From 05ddd4cfa0e385d21a2b5c95ccdef6bb9c81af32 Mon Sep 17 00:00:00 2001 From: Veronika Gnilitska Date: Tue, 6 Aug 2024 17:30:27 +0300 Subject: [PATCH 1/2] chore: update tools + add upgrade workflow --- .github/workflows/{trunk.yaml => lint.yaml} | 0 .github/workflows/trunk-upgrade.yaml | 34 +++++++++++++++++++++ .trunk/trunk.yaml | 23 ++++++++------ aqua.yaml | 8 ++--- 4 files changed, 52 insertions(+), 13 deletions(-) rename .github/workflows/{trunk.yaml => lint.yaml} (100%) create mode 100644 .github/workflows/trunk-upgrade.yaml diff --git a/.github/workflows/trunk.yaml b/.github/workflows/lint.yaml similarity index 100% rename from .github/workflows/trunk.yaml rename to .github/workflows/lint.yaml diff --git a/.github/workflows/trunk-upgrade.yaml b/.github/workflows/trunk-upgrade.yaml new file mode 100644 index 0000000..c5e3d6b --- /dev/null +++ b/.github/workflows/trunk-upgrade.yaml @@ -0,0 +1,34 @@ +name: Trunk Upgrade + +on: + schedule: + # Every Monday @ 8am + - cron: 0 8 * * 1 + workflow_dispatch: {} + +permissions: read-all + +jobs: + trunk-upgrade: + runs-on: ubuntu-latest + permissions: + # For trunk to create PRs + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + + - name: Create Token for MasterpointBot App + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0 + id: generate-token + with: + app_id: ${{ secrets.MP_BOT_APP_ID }} + private_key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }} + + - name: Upgrade + uses: trunk-io/trunk-action/upgrade@86b68ffae610a05105e90b1f52ad8c549ef482c2 #v1.1.16 + with: + github-token: ${{ steps.generate-token.outputs.token }} + reviewers: "@masterpointio/masterpoint-internal" + prefix: "chore: " diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 76a71d0..bd5bfb5 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -2,12 +2,12 @@ # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml version: 0.1 cli: - version: 1.20.1 + version: 1.22.2 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins) plugins: sources: - id: trunk - ref: v1.4.3 + ref: v1.6.1 uri: https://github.com/trunk-io/plugins # Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes) runtimes: @@ -20,15 +20,20 @@ lint: # Incompatible with some Terraform features: https://github.com/tenable/terrascan/issues/1331 - terrascan enabled: - - terraform@1.1.0 - - checkov@3.2.26 + - tofu@1.8.0 + - actionlint@1.7.1 + - checkov@3.2.218 - git-diff-check - - markdownlint@0.39.0 - - prettier@3.2.5 - - tflint@0.50.3 - - trivy@0.49.1 - - trufflehog@3.68.2 + - markdownlint@0.41.0 + - prettier@3.3.3 + - tflint@0.52.0 + - trivy@0.54.1 + - trufflehog@3.81.5 - yamllint@1.35.1 + ignore: + - linters: [tofu] + paths: + - "**/backend.tf.json" actions: enabled: - trunk-announce diff --git a/aqua.yaml b/aqua.yaml index dca74aa..800bfdd 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,8 +8,8 @@ # - all registries: - type: standard - ref: v4.144.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.210.0 # renovate: depName=aquaproj/aqua-registry packages: - - name: terraform-docs/terraform-docs@v0.17.0 - - name: hashicorp/terraform@v1.7.4 - - name: opentofu/opentofu@v1.6.2 + - name: terraform-docs/terraform-docs@v0.18.0 + - name: hashicorp/terraform@v1.9.3 + - name: opentofu/opentofu@v1.8.0 From 748432a5195a88fe6ef354fc4f417e49f66654e3 Mon Sep 17 00:00:00 2001 From: Veronika Gnilitska Date: Tue, 6 Aug 2024 19:07:10 +0300 Subject: [PATCH 2/2] chore: turn down the cadence on trunk upgrade --- .github/workflows/trunk-upgrade.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trunk-upgrade.yaml b/.github/workflows/trunk-upgrade.yaml index c5e3d6b..8b14fcc 100644 --- a/.github/workflows/trunk-upgrade.yaml +++ b/.github/workflows/trunk-upgrade.yaml @@ -2,8 +2,8 @@ name: Trunk Upgrade on: schedule: - # Every Monday @ 8am - - cron: 0 8 * * 1 + # On the first day of every month @ 8am + - cron: 0 8 1 * * workflow_dispatch: {} permissions: read-all