Skip to content

Commit

Permalink
Merge branch 'main' into oci
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored Oct 9, 2023
2 parents 07d2de4 + 20c94c5 commit 80735c5
Show file tree
Hide file tree
Showing 19 changed files with 2,742 additions and 797 deletions.
9 changes: 6 additions & 3 deletions .github/workflows/deploy-cdktf-stacks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ on:

jobs:
terraform:
name: "Terraform CDK Diff"
name: "Terraform CDK Deploy"
runs-on: ubuntu-latest
strategy:
fail-fast: false
Expand All @@ -27,12 +27,13 @@ jobs:
- name: Setup Terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
with:
terraform_version: 1.0.7
terraform_version: 1.5.7
cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}
terraform_wrapper: false

- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: "14"
node-version: "18"

- name: Install
run: yarn install
Expand All @@ -41,13 +42,15 @@ jobs:
run: "$(yarn bin)/cdktf deploy --auto-approve '${{ matrix.stack }}'"
env:
TERRAFORM_CLOUD_TOKEN: ${{ secrets.TF_CLOUD_TOKEN }}
CDKTF_LOG_LEVEL: all

- name: Send failures to Slack
if: ${{ failure() && !cancelled() }}
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
with:
payload: |
{
"provider_name": "stack deploy ${{ matrix.stack }}",
"run_url": "https://github.com/cdktf/cdktf-repository-manager/actions/runs/${{ github.run_id }}"
}
env:
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/diff-cdktf-stacks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,13 @@ jobs:
- name: Setup Terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
with:
terraform_version: 1.0.7
terraform_version: 1.4.6
cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}
terraform_wrapper: false

- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: "14"
node-version: "18"

- run: yarn install
- name: Synth
Expand Down
65 changes: 65 additions & 0 deletions .github/workflows/upgrade-node.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: upgrade-node
on:
schedule:
- cron: '39 5 * * *'
workflow_dispatch: {}
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
upgrade:
name: Upgrade Node.js
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Install
run: yarn install
- name: Get current Node.js version
id: current_version
run: |-
ENGINES_NODE_VERSION=$(npm pkg get engines.node | tr -d '"')
CURRENT_VERSION=$(cut -d " " -f 2 <<< "$ENGINES_NODE_VERSION")
CURRENT_VERSION_SHORT=$(cut -d "." -f 1 <<< "$CURRENT_VERSION")
echo "CURRENT_NODEJS_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
echo "CURRENT_NODEJS_VERSION_SHORT=$CURRENT_VERSION_SHORT" >> $GITHUB_ENV
echo "value=$CURRENT_VERSION" >> $GITHUB_OUTPUT
echo "short=$CURRENT_VERSION_SHORT" >> $GITHUB_OUTPUT
- name: Get the earliest supported Node.js version whose EOL date is at least a month away
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |-
const script = require('./scripts/check-node-versions.js')
await script({github, context, core})
- name: Update the package with the new minimum Node version and update @types/node
if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT
run: |-
npm pkg set engines.node=">= $NEW_NODEJS_VERSION"
yarn add -D @types/node@^$NEW_NODEJS_VERSION_SHORT
- name: Set the new minNodeVersion in the Projen template
if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT
run: 'sed -i "s/minNodeVersion: \".*\",/minNodeVersion: \"$NEW_NODEJS_VERSION\",/" ./projenrc.template.js'
- name: Update the Node version used in GitHub Actions workflows
if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT
run: 'find ./.github/workflows -type f -name "*.yml" -print0 | xargs -0 sed -i "s/node-version: \".*\"/node-version: \"$NEW_NODEJS_VERSION_SHORT\"/g"'
- name: Get values for pull request
id: latest_version
if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT
run: |-
echo "value=$NEW_NODEJS_VERSION" >> $GITHUB_OUTPUT
echo "short=$NEW_NODEJS_VERSION_SHORT" >> $GITHUB_OUTPUT
- name: Create Pull Request
if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT
uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1
with:
commit-message: "chore!: increase minimum supported Node.js version to ${{ steps.latest_version.outputs.short }}"
branch: auto/upgrade-node-${{ steps.latest_version.outputs.short }}
base: main
title: "chore!: increase minimum supported Node.js version to ${{ steps.latest_version.outputs.short }}"
body: This PR increases the minimum supported Node.js version to `${{ steps.latest_version.outputs.value }}` from `${{ steps.current_version.outputs.value }}` because version ${{ steps.current_version.outputs.short }} is less than 30 days away from EOL.
labels: automerge,automated,security
token: ${{ secrets.GH_TOKEN_ACTIONS_UPDATER }}
author: team-tf-cdk <[email protected]>
committer: team-tf-cdk <[email protected]>
signoff: true
delete-branch: true
49 changes: 49 additions & 0 deletions .github/workflows/upgrade-terraform.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: upgrade-terraform
on:
schedule:
- cron: 32 23 * * 0
workflow_dispatch: {}
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
upgrade:
name: Upgrade Terraform
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Install
run: yarn install
- name: Get latest Terraform version
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |-
const script = require('./scripts/check-terraform-version.js')
await script({github, context, core})
- name: Parse latest Terraform version into variables
id: latest_version
run: |-
TERRAFORM_VERSION_MINOR=$(cut -d "." -f 2 <<< "$NEW_TERRAFORM_VERSION")
echo "NEW_TERRAFORM_VERSION_MINOR=$TERRAFORM_VERSION_MINOR" >> $GITHUB_ENV
echo "value=$NEW_TERRAFORM_VERSION" >> $GITHUB_OUTPUT
echo "minor=$TERRAFORM_VERSION_MINOR" >> $GITHUB_OUTPUT
- name: Update the Terraform version used in GitHub Actions workflows
run: |-
find ./.github/workflows -type f -name "*.yml" -print0 | xargs -0 sed -i "s/terraform_version: \".*\"/terraform_version: \"$NEW_TERRAFORM_VERSION\"/g"
- name: Create pull request
uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666
with:
base: main
branch: auto/upgrade-terraform-1-${{ steps.latest_version.outputs.minor }}
commit-message: "chore: upgrade Terraform to ${{ steps.latest_version.outputs.value }}"
title: "chore: upgrade Terraform to ${{ steps.latest_version.outputs.value }}"
body: |-
This PR increases the version of Terraform used by this project's `diff` and `deploy` workflows to version `${{ steps.latest_version.outputs.value }}`.
Please carefully inspect the diff output resulting from the checks below before merging this PR.
labels: automated,dependencies
token: ${{ secrets.GH_TOKEN_ACTIONS_UPDATER }}
author: team-tf-cdk <[email protected]>
committer: team-tf-cdk <[email protected]>
signoff: true
delete-branch: true
4 changes: 2 additions & 2 deletions cdktf.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"language": "typescript",
"app": "npm run --silent compile && node main.js",
"app": "npx tsx main.ts",
"projectId": "46fb4da5-e0c7-486d-aba8-24e91527e550"
}
}
24 changes: 24 additions & 0 deletions lib/logical-id-override.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/

import { TerraformElement } from "cdktf";
import { Node } from "constructs";
import { makeUniqueId } from "./unique-id-override";

function allocateLogicalId(tfElement: TerraformElement | Node): string {
const node = TerraformElement.isTerraformElement(tfElement)
? tfElement.node
: tfElement;

// This is the previous behavior, which we want for now.
const stackIndex = 0;

const components = node.scopes.slice(stackIndex + 1).map((c) => c.node.id);
return components.length > 0 ? makeUniqueId(components, false) : "";
}

export function setOldId(tfElement: TerraformElement): void {
tfElement.overrideLogicalId(allocateLogicalId(tfElement));
}
98 changes: 53 additions & 45 deletions lib/repository.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,15 @@
*/

import { Construct } from "constructs";
import {
Repository,
TeamRepository,
BranchProtection,
IssueLabel,
RepositoryWebhook,
GithubProvider,
DataGithubRepository,
} from "@cdktf/provider-github";
import { SecretFromVariable } from "./secrets";
import { GithubProvider } from "@cdktf/provider-github/lib/provider";
import { Repository } from "@cdktf/provider-github/lib/repository";
import { DataGithubRepository } from "@cdktf/provider-github/lib/data-github-repository";
import { IssueLabel } from "@cdktf/provider-github/lib/issue-label";
import { BranchProtection } from "@cdktf/provider-github/lib/branch-protection";
import { TeamRepository } from "@cdktf/provider-github/lib/team-repository";
import { RepositoryWebhook } from "@cdktf/provider-github/lib/repository-webhook";
import { setOldId } from "./logical-id-override";

export interface ITeam {
id: string;
Expand Down Expand Up @@ -51,50 +50,58 @@ export class RepositorySetup extends Construct {
webhookUrl,
} = config;

new IssueLabel(this, `automerge-label`, {
color: "5DC8DB",
name: "automerge",
repository: repository.name,
provider,
});
setOldId(
new IssueLabel(this, `automerge-label`, {
color: "5DC8DB",
name: "automerge",
repository: repository.name,
provider,
})
);

if (protectMain) {
new BranchProtection(this, "main-protection", {
pattern: "main",
repositoryId: repository.name,
enforceAdmins: true,
allowsDeletions: false,
allowsForcePushes: false,
requiredStatusChecks: [
{
strict: true,
contexts: protectMainChecks,
},
],
provider,
});
setOldId(
new BranchProtection(this, "main-protection", {
pattern: "main",
repositoryId: repository.name,
enforceAdmins: true,
allowsDeletions: false,
allowsForcePushes: false,
requiredStatusChecks: [
{
strict: true,
contexts: protectMainChecks,
},
],
provider,
})
);
}

new TeamRepository(this, "managing-team", {
repository: repository.name,
teamId: team.id,
permission: "admin",
provider,
});
setOldId(
new TeamRepository(this, "managing-team", {
repository: repository.name,
teamId: team.id,
permission: "admin",
provider,
})
);

// Slack integration so we can be notified about new PRs and Issues
new RepositoryWebhook(this, "slack-webhook", {
repository: repository.name,
setOldId(
new RepositoryWebhook(this, "slack-webhook", {
repository: repository.name,

configuration: {
url: webhookUrl,
contentType: "json",
},
configuration: {
url: webhookUrl,
contentType: "json",
},

// We don't need to notify about PRs since they are auto-created
events: ["issues"],
provider,
});
// We don't need to notify about PRs since they are auto-created
events: ["issues"],
provider,
})
);
}
}

Expand Down Expand Up @@ -133,6 +140,7 @@ export class GithubRepository extends Construct {
topics,
provider,
});
setOldId(this.resource);

new RepositorySetup(this, "repository-setup", {
...config,
Expand Down
41 changes: 22 additions & 19 deletions lib/secrets.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,15 @@
*/

import { Construct } from "constructs";
import { Resource, TerraformVariable } from "cdktf";
import {
ActionsSecret,
DataGithubRepository,
GithubProvider,
Repository,
} from "@cdktf/provider-github";
import { TerraformVariable } from "cdktf";
import { constantCase } from "change-case";
import { Repository } from "@cdktf/provider-github/lib/repository";
import { DataGithubRepository } from "@cdktf/provider-github/lib/data-github-repository";
import { GithubProvider } from "@cdktf/provider-github/lib/provider";
import { ActionsSecret } from "@cdktf/provider-github/lib/actions-secret";
import { setOldId } from "./logical-id-override";

export class SecretFromVariable extends Resource {
export class SecretFromVariable extends Construct {
public readonly name: string;
public readonly variable: TerraformVariable;
public secretNames: string[] = [];
Expand All @@ -39,20 +38,24 @@ export class SecretFromVariable extends Resource {
repository: Repository | DataGithubRepository,
ghProvider: GithubProvider
) {
const secret = new ActionsSecret(repository, `secret-${this.name}`, {
plaintextValue: this.variable.value,
secretName: constantCase(this.name),
repository: repository.name,
provider: ghProvider,
});

this.secretNames.forEach((name) => {
new ActionsSecret(repository, `secret-${this.name}-alias-${name}`, {
const secret = setOldId(
new ActionsSecret(repository, `secret-${this.name}`, {
plaintextValue: this.variable.value,
secretName: constantCase(name),
secretName: constantCase(this.name),
repository: repository.name,
provider: ghProvider,
});
})
);

this.secretNames.forEach((name) => {
setOldId(
new ActionsSecret(repository, `secret-${this.name}-alias-${name}`, {
plaintextValue: this.variable.value,
secretName: constantCase(name),
repository: repository.name,
provider: ghProvider,
})
);
});

return secret;
Expand Down
Loading

0 comments on commit 80735c5

Please sign in to comment.