From 1be875efcafee5ef1dd6af2793c5a0fad58ceed1 Mon Sep 17 00:00:00 2001 From: Timothy MacDonald Date: Mon, 18 Mar 2024 15:29:58 -0500 Subject: [PATCH 1/4] ci: add github actions for codefresh migration (#25) * ci: add github actions for codefresh migration Signed-off-by: Timothy MacDonald * ci: update job names and pass inputs Signed-off-by: Timothy MacDonald * ci: break test compat workflow into two for different triggers Signed-off-by: Timothy MacDonald * ci: update workflow name Signed-off-by: Timothy MacDonald * ci: detect user for pr comments to trigger release Signed-off-by: Timothy MacDonald --------- Signed-off-by: Timothy MacDonald --- .github/workflows/nightly.yml | 11 ++++++++ .github/workflows/prepare-release.yml | 8 ++++++ .github/workflows/release.yml | 12 +++++++++ .github/workflows/test-compat-pr-comment.yml | 27 ++++++++++++++++++++ .github/workflows/test-compatibility.yml | 19 ++++++++++++++ .github/workflows/verify-release.yml | 12 +++++++++ 6 files changed, 89 insertions(+) create mode 100644 .github/workflows/nightly.yml create mode 100644 .github/workflows/prepare-release.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/test-compat-pr-comment.yml create mode 100644 .github/workflows/test-compatibility.yml create mode 100644 .github/workflows/verify-release.yml diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 0000000..80b2156 --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,11 @@ +name: Nightly Build + +on: + workflow_dispatch: + schedule: + - cron: '0 10 * * *' # Run every day at 10AM UTC + +jobs: + call-nightly-workflow: + uses: lacework/oss-actions/.github/workflows/tf-nightly.yml@main + secrets: inherit diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml new file mode 100644 index 0000000..300a8bf --- /dev/null +++ b/.github/workflows/prepare-release.yml @@ -0,0 +1,8 @@ +name: Prepare Release + +on: workflow_dispatch + +jobs: + call-prepare-release: + uses: lacework/oss-actions/.github/workflows/tf-prepare-release.yml@main + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..a4b2a73 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,12 @@ +name: Release + +on: + workflow_dispatch: + push: + tags: + - 'v*' + +jobs: + call-release: + uses: lacework/oss-actions/.github/workflows/tf-release.yml@main + secrets: inherit diff --git a/.github/workflows/test-compat-pr-comment.yml b/.github/workflows/test-compat-pr-comment.yml new file mode 100644 index 0000000..0f3b997 --- /dev/null +++ b/.github/workflows/test-compat-pr-comment.yml @@ -0,0 +1,27 @@ +name: Test Compatibility and Trigger Release For External PR + +on: + workflow_dispatch: + issue_comment: + types: [created, edited] + +jobs: + call-test-compatibility: + if: ${{ contains(github.event.comment.html_url, '/pull/') && contains(github.event.comment.body, 'make it so') }} + steps: + - uses: actions/github-script@v7 + with: + script: | + const creator = context.payload.sender.login + const result = await github.rest.teams.getMembershipForUserInOrg({ + org: context.repo.owner, + team_slug: 'growth-team', + username: creator + }) + if (result.state != "active" ) { + core.setFailed('Commenter is not a member of the growth team.') + } + - uses: lacework/oss-actions/.github/workflows/tf-test-compatibility.yml@main + secrets: inherit + with: + trigger-release: true \ No newline at end of file diff --git a/.github/workflows/test-compatibility.yml b/.github/workflows/test-compatibility.yml new file mode 100644 index 0000000..c43c897 --- /dev/null +++ b/.github/workflows/test-compatibility.yml @@ -0,0 +1,19 @@ +name: Test Compatibility + +on: + workflow_dispatch: + push: + +jobs: + call-test-compat-with-trigger: + if: github.ref == 'refs/heads/main' + uses: lacework/oss-actions/.github/workflows/tf-test-compatibility.yml@main + secrets: inherit + with: + trigger-release: true + call-test-compat-without-trigger: + if: github.ref != 'refs/heads/main' + uses: lacework/oss-actions/.github/workflows/tf-test-compatibility.yml@main + secrets: inherit + with: + trigger-release: false diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml new file mode 100644 index 0000000..d56d164 --- /dev/null +++ b/.github/workflows/verify-release.yml @@ -0,0 +1,12 @@ +name: Verify Release + +on: + workflow_dispatch: + push: + branches: + - release + +jobs: + call-verify-release: + uses: lacework/oss-actions/.github/workflows/tf-verify.yml@main + secrets: inherit From b246aa5e2cb4d0b77578b432e537b16d392d7421 Mon Sep 17 00:00:00 2001 From: Evan Rappe <8562802+evanrappe@users.noreply.github.com> Date: Tue, 19 Mar 2024 09:56:28 -0500 Subject: [PATCH 2/4] Allows upgrading the google provider to 5.x (#24) --- README.md | 2 +- main.tf | 2 +- versions.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ac20544..50716ed 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ cloudresourcemanager.googleapis.com | Name | Source | Version | |------|--------|---------| -| [lacework\_al\_ps\_svc\_account](#module\_lacework\_al\_ps\_svc\_account) | lacework/service-account/gcp | ~> 1.0 | +| [lacework\_al\_ps\_svc\_account](#module\_lacework\_al\_ps\_svc\_account) | lacework/service-account/gcp | ~> 2.0 | ## Resources diff --git a/main.tf b/main.tf index e6d891c..a096bb1 100644 --- a/main.tf +++ b/main.tf @@ -110,7 +110,7 @@ resource "google_project_service" "required_apis" { module "lacework_al_ps_svc_account" { source = "lacework/service-account/gcp" - version = "~> 1.0" + version = "~> 2.0" create = var.use_existing_service_account ? false : true service_account_name = local.service_account_name project_id = local.project_id diff --git a/versions.tf b/versions.tf index e168a30..08041ef 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.15.1" required_providers { - google = ">= 4.4.0, < 5.0.0" + google = ">= 4.4.0" time = "~> 0.6" lacework = { source = "lacework/lacework" From c42dee9c2eee49d4ebb12d29b5e42e0d70c8315d Mon Sep 17 00:00:00 2001 From: lacework-releng <73366105+lacework-releng@users.noreply.github.com> Date: Tue, 19 Mar 2024 16:38:46 +0000 Subject: [PATCH 3/4] release: v0.5.1 (#26) Signed-off-by: Lacework --- CHANGELOG.md | 4 ++++ README.md | 4 ++-- RELEASE_NOTES.md | 7 ++----- VERSION | 2 +- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fa69ff8..907dbdd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +# v0.5.1 + + +--- # v0.5.0 ## Features diff --git a/README.md b/README.md index 50716ed..cc8c8fb 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ cloudresourcemanager.googleapis.com | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.15.1 | -| [google](#requirement\_google) | >= 4.4.0, < 5.0.0 | +| [google](#requirement\_google) | >= 4.4.0 | | [lacework](#requirement\_lacework) | ~> 1.18 | | [time](#requirement\_time) | ~> 0.6 | @@ -48,7 +48,7 @@ cloudresourcemanager.googleapis.com | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.4.0, < 5.0.0 | +| [google](#provider\_google) | >= 4.4.0 | | [lacework](#provider\_lacework) | ~> 1.18 | | [random](#provider\_random) | n/a | | [time](#provider\_time) | ~> 0.6 | diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 007510a..5421e83 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,7 +1,4 @@ # Release Notes -Another day, another release. These are the release notes for the version `v0.5.0`. +Another day, another release. These are the release notes for the version `v0.5.1`. + -## Features -* feat(GROW-2540): support integration folder customization for inclusion/exclusion (#22) (Matt Cadorette)([a39a097](https://github.com/lacework/terraform-gcp-pub-sub-audit-log/commit/a39a097bee10a64ff620093277c051b376b8ab1d)) -## Other Changes -* ci: version bump to v0.4.3-dev (Lacework)([933ce4c](https://github.com/lacework/terraform-gcp-pub-sub-audit-log/commit/933ce4c4dab10e356851d5acb828124cbac89e84)) diff --git a/VERSION b/VERSION index 69d71cd..5d4294b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.5.1-dev \ No newline at end of file +0.5.1 \ No newline at end of file From 78515be0d148c018db0de2754b6b4e3853ff0e9b Mon Sep 17 00:00:00 2001 From: Lacework Date: Tue, 19 Mar 2024 16:40:03 +0000 Subject: [PATCH 4/4] ci: version bump to v0.5.2-dev Signed-off-by: Lacework --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 5d4294b..9edeb16 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.5.1 \ No newline at end of file +0.5.2-dev \ No newline at end of file