Sep 17 00:00:00 2001 From: mamrajyadav Date: Thu, 7 Dec 2023 23:31:32 +0530 Subject: [PATCH 3/6] fix: fixed lint warning --- .github/CODEOWNERS | 12 ++++++++++-- _example/versions.tf | 13 +++++++++++++ main.tf | 2 +- outputs.tf | 6 +++--- variables.tf | 18 ------------------ 5 files changed, 27 insertions(+), 24 deletions(-) create mode 100644 _example/versions.tf diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 231c9a6..70a33a6 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,10 @@ -# These owners will be the default owners for everything in the repo. -* @anmolnagpal @clouddrove/approvers @clouddrove-ci +# Use this file to define individuals or teams that are responsible for code in a repository. +# Read more: +# +# Order is important: the last matching pattern has the highest precedence + +# These owners will be the default owners for everything +* @clouddrove/approvers @clouddrove/contributors + +# Admins must review all changes to CODEOWNERS or the mergify configuration +.github/CODEOWNERS @anmolnagpal diff --git a/_example/versions.tf b/_example/versions.tf new file mode 100644 index 0000000..f5b95bc --- /dev/null +++ b/_example/versions.tf @@ -0,0 +1,13 @@ +# Terraform version +terraform { + required_version = ">= 1.6.5" +} + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.83.0" + } + } +} diff --git a/main.tf b/main.tf index 86a3957..0634514 100644 --- a/main.tf +++ b/main.tf @@ -34,7 +34,7 @@ resource "azurerm_resource_group" "default" { resource "azurerm_management_lock" "resource-group-level" { count = var.enabled && var.resource_lock_enabled ? 1 : 0 name = format("%s-rg-lock", var.lock_level) - scope = azurerm_resource_group.default.*.id[0] + scope = azurerm_resource_group.default[0].id lock_level = var.lock_level notes = var.notes } diff --git a/outputs.tf b/outputs.tf index 48de2a2..70b1858 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,15 +1,15 @@ output "resource_group_id" { - value = join("", azurerm_resource_group.default.*.id) + value = join("", azurerm_resource_group.default[*].id) description = "The ID of the Resource Group." } output "resource_group_name" { - value = join("", azurerm_resource_group.default.*.name) + value = join("", azurerm_resource_group.default[*].name) description = "The Name which should be used for this Resource Group. Changing this forces a new Resource Group to be created." } output "resource_group_location" { - value = join("", azurerm_resource_group.default.*.location) + value = join("", azurerm_resource_group.default[*].location) description = "The Azure Region where the Resource Group should exist. Changing this forces a new Resource Group to be created." } diff --git a/variables.tf b/variables.tf index 9759054..e4b1456 100644 --- a/variables.tf +++ b/variables.tf @@ -36,24 +36,6 @@ variable "business_unit" { description = "Top-level division of your company that owns the subscription or workload that the resource belongs to. In smaller organizations, this tag might represent a single corporate or shared top-level organizational element." } -variable "attributes" { - type = list(any) - default = [] - description = "Additional attributes (e.g. `1`)." -} - -variable "delimiter" { - type = string - default = "-" - description = "Delimiter to be used between `organization`, `environment`, `name` and `attributes`." -} - -variable "tags" { - type = map(any) - default = {} - description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)." -} - variable "managedby" { type = string default = "hello@clouddrove.com" From b86233175e55e11b3fede2391b1ea48b26fd9a5a Mon Sep 17 00:00:00 2001 From: Pranay Deokar Date: Thu, 21 Dec 2023 20:57:00 +0530 Subject: [PATCH 4/6] fix: update terraform and azure latest version --- _example/versions.tf | 4 ++-- versions.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/_example/versions.tf b/_example/versions.tf index f5b95bc..9ffba34 100644 --- a/_example/versions.tf +++ b/_example/versions.tf @@ -1,13 +1,13 @@ # Terraform version terraform { - required_version = ">= 1.6.5" + required_version = ">= 1.6.6" } terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=3.83.0" + version = ">=3.85.0" } } } diff --git a/versions.tf b/versions.tf index f5b95bc..9ffba34 100644 --- a/versions.tf +++ b/versions.tf @@ -1,13 +1,13 @@ # Terraform version terraform { - required_version = ">= 1.6.5" + required_version = ">= 1.6.6" } terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=3.83.0" + version = ">=3.85.0" } } } From 0a16fbe24d4ead12f369ea39474d1a675c3c9bac Mon Sep 17 00:00:00 2001 From: Pranay Deokar Date: Thu, 21 Dec 2023 22:15:15 +0530 Subject: [PATCH 5/6] fix: added null value in variables --- variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/variables.tf b/variables.tf index e4b1456..4f615fb 100644 --- a/variables.tf +++ b/variables.tf @@ -2,7 +2,7 @@ #Description : Terraform label module variables. variable "name" { type = string - default = "" + default = null description = "Name (e.g. `app` or `cluster`)." } @@ -20,7 +20,7 @@ variable "repository" { variable "environment" { type = string - default = "" + default = null description = "Environment (e.g. `prod`, `dev`, `staging`)." } @@ -53,7 +53,7 @@ variable "enabled" { variable "location" { type = string - default = "" + default = null description = "Location where resource should be created." } From d4bfad01cd1e9e1dec07968314082dc5a7785a9f Mon Sep 17 00:00:00 2001 From: mamrajyadav Date: Tue, 26 Dec 2023 16:12:41 +0530 Subject: [PATCH 6/6] fix: remove unnecessary join function --- outputs.tf | 6 +++--- variables.tf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/outputs.tf b/outputs.tf index 70b1858..c153e58 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,15 +1,15 @@ output "resource_group_id" { - value = join("", azurerm_resource_group.default[*].id) + value = azurerm_resource_group.default[0].id description = "The ID of the Resource Group." } output "resource_group_name" { - value = join("", azurerm_resource_group.default[*].name) + value = azurerm_resource_group.default[0].name description = "The Name which should be used for this Resource Group. Changing this forces a new Resource Group to be created." } output "resource_group_location" { - value = join("", azurerm_resource_group.default[*].location) + value = azurerm_resource_group.default[0].location description = "The Azure Region where the Resource Group should exist. Changing this forces a new Resource Group to be created." } diff --git a/variables.tf b/variables.tf index 4f615fb..5cba6e5 100644 --- a/variables.tf +++ b/variables.tf @@ -25,7 +25,7 @@ variable "environment" { } variable "label_order" { - type = list(any) + type = list(string) default = ["name", "environment", ] description = "Label order, e.g. `name`,`application`." }