Merge branch 'main' into ci/security-scanning

Author: KT-Doan

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,12 +15,12 @@ Fixes #(issue number)
 
 ## Checklist
 
-- [ ] I have read the [CONTRIBUTING](../CONTRIBUTING.md) guide
+- [ ] I have read the [CONTRIBUTING](CONTRIBUTING.md) guide
 - [ ] My code follows the existing code style
 - [ ] I have added tests that prove my fix/feature works
 - [ ] I have updated documentation as needed
 - [ ] All new and existing tests pass (`make test`)
-- [ ] I have run the linter (`make lint`)
+- [ ] I have run the linter (`make format`)
 
 ## Testing
 

.github/workflows/acceptance-test.yml

@@ -94,9 +94,9 @@ jobs:
 
       - name: Run Acceptance Tests
         env:
-          ORY_KETO_TESTS_ENABLED: ${{ github.event_name == 'push' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_keto_tests == 'true' }}
-          ORY_B2B_ENABLED: ${{ github.event_name == 'push' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_b2b_tests == 'true' }}
-          ORY_SOCIAL_PROVIDER_TESTS_ENABLED: ${{ github.event_name == 'push' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_social_provider_tests == 'true' }}
-          ORY_SCHEMA_TESTS_ENABLED: ${{ github.event_name == 'push' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_schema_tests == 'true' }}
-          ORY_PROJECT_TESTS_ENABLED: ${{ github.event_name == 'push' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_project_tests == 'true' }}
+          ORY_KETO_TESTS_ENABLED: ${{ github.event_name == 'pull_request' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_keto_tests == 'true' }}
+          ORY_B2B_ENABLED: ${{ github.event_name == 'pull_request' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_b2b_tests == 'true' }}
+          ORY_SOCIAL_PROVIDER_TESTS_ENABLED: ${{ github.event_name == 'pull_request' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_social_provider_tests == 'true' }}
+          ORY_SCHEMA_TESTS_ENABLED: ${{ github.event_name == 'pull_request' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_schema_tests == 'true' }}
+          ORY_PROJECT_TESTS_ENABLED: ${{ github.event_name == 'pull_request' || github.event.inputs.run_all == 'true' || github.event.inputs.enable_project_tests == 'true' }}
         run: ./scripts/run-acceptance-tests.sh -v -timeout 20m ./...

.github/workflows/conventional_commits.yml

@@ -0,0 +1,41 @@
+name: Validation - Conventional commits
+
+on:
+  pull_request_target:
+    types:
+      - edited
+      - opened
+      - ready_for_review
+      - reopened
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+            feat
+            fix
+            docs
+            style
+            refactor
+            perf
+            test
+            build
+            ci
+            chore
+            revert
+          requireScope: false
+          subjectPattern: ^(?![A-Z]).+$
+          subjectPatternError: |
+            The subject should start with a lowercase letter, yours is uppercase:
+            "{subject}"

.github/workflows/lint.yml

@@ -0,0 +1,30 @@
+name: Lint
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  format:
+    name: Format
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_wrapper: false
+
+      - run: make format
+
+      - name: Check for changes
+        run: git diff HEAD --exit-code --color

.github/workflows/renovate.yaml

@@ -0,0 +1,27 @@
+name: Renovate
+
+on:
+  workflow_dispatch:
+  schedule:
+    # https://crontab.guru/#0_8,11,14,17_*_*_*
+    - cron: '0 8,11,14,17 * * *'
+
+concurrency:
+  group: renovate-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  renovate:
+    name: Run Renovate
+    runs-on: ubuntu-slim
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@v44.2.5
+        with:
+          configurationFile: 'renovate-self-hosted.json'
+          env-regex: "^(?:RENOVATE_\\w+|LOG_LEVEL|GITHUB_COM_TOKEN|NODE_OPTIONS|AWS_TOKEN)$"
+          token: '${{ secrets.ORY_BOT_PAT }}'

.github/workflows/unit-test.yml

@@ -1,8 +1,6 @@
 name: Unit Tests
 
 on:
-  push:
-    branches: [main]
   pull_request:
     branches: [main]
 

.golangci.yml

@@ -0,0 +1,83 @@
+version: "2"
+
+run:
+  timeout: 5m
+  modules-download-mode: readonly
+
+linters:
+  default: standard
+  enable:
+    # Additional recommended linters
+    - bodyclose      # Check HTTP response body is closed
+    - dogsled        # Check for too many blank identifiers
+    - dupl           # Check for duplicated code
+    - errorlint      # Check error wrapping
+    - exhaustive     # Check exhaustiveness of enum switch statements
+    - gochecknoinits # Check for init functions
+    - goconst        # Find repeated strings that could be constants
+    - gocritic       # Opinionated linter
+    - goprintffuncname # Check printf-like function names
+    - gosec          # Security checks
+    - misspell       # Check for misspelled English words
+    - nilerr         # Check for nil error returns
+    - noctx          # Check for HTTP requests without context
+    - prealloc       # Find slice declarations that could be preallocated
+    - unconvert      # Remove unnecessary type conversions
+    - unparam        # Find unused function parameters
+    - whitespace     # Check for unnecessary whitespace
+
+  disable:
+    # Disabled for Terraform providers - these implement framework interfaces
+    - revive
+
+  settings:
+    dupl:
+      threshold: 150
+
+    exhaustive:
+      default-signifies-exhaustive: true
+
+    goconst:
+      min-len: 3
+      min-occurrences: 3
+
+    gocritic:
+      disabled-checks:
+        - ifElseChain        # Sometimes clearer than switch
+
+    misspell:
+      locale: US
+
+  exclusions:
+    presets:
+      - std-error-handling
+      - common-false-positives
+    rules:
+      # Test files have repetitive patterns and don't need strict error handling
+      - path: _test\.go
+        linters:
+          - dupl
+          - goconst
+          - errorlint
+
+      - path: internal/resources/
+        linters:
+          - dupl
+
+      - path: internal/datasources/
+        linters:
+          - dupl
+
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  settings:
+    gofmt:
+      simplify: true
+    goimports:
+      local-prefixes:
+        - github.com/ory/terraform-provider-orynetwork
+
+output:
+  show-stats: true

Makefile

@@ -55,26 +55,21 @@ clean: ## Remove build artifacts
 # CODE QUALITY
 # ==============================================================================
 
-.PHONY: fmt
-fmt: ## Format Go code
+.PHONY: format
+format: ## Format all code (Go, Terraform, modules, docs, lint fixes)
 	go fmt ./...
 	gofmt -s -w .
+	terraform fmt -recursive examples/
+	go mod tidy
+	@command -v tfplugindocs >/dev/null 2>&1 || { echo "Installing tfplugindocs..."; go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest; }
+	tfplugindocs generate --provider-name ory
+	@command -v golangci-lint >/dev/null 2>&1 || { echo "Installing golangci-lint v2..."; go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest; }
+	golangci-lint run --fix ./...
 
 .PHONY: lint
-lint: ## Run linter
+lint: ## Run Go linter (without fixes)
 	golangci-lint run ./...
 
-.PHONY: vet
-vet: ## Run go vet
-	go vet ./...
-
-.PHONY: generate
-generate: ## Generate documentation and code
-	go generate ./...
-
-.PHONY: check
-check: fmt vet lint ## Run all code quality checks
-
 # ==============================================================================
 # TESTING
 # ==============================================================================

docs/data-sources/project.md

@@ -1,20 +1,19 @@
 ---
-page_title: "ory_project Data Source - Ory"
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ory_project Data Source - ory"
 subcategory: ""
 description: |-
   Fetches information about an Ory project.
 ---
 
 # ory_project (Data Source)
 
-Fetches information about an Ory project. Use this data source to read project details without managing the project lifecycle.
+Fetches information about an Ory project.
 
 ## Example Usage
 
-### Read Current Project
-
 ```terraform
-# Read the project configured in the provider
+# Read the current project (from provider config)
 data "ory_project" "current" {}
 
 output "project_name" {
@@ -24,25 +23,27 @@ output "project_name" {
 output "project_slug" {
   value = data.ory_project.current.slug
 }
-```
 
-### Read Specific Project
+output "project_state" {
+  value = data.ory_project.current.state
+}
 
-```terraform
+# Read a specific project by ID
 data "ory_project" "other" {
   id = "other-project-uuid"
 }
 ```
 
+<!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Optional
 
-- `id` (String) - Project ID to look up. If not specified, uses the provider's project_id.
+- `id` (String) Project ID to look up. If not specified, uses the provider's project_id.
 
 ### Read-Only
 
-- `name` (String) - The project name.
-- `slug` (String) - The project slug.
-- `state` (String) - The project state.
-- `workspace_id` (String) - The workspace ID the project belongs to.
+- `name` (String) The project name.
+- `slug` (String) The project slug.
+- `state` (String) The project state.
+- `workspace_id` (String) The workspace ID the project belongs to.