From 5a9395d34f54fbff3621280db5eaded8654f7a81 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 18 Oct 2025 09:09:10 -0500 Subject: [PATCH 1/5] fix: Update CI workflow versions to latest --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 88 +++++++++++++++++++++------- .github/workflows/release.yml | 8 +-- .github/workflows/stale-actions.yaml | 2 +- .gitignore | 4 ++ .pre-commit-config.yaml | 2 +- examples/README.md | 8 +++ 7 files changed, 86 insertions(+), 28 deletions(-) create mode 100644 examples/README.md diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 1e50760..6419f3a 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.5.3 + - uses: amannn/action-semantic-pull-request@v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index a19ff83..8c4ea34 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.19.0 - TFLINT_VERSION: v0.53.0 + TERRAFORM_DOCS_VERSION: v0.20.0 + TFLINT_VERSION: v0.59.1 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.14.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,27 +32,50 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +84,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -72,26 +95,49 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + - name: Install rmz + uses: jaxxstorm/action-install-gh-release@v2.1.0 + with: + repo: SUPERCILEX/fuc + asset-name: x86_64-unknown-linux-gnu-rmz + rename-to: rmz + chmod: 0755 + extension-matching: disable + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - - name: Delete huge unnecessary tools folder + - name: Delete unnecessary files run: | - rm -rf /opt/hostedtoolcache/CodeQL - rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk - rm -rf /opt/hostedtoolcache/Ruby - rm -rf /opt/hostedtoolcache/go + formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } + getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } + + BEFORE=$(getAvailableSpace) + + ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + rmz -f /opt/hostedtoolcache/CodeQL & + rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & + rmz -f /opt/hostedtoolcache/PyPy & + rmz -f /opt/hostedtoolcache/Ruby & + rmz -f /opt/hostedtoolcache/go & + wait + + AFTER=$(getAvailableSpace) + SAVED=$((AFTER-BEFORE)) + echo "=> Saved $(formatByteCount $SAVED)" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.1 + uses: clowdhaus/terraform-min-max@v2.1.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a94226..48ea9b0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,18 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@v5 with: - semantic_version: 23.0.2 + semantic_version: 25.0.0 extra_plugins: | @semantic-release/changelog@6.0.3 @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.0.2 + conventional-changelog-conventionalcommits@7.1.1 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 6ccd0ed..3e826dc 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.gitignore b/.gitignore index cf9db9f..eca83dd 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,7 @@ terraform.rc # Zip archive *.zip +builds + +.DS_Store +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f065bdd..9223e3c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.101.0 + rev: v1.103.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..f417c0a --- /dev/null +++ b/examples/README.md @@ -0,0 +1,8 @@ +# Examples + +Please note - the examples provided serve two primary means: + +1. Show users working examples of the various ways in which the module can be configured and features supported +2. A means of testing/validating module changes + +Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc. From 199d3c4ac823f743cb5dbce0db1533c9d9707783 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 14:32:19 -0500 Subject: [PATCH 2/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 13 +++++++++---- .github/workflows/release.yml | 17 +++++++++++++---- .gitignore | 5 +++-- .releaserc.json => docs/.releaserc.json | 0 CHANGELOG.md => docs/CHANGELOG.md | 0 5 files changed, 25 insertions(+), 10 deletions(-) rename .releaserc.json => docs/.releaserc.json (100%) rename CHANGELOG.md => docs/CHANGELOG.md (100%) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 8c4ea34..c6e8897 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -50,13 +50,12 @@ jobs: BEFORE=$(getAvailableSpace) ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz - sudo rmz -f /usr/share/dotnet & - sudo rmz -f /usr/local/.ghcup & rmz -f /opt/hostedtoolcache/CodeQL & rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + wait AFTER=$(getAvailableSpace) @@ -113,13 +112,19 @@ jobs: BEFORE=$(getAvailableSpace) ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz - sudo rmz -f /usr/share/dotnet & - sudo rmz -f /usr/local/.ghcup & rmz -f /opt/hostedtoolcache/CodeQL & rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk & rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + + if ${{ github.repository }} == 'terraform-aws-modules/terraform-aws-security-group'; + then + sudo rmz -f /usr/local/lib/android & + sudo rmz -f /usr/share/dotnet & + sudo rmz -f /usr/local/.ghcup & + fi + wait AFTER=$(getAvailableSpace) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 48ea9b0..7558cc8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,13 +25,22 @@ jobs: persist-credentials: false fetch-depth: 0 + - name: Set correct Node.js version + uses: actions/setup-node@v6 + with: + node-version: 24 + + - name: Install dependencies + run: | + npm install \ + @semantic-release/changelog@6.0.3 \ + @semantic-release/git@10.0.1 \ + conventional-changelog-conventionalcommits@9.1.0 + - name: Release uses: cycjimmy/semantic-release-action@v5 with: semantic_version: 25.0.0 - extra_plugins: | - @semantic-release/changelog@6.0.3 - @semantic-release/git@10.0.1 - conventional-changelog-conventionalcommits@7.1.1 + working_directory: docs/ env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.gitignore b/.gitignore index eca83dd..f5abfc7 100644 --- a/.gitignore +++ b/.gitignore @@ -28,9 +28,10 @@ override.tf.json .terraformrc terraform.rc -# Zip archive +# Lambda build artifacts +builds/ +__pycache__/ *.zip -builds .DS_Store .idea diff --git a/.releaserc.json b/docs/.releaserc.json similarity index 100% rename from .releaserc.json rename to docs/.releaserc.json diff --git a/CHANGELOG.md b/docs/CHANGELOG.md similarity index 100% rename from CHANGELOG.md rename to docs/CHANGELOG.md From bbc6b3ca4418cfc87efcf937cdeee61e5dcdb02b Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 15:05:38 -0500 Subject: [PATCH 3/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 8 ++++++-- .gitignore | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c6e8897..cb40825 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -118,8 +118,7 @@ jobs: rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & - if ${{ github.repository }} == 'terraform-aws-modules/terraform-aws-security-group'; - then + if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then sudo rmz -f /usr/local/lib/android & sudo rmz -f /usr/share/dotnet & sudo rmz -f /usr/local/.ghcup & @@ -141,6 +140,11 @@ jobs: id: minMax uses: clowdhaus/terraform-min-max@v2.1.0 + - name: Hide template dir + # Special to this repo, we don't want to check this dir + if: ${{ github.repository == 'terraform-aws-modules/terraform-aws-security-group' }} + run: rm -rf modules/_templates + - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0 with: diff --git a/.gitignore b/.gitignore index f5abfc7..fd39819 100644 --- a/.gitignore +++ b/.gitignore @@ -32,6 +32,8 @@ terraform.rc builds/ __pycache__/ *.zip +.tox +# Local editors/macos files .DS_Store .idea From b937e0c9d86cf524424a742275d1f3ede58258a6 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 19 Oct 2025 15:39:13 -0500 Subject: [PATCH 4/5] fix: Update CI workflow versions to latest --- .github/workflows/pre-commit.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb40825..057b9c4 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -117,11 +117,25 @@ jobs: rmz -f /opt/hostedtoolcache/PyPy & rmz -f /opt/hostedtoolcache/Ruby & rmz -f /opt/hostedtoolcache/go & + sudo rmz -f /usr/local/lib/android & if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then - sudo rmz -f /usr/local/lib/android & sudo rmz -f /usr/share/dotnet & sudo rmz -f /usr/local/.ghcup & + sudo apt-get -qq remove -y 'azure-.*' + sudo apt-get -qq remove -y 'cpp-.*' + sudo apt-get -qq remove -y 'dotnet-runtime-.*' + sudo apt-get -qq remove -y 'google-.*' + sudo apt-get -qq remove -y 'libclang-.*' + sudo apt-get -qq remove -y 'libllvm.*' + sudo apt-get -qq remove -y 'llvm-.*' + sudo apt-get -qq remove -y 'mysql-.*' + sudo apt-get -qq remove -y 'postgresql-.*' + sudo apt-get -qq remove -y 'php.*' + sudo apt-get -qq remove -y 'temurin-.*' + sudo apt-get -qq remove -y kubectl firefox mono-devel + sudo apt-get -qq autoremove -y + sudo apt-get -qq clean fi wait From c621c03ca466ede75d3db84a24310602f78483f1 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 20 Oct 2025 10:05:09 -0500 Subject: [PATCH 5/5] fix: Move changelog back to project root --- .github/workflows/release.yml | 1 - docs/.releaserc.json => .releaserc.json | 0 docs/CHANGELOG.md => CHANGELOG.md | 0 3 files changed, 1 deletion(-) rename docs/.releaserc.json => .releaserc.json (100%) rename docs/CHANGELOG.md => CHANGELOG.md (100%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7558cc8..e739b79 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,6 +41,5 @@ jobs: uses: cycjimmy/semantic-release-action@v5 with: semantic_version: 25.0.0 - working_directory: docs/ env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/docs/.releaserc.json b/.releaserc.json similarity index 100% rename from docs/.releaserc.json rename to .releaserc.json diff --git a/docs/CHANGELOG.md b/CHANGELOG.md similarity index 100% rename from docs/CHANGELOG.md rename to CHANGELOG.md