diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 6b6c9ce..bd5f2df 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -8,7 +8,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v4 + - uses: dessant/lock-threads@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} issue-comment: > diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index cb32a0f..3973df4 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.0.2 + - uses: amannn/action-semantic-pull-request@v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index b198c6c..c2632d1 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,6 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 + TFLINT_VERSION: v0.50.3 jobs: collectInputs: @@ -17,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.2 + uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 preCommitMinVersions: name: Min TF pre-commit @@ -31,29 +32,39 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.2 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.2 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' preCommitMaxVersion: @@ -61,19 +72,28 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.2 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} install-hcledit: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68c0179..4a94226 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,7 @@ on: workflow_dispatch: push: branches: + - main - master paths: - '**/*.tpl' @@ -19,18 +20,18 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v3 + uses: cycjimmy/semantic-release-action@v4 with: - semantic_version: 18.0.0 + semantic_version: 23.0.2 extra_plugins: | - @semantic-release/changelog@6.0.0 - @semantic-release/git@10.0.0 - conventional-changelog-conventionalcommits@4.6.3 + @semantic-release/changelog@6.0.3 + @semantic-release/git@10.0.1 + conventional-changelog-conventionalcommits@7.0.2 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 5037995..6ccd0ed 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v6 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 314c02b..7c0a310 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,9 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.76.0 + rev: v1.88.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each - - id: terraform_validate - id: terraform_docs args: - '--args=--lockfile=false' @@ -23,8 +22,11 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' + - '--args=--only=terraform_unused_required_providers' + - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 + rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer + - id: trailing-whitespace diff --git a/wrappers/main.tf b/wrappers/main.tf index 6ab374a..a7e5ac9 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -3,41 +3,41 @@ module "wrapper" { for_each = var.items - create_table = try(each.value.create_table, var.defaults.create_table, true) - name = try(each.value.name, var.defaults.name, null) - attributes = try(each.value.attributes, var.defaults.attributes, []) - hash_key = try(each.value.hash_key, var.defaults.hash_key, null) - range_key = try(each.value.range_key, var.defaults.range_key, null) - billing_mode = try(each.value.billing_mode, var.defaults.billing_mode, "PAY_PER_REQUEST") - write_capacity = try(each.value.write_capacity, var.defaults.write_capacity, null) - read_capacity = try(each.value.read_capacity, var.defaults.read_capacity, null) - point_in_time_recovery_enabled = try(each.value.point_in_time_recovery_enabled, var.defaults.point_in_time_recovery_enabled, false) - ttl_enabled = try(each.value.ttl_enabled, var.defaults.ttl_enabled, false) - ttl_attribute_name = try(each.value.ttl_attribute_name, var.defaults.ttl_attribute_name, "") - global_secondary_indexes = try(each.value.global_secondary_indexes, var.defaults.global_secondary_indexes, []) - local_secondary_indexes = try(each.value.local_secondary_indexes, var.defaults.local_secondary_indexes, []) - replica_regions = try(each.value.replica_regions, var.defaults.replica_regions, []) - stream_enabled = try(each.value.stream_enabled, var.defaults.stream_enabled, false) - stream_view_type = try(each.value.stream_view_type, var.defaults.stream_view_type, null) - server_side_encryption_enabled = try(each.value.server_side_encryption_enabled, var.defaults.server_side_encryption_enabled, false) - server_side_encryption_kms_key_arn = try(each.value.server_side_encryption_kms_key_arn, var.defaults.server_side_encryption_kms_key_arn, null) - tags = try(each.value.tags, var.defaults.tags, {}) - timeouts = try(each.value.timeouts, var.defaults.timeouts, { - create = "10m" - update = "60m" - delete = "10m" - }) - autoscaling_enabled = try(each.value.autoscaling_enabled, var.defaults.autoscaling_enabled, false) + attributes = try(each.value.attributes, var.defaults.attributes, []) autoscaling_defaults = try(each.value.autoscaling_defaults, var.defaults.autoscaling_defaults, { scale_in_cooldown = 0 scale_out_cooldown = 0 target_value = 70 }) + autoscaling_enabled = try(each.value.autoscaling_enabled, var.defaults.autoscaling_enabled, false) + autoscaling_indexes = try(each.value.autoscaling_indexes, var.defaults.autoscaling_indexes, {}) autoscaling_read = try(each.value.autoscaling_read, var.defaults.autoscaling_read, {}) autoscaling_write = try(each.value.autoscaling_write, var.defaults.autoscaling_write, {}) - autoscaling_indexes = try(each.value.autoscaling_indexes, var.defaults.autoscaling_indexes, {}) - table_class = try(each.value.table_class, var.defaults.table_class, null) + billing_mode = try(each.value.billing_mode, var.defaults.billing_mode, "PAY_PER_REQUEST") + create_table = try(each.value.create_table, var.defaults.create_table, true) deletion_protection_enabled = try(each.value.deletion_protection_enabled, var.defaults.deletion_protection_enabled, null) - import_table = try(each.value.import_table, var.defaults.import_table, {}) + global_secondary_indexes = try(each.value.global_secondary_indexes, var.defaults.global_secondary_indexes, []) + hash_key = try(each.value.hash_key, var.defaults.hash_key, null) ignore_changes_global_secondary_index = try(each.value.ignore_changes_global_secondary_index, var.defaults.ignore_changes_global_secondary_index, false) + import_table = try(each.value.import_table, var.defaults.import_table, {}) + local_secondary_indexes = try(each.value.local_secondary_indexes, var.defaults.local_secondary_indexes, []) + name = try(each.value.name, var.defaults.name, null) + point_in_time_recovery_enabled = try(each.value.point_in_time_recovery_enabled, var.defaults.point_in_time_recovery_enabled, false) + range_key = try(each.value.range_key, var.defaults.range_key, null) + read_capacity = try(each.value.read_capacity, var.defaults.read_capacity, null) + replica_regions = try(each.value.replica_regions, var.defaults.replica_regions, []) + server_side_encryption_enabled = try(each.value.server_side_encryption_enabled, var.defaults.server_side_encryption_enabled, false) + server_side_encryption_kms_key_arn = try(each.value.server_side_encryption_kms_key_arn, var.defaults.server_side_encryption_kms_key_arn, null) + stream_enabled = try(each.value.stream_enabled, var.defaults.stream_enabled, false) + stream_view_type = try(each.value.stream_view_type, var.defaults.stream_view_type, null) + table_class = try(each.value.table_class, var.defaults.table_class, null) + tags = try(each.value.tags, var.defaults.tags, {}) + timeouts = try(each.value.timeouts, var.defaults.timeouts, { + create = "10m" + update = "60m" + delete = "10m" + }) + ttl_attribute_name = try(each.value.ttl_attribute_name, var.defaults.ttl_attribute_name, "") + ttl_enabled = try(each.value.ttl_enabled, var.defaults.ttl_enabled, false) + write_capacity = try(each.value.write_capacity, var.defaults.write_capacity, null) } diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf index 5da7c09..ec6da5f 100644 --- a/wrappers/outputs.tf +++ b/wrappers/outputs.tf @@ -1,5 +1,5 @@ output "wrapper" { description = "Map of outputs of a wrapper." value = module.wrapper - # sensitive = false # No sensitive module output found + # sensitive = false # No sensitive module output found }