From 37f60faa6385978f2e29a180066c157eb905de44 Mon Sep 17 00:00:00 2001 From: Benjamin Smith Date: Thu, 29 Jun 2023 14:38:36 -0400 Subject: [PATCH] Bugfix: deprecated field `filter` (#44) * alternate_identifier * update workflows * update workflows --- .github/auto-release.yml | 1 + .github/workflows/auto-format.yml | 88 -------------------- .github/workflows/auto-release.yml | 26 ------ .github/workflows/chatops.yml | 37 -------- .github/workflows/feature-branch-chatops.yml | 16 ++++ .github/workflows/feature-branch.yml | 19 +++++ .github/workflows/release-branch.yml | 22 +++++ .github/workflows/release-published.yml | 14 ++++ .github/workflows/scheduled.yml | 17 ++++ .github/workflows/validate-codeowners.yml | 30 ------- modules/account-assignments/main.tf | 8 +- 11 files changed, 94 insertions(+), 184 deletions(-) delete mode 100644 .github/workflows/auto-format.yml delete mode 100644 .github/workflows/auto-release.yml delete mode 100644 .github/workflows/chatops.yml create mode 100644 .github/workflows/feature-branch-chatops.yml create mode 100644 .github/workflows/feature-branch.yml create mode 100644 .github/workflows/release-branch.yml create mode 100644 .github/workflows/release-published.yml create mode 100644 .github/workflows/scheduled.yml delete mode 100644 .github/workflows/validate-codeowners.yml diff --git a/.github/auto-release.yml b/.github/auto-release.yml index 17cd39c..cc9bf05 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -18,6 +18,7 @@ version-resolver: - 'bug' - 'hotfix' default: 'minor' +filter-by-commitish: true categories: - title: '🚀 Enhancements' diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml deleted file mode 100644 index 375d0fd..0000000 --- a/.github/workflows/auto-format.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Auto Format -on: - pull_request_target: - types: [opened, synchronize] - -jobs: - auto-format: - runs-on: ubuntu-latest - container: cloudposse/build-harness:latest - steps: - # Checkout the pull request branch - # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using - # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains - # a workflow configured to run when push events occur." - # However, using a personal access token will cause events to be triggered. - # We need that to ensure a status gets posted after the auto-format commit. - # We also want to trigger tests if the auto-format made no changes. - - uses: actions/checkout@v2 - if: github.event.pull_request.state == 'open' - name: Privileged Checkout - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - # Check out the PR commit, not the merge commit - # Use `ref` instead of `sha` to enable pushing back to `ref` - ref: ${{ github.event.pull_request.head.ref }} - - # Do all the formatting stuff - - name: Auto Format - if: github.event.pull_request.state == 'open' - shell: bash - env: - GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host - - # Commit changes (if any) to the PR branch - - name: Commit changes to the PR branch - if: github.event.pull_request.state == 'open' - shell: bash - id: commit - env: - SENDER: ${{ github.event.sender.login }} - run: | - set -x - output=$(git diff --name-only) - - if [ -n "$output" ]; then - echo "Changes detected. Pushing to the PR branch" - git config --global user.name 'cloudpossebot' - git config --global user.email '11232728+cloudpossebot@users.noreply.github.com' - git add -A - git commit -m "Auto Format" - # Prevent looping by not pushing changes in response to changes from cloudpossebot - [[ $SENDER == "cloudpossebot" ]] || git push - # Set status to fail, because the push should trigger another status check, - # and we use success to indicate the checks are finished. - printf "::set-output name=%s::%s\n" "changed" "true" - exit 1 - else - printf "::set-output name=%s::%s\n" "changed" "false" - echo "No changes detected" - fi - - - name: Auto Test - uses: cloudposse/actions/github/repository-dispatch@0.22.0 - # match users by ID because logins (user names) are inconsistent, - # for example in the REST API Renovate Bot is `renovate[bot]` but - # in GraphQL it is just `renovate`, plus there is a non-bot - # user `renovate` with ID 1832810. - # Mergify bot: 37929162 - # Renovate bot: 29139614 - # Cloudpossebot: 11232728 - # Need to use space separators to prevent "21" from matching "112144" - if: > - contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) - && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - repository: cloudposse/actions - event-type: test-command - client-payload: |- - { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}}, - "pull_request": ${{ toJSON(github.event.pull_request) }}, - "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }}, - "comment": {"id": ""} - } - } - } diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml deleted file mode 100644 index 17d6cab..0000000 --- a/.github/workflows/auto-release.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: auto-release - -on: - push: - branches: - - main - - master - - production - -jobs: - publish: - runs-on: ubuntu-latest - steps: - # Get PR from merged commit to master - - uses: actions-ecosystem/action-get-merged-pull-request@v1 - id: get-merged-pull-request - with: - github_token: ${{ secrets.REPO_ACCESS_TOKEN }} - # Drafts your next Release notes as Pull Requests are merged into "main" - - uses: release-drafter/release-drafter@v5 - with: - publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }} - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml deleted file mode 100644 index 4ddc067..0000000 --- a/.github/workflows/chatops.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: chatops -on: - issue_comment: - types: [created] - -jobs: - default: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - repository: cloudposse/actions - commands: rebuild-readme, terraform-fmt - permission: triage - issue-type: pull-request - - test: - runs-on: ubuntu-latest - steps: - - name: "Checkout commit" - uses: actions/checkout@v2 - - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - repository: cloudposse/actions - commands: test - permission: triage - issue-type: pull-request - reactions: false - - diff --git a/.github/workflows/feature-branch-chatops.yml b/.github/workflows/feature-branch-chatops.yml new file mode 100644 index 0000000..9abfc61 --- /dev/null +++ b/.github/workflows/feature-branch-chatops.yml @@ -0,0 +1,16 @@ +--- +name: feature-branch-chatops +on: + issue_comment: + types: [created] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch-chatops.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml new file mode 100644 index 0000000..8faa955 --- /dev/null +++ b/.github/workflows/feature-branch.yml @@ -0,0 +1,19 @@ +--- +name: feature-branch +on: + pull_request: + branches: + - main + - release/** + types: [opened, synchronize, reopened, labeled, unlabeled] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml new file mode 100644 index 0000000..3f8fe62 --- /dev/null +++ b/.github/workflows/release-branch.yml @@ -0,0 +1,22 @@ +--- +name: release-branch +on: + push: + branches: + - main + - release/** + paths-ignore: + - '.github/**' + - 'docs/**' + - 'examples/**' + - 'test/**' + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml new file mode 100644 index 0000000..f86352b --- /dev/null +++ b/.github/workflows/release-published.yml @@ -0,0 +1,14 @@ +--- +name: release-published +on: + release: + types: + - published + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 0000000..163be0b --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,17 @@ +--- +name: scheduled +on: + workflow_dispatch: { } # Allows manually trigger this workflow + schedule: + - cron: "0 3 * * *" + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + scheduled: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/scheduled.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml deleted file mode 100644 index b3f7c32..0000000 --- a/.github/workflows/validate-codeowners.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Validate Codeowners -on: - workflow_dispatch: - - pull_request: - -jobs: - validate-codeowners: - runs-on: ubuntu-latest - steps: - - name: "Checkout source code at current commit" - uses: actions/checkout@v2 - # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name == github.repository - name: "Full check of CODEOWNERS" - with: - # For now, remove "files" check to allow CODEOWNERS to specify non-existent - # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos - # checks: "files,syntax,owners,duppatterns" - checks: "syntax,owners,duppatterns" - owner_checker_allow_unowned_patterns: "false" - # GitHub access token is required only if the `owners` check is enabled - github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}" - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name != github.repository - name: "Syntax check of CODEOWNERS" - with: - checks: "syntax,duppatterns" - owner_checker_allow_unowned_patterns: "false" diff --git a/modules/account-assignments/main.tf b/modules/account-assignments/main.tf index 6f90cdb..42d9d23 100644 --- a/modules/account-assignments/main.tf +++ b/modules/account-assignments/main.tf @@ -22,9 +22,11 @@ data "aws_identitystore_user" "this" { for_each = local.user_list identity_store_id = local.identity_store_id - filter { - attribute_path = "UserName" - attribute_value = each.key + alternate_identifier { + unique_attribute { + attribute_path = "UserName" + attribute_value = each.key + } } depends_on = [null_resource.dependency]