Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: repository governance #60

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# AVM core team owns key files
.github/policies/ @Azure/avm-core-team-technical
.github/CODEOWNERS @Azure/avm-core-team-technical
.github/policies/ @Azure/avm-core-team-technical-terraform
.github/CODEOWNERS @Azure/avm-core-team-technical-terraform
1 change: 0 additions & 1 deletion .github/ISSUE_TEMPLATE/avm_module_issue.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ body:
- ""
- "Feature Request"
- "Bug"
- "Security Bug"
- "I'm not sure"
validations:
required: true
Expand Down
6 changes: 3 additions & 3 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ Closes #456

- [ ] Non-module change (e.g. CI/CD, documentation, etc.)
- [ ] Azure Verified Module updates:
- [ ] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `locals.version.tf.json`:
- [ ] Bugfix containing backwards compatible bug fixes
- [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `locals.version.tf.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in `locals.version.tf.json`.
- [ ] Feature update backwards compatible feature updates.
- [ ] Breaking changes.
- [ ] Update to documentation

# Checklist
Expand Down
64 changes: 0 additions & 64 deletions .github/policies/eventResponder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,6 @@ configuration:
then:
- addLabel:
label: "Needs: Triage :mag:"
- addReply:
reply: |
> [!IMPORTANT]
> **The "Needs: Triage :mag:" label must be removed once the triage process is complete!**

<!--
> [!TIP]
> For additional guidance on how to triage this issue/PR, see the [TF Issue Triage](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/tf-issue-triage/) documentation.
-->

> [!NOTE]
> This label was added as per [ITA06](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita06).

- description: 'ITA09 - When #RR is used in an issue, add the "Needs: Author Feedback :ear:" label'
if:
Expand All @@ -43,10 +31,6 @@ configuration:
then:
- addLabel:
label: "Needs: Author Feedback :ear:"
- addReply:
reply: |
> [!NOTE]
> The "Needs: Author Feedback :ear:" label was added as per [ITA09](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita09).

- description: 'ITA10 - When #wontfix is used in an issue, mark it by using the label of "Status: Won''t Fix :broken_heart:"'
if:
Expand All @@ -62,10 +46,6 @@ configuration:
- addLabel:
label: "Status: Won't Fix :broken_heart:"
- closeIssue
- addReply:
reply: |
> [!NOTE]
> The "Status: Won't Fix :broken_heart:" label was added and the issue was closed as per [ITA10](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita10).

- description: 'ITA11 - When a reply from anyone to an issue occurs, remove the "Needs: Author Feedback :ear:" label and label with "Needs: Attention :wave:"'
if:
Expand All @@ -82,10 +62,6 @@ configuration:
label: "Needs: Author Feedback :ear:"
- addLabel:
label: "Needs: Attention :wave:"
- addReply:
reply: |
> [!NOTE]
> The "Needs: Author Feedback :ear:" label was removed and the "Needs: Attention :wave:" label was added as per [ITA11](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita11).

- description: "ITA12 - Clean email replies on every comment"
if:
Expand Down Expand Up @@ -113,16 +89,10 @@ configuration:
label: "Type: New Module Proposal :bulb:"
- hasLabel:
label: "Type: Question/Feedback :raising_hand:"
- hasLabel:
label: "Type: Security Bug :lock:"
- isAssignedToSomeone
then:
- removeLabel:
label: "Needs: Triage :mag:"
- addReply:
reply: |
> [!NOTE]
> The "Needs: Triage :mag:" label was removed as per [ITA15](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita15).

- description: 'ITA20 - If the type is feature request, add the "Type: Feature Request :heavy_plus_sign:" label on the issue'
if:
Expand All @@ -140,10 +110,6 @@ configuration:
then:
- addLabel:
label: "Type: Feature Request :heavy_plus_sign:"
- addReply:
reply: |
> [!NOTE]
> The "Type: Feature Request :heavy_plus_sign:" label was added as per [ITA20](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita20).

- description: 'ITA21 - If the type is bug, add the "Type: Bug :bug:" label on the issue'
if:
Expand All @@ -161,32 +127,6 @@ configuration:
then:
- addLabel:
label: "Type: Bug :bug:"
- addReply:
reply: |
> [!NOTE]
> The "Type: Bug :bug:" label was added as per [ITA21](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita21).

- description: 'ITA22 - If the type is security bug, add the "Type: Security Bug :lock:" label on the issue'
if:
- payloadType: Issues
- isAction:
action: Opened
- bodyContains:
pattern: |
### Issue Type?

Security Bug
- not:
hasLabel:
label: "Type: Security Bug :lock:"
then:
- addLabel:
label: "Type: Security Bug :lock:"
- addReply:
reply: |
> [!NOTE]
> The "Type: Security Bug :lock:" label was added as per [ITA22](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita22).


- description: 'ITA23 - Remove the "Status: In PR" label from an issue when it''s closed.'
if:
Expand All @@ -198,7 +138,3 @@ configuration:
then:
- removeLabel:
label: "Status: In PR :point_right:"
- addReply:
reply: |
> [!NOTE]
> The "Status: In PR :point_right:" label was removed as per [ITA23](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita23).
36 changes: 0 additions & 36 deletions .github/policies/scheduledSearches.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,6 @@ configuration:
> [!TIP]
> - To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
> - To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

> [!NOTE]
> This message was posted as per [ITA01TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita01tf1-2).
- addLabel:
label: "Status: Response Overdue :triangular_flag_on_post:"

Expand Down Expand Up @@ -68,9 +65,6 @@ configuration:
> [!TIP]
> - To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
> - To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

> [!NOTE]
> This message was posted as per [ITA01TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita01tf1-2).
- addLabel:
label: "Status: Response Overdue :triangular_flag_on_post:"
- assignTo:
Expand Down Expand Up @@ -105,9 +99,6 @@ configuration:
> [!TIP]
> - To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
> - Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

> [!NOTE]
> This message was posted as per [ITA02TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita02tf1-2).
- addLabel:
label: "Needs: Immediate Attention :bangbang:"

Expand Down Expand Up @@ -137,9 +128,6 @@ configuration:
> [!TIP]
> - To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
> - Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

> [!NOTE]
> This message was posted as per [ITA02TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita02tf1-2).
- addLabel:
label: "Needs: Immediate Attention :bangbang:"

Expand Down Expand Up @@ -182,9 +170,6 @@ configuration:
> [!TIP]
> - To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
> - Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

> [!NOTE]
> This message was posted as per [ITA03TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita03tf).
- addLabel:
label: "Needs: Immediate Attention :bangbang:"
- assignTo:
Expand Down Expand Up @@ -213,15 +198,6 @@ configuration:
> [!IMPORTANT]
> @${issueAuthor}, this issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for **4 days**. It will be closed if no further activity occurs **within 3 days of this comment**.

> [!TIP]
> To prevent further actions to take effect, one of the following conditions must be met:
> - The author must respond in a comment within 3 days of this comment.
> - The "Status: No Recent Activity :zzz:" label must be removed.
> - If applicable, the "Status: Long Term :hourglass_flowing_sand:" or the "Needs: Module Owner :mega:" label must be added.

> [!NOTE]
> This message was posted as per [ITA04](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita04).

- description: 'ITA05A - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
frequencies:
- hourly:
Expand All @@ -242,12 +218,6 @@ configuration:
reply: |
> [!WARNING]
> @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.

> [!TIP]
> In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.

> [!NOTE]
> This message was posted as per [ITA05](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita05).
- closeIssue

- description: 'ITA05B - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
Expand All @@ -270,10 +240,4 @@ configuration:
reply: |
> [!WARNING]
> @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.

> [!TIP]
> In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.

> [!NOTE]
> This message was posted as per [ITA05](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita05).
- closeIssue
96 changes: 27 additions & 69 deletions .github/workflows/e2e.yml
Original file line number Diff line number Diff line change
@@ -1,71 +1,29 @@
---
name: e2e test
name: test examples
on:
pull_request:
types: ['opened', 'reopened', 'synchronize']
merge_group:
workflow_dispatch:

jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checking for Fork
shell: pwsh
run: |
$isFork = "${{ github.event.pull_request.head.repo.fork }}"
if($isFork -eq "true") {
echo "### WARNING: This workflow is disabled for forked repositories. Please follow the [release branch process](https://azure.github.io/Azure-Verified-Modules/contributing/terraform/terraform-contribution-flow/#5-create-a-pull-request-to-the-upstream-repository) if end to end tests are required." >> $env:GITHUB_STEP_SUMMARY
}

on:
pull_request:
types: ['opened', 'reopened', 'synchronize']
merge_group:
workflow_dispatch:

permissions:
contents: read
id-token: write

jobs:
getexamples:
if: github.event.repository.name != 'terraform-azurerm-avm-template'
runs-on: ubuntu-latest
outputs:
examples: ${{ steps.getexamples.outputs.examples }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
- name: get examples
id: getexamples
uses: Azure/terraform-azurerm-avm-template/.github/actions/e2e-getexamples@main
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

testexamples:
if: github.event.repository.name != 'terraform-azurerm-avm-template'
runs-on: [ self-hosted, 1ES.Pool=terraform-azurerm-avm-res-cdn-profile ]
needs: getexamples
environment: test
env:
TF_IN_AUTOMATION: 1
TF_VAR_enable_telemetry: false
strategy:
matrix:
example: ${{ fromJson(needs.getexamples.outputs.examples) }}
fail-fast: false
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2

- name: Test example
shell: bash
run: |
set -e
MAX_RETRIES=10
RETRY_COUNT=0
until [ $RETRY_COUNT -ge $MAX_RETRIES ]
do
az login --identity --username $MSI_ID > /dev/null && break
RETRY_COUNT=$[$RETRY_COUNT+1]
sleep 10
done
if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
echo "Failed to login after $MAX_RETRIES attempts."
exit 1
fi
export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id')
export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId')
export ARM_CLIENT_ID=$(az identity list | jq -r --arg MSI_ID "$MSI_ID" '.[] | select(.principalId == $MSI_ID) | .clientId')
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true mcr.microsoft.com/azterraform:latest make test-example

# This job is only run when all the previous jobs are successful.
# We can use it for PR validation to ensure all examples have completed.
testexamplescomplete:
if: github.event.repository.name != 'terraform-azurerm-avm-template'
runs-on: ubuntu-latest
needs: testexamples
steps:
- run: echo "All tests passed"
run-e2e-tests:
if: github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
uses: Azure/terraform-azurerm-avm-template/.github/workflows/test-examples-template.yml@main
name: end to end
secrets: inherit
permissions:
id-token: write
contents: read

14 changes: 10 additions & 4 deletions .github/workflows/linting.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7

- name: check docs
uses: Azure/terraform-azurerm-avm-template/.github/actions/docs-check@main
Expand All @@ -32,20 +32,26 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7

- name: lint terraform
uses: Azure/terraform-azurerm-avm-template/.github/actions/linting@main
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

avmfix:
if: github.event.repository.name != 'terraform-azurerm-avm-template' && false
if: github.event.repository.name != 'terraform-azurerm-avm-template'
name: avmfix
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7

- name: avmfix
uses: Azure/terraform-azurerm-avm-template/.github/actions/avmfix@main

lintcomplete:
needs: [docs, terraform, avmfix]
runs-on: ubuntu-latest
steps:
- run: echo "All linting checks passed"
2 changes: 1 addition & 1 deletion .github/workflows/version-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
if: github.event.repository.name != 'terraform-azurerm-avm-template'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
- name: Check version
uses: Azure/terraform-azurerm-avm-template/.github/actions/version-check@main
with:
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,5 @@ avm.tflint.merged.hcl
avm.tflint_example.hcl
avm.tflint_example.merged.hcl
avmmakefile
avm.tflint_module.hcl
avm.tflint_module.merged.hcl
Loading
Loading