feat: add default tags to AWS provider (#941)

* feat: use tfc environment variables as default AWS tags * add var.tags to default * add helper scripts * update actions * update runs-on self-hosted * update golden files * commit from ci -- updated golden files --------- Co-authored-by: jakeyheath <jakeyheath@users.noreply.github.com>
chanzuckerberg · Sep 19, 2023 · 9d6b8d2 · 9d6b8d2
1 parent d776b53
commit 9d6b8d2
Show file tree

Hide file tree

Showing 122 changed files with 2,114 additions and 13 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,23 +1,49 @@
 on: pull_request
 
 jobs:
+  golden:
+    runs-on: [self-hosted, ARM64, linux]
+    steps:
+      - name: Generate token
+        id: generate_token
+        uses: chanzuckerberg/github-app-token@v1.1.4
+        with:
+          app_id: ${{ secrets.CZI_RELEASE_PLEASE_APP_ID }}
+          private_key: ${{ secrets.CZI_RELEASE_PLEASE_PK }}
+      - uses: actions/checkout@v3
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          ref: ${{ github.event.pull_request.head.ref }}
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: Run tests
+        run: make update-golden-files
+      - name: Commit updated mod tidy
+        uses: EndBug/add-and-commit@v9
+        with:
+          add: -A
+          message: commit from ci -- updated golden files
   test:
-    runs-on: self-hosted
+    runs-on: [self-hosted, ARM64, linux]
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
+          cache: true
       - name: Run tests
         run: make test-ci
 
   lint:
-    runs-on: self-hosted
+    runs-on: [self-hosted, ARM64, linux]
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
+          cache: true
       - uses: actions/setup-node@v3
         with:
           node-version: 18

diff --git a/.github/workflows/conventional_commits_title.yml b/.github/workflows/conventional_commits_title.yml
@@ -9,6 +9,6 @@ on:
 
 jobs:
   conventional_commit_title:
-    runs-on: self-hosted
+    runs-on: [self-hosted, ARM64, linux]
     steps:
       - uses: chanzuckerberg/github-actions/.github/actions/conventional-commits@main
diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml
@@ -9,7 +9,7 @@ concurrency:
     cancel-in-progress: true
 jobs:
   dependabot:
-    runs-on: [ARM64, self-hosted, Linux]
+    runs-on: [self-hosted, ARM64, linux]
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Generate token

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -6,7 +6,7 @@ on:
 name: release-please
 jobs:
   release-please:
-    runs-on: self-hosted
+    runs-on: [self-hosted, ARM64, linux]
     steps:
       - uses: actions/github-script@v5
         id: configure-changelog
@@ -38,16 +38,17 @@ jobs:
           changelog-types: ${{ steps.configure-changelog.outputs.result }}
           token: ${{ steps.generate_token.outputs.token }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         # we need to fetch all history and tags
         # so we build the proper version
         with:
           fetch-depth: 0
         if: ${{ steps.release.outputs.release_created }}
 
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
+          cache: true
         if: ${{ steps.release.outputs.release_created }}
 
       - name: Run GoReleaser

diff --git a/templates/templates/common/aws_provider.tmpl b/templates/templates/common/aws_provider.tmpl
@@ -8,6 +8,24 @@ provider "aws" {
     role_arn     = "{{ .RoleArn }}"
   }
   {{ end }}
+  # this is the new way of injecting AWS tags to all AWS resources
+  # var.tags should be considered deprecated
+  default_tags {
+    tags = {
+      TFC_RUN_ID                               = var.TFC_RUN_ID
+      TFC_WORKSPACE_NAME                       = var.TFC_WORKSPACE_NAME
+      TFC_WORKSPACE_SLUG                       = var.TFC_WORKSPACE_SLUG
+      TFC_CONFIGURATION_VERSION_GIT_BRANCH     = var.TFC_CONFIGURATION_VERSION_GIT_BRANCH
+      TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
+      TFC_CONFIGURATION_VERSION_GIT_TAG        = var.TFC_CONFIGURATION_VERSION_GIT_TAG
+      TFC_PROJECT_NAME                         = var.TFC_PROJECT_NAME
+      project                                  = var.tags.project
+      env                                      = var.tags.env
+      service                                  = var.tags.service
+      owner                                    = var.tags.owner
+      managedBy                                = "terraform"
+    }
+  }
   allowed_account_ids = ["{{ .AccountID }}"]
 }
 {{ end }}
diff --git a/templates/templates/component/terraform/fogg.tf.tmpl b/templates/templates/component/terraform/fogg.tf.tmpl
@@ -1,13 +1,39 @@
 # Auto-generated by fogg. Do not edit
 # Make improvements in fogg, so that everyone can benefit.
-
+variable "TFC_RUN_ID" {
+  type    = string
+  default = "unknown"
+}
+variable "TFC_WORKSPACE_NAME" {
+  type    = string
+  default = "unknown"
+}
+variable "TFC_WORKSPACE_SLUG" {
+  type    = string
+  default = "unknown"
+}
+variable "TFC_CONFIGURATION_VERSION_GIT_BRANCH" {
+  type    = string
+  default = "unknown"
+}
+variable "TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA" {
+  type    = string
+  default = "unknown"
+}
+variable "TFC_CONFIGURATION_VERSION_GIT_TAG" {
+  type    = string
+  default = "unknown"
+}
+variable "TFC_PROJECT_NAME" {
+  type    = string
+  default = "unknown"
+}
 {{ if .ProviderConfiguration.AWS }}
 {{ template "aws_provider" .ProviderConfiguration.AWS}}
   # Aliased Providers (for doing things in every region).
   {{ range $p := .ProviderConfiguration.AWSAdditionalProviders }}
     {{ template "aws_provider" $p}}
   {{ end }}
-
 {{ end }}
 
 {{ if .ProviderConfiguration.Snowflake }}{{ if not .ProviderConfiguration.Snowflake.CustomProvider }}
@@ -120,6 +146,8 @@ variable "owner" {
 }
 
 # tflint-ignore: terraform_unused_declarations
+# DEPRECATED: this field is deprecated in favor or 
+# AWS provider default tags.
 variable "tags" {
   type =  object({project: string, env: string, service: string, owner: string, managedBy: string})
   default = {

diff --git a/templates/templates/repo/scripts/git_authors_json.sh b/templates/templates/repo/scripts/git_authors_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"authors\": \"$(git --no-pager log --format='%an' -- . | grep -v "[bot]" | head -10)\"}" || echo "{ \"authors\": \"unknown\" }"
diff --git a/templates/templates/repo/scripts/git_branch_json.sh b/templates/templates/repo/scripts/git_branch_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"branch\": \"$(git --no-pager rev-parse --abbrev-ref HEAD)\"}" || echo "{ \"branch\": \"unknown\" }"
diff --git a/templates/templates/repo/scripts/git_email_json.sh b/templates/templates/repo/scripts/git_email_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"email\": \"$(git --no-pager config --global --get user.email)\"}" || echo "{ \"email\": \"unknown\" }"
diff --git a/templates/templates/repo/scripts/git_sha_json.sh b/templates/templates/repo/scripts/git_sha_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+git --no-pager log --pretty=format:"{ \"sha\": \"%H\" }" -1 HEAD  || echo "{ \"sha\": \"unknown\" }"
diff --git a/templates/templates/repo/scripts/git_user_json.sh b/templates/templates/repo/scripts/git_user_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"name\": \"$(git --no-pager config --global --get user.name)\"}" || echo "{ \"user\": \"unknown\" }"
diff --git a/templates/templates/repo/scripts/update-readme.sh b/templates/templates/repo/scripts/update-readme.sh
diff --git a/testdata/auth0_provider_yaml/scripts/git_authors_json.sh b/testdata/auth0_provider_yaml/scripts/git_authors_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"authors\": \"$(git --no-pager log --format='%an' -- . | grep -v "[bot]" | head -10)\"}" || echo "{ \"authors\": \"unknown\" }"
diff --git a/testdata/auth0_provider_yaml/scripts/git_branch_json.sh b/testdata/auth0_provider_yaml/scripts/git_branch_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"branch\": \"$(git --no-pager rev-parse --abbrev-ref HEAD)\"}" || echo "{ \"branch\": \"unknown\" }"
diff --git a/testdata/auth0_provider_yaml/scripts/git_email_json.sh b/testdata/auth0_provider_yaml/scripts/git_email_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"email\": \"$(git --no-pager config --global --get user.email)\"}" || echo "{ \"email\": \"unknown\" }"
diff --git a/testdata/auth0_provider_yaml/scripts/git_sha_json.sh b/testdata/auth0_provider_yaml/scripts/git_sha_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+git --no-pager log --pretty=format:"{ \"sha\": \"%H\" }" -1 HEAD  || echo "{ \"sha\": \"unknown\" }"
diff --git a/testdata/auth0_provider_yaml/scripts/git_user_json.sh b/testdata/auth0_provider_yaml/scripts/git_user_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"name\": \"$(git --no-pager config --global --get user.name)\"}" || echo "{ \"user\": \"unknown\" }"
diff --git a/testdata/auth0_provider_yaml/terraform/accounts/foo/fogg.tf b/testdata/auth0_provider_yaml/terraform/accounts/foo/fogg.tf
diff --git a/testdata/auth0_provider_yaml/terraform/envs/bar/bam/fogg.tf b/testdata/auth0_provider_yaml/terraform/envs/bar/bam/fogg.tf
diff --git a/testdata/auth0_provider_yaml/terraform/global/fogg.tf b/testdata/auth0_provider_yaml/terraform/global/fogg.tf
diff --git a/testdata/bless_provider_yaml/scripts/git_authors_json.sh b/testdata/bless_provider_yaml/scripts/git_authors_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"authors\": \"$(git --no-pager log --format='%an' -- . | grep -v "[bot]" | head -10)\"}" || echo "{ \"authors\": \"unknown\" }"
diff --git a/testdata/bless_provider_yaml/scripts/git_branch_json.sh b/testdata/bless_provider_yaml/scripts/git_branch_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"branch\": \"$(git --no-pager rev-parse --abbrev-ref HEAD)\"}" || echo "{ \"branch\": \"unknown\" }"
diff --git a/testdata/bless_provider_yaml/scripts/git_email_json.sh b/testdata/bless_provider_yaml/scripts/git_email_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"email\": \"$(git --no-pager config --global --get user.email)\"}" || echo "{ \"email\": \"unknown\" }"
diff --git a/testdata/bless_provider_yaml/scripts/git_sha_json.sh b/testdata/bless_provider_yaml/scripts/git_sha_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+git --no-pager log --pretty=format:"{ \"sha\": \"%H\" }" -1 HEAD  || echo "{ \"sha\": \"unknown\" }"
diff --git a/testdata/bless_provider_yaml/scripts/git_user_json.sh b/testdata/bless_provider_yaml/scripts/git_user_json.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "{\"name\": \"$(git --no-pager config --global --get user.name)\"}" || echo "{ \"user\": \"unknown\" }"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/sh

		echo "{\"authors\": \"$(git --no-pager log --format='%an' -- . \| grep -v "[bot]" \| head -10)\"}" \|\| echo "{ \"authors\": \"unknown\" }"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/sh

		echo "{\"branch\": \"$(git --no-pager rev-parse --abbrev-ref HEAD)\"}" \|\| echo "{ \"branch\": \"unknown\" }"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/sh

		echo "{\"email\": \"$(git --no-pager config --global --get user.email)\"}" \|\| echo "{ \"email\": \"unknown\" }"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/sh

		git --no-pager log --pretty=format:"{ \"sha\": \"%H\" }" -1 HEAD \|\| echo "{ \"sha\": \"unknown\" }"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/sh

		echo "{\"name\": \"$(git --no-pager config --global --get user.name)\"}" \|\| echo "{ \"user\": \"unknown\" }"