Restore release cadence (#155)

* Revert "feat: use security-group module instead of resource (#117)" This reverts commit 4988650. * Implement deferred maintenance
cloudposse · Dec 27, 2021 · 5777ca3 · 5777ca3
1 parent dba1474
commit 5777ca3
Show file tree

Hide file tree

Showing 22 changed files with 1,400 additions and 546 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -15,8 +15,8 @@
 
 # Cloud Posse must review any changes to standard context definition,
 # but some changes can be rubber-stamped.
-**/*.tf       @cloudposse/engineering @cloudposse/approvers
-README.yaml   @cloudposse/engineering @cloudposse/approvers
+**/*.tf       @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+README.yaml   @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 README.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 docs/*.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 

diff --git a/.github/auto-release.yml b/.github/auto-release.yml
@@ -17,6 +17,7 @@ version-resolver:
     - 'bugfix'
     - 'bug'
     - 'hotfix'
+    - 'no-release'
   default: 'minor'
 
 categories:
@@ -46,7 +47,7 @@ template: |
 
 replacers:
 # Remove irrelevant information from Renovate bot
-- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
   replace: ''
 # Remove Renovate bot banner image
 - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'

diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml
@@ -0,0 +1,55 @@
+name: "auto-readme"
+on:
+  schedule:
+  # Example of job definition:
+  # .---------------- minute (0 - 59)
+  # |  .------------- hour (0 - 23)
+  # |  |  .---------- day of month (1 - 31)
+  # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
+  # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+  # |  |  |  |  |
+  # *  *  *  *  * user-name command to be executed
+
+  # Update README.md nightly at 4am UTC
+  - cron:  '0 4 * * *'
+
+jobs:
+  update:
+    if: github.event_name == 'schedule'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Update readme
+      shell: bash
+      id: update
+      env:
+        GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+      run: |
+        make init
+        make readme/build
+        # Ignore changes if they are only whitespace
+        git diff --ignore-all-space --ignore-blank-lines --quiet README.md && { git restore README.md; echo Ignoring whitespace-only changes in README; }
+
+    - name: Create Pull Request
+      # This action will not create or change a pull request if there are no changes to make.
+      # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR.
+      uses: cloudposse/actions/github/[email protected]
+      with:
+        token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+        commit-message: Update README.md and docs
+        title: Update README.md and docs
+        body: |-
+          ## what
+          This is an auto-generated PR that updates the README.md and docs
+
+          ## why
+          To have most recent changes of README.md and doc from origin templates
+
+        branch: auto-update/readme
+        base: main
+        delete-branch: true
+        labels: |
+          auto-update
+          no-release
+          readme
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
@@ -3,7 +3,9 @@ name: auto-release
 on:
   push:
     branches:
+      - main
       - master
+      - production
 
 jobs:
   publish:
@@ -14,11 +16,10 @@ jobs:
         id: get-merged-pull-request
         with:
           github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
-      # Drafts your next Release notes as Pull Requests are merged into "master"
+      # Drafts your next Release notes as Pull Requests are merged into "main"
       - uses: release-drafter/release-drafter@v5
-        if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')"
         with:
-          publish: true
+          publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }}
           prerelease: false
           config-name: auto-release.yml
         env:

diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
@@ -1,5 +1,7 @@
 name: Validate Codeowners
 on:
+  workflow_dispatch:
+
   pull_request:
 
 jobs:

diff --git a/README.md b/README.md
diff --git a/README.yaml b/README.yaml
@@ -18,7 +18,7 @@ related:
   url: https://github.com/cloudposse/terraform-aws-alb-ingress
 - name: terraform-aws-codebuild
   description: Terraform Module to easily leverage AWS CodeBuild for Continuous Integration
-  url: https://github.com/cloudposse/terraform-aws-codebuild  
+  url: https://github.com/cloudposse/terraform-aws-codebuild
 - name: terraform-aws-ecr
   description: Terraform Module to manage Docker Container Registries on AWS ECR
   url: https://github.com/cloudposse/terraform-aws-ecr
@@ -124,7 +124,7 @@ usage: |2-
     ecs_cluster_arn                    = aws_ecs_cluster.default.arn
     launch_type                        = var.ecs_launch_type
     vpc_id                             = module.vpc.vpc_id
-    security_groups                    = [module.vpc.vpc_default_security_group_id]
+    security_group_ids                 = [module.vpc.vpc_default_security_group_id]
     subnet_ids                         = module.subnets.public_subnet_ids
     tags                               = var.tags
     ignore_changes_task_definition     = var.ignore_changes_task_definition
@@ -135,41 +135,9 @@ usage: |2-
     deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
     deployment_maximum_percent         = var.deployment_maximum_percent
     deployment_controller_type         = var.deployment_controller_type
-    circuit_breaker_deployment_enabled = var.circuit_breaker_deployment_enabled
-    circuit_breaker_rollback_enabled   = var.circuit_breaker_rollback_enabled
     desired_count                      = var.desired_count
     task_memory                        = var.task_memory
     task_cpu                           = var.task_cpu
-
-    security_group_rules = [
-      {
-        type                     = "egress"
-        from_port                = 0
-        to_port                  = 0
-        protocol                 = -1
-        cidr_blocks              = ["0.0.0.0/0"]
-        source_security_group_id = null
-        description              = "Allow all outbound traffic"
-      },
-      {
-        type                     = "ingress"
-        from_port                = 8
-        to_port                  = 0
-        protocol                 = "icmp"
-        cidr_blocks              = ["0.0.0.0/0"]
-        source_security_group_id = null
-        description              = "Enables ping command from anywhere, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-ping"
-      },
-      {
-        type                     = "ingress"
-        from_port                = 80
-        to_port                  = 80
-        protocol                 = "tcp"
-        cidr_blocks              = []
-        source_security_group_id = module.vpc.vpc_default_security_group_id
-        description              = "Allow inbound traffic to container port"
-      }
-    ]
   }
   ```
 
@@ -229,5 +197,3 @@ contributors:
   github: nitrocode
 - name: Maxim Mironenko
   github: maximmi
-- name: Vladimir Syromyatnikov
-  github: SweetOps