Releases: cloudposse/github-action-atmos-terraform-drift-remediation
v3.0.0
Cut new release @goruha (#24)
## what * Minor changes to run release workflowwhy
- Previous PR merge had broken workflows
Skip AWS auth if Gitops aws configuration empty in atmos settings @goruha (#21)
## whatThis is based on cloudposse/github-action-atmos-terraform-apply#62
- Pin
cloudposse/github-action-atmos-terraform-applyaction to the latest
why
To support azure and better config settings
references
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#5)
## what This is an auto-generated PR that updates the README.md and docswhy
To have most recent changes of README.md and doc from origin templates
Update .github/settings.yml @osterman (#20)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @osterman (#19)
## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PRwhy
- Add comment to PR when it is released
Contributors
Assets 2
v2.0.0
Move `atmos-gitops-config.yaml` to `atmos.yaml` @goruha (#7)
what
- Move
atmos-gitops-config.yamltoatmos.yaml
why
- Reduce configs files
references
-
https://cloudposse.atlassian.net/browse/DEV-1589
Migrating from
v1tov2The notable changes in
v2are:v2works only withatmos >= 1.63.0v2dropsinstall-terraforminput because terraform is not required for affected stacks callv2dropsatmos-gitops-config-pathinput and the./.github/config/atmos-gitops.yamlconfig file. Now you have to use GitHub Actions environment variables to specify the location of theatmos.yaml.
The following configuration fields now moved to GitHub action inputs with the same names
name atmos-versionatmos-config-pathThe following configuration fields moved to the
atmos.yamlconfiguration file.name YAML path in atmos.yamlaws-regionintegrations.github.gitops.artifact-storage.regionterraform-state-bucketintegrations.github.gitops.artifact-storage.bucketterraform-state-tableintegrations.github.gitops.artifact-storage.tableterraform-state-roleintegrations.github.gitops.artifact-storage.roleterraform-plan-roleintegrations.github.gitops.role.planterraform-apply-roleintegrations.github.gitops.role.applyterraform-versionintegrations.github.gitops.terraform-versionenable-infracostintegrations.github.gitops.infracost-enabledsort-byintegrations.github.gitops.matrix.sort-bygroup-byintegrations.github.gitops.matrix.group-byFor example, to migrate from
v1tov2, you should have something similar to the following in youratmos.yaml:./.github/config/atmos.yaml# ... your existing configuration integrations: github: gitops: terraform-version: 1.5.2 infracost-enabled: false artifact-storage: region: us-east-2 bucket: cptest-core-ue2-auto-gitops table: cptest-core-ue2-auto-gitops-plan-storage role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha role: plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops matrix: sort-by: .stack_slug group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
.github/workflows/main.yaml- name: Remediate Drift uses: cloudposse/github-action-atmos-terraform-drift-remediation@v2 with: issue-number: ${{ github.event.issue.number }} action: remediate atmos-config-path: ./rootfs/usr/local/etc/atmos/
This corresponds to the
v1configuration (deprecated) below.The
v1configuration file./.github/config/atmos-gitops.yamllooked like this:atmos-version: 1.45.3 atmos-config-path: ./rootfs/usr/local/etc/atmos/ terraform-state-bucket: cptest-core-ue2-auto-gitops terraform-state-table: cptest-core-ue2-auto-gitops terraform-state-role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha terraform-plan-role: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops terraform-apply-role: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops terraform-version: 1.5.2 aws-region: us-east-2 enable-infracost: false sort-by: .stack_slug group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
And the
v1GitHub Action Workflow looked like this..github/workflows/main.yaml- name: Remediate Drift uses: cloudposse/github-action-atmos-terraform-drift-remediation@v1 with: issue-number: ${{ github.event.issue.number }} action: remediate atmos-gitops-config-path: ./.github/config/atmos-gitops.yaml
Update actions/checkout action to v4 @renovate (#10)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| actions/checkout | action | major | v3 -> v4 |
Release Notes
actions/checkout (actions/checkout)
v4
Configure Renovate @renovate (#2)
Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
Detected Package Files
.github/workflows/auto-readme.yml(github-actions).github/workflows/auto-release.yml(github-actions).github/workflows/release.yml(github-actions).github/workflows/validate-codeowners.yml(github-actions)action.yml(github-actions)
Configuration Summary
Based on the default config's presets, Renovate will:
- Start dependency updates only once this onboarding PR is merged
- Show all Merge Confidence badges for pull requests.
- Enable Renovate Dependency Dashboard creation.
- Use semantic commit type
fixfor dependencies andchorefor all others if semantic commits are in use. - Ignore
node_modules,bower_components,vendorand various test/tests directories. - Group known monorepo packages together.
- Use curated list of recommended non-monorepo package groupings.
- Apply crowd-sourced package replacement rules.
- Apply crowd-sourced workarounds for known problems with packages.
🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.
What to Expect
With your current configuration, Renovate will create 3 Pull Requests:
Update mszostok/codeowners-validator action to v0.7.4
- Schedule: ["at any time"]
- Branch name:
renovate/mszostok-codeowners-validator-0.x - Merge into:
main - Upgrade mszostok/codeowners-validator to
v0.7.4
Update actions/checkout action to v4
- Schedule: ["at any time"]
- Branch name:
renovate/actions-checkout-4.x - Merge into:
main - Upgrade actions/checkout to
v4
Update actions/github-script action to v7
- Schedule: ["at any time"]
- Branch name:
renovate/actions-github-script-7.x - Merge into:
main - Upgrade actions/github-script to
v7
🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.
❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.
This PR has been generated by Mend Renovate. View repository job log here.
Contributors
Assets 2
v1.3.0
Fix: Don't Close PRs if Terraform Apply Fails @milldr (#8)
what
- Fix apply step result
why
- Don't close a PR if the Terraform apply fails
- This action was previously always returning true, even when the apply step failed. Then I accidentally pushed directly to main with the reverse so this now always fails.
- I've set up branch protection to prevent that in the future and then fixed it with this PR
references
Contributors
Assets 2
v1.2.0
- Fix conditional result for
APPLY_SUCCEEDED. Do not close a PR when Terraform fails
v1.1.0
Contributors
Assets 2
v1.0.0
Move to GitOps Config File (#4) ## what * Incapsulate configs
v0.3.0
Move to GitOps Config File @goruha (#4)
what
- Incapsulate configs
Migrating from v1 to v2
v2 drop component-path variable. Now it fetches from atmos.yaml file automatically.
v2 moved variables from inputs to atmos gitops config path ./.github/config/atmos-gitops.yaml
| name |
|---|
atmos-version |
atmos-config-path |
terraform-state-bucket |
terraform-state-table |
terraform-state-role |
terraform-plan-role |
terraform-apply-role |
terraform-version |
aws-region |
enable-infracost |
If you want the same behavior in v2 as inv1 you should create config ./.github/config/atmos-gitops.yaml with the same variables as in v1 inputs.
- name: Remediate Drift
uses: cloudposse/github-action-atmos-terraform-drift-remediation@v2
with:
issue-number: ${{ github.event.issue.number }}
action: remediate
atmos-gitops-config-path: ./.github/config/atmos-gitops.yaml same behaviour as
- name: Remediate Drift
uses: cloudposse/github-action-atmos-terraform-drift-remediation@v1
with:
issue-number: ${{ github.event.issue.number }}
action: remediate
atmos-config-path: "${{ github.workspace }}/rootfs/usr/local/etc/atmos/"
terraform-plan-role: "arn:aws:iam::111111111111:role/acme-core-gbl-identity-gitops"
terraform-state-bucket: "acme-core-ue2-auto-gitops"
terraform-state-role: "arn:aws:iam::999999999999:role/acme-core-ue2-auto-gitops-gha"
terraform-state-table: "acme-core-ue2-auto-gitops"
aws-region: "us-east-2"Contributors
Assets 2
v0.2.0
- No changes