From 9090c79f158b003a8fa1b8d70ecf8f5c36a8bbd7 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 18 Oct 2025 09:22:48 -0500 Subject: [PATCH 1/5] fix: Update CI workflow versions to latest --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 109 ++++++++++++++++----------- .github/workflows/release.yml | 8 +- .github/workflows/stale-actions.yaml | 2 +- .gitignore | 7 ++ .pre-commit-config.yaml | 4 +- examples/README.md | 8 ++ 7 files changed, 90 insertions(+), 50 deletions(-) create mode 100644 examples/README.md diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 1e50760e..6419f3aa 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.5.3 + - uses: amannn/action-semantic-pull-request@v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 23318bce..8c4ea345 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.19.0 - TFLINT_VERSION: v0.53.0 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.14.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,27 +32,50 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +84,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -72,47 +95,49 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - df -h - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go - # And a little bit more - sudo apt-get -qq remove -y 'azure-.*' - sudo apt-get -qq remove -y 'cpp-.*' - sudo apt-get -qq remove -y 'dotnet-runtime-.*' - sudo apt-get -qq remove -y 'google-.*' - sudo apt-get -qq remove -y 'libclang-.*' - sudo apt-get -qq remove -y 'libllvm.*' - sudo apt-get -qq remove -y 'llvm-.*' - sudo apt-get -qq remove -y 'mysql-.*' - sudo apt-get -qq remove -y 'postgresql-.*' - sudo apt-get -qq remove -y 'php.*' - sudo apt-get -qq remove -y 'temurin-.*' - sudo apt-get -qq remove -y kubectl firefox mono-devel - sudo apt-get -qq autoremove -y - sudo apt-get -qq clean - df -h + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 - - # Special to this repo, we don't want to check this dir - - name: Hide template dir - run: rm -rf modules/_templates + uses: clowdhaus/terraform-min-max@v2.1.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a942261..48ea9b01 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,18 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@v5 with: - semantic_version: 23.0.2 + semantic_version: 25.0.0 extra_plugins: | @semantic-release/changelog@6.0.3 @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.0.2 + conventional-changelog-conventionalcommits@7.1.1 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 6ccd0ed8..3e826dcf 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.gitignore b/.gitignore index 397af322..eca83dd8 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,10 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc + +# Zip archive +*.zip +builds + +.DS_Store +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a0f27228..174b9445 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.1 + rev: v1.103.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -10,7 +10,7 @@ repos: - id: terraform_validate exclude: '^modules/_templates/[^/]+$|^wrappers/.+$' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..f417c0ad --- /dev/null +++ b/examples/README.md @@ -0,0 +1,8 @@ +# Examples + +Please note - the examples provided serve two primary means: + +1. Show users working examples of the various ways in which the module can be configured and features supported +2. A means of testing/validating module changes + +Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc. From 39488f9b50fa91cb37955918f078b374f23de113 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 14:46:58 -0500 Subject: [PATCH 2/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 13 +++++++++---- .github/workflows/release.yml | 17 +++++++++++++---- .gitignore | 7 +++++-- .releaserc.json => docs/.releaserc.json | 0 CHANGELOG.md => docs/CHANGELOG.md | 0 5 files changed, 27 insertions(+), 10 deletions(-) rename .releaserc.json => docs/.releaserc.json (100%) rename CHANGELOG.md => docs/CHANGELOG.md (100%) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 8c4ea345..c6e88978 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -50,13 +50,12 @@ jobs: BEFORE=$(getAvailableSpace) ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz - sudo rmz -f /usr/share/dotnet & - sudo rmz -f /usr/local/.ghcup & rmz -f /opt/hostedtoolcache/CodeQL & rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + wait AFTER=$(getAvailableSpace) @@ -113,13 +112,19 @@ jobs: BEFORE=$(getAvailableSpace) ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz - sudo rmz -f /usr/share/dotnet & - sudo rmz -f /usr/local/.ghcup & rmz -f /opt/hostedtoolcache/CodeQL & rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + + if ${{ github.repository }} == 'terraform-aws-modules/terraform-aws-security-group'; + then + sudo rmz -f /usr/local/lib/android & + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + fi + wait AFTER=$(getAvailableSpace) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 48ea9b01..7558cc8a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,13 +25,22 @@ jobs: persist-credentials: false fetch-depth: 0 + - name: Set correct Node.js version + uses: actions/setup-node@v6 + with: + node-version: 24 + + - name: Install dependencies + run: | + npm install \ + @semantic-release/changelog@6.0.3 \ + @semantic-release/git@10.0.1 \ + conventional-changelog-conventionalcommits@9.1.0 + - name: Release uses: cycjimmy/semantic-release-action@v5 with: semantic_version: 25.0.0 - extra_plugins: | - @semantic-release/changelog@6.0.3 - @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.1.1 + working_directory: docs/ env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.gitignore b/.gitignore index eca83dd8..fd39819e 100644 --- a/.gitignore +++ b/.gitignore @@ -28,9 +28,12 @@ override.tf.json .terraformrc terraform.rc -# Zip archive +# Lambda build artifacts +builds/ +__pycache__/ *.zip -builds +.tox +# Local editors/macos files .DS_Store .idea diff --git a/.releaserc.json b/docs/.releaserc.json similarity index 100% rename from .releaserc.json rename to docs/.releaserc.json diff --git a/CHANGELOG.md b/docs/CHANGELOG.md similarity index 100% rename from CHANGELOG.md rename to docs/CHANGELOG.md From 78b5c0e447beb8113b643ea6dca5a33ba96fea1f Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 14:58:07 -0500 Subject: [PATCH 3/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c6e88978..cb40825c 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -118,8 +118,7 @@ jobs: rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & - if ${{ github.repository }} == 'terraform-aws-modules/terraform-aws-security-group'; - then + if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then sudo rmz -f /usr/local/lib/android & sudo rmz -f /usr/share/dotnet & sudo rmz -f /usr/local/.ghcup & @@ -141,6 +140,11 @@ jobs: id: minMax uses: clowdhaus/terraform-min-max@v2.1.0 + - name: Hide template dir + # Special to this repo, we don't want to check this dir + if: ${{ github.repository == 'terraform-aws-modules/terraform-aws-security-group' }} + run: rm -rf modules/_templates + - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: From 140d5dcc77b6f09c1377c0c79cf4041f0ad40223 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 15:42:00 -0500 Subject: [PATCH 4/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb40825c..057b9c42 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -117,11 +117,25 @@ jobs: rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + sudo rmz -f /usr/local/lib/android & if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then - sudo rmz -f /usr/local/lib/android & sudo rmz -f /usr/share/dotnet & sudo rmz -f /usr/local/.ghcup & + sudo apt-get -qq remove -y 'azure-.*' + sudo apt-get -qq remove -y 'cpp-.*' + sudo apt-get -qq remove -y 'dotnet-runtime-.*' + sudo apt-get -qq remove -y 'google-.*' + sudo apt-get -qq remove -y 'libclang-.*' + sudo apt-get -qq remove -y 'libllvm.*' + sudo apt-get -qq remove -y 'llvm-.*' + sudo apt-get -qq remove -y 'mysql-.*' + sudo apt-get -qq remove -y 'postgresql-.*' + sudo apt-get -qq remove -y 'php.*' + sudo apt-get -qq remove -y 'temurin-.*' + sudo apt-get -qq remove -y kubectl firefox mono-devel + sudo apt-get -qq autoremove -y + sudo apt-get -qq clean fi wait From 8fdf93c7007677744844f2cc76fb652757b0083e Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 20 Oct 2025 10:08:24 -0500 Subject: [PATCH 5/5] fix: Move changelog back to project root --- .github/workflows/release.yml | 1 - docs/.releaserc.json => .releaserc.json | 0 docs/CHANGELOG.md => CHANGELOG.md | 0 3 files changed, 1 deletion(-) rename docs/.releaserc.json => .releaserc.json (100%) rename docs/CHANGELOG.md => CHANGELOG.md (100%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7558cc8a..e739b790 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,6 +41,5 @@ jobs: uses: cycjimmy/semantic-release-action@v5 with: semantic_version: 25.0.0 - working_directory: docs/ env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/docs/.releaserc.json b/.releaserc.json similarity index 100% rename from docs/.releaserc.json rename to .releaserc.json diff --git a/docs/CHANGELOG.md b/CHANGELOG.md similarity index 100% rename from docs/CHANGELOG.md rename to CHANGELOG.md