v2.9.0

Add README to PR update scope @goruha (#79)

## what * Fix: Add README to PR update scope * Fix: Fix new component link in PR body

why

• README should be delivered as part of update PR

v2.8.0

Minimize commit files @goruha (#69)

## what * Add to commit index only files that related to a component

Why

• Reduce count of github API requests

v2.7.0

Support commit binary files @goruha (#48)

## What * Support commit binary files * Support adding new files * Support delete removed filed * Fix latest tag version sort * Create PRs based on current branch * Added exception message if trying to commit files bigger then 100M * Fix PR body table format

Why

• Some components contain images or other binary files
• New version component can have new files
• New version component can drop some files
• Get the latest tag based on semver sorting
• Use the current branch as the base for PR (it used to be the default branch as the base)
• As we commit binary files, Github required files bigger then 100M to use Large blob storage API
• Have nice table formatting

v2.6.0

Support Migration of Components to a New GitHub Organization @goruha (#46)

## what * Automatically migrate existing components to the new GitHub organization

why

• Makes migration to new component structure simple and stable

Refs

• cloudposse/terraform-aws-components#1177

v2.5.1

Automatically Sign Commits Using GitHub API Instead of GitPython and GPG @goruha (#45)

## what

[!CAUTION]
This change has only undergone local development and has not been adequately tested for merge

• Removes GPG signing key option
• Updates commit signing to use PyGitHub instead of GitPython library

why

• Commits are made using GitPython, while pull requests are handled with PyGitHub. I found that PyGitHub can also make commits, and it could leverage the Atmos App token to automatically sign them. Let me know if you'd be interested in testing this approach

references

• Commit Signing
• #44

🤖 Automatic Updates

Update .github/settings.yml @osterman (#43)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v2.5.0

fix: fix gpg signing using git-plumbing method @RoseSecurity (#42)

## what

• GitPython does not allow you to sign commits with its git-porcelain method. Previously, this method was used but resulted in an error during execution. This change utilizes git-plumbing method to accomplish signed commits

why

• GitPython does not allow you to sign commits with its git-porcelain method. The way you typically commit with GitPython is:

repo = Repo(repo_dir)
index = repo.index
index.add([file_to_commit_path])
author = Actor("An author", "[email protected]")

index.commit("my commit message", author=author)

• index.commit method does not provide any argument to sign commits. If you want to sign commits you have to use the the git-plumbing method git.commit(...):

signingkey = "<KEY_ID>"

repo = Repo.init('.')
# Make changes
update_file = "./testing.txt"
with open(update_file, "a") as f:
    f.write("\nfix gpg signing")

# Add to stage
repo.index.add([update_file])

# Commit
repo.git.commit('-S', f'--gpg-sign={signingkey}', '-m', "my commit message")

The result:

# Grab commit SHA
 ❯ git log

# Verify commit is signed
 ❯ git verify-commit a9d6677
gpg: Signature made Wed Sep 11 18:16:36 2024 CDT
gpg:                using EDDSA key <KEY>
gpg: Good signature from "RoseSecurity (MacBook Pro) <[email protected]>" [ultimate]

references

• Signing Commits with GitPython

v2.4.0

fix: update commit signing method @RoseSecurity (#41)

## what

• The prior release included support for GPG signing of commits. This fails with the following error:

Traceback (most recent call last):
  File "/github/action/src/main.py", line 134, in <module>
    cli_main()
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/github/action/src/main.py", line 129, in cli_main
    main(github_api_token, config)
  File "/github/action/src/main.py", line 15, in main
    component_updater.update()
  File "/github/action/src/component_updater.py", line 65, in update
    responses.extend(self.__update_terraform_dir(infra_terraform_dir))
  File "/github/action/src/component_updater.py", line 84, in __update_terraform_dir
    response = self.__update_component(infra_terraform_dir, component_file)
  File "/github/action/src/component_updater.py", line 217, in __update_component
    pull_request_creation_response: PullRequestCreationResponse = self.__create_branch_and_pr(updated_component.infra_repo_dir,
  File "/github/action/src/component_updater.py", line 278, in __create_branch_and_pr
    self.__github_provider.create_branch_and_push_all_changes(repo_dir,
  File "/github/action/src/github_provider.py", line 94, in create_branch_and_push_all_changes
    repo.index.commit(commit_message, gpg_sign=True, gpg_signing_key=self.__config.gpg_key_id)
TypeError: IndexFile.commit() got an unexpected keyword argument 'gpg_sign'

• This change incorporates a fix for the error

why

• Fixes commit signing for Component Updater

references

• Signing Commit Docs
• Signing Issue

v2.3.2

Add GPG Key ID (#39) @goruha (#40)

## what

[!IMPORTANT]
This pull request is a work in progress as I would love to see this feature but do not want to encroach on any work from the CloudPosse team. If this PR is not on the right track, feel free to close at your will

why

• Provides an interface for teams to sign component updater commits
• The following is an example of how this could be leveraged to sign component updater commits:

name: "atmos-components"

on:
  workflow_dispatch: {}

  schedule:
    - cron:  '0 8 * * 1'         # Execute every week on Monday at 08:00

permissions:
  contents: write
  pull-requests: write

jobs:
  update:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Import GPG Key
        run: |
          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
          git config --global commit.gpgSign true

      - name: Update Atmos Components
        uses: cloudposse/github-action-atmos-component-updater@v2
        with:
          github-access-token: ${{ secrets.GITHUB_TOKEN }}
          max-number-of-prs: 5
          include: |
            aws-*
            eks/*
            bastion
          exclude: aws-sso,aws-saml
        env:
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}

#39

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#35)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• Add comment to PR when it is released

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#33)

## what - Update workflows (`.github/workflows/settings.yaml`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

v2.3.1

Pin base docker image to ubuntu:jammy @goruha (#32)

## what * Pin base docker image to `ubuntu:jammy`

why

• Docker build failed for ubuntu version >= 22.04

references

• https://github.com/cloudposse/github-action-atmos-component-updater/actions/runs/9009606808/job/24754152180
• DEV-2147 github-action-atmos-component-updater is broken for every customer

feat: FAQs for README @milldr (#25)

## what - Added FAQs to the READEME - Rebuild README with latest template

why

• I've missed these a few times, and they should be documented

references

• n/a

🤖 Automatic Updates

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#26)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

v2.3.0

Delete branch on PR close @goruha (#23)

what

• Delete branch on PR close

why

• Fix leaving trunk branches