From 0f51e4b931009b07681a2d70feec1d8670061e38 Mon Sep 17 00:00:00 2001
From: Volodymyr S <26582191+SweetOps@users.noreply.github.com>
Date: Wed, 5 Jul 2023 15:39:54 -0400
Subject: [PATCH] feat: introduce new option ignore_changes_enabled and update
actions (#7)
---
.github/workflows/docs.yml | 8 ++++----
.github/workflows/labeler.yml | 4 ++--
.github/workflows/labels.yml | 6 +++---
.github/workflows/pr-lint.yml | 9 +++++++--
.github/workflows/release.yml | 15 +++++++--------
.github/workflows/stale.yml | 21 ++++++++++-----------
.github/workflows/terraform.yml | 4 ++--
.github/workflows/tflint.yml | 4 ++--
.github/workflows/tfsec.yml | 4 ++--
README.md | 3 ++-
examples/basic/main.tf | 1 -
examples/replicated/main.tf | 1 -
main.tf | 20 +++++++++++++++++---
variables.tf | 10 +++++-----
14 files changed, 63 insertions(+), 47 deletions(-)
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index f198bfc..5cbd7cf 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -6,12 +6,12 @@ jobs:
docs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Render terraform docs inside the examples/basic/README.md
- uses: terraform-docs/gh-actions@v0.11.0
+ uses: terraform-docs/gh-actions@v1.0.0
with:
working-dir: ./examples/basic/
git-push: "false"
@@ -19,7 +19,7 @@ jobs:
config-file: ".terraform-docs.yml"
- name: Render terraform docs inside the examples/basic/README.md
- uses: terraform-docs/gh-actions@v0.11.0
+ uses: terraform-docs/gh-actions@v1.0.0
with:
working-dir: ./examples/replicated/
git-push: "false"
@@ -27,7 +27,7 @@ jobs:
config-file: ".terraform-docs.yml"
- name: Render terraform docs inside the README.md
- uses: terraform-docs/gh-actions@v0.11.0
+ uses: terraform-docs/gh-actions@v1.0.0
with:
working-dir: .
git-push: "true"
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 300e87c..e1edd65 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -8,7 +8,7 @@ jobs:
name: Auto Label
runs-on: ubuntu-latest
steps:
- - uses: fuxingloh/multi-labeler@v1.5.0
+ - uses: fuxingloh/multi-labeler@v2.0.3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- config-path: .github/labeler.yml
\ No newline at end of file
+ config-path: .github/labeler.yml
diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index d50f02a..7cee808 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -12,10 +12,10 @@ jobs:
name: Sync labels in the declarative way
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
- - uses: micnncim/action-label-syncer@v0.3.1
+ - uses: actions/checkout@v3
+ - uses: micnncim/action-label-syncer@v1.3.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
with:
- manifest: .github/labels.yml
\ No newline at end of file
+ manifest: .github/labels.yml
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index f138c4d..43c0041 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -2,6 +2,11 @@ name: PR title conformance
on:
pull_request_target:
+ types:
+ - opened
+ - reopened
+ - edited
+ - synchronize
jobs:
lint-pr:
@@ -9,7 +14,7 @@ jobs:
steps:
- name: Lint PR
- uses: aslafy-z/conventional-pr-title-action@v2.4.1
+ uses: aslafy-z/conventional-pr-title-action@v3.0.1
with:
preset: conventional-changelog-angular@^5.0.6
env:
@@ -17,7 +22,7 @@ jobs:
- name: Comment for PR title conformance
if: failure()
- uses: peter-evans/create-or-update-comment@v1
+ uses: peter-evans/create-or-update-comment@v3
with:
issue-number: ${{tojson(github.event.number)}}
body: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1fcfc37..a0db1b0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,3 @@
-
name: Release Drafter
on:
@@ -11,10 +10,10 @@ jobs:
publish:
runs-on: ubuntu-latest
steps:
- - uses: release-drafter/release-drafter@v5
- with:
- publish: true
- prerelease: false
- config-name: auto-release.yml
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
+ - uses: release-drafter/release-drafter@v5
+ with:
+ publish: true
+ prerelease: false
+ config-name: auto-release.yml
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 9447b05..3d7fd49 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -2,20 +2,19 @@ name: Mark stale issues and pull requests
on:
schedule:
- - cron: "0 12 * * *"
+ - cron: "0 12 * * *"
jobs:
stale:
-
runs-on: ubuntu-latest
steps:
- - uses: actions/stale@v1
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
- stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days'
- stale-pr-message: 'This pull-request is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days'
- stale-issue-label: 'no-issue-activity'
- stale-pr-label: 'no-pr-activity'
- days-before-stale: 30
- days-before-close: 5
\ No newline at end of file
+ - uses: actions/stale@v8
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ stale-issue-message: "This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days"
+ stale-pr-message: "This pull-request is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days"
+ stale-issue-label: "no-issue-activity"
+ stale-pr-label: "no-pr-activity"
+ days-before-stale: 30
+ days-before-close: 5
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 010bdb6..99e1d12 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -9,10 +9,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Setup Terraform
- uses: hashicorp/setup-terraform@v1
+ uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.0
diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
index 146a0d8..c32a059 100644
--- a/.github/workflows/tflint.yml
+++ b/.github/workflows/tflint.yml
@@ -9,10 +9,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Setup Terraform
- uses: hashicorp/setup-terraform@v1
+ uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.0
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
index d6682ab..aae03e4 100644
--- a/.github/workflows/tfsec.yml
+++ b/.github/workflows/tfsec.yml
@@ -10,10 +10,10 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Setup Terraform
- uses: hashicorp/setup-terraform@v1
+ uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.0
diff --git a/README.md b/README.md
index 070a544..61bf4f0 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,7 @@ module "secrets" {
| [aws_secretsmanager_secret.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_rotation.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_rotation) | resource |
| [aws_secretsmanager_secret_version.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
+| [aws_secretsmanager_secret_version.ignore_changes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
## Inputs
@@ -96,7 +97,7 @@ module "secrets" {
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [replicas](#input\_replicas) | kms\_key\_id:
ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to.
region:
Region for replicating the secret. |
list(| `[]` | no | | [rotation](#input\_rotation) | enabled:
object(
{
kms_key_id = string
region = string
}
)
)
object({|
enabled = optional(bool, false)
lambda_arn = string
automatically_after_days = number
})
{| no | -| [secret\_version](#input\_secret\_version) | enabled:
"automatically_after_days": 0,
"lambda_arn": ""
}
object({| `{}` | no | +| [secret\_version](#input\_secret\_version) | ignore\_changes\_enabled:
enabled = optional(bool, true)
secret_string = optional(string)
secret_binary = optional(string)
})
object({| `{}` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
secret_string = optional(string, "{}")
secret_binary = optional(string)
ignore_changes_enabled = optional(bool, false)
})