Merge branch 'main' into eks-entries

thoughtbot · Nov 25, 2024 · 1e4c3b0 · 1e4c3b0
2 parents 4089bc4 + 5aa7945
commit 1e4c3b0
Show file tree

Hide file tree

Showing 57 changed files with 873 additions and 150 deletions.
diff --git a/.github/workflows/acceptance.yaml b/.github/workflows/acceptance.yaml
@@ -18,6 +18,7 @@ jobs:
       module: network/sandbox
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   apply_cluster:
     name: Apply Cluster
@@ -29,6 +30,7 @@ jobs:
       module: cluster/sandbox-v1
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   apply_ingress:
     name: Apply Ingress
@@ -40,6 +42,7 @@ jobs:
       module: ingress/sandbox
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   apply_platform:
     name: Apply Platform
@@ -51,6 +54,7 @@ jobs:
       module: platform/sandbox-v1
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   tests:
     name: Run Tests
@@ -60,6 +64,7 @@ jobs:
     concurrency: ${{ github.ref_name }}-platform
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   cleanup_platform:
     name: Cleanup Platform
@@ -72,6 +77,7 @@ jobs:
       terraform_command: destroy
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   cleanup_ingress:
     name: Cleanup Ingress
@@ -84,6 +90,7 @@ jobs:
       terraform_command: destroy
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   cleanup_cluster:
     name: Cleanup Cluster
@@ -96,6 +103,7 @@ jobs:
       terraform_command: destroy
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
   cleanup_network:
     name: Cleanup Network
@@ -108,3 +116,4 @@ jobs:
       terraform_command: destroy
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -5,36 +5,36 @@ on:
 jobs:
   checkfmt:
     name: Format
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v2
+      uses: hashicorp/setup-terraform@v3
 
     - name: Check format
       run: make all/checkfmt
 
   validate:
     name: Validate
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v2
+      uses: hashicorp/setup-terraform@v3
 
     - name: Validate
       run: make all/validate
 
   docs:
     name: Docs
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Platform Docs
       uses: terraform-docs/[email protected]
@@ -56,16 +56,16 @@ jobs:
 
   lint:
     name: Lint
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v2
+      uses: hashicorp/setup-terraform@v3
 
     - name: Setup TFLint
-      uses: terraform-linters/setup-tflint@v3
+      uses: terraform-linters/setup-tflint@v4
       with:
         tflint_version: v0.44.1
 

diff --git a/.github/workflows/dynamic-readme.yml b/.github/workflows/dynamic-readme.yml
@@ -0,0 +1,17 @@
+name: update-templates
+
+on: 
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  update-templates:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-readme.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/dynamic-security.yml b/.github/workflows/dynamic-security.yml
@@ -0,0 +1,19 @@
+name: update-security
+
+on:
+  push:
+    paths:
+      - SECURITY.md
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  update-security:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/terraform-dispatch.yaml b/.github/workflows/terraform-dispatch.yaml
@@ -17,7 +17,7 @@ on:
       terraform_version:
         description: Terraform version
         required: true
-        default: 1.0.11
+        default: 1.4.2
         type: string
 
 permissions:
@@ -36,4 +36,4 @@ jobs:
       terraform_version: ${{ github.event.inputs.terraform_version }}
     secrets:
       AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
@@ -15,6 +15,12 @@ on:
       AWS_ACCOUNT_ID:
         description: AWS account in which Terraform will run
         required: true
+      SLACK_BOT_TOKEN:
+        description: Token used to send messages to Slack
+        required: true
+
+env:
+  SLACK_CHANNEL: '#mission-control'
 
 jobs:
   plan:
@@ -26,9 +32,8 @@ jobs:
         working-directory: ${{ inputs.module }}
 
     steps:
-
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: thoughtbot/flightdeck-template
         path: template
@@ -61,26 +66,27 @@ jobs:
         set +x
 
     - name: Archive Terraform configuration
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: terraform
         path: template
+        overwrite: true
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: us-east-1
         role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/flightdeck-ci"
 
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v2
+      uses: hashicorp/setup-terraform@v3
       with:
         terraform_version: ${{ inputs.terraform_version }}
 
     - name: Setup Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
-        node-version: '14'
+        node-version: '20'
 
     - name: Init
       working-directory: template/${{ inputs.module }}
@@ -91,3 +97,11 @@ jobs:
       run: |
         terraform ${{ inputs.terraform_command }} -auto-approve
 
+    - name: Notify Slack
+      if: failure()
+      uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
+      with:
+        channel-id: ${{ env.SLACK_CHANNEL }}
+        slack-message: "Flightdeck acceptance terraform has failed to ${{ inputs.terraform_command }} on the ${{ inputs.module }} module."
+      env:
+        SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -5,9 +5,13 @@ on:
       AWS_ACCOUNT_ID:
         description: AWS account in which tests will run
         required: true
+      SLACK_BOT_TOKEN:
+        description: Token used to send messages to Slack
+        required: true
 
 env:
   KUBECONFIG: /tmp/kubeconfig
+  SLACK_CHANNEL: '#mission-control'
 
 jobs:
   plan:
@@ -20,16 +24,16 @@ jobs:
     steps:
 
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: us-east-1
         role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/flightdeck-ci"
 
     - name: Assume execution role
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
         aws-region: us-east-1
@@ -43,6 +47,7 @@ jobs:
       run: |
         CLUSTER=$(echo 'flightdeck-${{ github.ref_name }}' | cut -c1-20)
         CLUSTER="$CLUSTER-sandbox-v1"
+        echo "CLUSTER=$CLUSTER" >> "$GITHUB_ENV"
         aws \
           --region us-east-1 \
           eks \
@@ -64,4 +69,15 @@ jobs:
 
     - name: Run tests
       run: |
-        make tests ADDRESS=https://${{ github.ref_name }}.flightdeck-test.thoughtbot.com
+        make tests \
+          ADDRESS=https://${{ github.ref_name }}.flightdeck-test.thoughtbot.com \
+          CLUSTER="$CLUSTER"
+
+    - name: Notify Slack
+      if: failure()
+      uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
+      with:
+        channel-id: ${{ env.SLACK_CHANNEL }}
+        slack-message: "Flightdeck acceptance tests have failed on the testing cluster."
+      env:
+        SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1 +1 @@
-* @jferris
+* @clarissalimab @OlamideOl1
diff --git a/README.md b/README.md
@@ -16,13 +16,19 @@ learn more on the [thoughtbot website].
 
 ## Deployment
 
+There are detailed install instructions in our [AWS Platform Guide].
+
 - [AWS](./aws/README.md)
 - [Other](./platform/README.md)
 
+[AWS Platform Guide]: https://thoughtbot.com/aws-platform-guide/introduction.html
+
 ## Development
 
 Please see [CONTRIBUTING.md](./CONTRIBUTING.md).
 
+For details on how we test Flightdeck, see [TESTING.md](./TESTING.md).
+
 ## License
 
 This project is Copyright © 2022 Joe Ferris and thoughtbot. It is free
@@ -31,15 +37,20 @@ file.
 
 [license]: ./LICENSE
 
+<!-- START /templates/footer.md -->
 ## About thoughtbot
 
-![thoughtbot](https://thoughtbot.com/brand_assets/93:44.svg)
+![thoughtbot](https://thoughtbot.com/thoughtbot-logo-for-readmes.svg)
 
-This project is maintained and funded by thoughtbot, inc. The names and logos
-for thoughtbot are trademarks of thoughtbot, inc.
+This repo is maintained and funded by thoughtbot, inc.
+The names and logos for thoughtbot are trademarks of thoughtbot, inc.
 
-We love open source software! See [our other projects][community] or [hire
-us][hire] to design, develop, and grow your product.
+We love open source software!
+See [our other projects][community].
+We are [available for hire][hire].
 
 [community]: https://thoughtbot.com/community?utm_source=github
 [hire]: https://thoughtbot.com/hire-us?utm_source=github
+
+
+<!-- END /templates/footer.md -->
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,2 @@
+<!-- START /templates/security.md -->
+<!-- END /templates/security.md -->
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		<!-- START /templates/security.md -->
		<!-- END /templates/security.md -->