feat: Added automation for generating checksums (#5)

Created a GitHub workflow that will run nightly to look for new
Terraform release versions.

If it finds new versions it will:

* Generate a new terraform-checksums.json file

* Submit a pull request for review

Author: bradegler

.github/CODEOWNERS

@@ -1,5 +1,5 @@
 # Default fallback
-* @sethvargo
+* @abcxyz/breakglass
 
 # github-actions owns all files
 *    @abcxyz/github-actions

generate_version_checksums.sh renamed to .github/generate_version_checksums.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
-mkdir temp
+mkdir -p temp
 cd temp || exit
 
 export GNUPGHOME=./.gnupg;
 
-checksum_file=../terraform-checksums.json
+checksum_file=../../terraform-checksums.json
 
 # Generate a temporary key to use for verification
 gpg --batch --quick-generate-key --batch --passphrase "" [email protected];
@@ -26,6 +26,11 @@ curl -s --remote-name ${release_url}/index.json;
 # Exclude all 0.x and pre-release versions
 jq -r 'select(.name=="terraform") | .versions[] | select(.version | (contains("-") or startswith("0.")) | not) | .version' < index.json > versions.list;
 
+
+added_file=added.list;
+
+touch "${added_file}";
+
 while IFS= read -r version; 
 do 
     exists=$(jq --arg version "${version}" '.versions[] | select(.version==$version)' < "${checksum_file}");
@@ -67,8 +72,25 @@ do
             mv updated.json "${checksum_file}";
 
         done;
+
+        echo "${version}" >> "${added_file}";
     fi
 
 done < versions.list;
 
+# If there were any changes set some environment variables
+if [ -s ${added_file} ]; 
+then
+    change_count=$(wc -l ${added_file} | tr -s ' ' | cut -d ' ' -f2);
+    change_date=$(date +%Y-%m-%d);
+    versions=$(cat ${added_file} | tr '\n' ',' | sed 's/,*$//g');
+
+    {
+        echo "CHANGES=${change_count}";
+        echo "PR_BRANCH=update-checksums-${change_date}";
+        echo "UPDATE_DATE=${change_date}";
+        echo "VERSIONS=${versions}";
+    } >> "${GITHUB_ENV}";
+fi;
+
 unset GNUPGHOME;

.github/workflows/update-checksums.yml

@@ -0,0 +1,44 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: 'Update Checksums File'
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 */1 * *'
+
+jobs:
+  update-checksums:
+    permissions:
+      contents: 'write'
+      packages: 'write'
+    runs-on: 'ubuntu-latest'
+    steps:
+      - id: 'checkout'
+        uses: 'actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8' # ratchet:actions/checkout@v3
+      # Generate updates to the checksum file if there are new released versions of terraform
+      - id: 'generate-updates'
+        run: './.github/generate_version_checksums.sh;'
+      # Create a pull request for review
+      - id: 'create-pull-request'
+        if: ${{ env.CHANGES }}
+        uses: peter-evans/create-pull-request@b4d51739f96fca8047ad065eccef63442d8e99f7 # ratchet:peter-evans/create-pull-request@v4
+        with:
+          add-paths: 'terraform-checksums.json'
+          commit-message: 'chore: [automated] checksum updates'
+          delete-branch: true
+          branch: '${{ env.PR_BRANCH }}'
+          title: 'chore: Terraform checksum updates for ${{ env.UPDATE_DATE }}'
+          body: |-
+            Adds Terraform binary checksums for ${{ env.CHANGES }} versions: ${{ env.VERSIONS }}