Merge branch 'main' into dependabot/github_actions/actions/github-script-8

Author: matttrach

.github/workflows/manual.yaml

@@ -19,7 +19,7 @@ jobs:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
       - id: aws-creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.run_id}}

.github/workflows/release.yaml

@@ -85,7 +85,7 @@ jobs:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
       - id: aws-creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.run_id}}-TestOneBasic
@@ -127,7 +127,7 @@ jobs:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
       - id: aws-creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.run_id}}-TestProdBasic
@@ -169,7 +169,7 @@ jobs:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
       - id: aws-creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.run_id}}-TestThreeBasic
@@ -212,7 +212,7 @@ jobs:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
       - id: aws-creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.run_id}}-TestDownstreamBasic
@@ -254,7 +254,7 @@ jobs:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
       - id: aws-creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.run_id}}-TestDownstreamSplitrole
@@ -300,7 +300,7 @@ jobs:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
       - id: aws-creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{env.AWS_ROLE}}
           role-session-name: ${{github.run_id}}-cleanup

examples/downstream/versions.tf

@@ -1,10 +1,6 @@
 terraform {
   required_version = ">= 1.5.0"
   required_providers {
-    local = {
-      source  = "hashicorp/local"
-      version = ">= 2.5"
-    }
     random = {
       source  = "hashicorp/random"
       version = ">= 3.5.1"

examples/downstream_splitrole/versions.tf

@@ -1,10 +1,6 @@
 terraform {
   required_version = ">= 1.5.0"
   required_providers {
-    local = {
-      source  = "hashicorp/local"
-      version = ">= 2.5"
-    }
     random = {
       source  = "hashicorp/random"
       version = ">= 3.5.1"

examples/one/versions.tf

@@ -1,10 +1,6 @@
 terraform {
   required_version = ">= 1.5.0"
   required_providers {
-    local = {
-      source  = "hashicorp/local"
-      version = ">= 2.5"
-    }
     random = {
       source  = "hashicorp/random"
       version = ">= 3.5.1"

examples/prod/versions.tf

@@ -1,10 +1,6 @@
 terraform {
   required_version = ">= 1.5.0"
   required_providers {
-    local = {
-      source  = "hashicorp/local"
-      version = ">= 2.5"
-    }
     random = {
       source  = "hashicorp/random"
       version = ">= 3.5.1"

examples/three/main.tf

@@ -64,20 +64,20 @@ locals {
       indirect_access = true
       initial         = true
     }
-    # "rancherB" = {
-    #   type            = "all-in-one"
-    #   size            = "xxl"
-    #   os              = local.os
-    #   indirect_access = true
-    #   initial         = false
-    # }
-    # "rancherC" = {
-    #   type            = "all-in-one"
-    #   size            = "xxl"
-    #   os              = local.os
-    #   indirect_access = true
-    #   initial         = false
-    # }
+    "rancherB" = {
+      type            = "all-in-one"
+      size            = "xxl"
+      os              = local.os
+      indirect_access = true
+      initial         = false
+    }
+    "rancherC" = {
+      type            = "all-in-one"
+      size            = "xxl"
+      os              = local.os
+      indirect_access = true
+      initial         = false
+    }
   }
   local_file_path      = var.file_path
   runner_ip            = chomp(data.http.myip.response_body) # "runner" is the server running Terraform

examples/three/modules/tls/versions.tf

@@ -1,10 +1,6 @@
 terraform {
   required_version = ">= 1.5.0"
   required_providers {
-    local = {
-      source  = "hashicorp/local"
-      version = ">= 2.5"
-    }
     tls = {
       source  = "hashicorp/tls"
       version = ">= 4.0.5"

flake.lock

@@ -136,10 +136,39 @@ module "deploy_initial_node" {
   depends_on = [
     data.aws_availability_zones.available,
   ]
-  for_each      = local.initial_node
-  deploy_path   = each.value.deploy_path
-  data_path     = each.value.deploy_path
-  template_path = "${path.module}/node_template"
+  for_each    = local.initial_node
+  deploy_path = each.value.deploy_path
+  data_path   = each.value.deploy_path
+  # if any of this changes, update/redeploy
+  deploy_trigger = md5(join("-", [
+    each.key,
+    md5(base64encode(jsonencode(each.value))),
+    local.identifier,
+    local.owner,
+    local.acme_server_url,
+    local.project_name,
+    local.ip_family,
+    md5(base64encode(jsonencode(data.aws_availability_zones.available.names))),
+    md5(base64encode(jsonencode(local.project_subnet_names))),
+    md5(base64encode(jsonencode(local.project_load_balancer_access_cidrs))),
+    local.domain,
+    local.zone,
+    local.skip_cert,
+    data.aws_availability_zones.available.names[0],
+    md5(base64encode(jsonencode(values(local.target_groups)))),
+    md5(base64encode(jsonencode(local.server_access_addresses))),
+    local.username,
+    local.ssh_key,
+    local.install_method,
+    local.download,
+    local.rke2_version,
+  ]))
+  template_files = [
+    join("/", [path.module, "node_template", "main.tf"]),
+    join("/", [path.module, "node_template", "outputs.tf"]),
+    join("/", [path.module, "node_template", "variables.tf"]),
+    join("/", [path.module, "node_template", "versions.tf"]),
+  ]
   inputs = <<-EOT
     identifier                          = "${local.identifier}"
     owner                               = "${local.owner}"
@@ -229,10 +258,39 @@ module "deploy_additional_nodes" {
     data.aws_availability_zones.available,
     module.deploy_initial_node,
   ]
-  for_each      = local.additional_nodes
-  deploy_path   = each.value.deploy_path
-  data_path     = each.value.deploy_path
-  template_path = "${path.module}/node_template"
+  for_each    = local.additional_nodes
+  deploy_path = each.value.deploy_path
+  data_path   = each.value.deploy_path
+  # if any of this changes, update/redeploy
+  deploy_trigger = md5(join("-", [
+    each.key,
+    md5(base64encode(jsonencode(each.value))),
+    local.identifier,
+    local.owner,
+    local.acme_server_url,
+    local.project_name,
+    local.ip_family,
+    md5(base64encode(jsonencode(data.aws_availability_zones.available.names))),
+    md5(base64encode(jsonencode(local.project_subnet_names))),
+    md5(base64encode(jsonencode(local.project_load_balancer_access_cidrs))),
+    local.domain,
+    local.zone,
+    local.skip_cert,
+    data.aws_availability_zones.available.names[0],
+    md5(base64encode(jsonencode(values(local.target_groups)))),
+    md5(base64encode(jsonencode(local.server_access_addresses))),
+    local.username,
+    local.ssh_key,
+    local.install_method,
+    local.download,
+    local.rke2_version,
+  ]))
+  template_files = [
+    join("/", [path.module, "node_template", "main.tf"]),
+    join("/", [path.module, "node_template", "outputs.tf"]),
+    join("/", [path.module, "node_template", "variables.tf"]),
+    join("/", [path.module, "node_template", "versions.tf"]),
+  ]
   inputs = <<-EOT
     identifier                  = "${local.identifier}"
     owner                       = "${local.owner}"
@@ -311,11 +369,12 @@ strcontains(each.value.type, "database") ? local.database_config :
   EOT
 }
 
-resource "local_sensitive_file" "kubeconfig" {
+resource "file_local" "kubeconfig" {
   depends_on = [
     module.deploy_initial_node,
     module.deploy_additional_nodes,
   ]
-  content  = local.ino.output.kubeconfig
-  filename = "${local.local_file_path}/kubeconfig"
+  name      = "kubeconfig"
+  directory = local.local_file_path
+  contents  = local.ino.output.kubeconfig
 }