Skip to content
This repository was archived by the owner on Apr 9, 2025. It is now read-only.

chore(deps): pin dependencies#74

Closed
ghost wants to merge 1 commit intomainfrom
renovate/pin-dependencies
Closed

chore(deps): pin dependencies#74
ghost wants to merge 1 commit intomainfrom
renovate/pin-dependencies

Conversation

@ghost
Copy link
Copy Markdown

@ghost ghost commented Apr 8, 2025

This PR contains the following updates:

Package Type Update Change
actions/checkout action pinDigest -> 11bd719
actions/github-script action pinDigest -> 60a0d83
bcoe/conventional-release-labels action pinDigest -> 886f696
github/codeql-action action pinDigest -> 45775bd
hashicorp/setup-terraform action pinDigest -> b9cd54a
wagoid/commitlint-github-action action pinDigest -> b948419

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@ghost ghost requested a review from argoyle as a code owner April 8, 2025 12:09
@ghost ghost added the dependencies Pull requests that update a dependency file label Apr 8, 2025
@ghost ghost requested a review from peter-svensson as a code owner April 8, 2025 12:09
@peter-svensson
Copy link
Copy Markdown
Member

peter-svensson commented Apr 8, 2025

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 

terraform
module.terraform-aws-aurora-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-postgresql]
module.terraform-aws-kops-state-store.github_repository.repo: Refreshing state... [id=terraform-aws-kops-state-store]
module.terraform-aws-k8s-argocd-cluster-secret.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-argocd-cluster-secret]
module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-secrets-operator]
module.terraform-aws-k8s-network.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-network]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-cluster-autoscaler]
module.terraform-cloudamqp-rabbitmq.github_repository.repo: Refreshing state... [id=terraform-cloudamqp-rabbitmq]
module.terraform-aws-k8s-addons-github-runners.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-github-runners]
module.terraform-aws-rds-instance-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-mysql]
module.template.github_repository.repo: Refreshing state... [id=tf-template]
module.terraform-aws-k8s-addons-external-dns.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-dns]
module.terraform-aws-dns-validated-certificate.github_repository.repo: Refreshing state... [id=terraform-aws-dns-validated-certificate]
module.terraform-aws-k8s.github_repository.repo: Refreshing state... [id=terraform-aws-k8s]
module.terraform-aws-aurora-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-mysql]
module.terraform-aws-elasticache-redis.github_repository.repo: Refreshing state... [id=terraform-aws-elasticache-redis]
module.terraform-aws-k8s-addons-argocd.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-argocd]
module.terraform-aws-rds-instance-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-postgresql]
module.terraform-aws-k8s-addons-fluentbit.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-fluentbit]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-grafana-agent-operator]
module.terraform-aws-kops-state-store.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvdvs4Bycx5]
module.terraform-aws-k8s-argocd-cluster-secret.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGmRzyc4Bycx3]
module.terraform-aws-k8s-network.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGEz1n84Bycx1]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIBlhgc4BycvB]
module.terraform-aws-aurora-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvXJc4Byb8x]
module.terraform-aws-rds-instance-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzCK84Bycx-]
module.terraform-aws-k8s-addons-external-secrets-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGng-n84Bycu4]
module.terraform-cloudamqp-rabbitmq.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGkwzzs4Byc2F]
module.terraform-aws-k8s-addons-github-runners.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN7J-s4Bycvo]
module.template.github_repository_file.examples: Refreshing state... [id=tf-template/examples/.gitkeep]
module.template.github_repository_file.files[".gitignore"]: Refreshing state... [id=tf-template/.gitignore]
module.template.github_repository_file.files["CODEOWNERS"]: Refreshing state... [id=tf-template/CODEOWNERS]
module.template.github_repository_file.files["Makefile"]: Refreshing state... [id=tf-template/Makefile]
module.template.github_repository_file.github[".github/dependabot.yml"]: Refreshing state... [id=tf-template/.github/dependabot.yml]
module.template.github_repository_file.github[".github/workflows/build.yml"]: Refreshing state... [id=tf-template/.github/workflows/build.yml]
module.template.github_repository_file.github[".github/workflows/commitlint.yaml"]: Refreshing state... [id=tf-template/.github/workflows/commitlint.yaml]
module.template.github_repository_file.github[".github/workflows/terrascan.yaml"]: Refreshing state... [id=tf-template/.github/workflows/terrascan.yaml]
module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"]: Refreshing state... [id=tf-template/.github/workflows/conventional-labels.yaml]
module.template.github_repository_file.github[".github/release.yml"]: Refreshing state... [id=tf-template/.github/release.yml]
module.template.github_repository_file.github[".github/commitlint.config.js"]: Refreshing state... [id=tf-template/.github/commitlint.config.js]
module.template.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPw-ls4ByDD8]
module.terraform-aws-k8s-addons-external-dns.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGXoYjM4Bycu_]
module.terraform-aws-dns-validated-certificate.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGNsNLM4Byb86]
module.terraform-aws-k8s.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGDcMAs4BycuE]
module.terraform-aws-aurora-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMveJs4Byb9g]
module.terraform-aws-elasticache-redis.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN1cCc4Byctu]
module.terraform-aws-k8s-addons-argocd.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN5IuM4Bycts]
module.terraform-aws-rds-instance-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzETs4Bycx_]
module.terraform-aws-k8s-addons-fluentbit.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGfsb-s4Bycvj]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOHIT5w84BycwF]
module.example.github_repository.repo: Refreshing state... [id=example]
module.example.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPxQ984ByDG5]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # module.example.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      + description                 = "some text"
      - has_discussions             = true -> null
        id                          = "example"
        name                        = "example"
      ~ web_commit_signoff_required = true -> false
        # (31 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # module.template.github_repository_file.github[".github/commitlint.config.mjs"] will be created
  + resource "github_repository_file" "github" {
      + autocreate_branch_source_sha = (known after apply)
      + branch                       = "main"
      + commit_author                = "CI"
      + commit_email                 = "ci@opzkit.io"
      + commit_message               = "chore: update .github/commitlint.config.mjs"
      + commit_sha                   = (known after apply)
      + content                      = <<-EOT
            export default {
              extends: ['@commitlint/config-conventional'],
              /*
               * Any rules defined here will override rules from @commitlint/config-conventional
               */
              rules: {
                'body-max-line-length': [2, 'always', 200],
              },
            };
        EOT
      + file                         = ".github/commitlint.config.mjs"
      + id                           = (known after apply)
      + overwrite_on_create          = true
      + ref                          = (known after apply)
      + repository                   = "tf-template"
      + sha                          = (known after apply)
    }

  # module.template.github_repository_file.github[".github/dependabot.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/dependabot.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/release.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/release.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/build.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            name: Build
            
            on: [ push, workflow_dispatch ]
            
            jobs:
              examples:
                runs-on: ubuntu-latest
                strategy:
                  fail-fast: false
                  matrix:
                    os: [ ubuntu-latest ]
                    tf-version: [ 1.1.9, 1.2.9, 1.3.2 ]
                steps:
                  - name: Install terraform v${{ matrix.tf-version }}
                    run: |
                      curl -LO https://releases.hashicorp.com/terraform/${{ matrix.tf-version }}/terraform_${{ matrix.tf-version }}_linux_amd64.zip
                      unzip terraform_${{ matrix.tf-version }}_linux_amd64.zip
                      sudo mv terraform /usr/local/bin
                      rm *
                  - name: Checkout code
          -         uses: actions/checkout@v4
          +         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
                  - name: Validate examples terraform v${{ matrix.tf-version }}
                    run: make examples
              build:
                needs: [examples]
                runs-on: ubuntu-latest
                steps:
                  - run: echo "OK"
        EOT
        id                  = "tf-template/.github/workflows/build.yml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/commitlint.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            name: Lint Commit Messages
            
            on: [pull_request]
            
            jobs:
              commitlint:
                runs-on: ubuntu-latest
                steps:
          -       - uses: actions/checkout@v4
          +       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
                    with:
                      fetch-depth: 0
          -       - uses: wagoid/commitlint-github-action@v6
          +       - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6
                    with:
                      configFile: "./.github/commitlint.config.mjs"
        EOT
        id                  = "tf-template/.github/workflows/commitlint.yaml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            on:
              pull_request_target:
                types: [ opened, edited ]
            name: conventional-release-labels
            jobs:
              label:
                runs-on: ubuntu-latest
                steps:
          -       - uses: bcoe/conventional-release-labels@v1
          +       - uses: bcoe/conventional-release-labels@886f696738527c7be444262c327c89436dfb95a8 # v1
                    with:
                      type_labels: '{"feat": "feature", "fix": "bug", "breaking": "breaking"}'
                      ignored_types: '[]'
        EOT
        id                  = "tf-template/.github/workflows/conventional-labels.yaml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/terrascan.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            name: Terrascan
            on: [ pull_request ]
            # https://github.com/marketplace/actions/terrascan-iac-scanner
            jobs:
              terrascan:
                runs-on: ubuntu-latest
                name: terrascan
                steps:
                  - name: Checkout repository
          -         uses: actions/checkout@v4
          +         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
                  - name: Run Terrascan
                    id: terrascan
                    uses: tenable/terrascan-action@main
                    with:
                      iac_type: 'terraform'
                      iac_version: 'v14'
                      policy_type: 'aws'
                      only_warn: true
                      sarif_upload: true
                      non_recursive: true
                      #iac_dir:
                      #policy_path:
                      #skip_rules:
                      #config_path:
                      #webhook_url:
                      #webhook_token:
                  - name: Upload SARIF file
          -         uses: github/codeql-action/upload-sarif@v3
          +         uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3
                    with:
                      sarif_file: terrascan.sarif
        EOT
        id                  = "tf-template/.github/workflows/terrascan.yaml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.terraform-aws-aurora-mysql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-aurora-mysql"
        name                        = "terraform-aws-aurora-mysql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-aurora-postgresql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvXJQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-dns-validated-certificate.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-dns-validated-certificate"
        name                        = "terraform-aws-dns-validated-certificate"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-elasticache-redis.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-elasticache-redis"
        name                        = "terraform-aws-elasticache-redis"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      + description                 = "Module for creating Kubernetes clusters using kOps"
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s"
        name                        = "terraform-aws-k8s"
      ~ web_commit_signoff_required = true -> false
        # (31 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-argocd.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-argocd"
        name                        = "terraform-aws-k8s-addons-argocd"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-cluster-autoscaler.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-cluster-autoscaler"
        name                        = "terraform-aws-k8s-addons-cluster-autoscaler"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-dns.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-external-dns"
        name                        = "terraform-aws-k8s-addons-external-dns"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-external-secrets-operator"
        name                        = "terraform-aws-k8s-addons-external-secrets-operator"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-fluentbit.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-fluentbit"
        name                        = "terraform-aws-k8s-addons-fluentbit"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-github-runners.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-github-runners"
        name                        = "terraform-aws-k8s-addons-github-runners"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-grafana-agent-operator"
        name                        = "terraform-aws-k8s-addons-grafana-agent-operator"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-network.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "MDEwOlJlcG9zaXRvcnk0MDc2OTY3OTk="
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-network.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-network"
        name                        = "terraform-aws-k8s-network"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-kops-state-store.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvdvg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-kops-state-store.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-kops-state-store"
        name                        = "terraform-aws-kops-state-store"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-rds-instance-mysql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-rds-instance-mysql"
        name                        = "terraform-aws-rds-instance-mysql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-rds-instance-postgresql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-rds-instance-postgresql"
        name                        = "terraform-aws-rds-instance-postgresql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-cloudamqp-rabbitmq.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-cloudamqp-rabbitmq"
        name                        = "terraform-cloudamqp-rabbitmq"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 4 to add, 23 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @opzkit-renovate[bot], Action: pull_request, Working Directory: ``, Workflow: Terraform

@ghost ghost force-pushed the renovate/pin-dependencies branch from 94b3de6 to bca7b47 Compare April 8, 2025 16:04
@peter-svensson
Copy link
Copy Markdown
Member

peter-svensson commented Apr 8, 2025

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 

terraform
module.terraform-aws-rds-instance-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-postgresql]
module.terraform-aws-elasticache-redis.github_repository.repo: Refreshing state... [id=terraform-aws-elasticache-redis]
module.terraform-aws-aurora-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-mysql]
module.terraform-aws-rds-instance-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-mysql]
module.terraform-cloudamqp-rabbitmq.github_repository.repo: Refreshing state... [id=terraform-cloudamqp-rabbitmq]
module.terraform-aws-k8s-addons-external-dns.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-dns]
module.terraform-aws-k8s-argocd-cluster-secret.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-argocd-cluster-secret]
module.terraform-aws-k8s-addons-fluentbit.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-fluentbit]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-cluster-autoscaler]
module.terraform-aws-dns-validated-certificate.github_repository.repo: Refreshing state... [id=terraform-aws-dns-validated-certificate]
module.terraform-aws-k8s-network.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-network]
module.terraform-aws-k8s-addons-argocd.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-argocd]
module.template.github_repository.repo: Refreshing state... [id=tf-template]
module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-secrets-operator]
module.terraform-aws-k8s.github_repository.repo: Refreshing state... [id=terraform-aws-k8s]
module.terraform-aws-aurora-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-postgresql]
module.terraform-aws-kops-state-store.github_repository.repo: Refreshing state... [id=terraform-aws-kops-state-store]
module.terraform-aws-k8s-addons-github-runners.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-github-runners]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-grafana-agent-operator]
module.terraform-aws-aurora-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMveJs4Byb9g]
module.terraform-cloudamqp-rabbitmq.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGkwzzs4Byc2F]
module.terraform-aws-rds-instance-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzETs4Bycx_]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIBlhgc4BycvB]
module.terraform-aws-dns-validated-certificate.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGNsNLM4Byb86]
module.terraform-aws-elasticache-redis.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN1cCc4Byctu]
module.terraform-aws-k8s-addons-fluentbit.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGfsb-s4Bycvj]
module.terraform-aws-k8s-addons-external-dns.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGXoYjM4Bycu_]
module.terraform-aws-k8s-argocd-cluster-secret.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGmRzyc4Bycx3]
module.terraform-aws-rds-instance-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzCK84Bycx-]
module.terraform-aws-k8s-network.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGEz1n84Bycx1]
module.terraform-aws-k8s-addons-argocd.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN5IuM4Bycts]
module.template.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPw-ls4ByDD8]
module.template.github_repository_file.examples: Refreshing state... [id=tf-template/examples/.gitkeep]
module.template.github_repository_file.files[".gitignore"]: Refreshing state... [id=tf-template/.gitignore]
module.template.github_repository_file.files["CODEOWNERS"]: Refreshing state... [id=tf-template/CODEOWNERS]
module.template.github_repository_file.files["Makefile"]: Refreshing state... [id=tf-template/Makefile]
module.template.github_repository_file.github[".github/dependabot.yml"]: Refreshing state... [id=tf-template/.github/dependabot.yml]
module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"]: Refreshing state... [id=tf-template/.github/workflows/conventional-labels.yaml]
module.template.github_repository_file.github[".github/commitlint.config.js"]: Refreshing state... [id=tf-template/.github/commitlint.config.js]
module.template.github_repository_file.github[".github/release.yml"]: Refreshing state... [id=tf-template/.github/release.yml]
module.template.github_repository_file.github[".github/workflows/build.yml"]: Refreshing state... [id=tf-template/.github/workflows/build.yml]
module.template.github_repository_file.github[".github/workflows/commitlint.yaml"]: Refreshing state... [id=tf-template/.github/workflows/commitlint.yaml]
module.template.github_repository_file.github[".github/workflows/terrascan.yaml"]: Refreshing state... [id=tf-template/.github/workflows/terrascan.yaml]
module.terraform-aws-k8s-addons-external-secrets-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGng-n84Bycu4]
module.terraform-aws-k8s.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGDcMAs4BycuE]
module.terraform-aws-aurora-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvXJc4Byb8x]
module.terraform-aws-kops-state-store.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvdvs4Bycx5]
module.terraform-aws-k8s-addons-github-runners.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN7J-s4Bycvo]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOHIT5w84BycwF]
module.example.github_repository.repo: Refreshing state... [id=example]
module.example.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPxQ984ByDG5]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # module.example.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      + description                 = "some text"
      - has_discussions             = true -> null
        id                          = "example"
        name                        = "example"
      ~ web_commit_signoff_required = true -> false
        # (31 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # module.template.github_repository_file.github[".github/commitlint.config.mjs"] will be created
  + resource "github_repository_file" "github" {
      + autocreate_branch_source_sha = (known after apply)
      + branch                       = "main"
      + commit_author                = "CI"
      + commit_email                 = "ci@opzkit.io"
      + commit_message               = "chore: update .github/commitlint.config.mjs"
      + commit_sha                   = (known after apply)
      + content                      = <<-EOT
            export default {
              extends: ['@commitlint/config-conventional'],
              /*
               * Any rules defined here will override rules from @commitlint/config-conventional
               */
              rules: {
                'body-max-line-length': [2, 'always', 200],
              },
            };
        EOT
      + file                         = ".github/commitlint.config.mjs"
      + id                           = (known after apply)
      + overwrite_on_create          = true
      + ref                          = (known after apply)
      + repository                   = "tf-template"
      + sha                          = (known after apply)
    }

  # module.template.github_repository_file.github[".github/dependabot.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/dependabot.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/release.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/release.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/build.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            name: Build
            
            on: [ push, workflow_dispatch ]
            
            jobs:
              examples:
                runs-on: ubuntu-latest
                strategy:
                  fail-fast: false
                  matrix:
                    os: [ ubuntu-latest ]
                    tf-version: [ 1.1.9, 1.2.9, 1.3.2 ]
                steps:
                  - name: Install terraform v${{ matrix.tf-version }}
                    run: |
                      curl -LO https://releases.hashicorp.com/terraform/${{ matrix.tf-version }}/terraform_${{ matrix.tf-version }}_linux_amd64.zip
                      unzip terraform_${{ matrix.tf-version }}_linux_amd64.zip
                      sudo mv terraform /usr/local/bin
                      rm *
                  - name: Checkout code
          -         uses: actions/checkout@v4
          +         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
                  - name: Validate examples terraform v${{ matrix.tf-version }}
                    run: make examples
              build:
                needs: [examples]
                runs-on: ubuntu-latest
                steps:
                  - run: echo "OK"
        EOT
        id                  = "tf-template/.github/workflows/build.yml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/commitlint.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            name: Lint Commit Messages
            
            on: [pull_request]
            
            jobs:
              commitlint:
                runs-on: ubuntu-latest
                steps:
          -       - uses: actions/checkout@v4
          +       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
                    with:
                      fetch-depth: 0
          -       - uses: wagoid/commitlint-github-action@v6
          +       - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6
                    with:
                      configFile: "./.github/commitlint.config.mjs"
        EOT
        id                  = "tf-template/.github/workflows/commitlint.yaml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            on:
              pull_request_target:
                types: [ opened, edited ]
            name: conventional-release-labels
            jobs:
              label:
                runs-on: ubuntu-latest
                steps:
          -       - uses: bcoe/conventional-release-labels@v1
          +       - uses: bcoe/conventional-release-labels@886f696738527c7be444262c327c89436dfb95a8 # v1
                    with:
                      type_labels: '{"feat": "feature", "fix": "bug", "breaking": "breaking"}'
                      ignored_types: '[]'
        EOT
        id                  = "tf-template/.github/workflows/conventional-labels.yaml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/terrascan.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            name: Terrascan
            on: [ pull_request ]
            # https://github.com/marketplace/actions/terrascan-iac-scanner
            jobs:
              terrascan:
                runs-on: ubuntu-latest
                name: terrascan
                steps:
                  - name: Checkout repository
          -         uses: actions/checkout@v4
          +         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
                  - name: Run Terrascan
                    id: terrascan
                    uses: tenable/terrascan-action@main
                    with:
                      iac_type: 'terraform'
                      iac_version: 'v14'
                      policy_type: 'aws'
                      only_warn: true
                      sarif_upload: true
                      non_recursive: true
                      #iac_dir:
                      #policy_path:
                      #skip_rules:
                      #config_path:
                      #webhook_url:
                      #webhook_token:
                  - name: Upload SARIF file
          -         uses: github/codeql-action/upload-sarif@v3
          +         uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3
                    with:
                      sarif_file: terrascan.sarif
        EOT
        id                  = "tf-template/.github/workflows/terrascan.yaml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.terraform-aws-aurora-mysql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMveJg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-aurora-mysql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-aurora-mysql"
        name                        = "terraform-aws-aurora-mysql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-aurora-postgresql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvXJQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-dns-validated-certificate.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGNsNLA"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-dns-validated-certificate.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-dns-validated-certificate"
        name                        = "terraform-aws-dns-validated-certificate"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-elasticache-redis.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGN1cCQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-elasticache-redis.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-elasticache-redis"
        name                        = "terraform-aws-elasticache-redis"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "MDEwOlJlcG9zaXRvcnk0MDYyNjA3Mzg="
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      + description                 = "Module for creating Kubernetes clusters using kOps"
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s"
        name                        = "terraform-aws-k8s"
      ~ web_commit_signoff_required = true -> false
        # (31 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-argocd.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGN5IuA"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-argocd.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-argocd"
        name                        = "terraform-aws-k8s-addons-argocd"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-cluster-autoscaler.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOIBlhgQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-cluster-autoscaler.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-cluster-autoscaler"
        name                        = "terraform-aws-k8s-addons-cluster-autoscaler"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-dns.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGXoYjA"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-external-dns.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-external-dns"
        name                        = "terraform-aws-k8s-addons-external-dns"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-secrets-operator.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGng-nw"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-external-secrets-operator"
        name                        = "terraform-aws-k8s-addons-external-secrets-operator"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-fluentbit.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGfsb-g"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-fluentbit.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-fluentbit"
        name                        = "terraform-aws-k8s-addons-fluentbit"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-github-runners.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGN7J-g"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-github-runners.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-github-runners"
        name                        = "terraform-aws-k8s-addons-github-runners"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ archived                    = true -> false
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-grafana-agent-operator"
        name                        = "terraform-aws-k8s-addons-grafana-agent-operator"
      ~ vulnerability_alerts        = false -> true
      + web_commit_signoff_required = false
        # (33 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-network.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "MDEwOlJlcG9zaXRvcnk0MDc2OTY3OTk="
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-network.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-network"
        name                        = "terraform-aws-k8s-network"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-kops-state-store.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvdvg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-kops-state-store.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-kops-state-store"
        name                        = "terraform-aws-kops-state-store"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-rds-instance-mysql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGOzCKw"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-rds-instance-mysql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-rds-instance-mysql"
        name                        = "terraform-aws-rds-instance-mysql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-rds-instance-postgresql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGOzETg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-rds-instance-postgresql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-rds-instance-postgresql"
        name                        = "terraform-aws-rds-instance-postgresql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-cloudamqp-rabbitmq.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGkwzzg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-cloudamqp-rabbitmq.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-cloudamqp-rabbitmq"
        name                        = "terraform-cloudamqp-rabbitmq"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 17 to add, 23 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @opzkit-renovate[bot], Action: pull_request, Working Directory: ``, Workflow: Terraform

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@argoyle argoyle Awaiting requested review from argoyle argoyle is a code owner

@peter-svensson peter-svensson Awaiting requested review from peter-svensson peter-svensson is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peter-svensson