Updated provider version (#9)

* feat: updates build templates and providers

* fix(ci): update secret reference for Cachix auth token in terraform workflow

Updated the secret reference from `ALTF4LLC_CACHIX_AUTH_TOKEN` to `CACHIX_AUTH_TOKEN` in the GitHub Actions workflow for Terraform to ensure proper authentication with Cachix.

.github/renovate.json

@@ -0,0 +1,16 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "config:base",
+ ":semanticCommitTypeAll(chore)"
+ ],
+ "lockFileMaintenance": {
+ "enabled": true,
+ "extends": [
+ "schedule:weekly"
+ ]
+ },
+ "nix": {
+ "enabled": true
+ }
+}

.github/workflows/terraform.yaml

@@ -0,0 +1,39 @@
+name: terraform
+
+on:
+ pull_request:
+ push:
+ branches:
+ - main
+
+env:
+ CACHIX_BINARY_CACHE: altf4llc-os
+
+jobs:
+ check:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: cachix/install-nix-action@v27
+ with:
+ nix_path: nixpkgs=channel:nixos-unstable
+ - uses: cachix/cachix-action@v15
+ with:
+ authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+ name: ${{ env.CACHIX_BINARY_CACHE }}
+ - uses: actions/checkout@v4
+ - run: nix develop -c just check
+
+ package:
+ needs:
+ - check
+ runs-on: ubuntu-latest
+ steps:
+ - uses: cachix/install-nix-action@v27
+ with:
+ nix_path: nixpkgs=channel:nixos-unstable
+ - uses: cachix/cachix-action@v15
+ with:
+ authToken: ${{ secrets.ALTF4LLC_CACHIX_AUTH_TOKEN }}
+ name: ${{ env.CACHIX_BINARY_CACHE }}
+ - uses: actions/checkout@v4
+ - run: nix develop -c just package

.gitignore

@@ -1,13 +1,9 @@
-# Nix directories
 .direnv
-result
+*.tfplan
 
 # Local .terraform directories
 **/.terraform/*
 
-# Terraform lockfile
-.terraform.lock.hcl
-
 # .tfstate files
 *.tfstate
 *.tfstate.*
@@ -17,8 +13,8 @@ crash.log
 crash.*.log
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
@@ -39,3 +35,4 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+.terraform.lock.hcl

README.md

@@ -6,13 +6,13 @@ Terraform module which creates GitHub team resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_github"></a> [github](#requirement\_github) | 6.0.0 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_github"></a> [github](#provider\_github) | 6.0.0 |
+| <a name="provider_github"></a> [github](#provider\_github) | 6.2.1 |
 
 ## Modules
 
@@ -22,8 +22,8 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [github_team.self](https://registry.terraform.io/providers/integrations/github/6.0.0/docs/resources/team) | resource |
-| [github_team_membership.self](https://registry.terraform.io/providers/integrations/github/6.0.0/docs/resources/team_membership) | resource |
+| [github_team.self](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team) | resource |
+| [github_team_membership.self](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_membership) | resource |
 
 ## Inputs
 

build-configs.yaml

@@ -0,0 +1,9 @@
+---
+name: terraform-github-team
+template: terraform-module
+parameters:
+ nix:
+ cachix:
+ binaryCache: altf4llc-os
+ providers:
+ - github

flake.nix

@@ -1,33 +1,23 @@
 {
- description = "terraform-github-team";
-
- inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
 
  outputs = inputs @ {
  flake-parts,
  nixpkgs,
  ...
  }:
  flake-parts.lib.mkFlake {inherit inputs;} {
- systems = ["x86_64-linux" "aarch64-darwin" "x86_64-darwin"];
+ systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin"];
+
  perSystem = {
  config,
- self',
- inputs',
  pkgs,
  system,
  ...
  }: let
- inherit (pkgs) just terraform-docs;
- terraform = pkgs.terraform.withPlugins (p: [
- (pkgs.terraform-providers.mkProvider {
- hash = "sha256-y8DMpNSySMbe7E+sGVQcQdEyulq4Wnp5ryYD7FQO/fc=";
- homepage = "https://registry.terraform.io/providers/integrations/github";
- owner = "integrations";
- repo = "terraform-provider-github";
- rev = "v6.0.0";
- vendorHash = null;
- })
+ inherit (pkgs) just mkShell terraform-docs;
+ terraform = pkgs.terraform.withPlugins (ps: [
+ ps.github
  ]);
  in {
  _module.args.pkgs = import nixpkgs {
@@ -36,10 +26,10 @@
  };
 
  devShells = {
- default = pkgs.mkShell {
- buildInputs = [
+ default = mkShell {
+ inputsFrom = [config.packages.default];
+ nativeBuildInputs = [
  just
- terraform
  terraform-docs
  ];
  };
@@ -53,7 +43,6 @@
  } ''
  mkdir -p $out
  cp -R $src/*.tf $out
-
  ${terraform}/bin/terraform -chdir="$out" init
  ${terraform}/bin/terraform -chdir="$out" validate
  '';

justfile

@@ -1,23 +1,6 @@
 _default:
  just --list
 
-build:
- nix build --json --no-link --print-build-logs
-
-cache-build cache_name="altf4llc-os":
- just build \
- | jq -r '.[].outputs | to_entries[].value' \
- | cachix push {{ cache_name }}
-
-cache-inputs cache_name="altf4llc-os":
- nix flake archive --json \
- | jq -r '.path,(.inputs|to_entries[].value.path)' \
- | cachix push "{{ cache_name }}"
-
-cache-shell cache_name="altf4llc-os":
- nix develop --profile "dev-profile" -c true
- cachix push "{{ cache_name }}" "dev-profile"
-
 check:
  nix flake check
 
@@ -29,5 +12,8 @@ docs:
 init:
  terraform init
 
+package:
+ nix build --json --no-link --print-build-logs .
+
 validate:
  terraform validate

versions.tf

@@ -2,7 +2,7 @@ terraform {
  required_providers {
  github = {
  source = "integrations/github"
- version = "6.0.0"
+ version = "~> 6.0"
  }
  }
 }