Initial implementation (#1)

seqsense · Apr 30, 2021 · 4e97f85 · 4e97f85
1 parent 00a74fe
commit 4e97f85
Show file tree

Hide file tree

Showing 11 changed files with 268 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,33 @@
+name: ci
+on:
+  push:
+    branches:
+      - '**'
+      - '!master'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: prepare test data
+        run: |
+          sed 's/3\.35\.0/3.36.0/' -i test/versions.tf
+          git add test/versions.tf
+          git config user.name "Dummy"
+          git config user.email "[email protected]"
+          git commit -m "Test"
+      - name: run
+        uses: ./
+        with:
+          git_user: Dummy
+          git_email: [email protected]
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          push: no
+      - name: validate
+        run: |
+          grep 'version     = "3.36.0"' test/.terraform.lock.hcl
+          grep 'constraints = "3.36.0"' test/.terraform.lock.hcl
+          ! grep 'version     = "3.35.0"' test/.terraform.lock.hcl
+          ! grep 'constraints = "3.35.0"' test/.terraform.lock.hcl
diff --git a/.github/workflows/version-tag.yml b/.github/workflows/version-tag.yml
@@ -0,0 +1,19 @@
+name: version-tag
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+jobs:
+  version-tag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: tag
+        run: |
+          git remote set-url origin https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
+          git tag $(basename ${TAG%.*.*})
+          git tag $(basename ${TAG%.*})
+          git push origin -f --tags
+        env:
+          TAG: ${{ github.ref }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,10 @@
+FROM alpine
+
+RUN apk add --no-cache bash curl git
+
+ARG TFENV_VERSION=v2.2.1
+RUN git clone --branch ${TFENV_VERSION} --depth 1 https://github.com/tfutils/tfenv.git ~/.tfenv \
+ && ln -s ~/.tfenv/bin/* /usr/local/bin
+
+COPY entrypoint.sh /
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -1,2 +1,36 @@
 # terraform-lock-fix-action
 GitHub Action to update .terraform.lock.hcl
+
+## Example
+
+Example to automatically fix `.terraform.lock.hcl` in Renovate Bot's pull requests.
+
+This action internally uses [tfutils/tfenv](https://github.com/tfutils/tfenv) to install Terraform.
+It can automatically detect your project's Terraform versions.
+
+See https://github.com/tfutils/tfenv#tfenv-install-version for more details.
+
+```yaml
+name: terraform-lock-fix
+on:
+  push:
+    branches:
+      - renovate/*
+
+jobs:
+  terraform-lock-fix:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+      - name: fix
+        uses: seqsense/terraform-lock-fix-action@v0
+        with:
+          git_user: @@MAINTAINER_NAME@@
+          git_email: @@MAINTAINER_EMAIL_ADDRESS@@
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          commit_style: squash
+          push: force
+```
diff --git a/action.yml b/action.yml
@@ -0,0 +1,26 @@
+name: "Go sum fix"
+description: "Update .terraform.lock.hcl."
+inputs:
+  github_token:
+    description: "GITHUB_TOKEN."
+    required: true
+  git_user:
+    description: "User name of commit author."
+    required: true
+  git_email:
+    description: "E-mail address of commit author."
+    required: true
+  commit_style:
+    description: "Commit style. (add|squash)"
+  commit_message:
+    description: "Commit message."
+  push:
+    description: "Push to the branch? (no|yes|force)"
+  lock_file_paths:
+    description: "Space separated list of the paths to the directories of .terraform.lock.hcl. Automatically detected by default."
+runs:
+  using: "docker"
+  image: "Dockerfile"
+branding:
+  icon: "refresh-ccw"
+  color: "white"
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+
+cd "${GITHUB_WORKSPACE}" \
+  || (echo "Workspace is unavailable" >&2; exit 1)
+
+if [ -z "${INPUT_GITHUB_TOKEN}" ]
+then
+  echo "github_token is not provided" >&2
+  exit 1
+fi
+
+set -eu
+
+if [ ! "$(git show HEAD --pretty=format:%ae -s)" = "[email protected]" ]
+then
+  echo "HEAD commit author is not Renovate Bot" >&2
+  exit 0
+fi
+
+BRANCH=$(git symbolic-ref -q --short HEAD) \
+  || (echo "You are in 'detached HEAD' state" >&2; exit 1)
+
+echo "Setting up authentication"
+cp .git/config .git/config.bak
+revert_git_config() {
+  mv .git/config.bak .git/config
+}
+trap revert_git_config EXIT
+
+git config --unset http."https://github.com/".extraheader || true
+git config --global --add http."https://github.com/".extraheader "Authorization: Basic $(echo -n "x-access-token:${INPUT_GITHUB_TOKEN}" | base64 | tr -d '\n')"
+git config user.name ${INPUT_GIT_USER}
+git config user.email ${INPUT_GIT_EMAIL}
+
+INPUT_LOCK_FILE_PATHS=${INPUT_LOCK_FILE_PATHS:-$(find . -name .terraform.lock.hcl | xargs -r -n1 dirname)}
+
+echo "Updating"
+echo ${INPUT_LOCK_FILE_PATHS} | xargs -r -n1 echo | while read dir
+do
+  cd ${dir}
+  tfenv install
+  echo -e 'terraform {\n  backend "local" {}\n}' > backend_override.tf
+  terraform init -input=false -upgrade
+  rm -f backend_override.tf
+  cd "${GITHUB_WORKSPACE}"
+done
+
+if git diff --exit-code
+then
+  echo "Up-to-date"
+  exit 0
+fi
+
+case ${INPUT_COMMIT_STYLE:-add} in
+  add)
+    git add .;
+    git commit -m ${INPUT_COMMIT_MESSAGE:-"Fix .terraform.lock.hcl"};
+    ;;
+  squash)
+    git add .;
+    git commit --amend --no-edit;
+    ;;
+  *)
+    echo "Unknown commit_style value: ${INPUT_COMMIT_STYLE}" >&2;
+    exit 1;
+    ;;
+esac
+
+echo "Pushing to the repository"
+origin=https://github.com/${GITHUB_REPOSITORY}
+case ${INPUT_PUSH:-no} in
+  no)
+    ;;
+  yes)
+    git push --verbose ${origin} ${BRANCH};
+    ;;
+  force)
+    git push --verbose -f ${origin} ${BRANCH};
+    ;;
+  *)
+    echo "Unknown push value: ${INPUT_PUSH}" >&2;
+    exit 1;
+    ;;
+esac
diff --git a/test/.terraform-version b/test/.terraform-version
@@ -0,0 +1 @@
+0.14.10
diff --git a/test/.terraform.lock.hcl b/test/.terraform.lock.hcl
diff --git a/test/backend.tf b/test/backend.tf
@@ -0,0 +1,7 @@
+terraform {
+  backend "s3" {
+    bucket = "my-terraform-state-bucket"
+    key    = "terraform.tfstate"
+    region = "ap-northeast-1"
+  }
+}
diff --git a/test/ec2.tf b/test/ec2.tf
@@ -0,0 +1,24 @@
+data "aws_ami" "ubuntu" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"] # Canonical
+}
+
+resource "aws_instance" "web" {
+  ami           = data.aws_ami.ubuntu.id
+  instance_type = "t3.micro"
+
+  tags = {
+    Name = "HelloWorld"
+  }
+}
diff --git a/test/versions.tf b/test/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.35.0"
+    }
+  }
+  required_version = ">= 0.14"
+}