From 04372a231f125569bf58d1f0aeb143164403bba7 Mon Sep 17 00:00:00 2001 From: Dimitris Moraitidis Date: Thu, 18 Apr 2024 11:15:55 +0200 Subject: [PATCH 01/16] add machine_type example add cos_image_name to container module, by only using the last element of the string tf fmt tf fmt fix ran terraform-docs --- README.md | 2 +- main.tf | 2 ++ variables.tf | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2f4cbea..f784828 100644 --- a/README.md +++ b/README.md @@ -247,7 +247,7 @@ You can check the status of the certificate in the Google Cloud Console. | [iap\_backend\_security\_policy](#input\_iap\_backend\_security\_policy) | Name of the security policy to apply to the IAP backend service | `string` | `null` | no | | [image](#input\_image) | Docker image. This is most often a reference to a container located in a container registry | `string` | `"ghcr.io/runatlantis/atlantis:latest"` | no | | [labels](#input\_labels) | Key-value pairs representing labels attaching to instance & instance template | `map(any)` | `{}` | no | -| [machine\_image](#input\_machine\_image) | The machine image to create VMs with, if not specified, latest cos\_cloud/cos\_stable is used | `string` | `null` | no | +| [machine\_image](#input\_machine\_image) | The machine image to create VMs with, if not specified, latest cos\_cloud/cos\_stable is used. To pin to one, use the following format: projects/cos-cloud/global/images/cos-stable-109-17800-147-54 | `string` | `null` | no | | [machine\_type](#input\_machine\_type) | The machine type to run Atlantis on | `string` | `"n2-standard-2"` | no | | [name](#input\_name) | Custom name that's used during resource creation | `string` | n/a | yes | | [network](#input\_network) | Name of the network | `string` | n/a | yes | diff --git a/main.tf b/main.tf index ea25b07..1a64a74 100644 --- a/main.tf +++ b/main.tf @@ -81,6 +81,8 @@ module "container" { source = "terraform-google-modules/container-vm/google" version = "3.1.1" + cos_image_name = element(split("/", var.machine_image), length(split("/", var.machine_image)) - 1) + container = { image = var.image securityContext = { diff --git a/variables.tf b/variables.tf index 1ec7677..00ae469 100644 --- a/variables.tf +++ b/variables.tf @@ -25,7 +25,7 @@ variable "zone" { variable "machine_image" { type = string - description = "The machine image to create VMs with, if not specified, latest cos_cloud/cos_stable is used" + description = "The machine image to create VMs with, if not specified, latest cos_cloud/cos_stable is used. To pin to one, use the following format: projects/cos-cloud/global/images/cos-stable-109-17800-147-54" default = null } From ea2a22abd3d68eef236d69cd36f60a07350ee0e0 Mon Sep 17 00:00:00 2001 From: Dimitris Moraitidis Date: Sun, 21 Apr 2024 12:21:29 +0200 Subject: [PATCH 02/16] fix null case for machine_image --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 1a64a74..14455b8 100644 --- a/main.tf +++ b/main.tf @@ -81,7 +81,7 @@ module "container" { source = "terraform-google-modules/container-vm/google" version = "3.1.1" - cos_image_name = element(split("/", var.machine_image), length(split("/", var.machine_image)) - 1) + cos_image_name = var.machine_image != null ? element(split("/", var.machine_image), length(split("/", var.machine_image)) - 1) : null container = { image = var.image From 74bee1b6cd5e5cfb98465cb65b7276f842d34850 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 22:01:55 +0000 Subject: [PATCH 03/16] chore(deps): update terraform-docs/gh-actions action to v1.2.2 Signed-off-by: dimisjim --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 789538e..fc403b1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: framework: terraform # Terraform-docs - - uses: terraform-docs/gh-actions@v1.2.0 + - uses: terraform-docs/gh-actions@v1.2.2 id: terraform-docs with: working-dir: . From c03fb2c4498a4ad059b3b948ce949fcb5dfb4724 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 14 Sep 2024 02:16:05 +0000 Subject: [PATCH 04/16] chore(deps): update planetscale/ghcommit-action action to v0.1.45 Signed-off-by: dimisjim --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fc403b1..7c7b125 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,7 +43,7 @@ jobs: git-push: 'false' # Push Terraform-docs changes - - uses: planetscale/ghcommit-action@v0.1.44 + - uses: planetscale/ghcommit-action@v0.1.45 # Run this step even if previous steps fails (there are changes to commit) # but skip when on forks if: ${{ !cancelled() && github.repository_owner == 'runatlantis' }} From 8f5c68454478695791193f5fa0f228bcb8b7ba15 Mon Sep 17 00:00:00 2001 From: fossabot Date: Mon, 16 Sep 2024 12:14:28 -0600 Subject: [PATCH 05/16] Add license scan report and status Signed off by: fossabot Signed-off-by: dimisjim --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b5bf8aa..817644f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # Atlantis on Google Compute Engine ![Header](./static/banner.png) +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis?ref=badge_shield) This Terraform module deploys various resources to run Atlantis on Google Compute Engine. @@ -275,4 +276,7 @@ You can check the status of the certificate in the Google Cloud Console. | [ip\_address](#output\_ip\_address) | The IPv4 address of the load balancer | | [managed\_ssl\_certificate\_certificate\_id](#output\_managed\_ssl\_certificate\_certificate\_id) | The unique identifier of the Google Managed SSL certificate | | [managed\_ssl\_certificate\_expire\_time](#output\_managed\_ssl\_certificate\_expire\_time) | Expire time of the Google Managed SSL certificate | - \ No newline at end of file + + +## License +[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Frunatlantis%2Fterraform-gce-atlantis?ref=badge_large) \ No newline at end of file From 5e2c069c95c7d844f98f5ec2a7c41700b4e138d6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 13:45:31 +0000 Subject: [PATCH 06/16] chore(deps): update planetscale/ghcommit-action action to v0.1.47 Signed-off-by: dimisjim --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7c7b125..701364a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,7 +43,7 @@ jobs: git-push: 'false' # Push Terraform-docs changes - - uses: planetscale/ghcommit-action@v0.1.45 + - uses: planetscale/ghcommit-action@v0.1.47 # Run this step even if previous steps fails (there are changes to commit) # but skip when on forks if: ${{ !cancelled() && github.repository_owner == 'runatlantis' }} From 2f2525b23446418f3280315a3fcd4b7861b3dd29 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 21:04:17 +0000 Subject: [PATCH 07/16] chore(deps): update planetscale/ghcommit-action action to v0.2.0 Signed-off-by: dimisjim --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 701364a..84fc8d9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,7 +43,7 @@ jobs: git-push: 'false' # Push Terraform-docs changes - - uses: planetscale/ghcommit-action@v0.1.47 + - uses: planetscale/ghcommit-action@v0.2.0 # Run this step even if previous steps fails (there are changes to commit) # but skip when on forks if: ${{ !cancelled() && github.repository_owner == 'runatlantis' }} From bbf41a9b82b5ebf447e9da005081a97d39008e72 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 13:20:08 +0000 Subject: [PATCH 08/16] chore(deps): update terraform-docs/gh-actions action to v1.3.0 Signed-off-by: dimisjim --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 84fc8d9..bb406ca 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: framework: terraform # Terraform-docs - - uses: terraform-docs/gh-actions@v1.2.2 + - uses: terraform-docs/gh-actions@v1.3.0 id: terraform-docs with: working-dir: . From d29525ad459aebe087330602c93429376bd8bf5d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 13:20:44 +0000 Subject: [PATCH 09/16] terraform-docs: automated action Signed-off-by: dimisjim --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 817644f..0870ada 100644 --- a/README.md +++ b/README.md @@ -245,7 +245,7 @@ You can check the status of the certificate in the Google Cloud Console. | [google\_logging\_enabled](#input\_google\_logging\_enabled) | Enable Google Cloud Logging | `bool` | `true` | no | | [google\_logging\_use\_fluentbit](#input\_google\_logging\_use\_fluentbit) | Enable Google Cloud Logging using Fluent Bit | `bool` | `false` | no | | [google\_monitoring\_enabled](#input\_google\_monitoring\_enabled) | Enable Google Cloud Monitoring | `bool` | `true` | no | -| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | +| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | | [iap\_backend\_security\_policy](#input\_iap\_backend\_security\_policy) | Name of the security policy to apply to the IAP backend service | `string` | `null` | no | | [image](#input\_image) | Docker image. This is most often a reference to a container located in a container registry | `string` | `"ghcr.io/runatlantis/atlantis:latest"` | no | | [labels](#input\_labels) | Key-value pairs representing labels attaching to instance & instance template | `map(any)` | `{}` | no | @@ -257,9 +257,9 @@ You can check the status of the certificate in the Google Cloud Console. | [persistent\_disk\_type](#input\_persistent\_disk\_type) | The type of persistent disk that Atlantis uses to store its data on | `string` | `"pd-ssd"` | no | | [project](#input\_project) | The ID of the project in which the resource belongs | `string` | `null` | no | | [region](#input\_region) | The region that resources should be created in | `string` | n/a | yes | -| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | -| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | -| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | +| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | +| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | +| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | | [spot\_machine\_enabled](#input\_spot\_machine\_enabled) | A Spot VM is discounted Compute Engine capacity that may be preemptively stopped or deleted by Compute Engine if the capacity is needed | `bool` | `false` | no | | [ssl\_policy](#input\_ssl\_policy) | The SSL policy name that the certificate must follow | `string` | `null` | no | | [startup\_script](#input\_startup\_script) | A startup script that runs during the boot cycle when you first launch an instance | `string` | `null` | no | From b8b0852df81ff481888e4f02287e32aa636d6707 Mon Sep 17 00:00:00 2001 From: cblkwell Date: Fri, 1 Nov 2024 13:45:54 -0500 Subject: [PATCH 10/16] Loosen module version requirements for container-vm Signed-off-by: cblkwell --- README.md | 10 +++++----- main.tf | 3 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0870ada..b31192c 100644 --- a/README.md +++ b/README.md @@ -196,16 +196,16 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Version | |------|---------| -| [cloudinit](#provider\_cloudinit) | >=2.2.0 | -| [google](#provider\_google) | >=4.79.0 | -| [google-beta](#provider\_google-beta) | >=4.79.0 | -| [random](#provider\_random) | >=3.4.3 | +| [cloudinit](#provider\_cloudinit) | 2.3.3 | +| [google](#provider\_google) | 4.84.0 | +| [google-beta](#provider\_google-beta) | 5.8.0 | +| [random](#provider\_random) | 3.6.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [container](#module\_container) | terraform-google-modules/container-vm/google | 3.1.1 | +| [container](#module\_container) | terraform-google-modules/container-vm/google | ~> 3.2 | ## Resources diff --git a/main.tf b/main.tf index de0762b..605a805 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,5 @@ locals { + # The default port that Atlantis runs on is 4141, we default to this. atlantis_port = lookup(var.env_vars, "ATLANTIS_PORT", 4141) # Atlantis' home directory is "/home/atlantis", we default to this. @@ -79,7 +80,7 @@ data "cloudinit_config" "config" { module "container" { source = "terraform-google-modules/container-vm/google" - version = "3.1.1" + version = "~> 3.2" cos_image_name = var.machine_image != null ? element(split("/", var.machine_image), length(split("/", var.machine_image)) - 1) : null From 4bd6019fd7947663e2b8d72c1b15681b0c81d07c Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 08:42:40 -0600 Subject: [PATCH 11/16] Fixing README Signed-off-by: cblkwell Signed-off-by: dimisjim --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b31192c..584f79b 100644 --- a/README.md +++ b/README.md @@ -196,10 +196,10 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Version | |------|---------| -| [cloudinit](#provider\_cloudinit) | 2.3.3 | -| [google](#provider\_google) | 4.84.0 | -| [google-beta](#provider\_google-beta) | 5.8.0 | -| [random](#provider\_random) | 3.6.0 | +| [cloudinit](#provider\_cloudinit) | >=2.2.0 | +| [google](#provider\_google) | >=4.79.0 | +| [google-beta](#provider\_google-beta) | >=4.79.0 | +| [random](#provider\_random) | >=3.4.3 | ## Modules From fcbf8438d402b38b76792454da6f95dda7726637 Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 08:54:10 -0600 Subject: [PATCH 12/16] Adding enabled = true for iap backend Signed-off-by: cblkwell Signed-off-by: dimisjim --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 605a805..ec10df2 100644 --- a/main.tf +++ b/main.tf @@ -347,6 +347,7 @@ resource "google_compute_backend_service" "iap" { } iap { + enabled = true oauth2_client_id = var.iap.oauth2_client_id oauth2_client_secret = var.iap.oauth2_client_secret } From 877024b367a67286fcbf5a6090a47202495ed235 Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 08:58:14 -0600 Subject: [PATCH 13/16] Bumping version requirement due to iap enabled setting Signed-off-by: cblkwell Signed-off-by: dimisjim --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index d184637..b4d8a93 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">=4.79.0" + version = ">=6.9.0" } google-beta = { source = "hashicorp/google-beta" From 8eeb2eb929dc04810e9cf746e32fc86ad5e36a17 Mon Sep 17 00:00:00 2001 From: cblkwell Date: Mon, 4 Nov 2024 09:21:58 -0600 Subject: [PATCH 14/16] Fixing README Signed-off-by: cblkwell Signed-off-by: dimisjim --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 584f79b..74f600a 100644 --- a/README.md +++ b/README.md @@ -188,7 +188,7 @@ You can check the status of the certificate in the Google Cloud Console. |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | | [cloudinit](#requirement\_cloudinit) | >=2.2.0 | -| [google](#requirement\_google) | >=4.79.0 | +| [google](#requirement\_google) | >=6.9.0 | | [google-beta](#requirement\_google-beta) | >=4.79.0 | | [random](#requirement\_random) | >=3.4.3 | @@ -197,7 +197,7 @@ You can check the status of the certificate in the Google Cloud Console. | Name | Version | |------|---------| | [cloudinit](#provider\_cloudinit) | >=2.2.0 | -| [google](#provider\_google) | >=4.79.0 | +| [google](#provider\_google) | >=6.9.0 | | [google-beta](#provider\_google-beta) | >=4.79.0 | | [random](#provider\_random) | >=3.4.3 | From 0272b7f073539389c948499fb4ddbcee8e016bba Mon Sep 17 00:00:00 2001 From: cblkwell Date: Thu, 7 Nov 2024 08:39:53 -0600 Subject: [PATCH 15/16] Fixing README Signed-off-by: cblkwell Signed-off-by: dimisjim --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 74f600a..d03c194 100644 --- a/README.md +++ b/README.md @@ -245,7 +245,7 @@ You can check the status of the certificate in the Google Cloud Console. | [google\_logging\_enabled](#input\_google\_logging\_enabled) | Enable Google Cloud Logging | `bool` | `true` | no | | [google\_logging\_use\_fluentbit](#input\_google\_logging\_use\_fluentbit) | Enable Google Cloud Logging using Fluent Bit | `bool` | `false` | no | | [google\_monitoring\_enabled](#input\_google\_monitoring\_enabled) | Enable Google Cloud Monitoring | `bool` | `true` | no | -| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | +| [iap](#input\_iap) | Settings for enabling Cloud Identity Aware Proxy to protect the Atlantis UI | 
object({
    oauth2_client_id     = string
    oauth2_client_secret = string
  })
| `null` | no | | [iap\_backend\_security\_policy](#input\_iap\_backend\_security\_policy) | Name of the security policy to apply to the IAP backend service | `string` | `null` | no | | [image](#input\_image) | Docker image. This is most often a reference to a container located in a container registry | `string` | `"ghcr.io/runatlantis/atlantis:latest"` | no | | [labels](#input\_labels) | Key-value pairs representing labels attaching to instance & instance template | `map(any)` | `{}` | no | @@ -257,9 +257,9 @@ You can check the status of the certificate in the Google Cloud Console. | [persistent\_disk\_type](#input\_persistent\_disk\_type) | The type of persistent disk that Atlantis uses to store its data on | `string` | `"pd-ssd"` | no | | [project](#input\_project) | The ID of the project in which the resource belongs | `string` | `null` | no | | [region](#input\_region) | The region that resources should be created in | `string` | n/a | yes | -| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | -| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | -| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | +| [service\_account](#input\_service\_account) | Service account to attach to the instance running Atlantis | 
object({
    email  = string,
    scopes = list(string)
  })
| 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
| no | +| [shared\_vpc](#input\_shared\_vpc) | Whether to deploy within a shared VPC | 
object({
    host_project_id = string
  })
| `null` | no | +| [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM provides verifiable integrity to prevent against malware and rootkits | 
object({
    enable_integrity_monitoring = optional(bool)
    enable_vtpm                 = optional(bool)
    enable_secure_boot          = optional(bool)
  })
| 
{
  "enable_integrity_monitoring": true,
  "enable_secure_boot": true,
  "enable_vtpm": true
}
| no | | [spot\_machine\_enabled](#input\_spot\_machine\_enabled) | A Spot VM is discounted Compute Engine capacity that may be preemptively stopped or deleted by Compute Engine if the capacity is needed | `bool` | `false` | no | | [ssl\_policy](#input\_ssl\_policy) | The SSL policy name that the certificate must follow | `string` | `null` | no | | [startup\_script](#input\_startup\_script) | A startup script that runs during the boot cycle when you first launch an instance | `string` | `null` | no | From 2a869cfcab7a71ab169b8b85d57c837b73d917b1 Mon Sep 17 00:00:00 2001 From: David Costa Date: Mon, 11 Nov 2024 17:03:42 +0000 Subject: [PATCH 16/16] chore: fix terraform docs behavior Signed-off-by: David Costa Signed-off-by: dimisjim --- .github/workflows/ci.yaml | 2 +- .terraform-docs.yml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 .terraform-docs.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bb406ca..76962d0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -61,7 +61,7 @@ jobs: echo '### Please run terraform-docs locally and commit the changes:' >> $GITHUB_STEP_SUMMARY echo '' >> $GITHUB_STEP_SUMMARY echo '```sh' >> $GITHUB_STEP_SUMMARY - echo 'docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs:0.17.0 markdown --output-file README.md --output-mode inject /terraform-docs' >> $GITHUB_STEP_SUMMARY + echo 'docker run --rm --volume "$(pwd):/terraform-docs" -u $(id -u) quay.io/terraform-docs/terraform-docs markdown --output-file README.md --output-mode inject /terraform-docs' >> $GITHUB_STEP_SUMMARY echo 'git add README.md' >> $GITHUB_STEP_SUMMARY echo 'git commit --amend --no-edit' >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..e5a1d09 --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,5 @@ +settings: + # https://github.com/terraform-docs/gh-actions/issues/98 + # Since we do not commit the lockfile, it has no effect in gh workflows. + # Changes local runs to match the gh workflow behavior. + lockfile: false