feat: enhance template sync workflow with ASDF caching and installati…

…on steps
lablabs · Jan 13, 2025 · 73446f7 · 73446f7
1 parent 46674dc
commit 73446f7
Show file tree

Hide file tree

Showing 7 changed files with 81 additions and 16 deletions.
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -17,5 +17,36 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v4
-      - uses: asdf-vm/actions/install@v3
+
+      - name: Cache ASDF
+        uses: actions/cache@v4
+        id: asdf-cache
+        with:
+          path: ~/.asdf/
+          key: ${{ runner.os }}-asdf-${{ hashFiles('.tool-versions') }}
+          restore-keys: ${{ runner.os }}-asdf-
+
+      - name: Setup ASDF
+        uses: asdf-vm/actions/setup@v3
+        if: ${{ steps.asdf-cache.outputs.cache-hit == 'true' }}
+
+      - name: Install ASDF
+        uses: asdf-vm/actions/install@v3
+        if: ${{ steps.asdf-cache.outputs.cache-hit != 'true' }}
+
+      - name: Reshim installed ASDF tools
+        shell: bash
+        run: asdf reshim
+
+      - name: Cache pip dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt', '.pre-commit-config.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install pip dependencies
+        run: pip install -r requirements.txt
+
       - uses: pre-commit/action@v3.0.1
diff --git a/.github/workflows/template-sync.yaml b/.github/workflows/template-sync.yaml
@@ -5,10 +5,12 @@ on:
     - cron: '0 0 * * *' # every day at midnight
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   universal-addon:
     if: github.repository != 'lablabs/terraform-aws-eks-universal-addon'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Generate GitHub App token
         id: template-sync-app-token
@@ -22,7 +24,30 @@ jobs:
         with:
           token: ${{ steps.template-sync-app-token.outputs.token }}
 
-      - name: actions-template-sync
+      - name: Cache ASDF
+        uses: actions/cache@v4
+        id: asdf-cache
+        with:
+          path: ~/.asdf/
+          key: ${{ runner.os }}-asdf-${{ hashFiles('.tool-versions') }}
+          restore-keys: ${{ runner.os }}-asdf-
+
+      - name: Setup ASDF
+        uses: asdf-vm/actions/setup@v3
+        if: ${{ steps.asdf-cache.outputs.cache-hit == 'true' }}
+
+      - name: Install ASDF
+        uses: asdf-vm/actions/install@v3
+        if: ${{ steps.asdf-cache.outputs.cache-hit != 'true' }}
+
+      - name: Reshim installed ASDF tools
+        shell: bash
+        run: asdf reshim
+
+      - name: Install OS dependencies
+        run: sudo apt-get install -y libsqlite3-dev
+
+      - name: Sync universal-addon template
         uses: AndreasAugustin/actions-template-sync@v2
         with:
           github_token: ${{ steps.template-sync-app-token.outputs.token }}
@@ -33,4 +58,12 @@ jobs:
           pr_title: "feat(sync): sync universal-addon changes"
           pr_commit_msg: "feat(sync): sync universal-addon changes"
           is_pr_cleanup: true
-          is_keep_branch_on_pr_cleanup: true
+
+      - name: Update README.md
+        run: pre-commit run --show-diff-on-failure --color=always terraform_docs --all-files
+
+      - name: Commit and push README.md
+        uses: EndBug/add-and-commit@v9
+        with:
+          add: README.md
+          message: "docs: update README.md"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -5,12 +5,12 @@ repos:
       - id: trailing-whitespace
       - id: check-merge-conflict
       - id: detect-aws-credentials
-        args: ['--allow-missing-credentials']
+        args: ["--allow-missing-credentials"]
       - id: detect-private-key
       - id: end-of-file-fixer
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.2
+    rev: v1.96.3
     hooks:
       - id: terraform_fmt
       - id: terraform_tflint
@@ -25,14 +25,14 @@ repos:
       - id: terraform_validate
       - id: terraform_checkov
         args:
-          - '--args=--skip-check CKV_TF_1' #CKV_TF_1: "Ensure Terraform module sources use a commit hash"
+          - "--args=--skip-check CKV_TF_1" #CKV_TF_1: "Ensure Terraform module sources use a commit hash"
       - id: terraform_docs
         args:
-          - '--args=--config=.terraform-docs.yml'
+          - "--args=--config=.terraform-docs.yml"
 
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.4.0
     hooks:
       - id: detect-secrets
-        args: ['--baseline', '.secrets.baseline']
+        args: ["--baseline", ".secrets.baseline"]
         exclude: terraform.tfstate
diff --git a/.templatesyncignore b/.templatesyncignore
@@ -3,6 +3,6 @@ examples/basic/main.tf
 main.tf
 addon-oidc.tf
 variables.tf
-variables-oidc.tf
+variables-addon-oidc.tf
 README.md
 .secrets.baseline
diff --git a/.tool-versions b/.tool-versions
@@ -1,6 +1,7 @@
 terraform 1.5.7
 terraform-docs 0.17.0
 tflint 0.50.3
-checkov 3.2.37
+checkov 3.2.352
 awscli 2.15.29
-pre-commit 3.6.2
+pre-commit 4.0.1
+python 3.13.1
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 A Terraform module to deploy the [aws-service-quotas-exporter](https://github.com/lablabs/aws-service-quotas-exporter) on Amazon EKS cluster.
 
-[![Terraform validate](https://github.com/lablabs/terraform-aws-eks-aws-service-quotsa-exporter/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/validate.yaml)
+[![Terraform validate](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/validate.yaml)
 [![pre-commit](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/pre-commit.yaml)
 
 ---

diff --git a/main.tf b/main.tf
@@ -1,10 +1,10 @@
 /**
  * # AWS EKS AWS Service Quota Exporter Terraform module
  *
- * A Terraform module to deploy the [aws-service-quota-exporter](https://github.com/lablabs/aws-service-quotas-exporter) on Amazon EKS cluster.
+ * A Terraform module to deploy the [aws-service-quotas-exporter](https://github.com/lablabs/aws-service-quotas-exporter) on Amazon EKS cluster.
  *
- * [![Terraform validate](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/validate.yaml)
- * [![pre-commit](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/pre-commit.yaml)
+ * [![Terraform validate](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/validate.yaml)
+ * [![pre-commit](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quotas-exporter/actions/workflows/pre-commit.yaml)
  */
 locals {
   addon = {