From ac4858415de37d303004890366f4da5d619feddc Mon Sep 17 00:00:00 2001 From: fossabot Date: Mon, 16 Sep 2024 12:14:28 -0600 Subject: [PATCH 01/12] Add license scan report and status Signed off by: fossabot --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 666b948..f201b65 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # Atlantis on Google Compute Engine ![Header](./static/banner.png) +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis?ref=badge_shield) This Terraform module deploys various resources to run Atlantis on Google Compute Engine. @@ -275,4 +276,7 @@ You can check the status of the certificate in the Google Cloud Console. | [ip\_address](#output\_ip\_address) | The IPv4 address of the load balancer | | [managed\_ssl\_certificate\_certificate\_id](#output\_managed\_ssl\_certificate\_certificate\_id) | The unique identifier of the Google Managed SSL certificate | | [managed\_ssl\_certificate\_expire\_time](#output\_managed\_ssl\_certificate\_expire\_time) | Expire time of the Google Managed SSL certificate | - \ No newline at end of file + + +## License +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis?ref=badge_large) \ No newline at end of file From a042d61043035db0a358607dd719ca0c02eb1f55 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 13:45:31 +0000 Subject: [PATCH 02/12] chore(deps): update planetscale/ghcommit-action action to v0.1.47 --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7c7b125..701364a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,7 +43,7 @@ jobs: git-push: 'false' # Push Terraform-docs changes - - uses: planetscale/ghcommit-action@v0.1.45 + - uses: planetscale/ghcommit-action@v0.1.47 # Run this step even if previous steps fails (there are changes to commit) # but skip when on forks if: ${{ !cancelled() && github.repository_owner == 'runatlantis' }} From 9af1122ebc6b19c999d562e820e75b9ff0f3af58 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 21:04:17 +0000 Subject: [PATCH 03/12] chore(deps): update planetscale/ghcommit-action action to v0.2.0 --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 701364a..84fc8d9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,7 +43,7 @@ jobs: git-push: 'false' # Push Terraform-docs changes - - uses: planetscale/ghcommit-action@v0.1.47 + - uses: planetscale/ghcommit-action@v0.2.0 # Run this step even if previous steps fails (there are changes to commit) # but skip when on forks if: ${{ !cancelled() && github.repository_owner == 'runatlantis' }} From d0fd04d3d2444e63c6b364bb8440b6482ddb7df3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 13:20:08 +0000 Subject: [PATCH 04/12] chore(deps): update terraform-docs/gh-actions action to v1.3.0 --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 84fc8d9..bb406ca 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: framework: terraform # Terraform-docs - - uses: terraform-docs/gh-actions@v1.2.2 + - uses: terraform-docs/gh-actions@v1.3.0 id: terraform-docs with: working-dir: . From 35e8388494612dfb59239b929e7d3d4352cfc7ad Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 13:20:44 +0000 Subject: [PATCH 05/12] terraform-docs: automated action --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 666b948..e5741b8 100644 --- a/README.md +++ b/README.md @@ -244,7 +244,7 @@ You can check the status of the certificate in the Google Cloud Console. | [google\_logging\_enabled](#input\_google\_logging\_enabled) | Enable Google Cloud Logging | `bool` | `true` | no | | [google\_logging\_use\_fluentbit](#input\_google\_logging\_use\_fluentbit) | Enable Google Cloud Logging using Fluent Bit | `bool` | `false` | no | | [google\_monitoring\_enabled](#input\_google\_monitoring\_enabled) | Enable Google Cloud Monitoring | `bool` | `true` | no | -| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | +| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | | [iap\_backend\_security\_policy](#input\_iap\_backend\_security\_policy) | Name of the security policy to apply to the IAP backend service | `string` | `null` | no | | [image](#input\_image) | Docker image. This is most often a reference to a container located in a container registry | `string` | `"ghcr.io/runatlantis/atlantis:latest"` | no | | [labels](#input\_labels) | Key-value pairs representing labels attaching to instance & instance template | `map(any)` | `{}` | no | @@ -256,9 +256,9 @@ You can check the status of the certificate in the Google Cloud Console. | [persistent\_disk\_type](#input\_persistent\_disk\_type) | The type of persistent disk that Atlantis uses to store its data on | `string` | `"pd-ssd"` | no | | [project](#input\_project) | The ID of the project in which the resource belongs | `string` | `null` | no | | [region](#input\_region) | The region that resources should be created in | `string` | n/a | yes | -| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | -| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | -| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | +| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | +| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | +| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | | [spot\_machine\_enabled](#input\_spot\_machine\_enabled) | A Spot VM is discounted Compute Engine capacity that may be preemptively stopped or deleted by Compute Engine if the capacity is needed | `bool` | `false` | no | | [ssl\_policy](#input\_ssl\_policy) | The SSL policy name that the certificate must follow | `string` | `null` | no | | [startup\_script](#input\_startup\_script) | A startup script that runs during the boot cycle when you first launch an instance | `string` | `null` | no | From 1bb3dd24ac9e443e3d10272c357549155179004c Mon Sep 17 00:00:00 2001 From: cblkwell Date: Fri, 1 Nov 2024 13:45:54 -0500 Subject: [PATCH 06/12] Loosen module version requirements for container-vm Signed-off-by: cblkwell --- README.md | 20 ++++++++++---------- main.tf | 3 ++- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 666b948..9dacc80 100644 --- a/README.md +++ b/README.md @@ -195,16 +195,16 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Version | |------|---------| -| [cloudinit](#provider\_cloudinit) | >=2.2.0 | -| [google](#provider\_google) | >=4.79.0 | -| [google-beta](#provider\_google-beta) | >=4.79.0 | -| [random](#provider\_random) | >=3.4.3 | +| [cloudinit](#provider\_cloudinit) | 2.3.3 | +| [google](#provider\_google) | 4.84.0 | +| [google-beta](#provider\_google-beta) | 5.8.0 | +| [random](#provider\_random) | 3.6.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [container](#module\_container) | terraform-google-modules/container-vm/google | 3.1.1 | +| [container](#module\_container) | terraform-google-modules/container-vm/google | ~> 3.2 | ## Resources @@ -244,7 +244,7 @@ You can check the status of the certificate in the Google Cloud Console. | [google\_logging\_enabled](#input\_google\_logging\_enabled) | Enable Google Cloud Logging | `bool` | `true` | no | | [google\_logging\_use\_fluentbit](#input\_google\_logging\_use\_fluentbit) | Enable Google Cloud Logging using Fluent Bit | `bool` | `false` | no | | [google\_monitoring\_enabled](#input\_google\_monitoring\_enabled) | Enable Google Cloud Monitoring | `bool` | `true` | no | -| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | +| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | | [iap\_backend\_security\_policy](#input\_iap\_backend\_security\_policy) | Name of the security policy to apply to the IAP backend service | `string` | `null` | no | | [image](#input\_image) | Docker image. This is most often a reference to a container located in a container registry | `string` | `"ghcr.io/runatlantis/atlantis:latest"` | no | | [labels](#input\_labels) | Key-value pairs representing labels attaching to instance & instance template | `map(any)` | `{}` | no | @@ -256,9 +256,9 @@ You can check the status of the certificate in the Google Cloud Console. | [persistent\_disk\_type](#input\_persistent\_disk\_type) | The type of persistent disk that Atlantis uses to store its data on | `string` | `"pd-ssd"` | no | | [project](#input\_project) | The ID of the project in which the resource belongs | `string` | `null` | no | | [region](#input\_region) | The region that resources should be created in | `string` | n/a | yes | -| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | -| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | -| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | +| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | +| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | +| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | | [spot\_machine\_enabled](#input\_spot\_machine\_enabled) | A Spot VM is discounted Compute Engine capacity that may be preemptively stopped or deleted by Compute Engine if the capacity is needed | `bool` | `false` | no | | [ssl\_policy](#input\_ssl\_policy) | The SSL policy name that the certificate must follow | `string` | `null` | no | | [startup\_script](#input\_startup\_script) | A startup script that runs during the boot cycle when you first launch an instance | `string` | `null` | no | @@ -275,4 +275,4 @@ You can check the status of the certificate in the Google Cloud Console. | [ip\_address](#output\_ip\_address) | The IPv4 address of the load balancer | | [managed\_ssl\_certificate\_certificate\_id](#output\_managed\_ssl\_certificate\_certificate\_id) | The unique identifier of the Google Managed SSL certificate | | [managed\_ssl\_certificate\_expire\_time](#output\_managed\_ssl\_certificate\_expire\_time) | Expire time of the Google Managed SSL certificate | - \ No newline at end of file + diff --git a/main.tf b/main.tf index 9b88757..28c200f 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,5 @@ locals { + # The default port that Atlantis runs on is 4141, we default to this. atlantis_port = lookup(var.env_vars, "ATLANTIS_PORT", 4141) # Atlantis' home directory is "/home/atlantis", we default to this. @@ -79,7 +80,7 @@ data "cloudinit_config" "config" { module "container" { source = "terraform-google-modules/container-vm/google" - version = "3.1.1" + version = "~> 3.2" container = { image = var.image From 632db8bb2b76ffff8b108f5c9fd16fbdc100d171 Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 08:42:40 -0600 Subject: [PATCH 07/12] Fixing README Signed-off-by: cblkwell --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9dacc80..7be3f9d 100644 --- a/README.md +++ b/README.md @@ -195,10 +195,10 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Version | |------|---------| -| [cloudinit](#provider\_cloudinit) | 2.3.3 | -| [google](#provider\_google) | 4.84.0 | -| [google-beta](#provider\_google-beta) | 5.8.0 | -| [random](#provider\_random) | 3.6.0 | +| [cloudinit](#provider\_cloudinit) | >=2.2.0 | +| [google](#provider\_google) | >=4.79.0 | +| [google-beta](#provider\_google-beta) | >=4.79.0 | +| [random](#provider\_random) | >=3.4.3 | ## Modules From 7c1ad5953a049bec23bc663aa5570f1b4724bad2 Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 08:54:10 -0600 Subject: [PATCH 08/12] Adding enabled = true for iap backend Signed-off-by: cblkwell --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 28c200f..a6201be 100644 --- a/main.tf +++ b/main.tf @@ -345,6 +345,7 @@ resource "google_compute_backend_service" "iap" { } iap { + enabled = true oauth2_client_id = var.iap.oauth2_client_id oauth2_client_secret = var.iap.oauth2_client_secret } From 14395491ddb70540d9b97e4846f46f8e0521458d Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 08:58:14 -0600 Subject: [PATCH 09/12] Bumping version requirement due to iap enabled setting Signed-off-by: cblkwell --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index d184637..b4d8a93 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">=4.79.0" + version = ">=6.9.0" } google-beta = { source = "hashicorp/google-beta" From b9dca8e56f1976575a392122c6453a25f4c2877f Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 09:21:58 -0600 Subject: [PATCH 10/12] Fixing README Signed-off-by: cblkwell --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7be3f9d..7d4b6b9 100644 --- a/README.md +++ b/README.md @@ -187,7 +187,7 @@ You can check the status of the certificate in the Google Cloud Console. |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | | [cloudinit](#requirement\_cloudinit) | >=2.2.0 | -| [google](#requirement\_google) | >=4.79.0 | +| [google](#requirement\_google) | >=6.9.0 | | [google-beta](#requirement\_google-beta) | >=4.79.0 | | [random](#requirement\_random) | >=3.4.3 | @@ -196,7 +196,7 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Version | |------|---------| | [cloudinit](#provider\_cloudinit) | >=2.2.0 | -| [google](#provider\_google) | >=4.79.0 | +| [google](#provider\_google) | >=6.9.0 | | [google-beta](#provider\_google-beta) | >=4.79.0 | | [random](#provider\_random) | >=3.4.3 | From db0ccce80f677e655b0121c8614fdf560af72099 Mon Sep 17 00:00:00 2001 From: cblkwell Date: Thu, 7 Nov 2024 08:39:53 -0600 Subject: [PATCH 11/12] Fixing README Signed-off-by: cblkwell --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7d4b6b9..6ce5d3b 100644 --- a/README.md +++ b/README.md @@ -244,7 +244,7 @@ You can check the status of the certificate in the Google Cloud Console. | [google\_logging\_enabled](#input\_google\_logging\_enabled) | Enable Google Cloud Logging | `bool` | `true` | no | | [google\_logging\_use\_fluentbit](#input\_google\_logging\_use\_fluentbit) | Enable Google Cloud Logging using Fluent Bit | `bool` | `false` | no | | [google\_monitoring\_enabled](#input\_google\_monitoring\_enabled) | Enable Google Cloud Monitoring | `bool` | `true` | no | -| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | +| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | | [iap\_backend\_security\_policy](#input\_iap\_backend\_security\_policy) | Name of the security policy to apply to the IAP backend service | `string` | `null` | no | | [image](#input\_image) | Docker image. This is most often a reference to a container located in a container registry | `string` | `"ghcr.io/runatlantis/atlantis:latest"` | no | | [labels](#input\_labels) | Key-value pairs representing labels attaching to instance & instance template | `map(any)` | `{}` | no | @@ -256,9 +256,9 @@ You can check the status of the certificate in the Google Cloud Console. | [persistent\_disk\_type](#input\_persistent\_disk\_type) | The type of persistent disk that Atlantis uses to store its data on | `string` | `"pd-ssd"` | no | | [project](#input\_project) | The ID of the project in which the resource belongs | `string` | `null` | no | | [region](#input\_region) | The region that resources should be created in | `string` | n/a | yes | -| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | -| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | -| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | +| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | +| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | +| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | | [spot\_machine\_enabled](#input\_spot\_machine\_enabled) | A Spot VM is discounted Compute Engine capacity that may be preemptively stopped or deleted by Compute Engine if the capacity is needed | `bool` | `false` | no | | [ssl\_policy](#input\_ssl\_policy) | The SSL policy name that the certificate must follow | `string` | `null` | no | | [startup\_script](#input\_startup\_script) | A startup script that runs during the boot cycle when you first launch an instance | `string` | `null` | no | From 7657cd5264738aaecdc54f6cdb5c10ffbef786b6 Mon Sep 17 00:00:00 2001 From: David Costa Date: Mon, 11 Nov 2024 17:03:42 +0000 Subject: [PATCH 12/12] chore: fix terraform docs behavior Signed-off-by: David Costa --- .github/workflows/ci.yaml | 2 +- .terraform-docs.yml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 .terraform-docs.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bb406ca..76962d0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -61,7 +61,7 @@ jobs: echo '### Please run terraform-docs locally and commit the changes:' >> $GITHUB_STEP_SUMMARY echo '' >> $GITHUB_STEP_SUMMARY echo '```sh' >> $GITHUB_STEP_SUMMARY - echo 'docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs:0.17.0 markdown --output-file README.md --output-mode inject /terraform-docs' >> $GITHUB_STEP_SUMMARY + echo 'docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs markdown --output-file README.md --output-mode inject /terraform-docs' >> $GITHUB_STEP_SUMMARY echo 'git add README.md' >> $GITHUB_STEP_SUMMARY echo 'git commit --amend --no-edit' >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..e5a1d09 --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,5 @@ +settings: + # https://github.com/terraform-docs/gh-actions/issues/98 + # Since we do not commit the lockfile, it has no effect in gh workflows. + # Changes local runs to match the gh workflow behavior. + lockfile: false