init action

.github/workflows/action_integration_test.yml

@@ -0,0 +1,37 @@
+name: "GitHub Action integration test"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  integration-test:
+    name: "Run GitHub Action integration test"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Run in report only mode
+        uses: ./
+        with:
+          push_changes: false
+          report_only: true
+
+      - name: Run in update mode
+        uses: ./
+        with:
+          push_changes: false
+          report_only: false
+
+
+
+
+
+

.github/workflows/cli-integration-test.yml

@@ -0,0 +1,78 @@
+name: CLI Integration test
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+
+jobs:
+  test:
+    # only run if not closed or closed with merge
+    if: ${{ github.event.pull_request.merged == true || github.event.pull_request.state != 'closed' }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      report_json_file: InfraPatch_Statistics.json
+
+    strategy:
+      matrix:
+        os:
+          - macos-latest
+          - ubuntu-latest
+          # - windows-latest Windows does currently not work because of pygohcl
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+
+      - name: Install InfraPatch CLI
+        run: |
+          python -m pip install .
+        shell: bash
+
+      - name: Run InfraPatch report
+        shell: bash
+        run: infrapatch --debug report --dump-json-statistics
+
+      - name: Check report result
+        shell: pwsh
+        run: |
+          $report = Get-Content $env:report_json_file -Raw | ConvertFrom-Json
+          if ( -not $report.total_resources -gt 0 ) {
+            throw "Failed to get resources"
+          }
+          if ( $report.resources_patched -ne 0 ) {
+              throw "No resources should be patched"
+          }
+          if ( $report.errors -gt 0 ) {
+              throw "Errors have been detected"
+          }
+
+      - name: Run InfraPatch update
+        shell: bash
+        run: infrapatch --debug update --dump-json-statistics --confirm
+
+      - name: Check update result
+        shell: pwsh
+        run: |
+          $report = Get-Content $env:report_json_file -Raw | ConvertFrom-Json
+          if ( -not $report.total_resources -gt 0 ) {
+            throw "Failed to get resources"
+          }
+          if ( -not ( $report.resources_patched -gt 3 ) ) {
+              throw "No resources should be patched"
+          }
+          if ( $report.errors -gt 0 ) {
+              throw "Errors have been detected"
+          }
+
+

.gitignore

@@ -6,6 +6,8 @@ __pycache__/
 # C extensions
 *.so
 
+**/.terraform/*
+
 # Distribution / packaging
 .Python
 build/

README.md

@@ -9,6 +9,7 @@ The follwoing chapter describes the CLI usage.
 
 ### Installation
 
+Before installing the CLI, make sure you have Python 3.11 or higher installed.
 The InfraPatch CLI can be installed via pip:
 
 ```bash
@@ -22,6 +23,7 @@ After the installation, InfraPatch can be run with the following command:
 ```bash
 infrapatch --help
 ```
+![infrapatch_help.png](asset%2Finfrapatch_help.png)
 
 ### Usage
 
@@ -31,12 +33,14 @@ The `report` command will scan your Terraform code and report the current and ne
 ```bash
 infrapatch report
 ```
+![infrapatch_report.gif](asset%2Finfrapatch_report.gif)
 
 The `update` command will scan your Terraform code and ask you for confirmation to update the listed modules and providers to the newest version.
 
 ```bash
 infrapatch update
 ```
+![infrapatch_update.gif](asset%2Finfrapatch_update.gif)
 
 ### Authentication
 
@@ -66,7 +70,54 @@ infrapatch --credentials-file-path "path/to/credentials/file" update
 
 ### GitHub Action
 
-This repository also contains a GitHub Action that can be used to automatically update your Terraform code.
-The following example shows how to use the GitHub Action:
+This repository also contains a GitHub Action.
+The Action can for example be run on a schedule to automatically update your terraform code and open a PR with the changes.
+
+The following example workflow runs once a day:
+
+```yaml
+name: "InfraPatch"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+on:
+  schedule:
+    - cron: '0 23 * * *'
+  workflow_dispatch:
+
+jobs:
+  infrapatch:
+    name: "Check Terraform Code for Updates"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run in update mode
+        uses: Noahnc/infrapatch@main
+        with:
+          report_only: false 
+```
+
+#### Report only Mode
+
+By default, the Action will create a Branch with all the changes and opens a PR to Branch for which the Action was triggered.
+When setting the input `report_only` to `true`, the Action will only report available updates in the Action output.
 
+#### Authentication
+
+If you use private registries in your Terraform project, you can specify credentials for the Action with the Input `registry_secrets`:
+
+```yaml
+  - name: Run in update mode
+    uses: Noahnc/infrapatch@main
+    with:
+      report_only: false
+      registry_secrets: |
+        spacelift.io=${{ secrets.SPACELIFT_API_TOKEN }}
+        <second_registry>=<registry_token>
+```
 
+Each secret must be specified in a new line with the following format: `<registry_name>=<registry_token>`

action.yml

@@ -1,13 +1,115 @@
 name: InfraPatch Github Action
 description: A github action to update provider and module dependencies in terraform files
 author: "Noah Canadea"
+inputs:
+  target_branch_name:
+    description: "Name of the branch where changes will be pushed to. Defaults to feature/infrapatch-bot"
+    required: true
+    default: "feature/infrapatch-bot"
+  default_registry_domain:
+    description: "Default registry domain to use for modules and providers without explicit registry domain set. Defaults to registry.terraform.io"
+    required: false
+    default: "registry.terraform.io"
+  git_user:
+    description: "Git user to use for commits. Defaults to InfraPatch Bot"
+    required: false
+    default: "InfraPatch Bot"
+  git_email:
+    description: "Git email to use for commits. Defaults to [email protected]"
+    required: false
+    default: "[email protected]"
+  github_token:
+    description: "GitHub access token. Defaults to github.token."
+    default: ${{ github.token }}
+  report_only:
+    description: "Only report new versions. Do not update files. Defaults to false"
+    default: "false"
+    required: true
+  registry_secrets:
+    description: "Registry secrets to use for private registries"
+    required: false
+    default: ""
+  working_directory:
+    description: "Working directory to run the command in. Defaults to the root of the repository"
+    required: false
+    default: ${{ github.workspace }}
 runs:
   using: composite
   steps:
+    - name: Extract branch name
+      id: head_branch
+      shell: bash
+      run: |
+        head_branch="origin/${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
+        echo "Detected head branch: $head_branch"
+        echo "branch=$head_branch" >> $GITHUB_OUTPUT
+
     - name: Install Python
       uses: actions/setup-python@v4
       with:
         python-version: "3.11"
-    - name: Install infrapatch
-      run: pip install .
+
+    - name: Install requirements
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+      shell: bash
+
+    - name: Create target branch
+      id: create_branch
+      if: ${{ inputs.report_only == 'false' }}
+      uses: peterjgrainger/[email protected]
+      env:
+        GITHUB_TOKEN: ${{ inputs.github_token }}
+      with:
+        branch: "refs/heads/${{ inputs.target_branch_name }}"
+
+    - name: Configure git
+      if: ${{ inputs.report_only }} == 'false' }}
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+      run: |
+        git config --global user.name "${{ inputs.git_user }}"
+        git config --global user.email "${{ inputs.git_email }}"
+
+    - name: Switch to target branch
+      if: ${{ inputs.report_only == 'false' }}
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+      run: |
+        git fetch origin
+        git checkout -b "${{ inputs.target_branch_name }}" "origin/${{ inputs.target_branch_name }}"
+
+    - name: Rebase target branch
+      if: ${{ steps.create_branch.outputs.created == 'false' }}
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+      run: |
+        echo "Rebasing ${{ inputs.target_branch_name }} on ${{ steps.head_branch.outputs.branch }}"
+        git rebase -Xtheirs ${{ steps.head_branch.outputs.branch }}
+
+    - name: Run InfraPatch Action
+      shell: bash
+      run: |
+        module="infrapatch.action"
+        arguments=()
+        if [ "${{ runner.debug }}" == "1" ]; then
+            arguments+=("--debug")
+        fi
+        if [ "${{ inputs.report_only }}" == "true" ]; then
+            arguments+=("--report-only")
+        fi
+        if [ "${{ inputs.registry_secrets }}" != "" ]; then
+            arguments+=("--registry-secrets-string" "\"${{ inputs.registry_secrets }}\"")
+        fi
+        arguments+=("--github-token" "${{ inputs.github_token }}")
+        arguments+=("--working-directory" "${{ inputs.working_directory }}")
+        arguments+=("--default-registry-domain" "${{ inputs.default_registry_domain }}")
+        python -m "$module" "${arguments[@]}"
+
+    - name: Push changes
+      if: ${{ inputs.report_only == 'false' }}
+      working-directory: ${{ inputs.working_directory }}
       shell: bash
+      run: |
+        git push

infrapatch/__init__.py

@@ -0,0 +1 @@
+