Skip to content
This repository was archived by the owner on Apr 9, 2025. It is now read-only.

chore: migrate CI workflows and configuration files#77

Closed
peter-svensson wants to merge 1 commit intomainfrom
add-pre-commit-configurations
Closed

chore: migrate CI workflows and configuration files#77
peter-svensson wants to merge 1 commit intomainfrom
add-pre-commit-configurations

Conversation

@peter-svensson
Copy link
Copy Markdown
Member

@peter-svensson peter-svensson commented Apr 9, 2025

Remove outdated GitHub Actions workflows for conventional release labels
and Terrascan. Add new release-please configuration for automated version
updates and changelog generation. Introduce Checkov configuration for
infrastructure as code scanning. Update commitlint action version for
improved functionality and stability.

@peter-svensson
chore: migrate CI workflows and configuration files
bfc160e 
Remove outdated GitHub Actions workflows for conventional release labels 
and Terrascan. Add new release-please configuration for automated version 
updates and changelog generation. Introduce Checkov configuration for 
infrastructure as code scanning. Update commitlint action version for 
improved functionality and stability.
@peter-svensson peter-svensson requested a review from argoyle as a code owner April 9, 2025 10:44
@peter-svensson peter-svensson enabled auto-merge (squash) April 9, 2025 10:44
@peter-svensson
Copy link
Copy Markdown
Member Author

peter-svensson commented Apr 9, 2025

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 

terraform
module.terraform-aws-elasticache-redis.github_repository.repo: Refreshing state... [id=terraform-aws-elasticache-redis]
module.terraform-aws-k8s-addons-argocd.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-argocd]
module.terraform-aws-k8s.github_repository.repo: Refreshing state... [id=terraform-aws-k8s]
module.terraform-aws-aurora-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-postgresql]
module.terraform-aws-k8s-network.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-network]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-grafana-agent-operator]
module.terraform-aws-rds-instance-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-mysql]
module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-secrets-operator]
module.terraform-cloudamqp-rabbitmq.github_repository.repo: Refreshing state... [id=terraform-cloudamqp-rabbitmq]
module.terraform-aws-k8s-argocd-cluster-secret.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-argocd-cluster-secret]
module.terraform-aws-kops-state-store.github_repository.repo: Refreshing state... [id=terraform-aws-kops-state-store]
module.terraform-aws-aurora-mysql.github_repository.repo: Refreshing state... [id=terraform-aws-aurora-mysql]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-cluster-autoscaler]
module.terraform-aws-k8s-addons-fluentbit.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-fluentbit]
module.terraform-aws-k8s-addons-github-runners.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-github-runners]
module.terraform-aws-rds-instance-postgresql.github_repository.repo: Refreshing state... [id=terraform-aws-rds-instance-postgresql]
module.terraform-aws-dns-validated-certificate.github_repository.repo: Refreshing state... [id=terraform-aws-dns-validated-certificate]
module.terraform-aws-k8s-addons-external-dns.github_repository.repo: Refreshing state... [id=terraform-aws-k8s-addons-external-dns]
module.template.github_repository.repo: Refreshing state... [id=tf-template]
module.terraform-aws-k8s.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGDcMAs4BycuE]
module.terraform-aws-k8s-addons-argocd.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN5IuM4Bycts]
module.terraform-aws-elasticache-redis.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN1cCc4Byctu]
module.terraform-aws-aurora-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvXJc4Byb8x]
module.terraform-aws-rds-instance-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzCK84Bycx-]
module.terraform-cloudamqp-rabbitmq.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGkwzzs4Byc2F]
module.terraform-aws-k8s-addons-external-secrets-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGng-n84Bycu4]
module.terraform-aws-k8s-network.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGEz1n84Bycx1]
module.terraform-aws-k8s-addons-grafana-agent-operator.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOHIT5w84BycwF]
module.terraform-aws-k8s-argocd-cluster-secret.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGmRzyc4Bycx3]
module.terraform-aws-kops-state-store.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMvdvs4Bycx5]
module.terraform-aws-aurora-mysql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGMveJs4Byb9g]
module.terraform-aws-k8s-addons-cluster-autoscaler.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIBlhgc4BycvB]
module.terraform-aws-k8s-addons-fluentbit.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGfsb-s4Bycvj]
module.terraform-aws-k8s-addons-github-runners.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGN7J-s4Bycvo]
module.terraform-aws-rds-instance-postgresql.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGOzETs4Bycx_]
module.terraform-aws-dns-validated-certificate.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGNsNLM4Byb86]
module.terraform-aws-k8s-addons-external-dns.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOGXoYjM4Bycu_]
module.template.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPw-ls4ByDD8]
module.template.github_repository_file.files["Makefile"]: Refreshing state... [id=tf-template/Makefile]
module.template.github_repository_file.files[".gitignore"]: Refreshing state... [id=tf-template/.gitignore]
module.template.github_repository_file.files["CODEOWNERS"]: Refreshing state... [id=tf-template/CODEOWNERS]
module.template.github_repository_file.examples: Refreshing state... [id=tf-template/examples/.gitkeep]
module.template.github_repository_file.github[".github/commitlint.config.js"]: Refreshing state... [id=tf-template/.github/commitlint.config.js]
module.template.github_repository_file.github[".github/workflows/build.yml"]: Refreshing state... [id=tf-template/.github/workflows/build.yml]
module.template.github_repository_file.github[".github/workflows/terrascan.yaml"]: Refreshing state... [id=tf-template/.github/workflows/terrascan.yaml]
module.template.github_repository_file.github[".github/release.yml"]: Refreshing state... [id=tf-template/.github/release.yml]
module.template.github_repository_file.github[".github/workflows/commitlint.yaml"]: Refreshing state... [id=tf-template/.github/workflows/commitlint.yaml]
module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"]: Refreshing state... [id=tf-template/.github/workflows/conventional-labels.yaml]
module.template.github_repository_file.github[".github/dependabot.yml"]: Refreshing state... [id=tf-template/.github/dependabot.yml]
module.example.github_repository.repo: Refreshing state... [id=example]
module.example.github_branch_protection.repo: Refreshing state... [id=BPR_kwDOIPxQ984ByDG5]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # module.example.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOIPxQ9w"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.example.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      + description                 = "some text"
      - has_discussions             = true -> null
        id                          = "example"
        name                        = "example"
      ~ web_commit_signoff_required = true -> false
        # (31 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # module.template.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOIPw-lg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "commitlint",
            ]
          + strict   = false
        }
    }

  # module.template.github_repository_file.github[".github/commitlint.config.mjs"] will be created
  + resource "github_repository_file" "github" {
      + autocreate_branch_source_sha = (known after apply)
      + branch                       = "main"
      + commit_author                = "CI"
      + commit_email                 = "ci@opzkit.io"
      + commit_message               = "chore: update .github/commitlint.config.mjs"
      + commit_sha                   = (known after apply)
      + content                      = <<-EOT
            export default {
              extends: ['@commitlint/config-conventional'],
              /*
               * Any rules defined here will override rules from @commitlint/config-conventional
               */
              rules: {
                'body-max-line-length': [2, 'always', 200],
              },
            };
        EOT
      + file                         = ".github/commitlint.config.mjs"
      + id                           = (known after apply)
      + overwrite_on_create          = true
      + ref                          = (known after apply)
      + repository                   = "tf-template"
      + sha                          = (known after apply)
    }

  # module.template.github_repository_file.github[".github/dependabot.yml"] will be destroyed
  # (because key [".github/dependabot.yml"] is not in for_each map)
  - resource "github_repository_file" "github" {
      - branch              = "main" -> null
      - commit_author       = "CI" -> null
      - commit_email        = "ci@opzkit.io" -> null
      - commit_message      = "chore: update .github/dependabot.yml" -> null
      - commit_sha          = "f453706fe3297f5810d3d3ea68be197562460659" -> null
      - content             = <<-EOT
            version: 2
            updates:
              - package-ecosystem: terraform
                directory: "/"
                schedule:
                  interval: "daily"
                open-pull-requests-limit: 10
            
              - package-ecosystem: terraform
                directory: "/examples"
                schedule:
                  interval: "daily"
                open-pull-requests-limit: 10
            
              - package-ecosystem: "github-actions"
                directory: "/"
                schedule:
                  interval: "daily"
                open-pull-requests-limit: 10
        EOT -> null
      - file                = ".github/dependabot.yml" -> null
      - id                  = "tf-template/.github/dependabot.yml" -> null
      - overwrite_on_create = false -> null
      - repository          = "tf-template" -> null
      - sha                 = "d1f94de81c4cc00921760f721a6c9a50a505c898" -> null
    }

  # module.template.github_repository_file.github[".github/release.yml"] will be destroyed
  # (because key [".github/release.yml"] is not in for_each map)
  - resource "github_repository_file" "github" {
      - branch              = "main" -> null
      - commit_author       = "CI" -> null
      - commit_email        = "ci@opzkit.io" -> null
      - commit_message      = "chore: update .github/release.yml" -> null
      - commit_sha          = "a810d402a4dedbe2850934bfe48eedb975c9d382" -> null
      - content             = <<-EOT
            changelog:
              exclude:
                labels:
                  - ignore-for-release
              categories:
                - title: Breaking Changes
                  labels:
                    - breaking
                - title: Enhancements
                    - enhancement
                - title: Bugfixes
                  labels:
                    - bug
                - title: Other Changes
                  exclude:
                    author:
                    - dependabot
                  labels:
                    - "*"
                - title: Dependency changes
                  labels:
                    - dependencies
        EOT -> null
      - file                = ".github/release.yml" -> null
      - id                  = "tf-template/.github/release.yml" -> null
      - overwrite_on_create = false -> null
      - repository          = "tf-template" -> null
      - sha                 = "577c25d6e45f6c6f7741b03ac0a453c69f80706d" -> null
    }

  # module.template.github_repository_file.github[".github/workflows/build.yml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
        id                  = "tf-template/.github/workflows/build.yml"
      ~ overwrite_on_create = false -> true
        # (10 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/commitlint.yaml"] will be updated in-place
  ~ resource "github_repository_file" "github" {
      ~ content             = <<-EOT
            name: Lint Commit Messages
          + permissions: read-all
            
            on: [pull_request]
            
            jobs:
              commitlint:
                runs-on: ubuntu-latest
                steps:
          -       - uses: actions/checkout@v4
          +       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
                    with:
                      fetch-depth: 0
          -       - uses: wagoid/commitlint-github-action@v6
          +       - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6
                    with:
                      configFile: "./.github/commitlint.config.mjs"
        EOT
        id                  = "tf-template/.github/workflows/commitlint.yaml"
      ~ overwrite_on_create = false -> true
        # (9 unchanged attributes hidden)
    }

  # module.template.github_repository_file.github[".github/workflows/conventional-labels.yaml"] will be destroyed
  # (because key [".github/workflows/conventional-labels.yaml"] is not in for_each map)
  - resource "github_repository_file" "github" {
      - branch              = "main" -> null
      - commit_author       = "CI" -> null
      - commit_email        = "ci@opzkit.io" -> null
      - commit_message      = "chore: update .github/workflows/conventional-labels.yaml" -> null
      - commit_sha          = "197eaa287661d72a15b6916e2b2356753a6a044e" -> null
      - content             = <<-EOT
            on:
              pull_request_target:
                types: [ opened, edited ]
            name: conventional-release-labels
            jobs:
              label:
                runs-on: ubuntu-latest
                steps:
                  - uses: bcoe/conventional-release-labels@v1
                    with:
                      type_labels: '{"feat": "feature", "fix": "bug", "breaking": "breaking"}'
                      ignored_types: '[]'
        EOT -> null
      - file                = ".github/workflows/conventional-labels.yaml" -> null
      - id                  = "tf-template/.github/workflows/conventional-labels.yaml" -> null
      - overwrite_on_create = false -> null
      - repository          = "tf-template" -> null
      - sha                 = "a8cd9aebaf65c13dbfbd4e33641de8c8f80ce1b3" -> null
    }

  # module.template.github_repository_file.github[".github/workflows/terrascan.yaml"] will be destroyed
  # (because key [".github/workflows/terrascan.yaml"] is not in for_each map)
  - resource "github_repository_file" "github" {
      - branch              = "main" -> null
      - commit_author       = "CI" -> null
      - commit_email        = "ci@opzkit.io" -> null
      - commit_message      = "chore: update .github/workflows/terrascan.yaml" -> null
      - commit_sha          = "1f42169b28a35ac6ebd40e1c0a4c8311360a5bf8" -> null
      - content             = <<-EOT
            name: Terrascan
            on: [ pull_request ]
            # https://github.com/marketplace/actions/terrascan-iac-scanner
            jobs:
              terrascan:
                runs-on: ubuntu-latest
                name: terrascan
                steps:
                  - name: Checkout repository
                    uses: actions/checkout@v3
                  - name: Run Terrascan
                    id: terrascan
                    uses: tenable/terrascan-action@main
                    with:
                      iac_type: 'terraform'
                      iac_version: 'v14'
                      policy_type: 'aws'
                      only_warn: true
                      sarif_upload: true
                      non_recursive: true
                      #iac_dir:
                      #policy_path:
                      #skip_rules:
                      #config_path:
                      #webhook_url:
                      #webhook_token:
                  - name: Upload SARIF file
                    uses: github/codeql-action/upload-sarif@v2
                    with:
                      sarif_file: terrascan.sarif
        EOT -> null
      - file                = ".github/workflows/terrascan.yaml" -> null
      - id                  = "tf-template/.github/workflows/terrascan.yaml" -> null
      - overwrite_on_create = false -> null
      - repository          = "tf-template" -> null
      - sha                 = "1176549718db8c86cef7bfa00861c39d8acb23c0" -> null
    }

  # module.terraform-aws-aurora-mysql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMveJg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-aurora-mysql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-aurora-mysql"
        name                        = "terraform-aws-aurora-mysql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-aurora-postgresql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvXJQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-aurora-postgresql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-aurora-postgresql"
        name                        = "terraform-aws-aurora-postgresql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-dns-validated-certificate.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGNsNLA"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-dns-validated-certificate.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-dns-validated-certificate"
        name                        = "terraform-aws-dns-validated-certificate"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-elasticache-redis.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGN1cCQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-elasticache-redis.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-elasticache-redis"
        name                        = "terraform-aws-elasticache-redis"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "MDEwOlJlcG9zaXRvcnk0MDYyNjA3Mzg="
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      + description                 = "Module for creating Kubernetes clusters using kOps"
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s"
        name                        = "terraform-aws-k8s"
      ~ web_commit_signoff_required = true -> false
        # (31 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-argocd.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGN5IuA"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-argocd.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-argocd"
        name                        = "terraform-aws-k8s-addons-argocd"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-cluster-autoscaler.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOIBlhgQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-cluster-autoscaler.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-cluster-autoscaler"
        name                        = "terraform-aws-k8s-addons-cluster-autoscaler"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-dns.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGXoYjA"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-external-dns.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-external-dns"
        name                        = "terraform-aws-k8s-addons-external-dns"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-external-secrets-operator.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGng-nw"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-external-secrets-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-external-secrets-operator"
        name                        = "terraform-aws-k8s-addons-external-secrets-operator"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-fluentbit.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGfsb-g"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-fluentbit.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-fluentbit"
        name                        = "terraform-aws-k8s-addons-fluentbit"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-github-runners.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGN7J-g"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-github-runners.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-github-runners"
        name                        = "terraform-aws-k8s-addons-github-runners"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-addons-grafana-agent-operator.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOHIT5ww"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-addons-grafana-agent-operator.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ archived                    = true -> false
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-addons-grafana-agent-operator"
        name                        = "terraform-aws-k8s-addons-grafana-agent-operator"
      ~ vulnerability_alerts        = false -> true
      + web_commit_signoff_required = false
        # (33 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-argocd-cluster-secret.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGmRzyQ"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-argocd-cluster-secret.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-argocd-cluster-secret"
        name                        = "terraform-aws-k8s-argocd-cluster-secret"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-k8s-network.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "MDEwOlJlcG9zaXRvcnk0MDc2OTY3OTk="
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-k8s-network.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-k8s-network"
        name                        = "terraform-aws-k8s-network"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-kops-state-store.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGMvdvg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-kops-state-store.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-kops-state-store"
        name                        = "terraform-aws-kops-state-store"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-rds-instance-mysql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGOzCKw"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-rds-instance-mysql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-rds-instance-mysql"
        name                        = "terraform-aws-rds-instance-mysql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-aws-rds-instance-postgresql.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGOzETg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-aws-rds-instance-postgresql.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-aws-rds-instance-postgresql"
        name                        = "terraform-aws-rds-instance-postgresql"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.terraform-cloudamqp-rabbitmq.github_branch_protection.repo will be created
  + resource "github_branch_protection" "repo" {
      + allows_deletions                = false
      + allows_force_pushes             = true
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = "R_kgDOGkwzzg"
      + require_conversation_resolution = false
      + require_signed_commits          = true
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + contexts = [
              + "build",
              + "commitlint",
              + "terrascan",
            ]
          + strict   = false
        }
    }

  # module.terraform-cloudamqp-rabbitmq.github_repository.repo will be updated in-place
  ~ resource "github_repository" "repo" {
      ~ allow_merge_commit          = false -> true
      ~ allow_rebase_merge          = true -> false
      - allow_update_branch         = true -> null
      - has_discussions             = true -> null
        id                          = "terraform-cloudamqp-rabbitmq"
        name                        = "terraform-cloudamqp-rabbitmq"
      ~ web_commit_signoff_required = true -> false
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 21 to add, 21 to change, 4 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @peter-svensson, Action: pull_request, Working Directory: ``, Workflow: Terraform

auto-merge was automatically disabled April 9, 2025 12:57

Pull request was closed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@argoyle argoyle Awaiting requested review from argoyle argoyle is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peter-svensson