diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7c7b125..76962d0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: framework: terraform # Terraform-docs - - uses: terraform-docs/gh-actions@v1.2.2 + - uses: terraform-docs/gh-actions@v1.3.0 id: terraform-docs with: working-dir: . @@ -43,7 +43,7 @@ jobs: git-push: 'false' # Push Terraform-docs changes - - uses: planetscale/ghcommit-action@v0.1.45 + - uses: planetscale/ghcommit-action@v0.2.0 # Run this step even if previous steps fails (there are changes to commit) # but skip when on forks if: ${{ !cancelled() && github.repository_owner == 'runatlantis' }} @@ -61,7 +61,7 @@ jobs: echo '### Please run terraform-docs locally and commit the changes:' >> $GITHUB_STEP_SUMMARY echo '' >> $GITHUB_STEP_SUMMARY echo '```sh' >> $GITHUB_STEP_SUMMARY - echo 'docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs:0.17.0 markdown --output-file README.md --output-mode inject /terraform-docs' >> $GITHUB_STEP_SUMMARY + echo 'docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs markdown --output-file README.md --output-mode inject /terraform-docs' >> $GITHUB_STEP_SUMMARY echo 'git add README.md' >> $GITHUB_STEP_SUMMARY echo 'git commit --amend --no-edit' >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..e5a1d09 --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,5 @@ +settings: + # https://github.com/terraform-docs/gh-actions/issues/98 + # Since we do not commit the lockfile, it has no effect in gh workflows. + # Changes local runs to match the gh workflow behavior. + lockfile: false diff --git a/README.md b/README.md index b5bf8aa..82fee83 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # Atlantis on Google Compute Engine ![Header](./static/banner.png) +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis?ref=badge_shield) This Terraform module deploys various resources to run Atlantis on Google Compute Engine. @@ -187,7 +188,7 @@ You can check the status of the certificate in the Google Cloud Console. |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | | [cloudinit](#requirement\_cloudinit) | >=2.2.0 | -| [google](#requirement\_google) | >=4.79.0 | +| [google](#requirement\_google) | >=6.9.0 | | [google-beta](#requirement\_google-beta) | >=4.79.0 | | [random](#requirement\_random) | >=3.4.3 | @@ -196,7 +197,7 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Version | |------|---------| | [cloudinit](#provider\_cloudinit) | >=2.2.0 | -| [google](#provider\_google) | >=4.79.0 | +| [google](#provider\_google) | >=6.9.0 | | [google-beta](#provider\_google-beta) | >=4.79.0 | | [random](#provider\_random) | >=3.4.3 | @@ -204,7 +205,7 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Source | Version | |------|--------|---------| -| [container](#module\_container) | terraform-google-modules/container-vm/google | 3.1.1 | +| [container](#module\_container) | terraform-google-modules/container-vm/google | ~> 3.2 | ## Resources @@ -244,7 +245,7 @@ You can check the status of the certificate in the Google Cloud Console. | [google\_logging\_enabled](#input\_google\_logging\_enabled) | Enable Google Cloud Logging | `bool` | `true` | no | | [google\_logging\_use\_fluentbit](#input\_google\_logging\_use\_fluentbit) | Enable Google Cloud Logging using Fluent Bit | `bool` | `false` | no | | [google\_monitoring\_enabled](#input\_google\_monitoring\_enabled) | Enable Google Cloud Monitoring | `bool` | `true` | no | -| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | +| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | | [iap\_backend\_security\_policy](#input\_iap\_backend\_security\_policy) | Name of the security policy to apply to the IAP backend service | `string` | `null` | no | | [image](#input\_image) | Docker image. This is most often a reference to a container located in a container registry | `string` | `"ghcr.io/runatlantis/atlantis:latest"` | no | | [labels](#input\_labels) | Key-value pairs representing labels attaching to instance & instance template | `map(any)` | `{}` | no | @@ -256,9 +257,9 @@ You can check the status of the certificate in the Google Cloud Console. | [persistent\_disk\_type](#input\_persistent\_disk\_type) | The type of persistent disk that Atlantis uses to store its data on | `string` | `"pd-ssd"` | no | | [project](#input\_project) | The ID of the project in which the resource belongs | `string` | `null` | no | | [region](#input\_region) | The region that resources should be created in | `string` | n/a | yes | -| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | -| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | -| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | +| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | +| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | +| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | | [spot\_machine\_enabled](#input\_spot\_machine\_enabled) | A Spot VM is discounted Compute Engine capacity that may be preemptively stopped or deleted by Compute Engine if the capacity is needed | `bool` | `false` | no | | [ssl\_policy](#input\_ssl\_policy) | The SSL policy name that the certificate must follow | `string` | `null` | no | | [startup\_script](#input\_startup\_script) | A startup script that runs during the boot cycle when you first launch an instance | `string` | `null` | no | @@ -275,4 +276,7 @@ You can check the status of the certificate in the Google Cloud Console. | [ip\_address](#output\_ip\_address) | The IPv4 address of the load balancer | | [managed\_ssl\_certificate\_certificate\_id](#output\_managed\_ssl\_certificate\_certificate\_id) | The unique identifier of the Google Managed SSL certificate | | [managed\_ssl\_certificate\_expire\_time](#output\_managed\_ssl\_certificate\_expire\_time) | Expire time of the Google Managed SSL certificate | - \ No newline at end of file + + +## License +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis?ref=badge_large) diff --git a/main.tf b/main.tf index de0762b..ec10df2 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,5 @@ locals { + # The default port that Atlantis runs on is 4141, we default to this. atlantis_port = lookup(var.env_vars, "ATLANTIS_PORT", 4141) # Atlantis' home directory is "/home/atlantis", we default to this. @@ -79,7 +80,7 @@ data "cloudinit_config" "config" { module "container" { source = "terraform-google-modules/container-vm/google" - version = "3.1.1" + version = "~> 3.2" cos_image_name = var.machine_image != null ? element(split("/", var.machine_image), length(split("/", var.machine_image)) - 1) : null @@ -346,6 +347,7 @@ resource "google_compute_backend_service" "iap" { } iap { + enabled = true oauth2_client_id = var.iap.oauth2_client_id oauth2_client_secret = var.iap.oauth2_client_secret } diff --git a/versions.tf b/versions.tf index d184637..b4d8a93 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">=4.79.0" + version = ">=6.9.0" } google-beta = { source = "hashicorp/google-beta"