tfupdate icon indicating copy to clipboard operation
tfupdate copied to clipboard

Published 20 hours ago verified publisher icon minamijoyo

Support getting releases from CodeCommit (as git tags)?

Open lorengordon opened this issue 4 years ago • 3 comments

Hello, I've been using Dependabot for a while, but it's been really difficult to get community contributions merged since they were bought by GitHub. I think I'm starting to run into edge cases with their code and HCL2 (in our own fork), and hesitant to dedicate a bunch of time to fixing things that they'll never merge. So, looking around for other options and found your project.

A number of our projects are in CodeCommit, support for which is one of the things we added to our fork of Dependabot. I see at the moment that this project supports GitHub, Gitlab, and the Terraform Registry, so I wanted to ask if you would also be interested in supporting CodeCommit as a git remote for terraform module releases?

lorengordon avatar Dec 08 '20 02:12 lorengordon

Thank you for your interest.

To be honest, I don't want to add more dependencies for each git hosting service, because It would increase future maintenance cost. So I would like to find more generic approach.

Is it possible to use a general git command to get the latest tag from AWS CodeCommit repository? If so, we can get the latest version with a git command, and then update version constraints with tfupdate.

For example in GitHub:

[tfupdate@master|✔]$ VERSION=$(git -c 'versionsort.suffix=-' ls-remote --refs --tags --sort='v:refname' https://github.com/terraform-aws-modules/terraform-aws-vpc | tail -n 1 | cut -d'/' -f3 | sed s/^v//)

[tfupdate@master|✔]$ echo $VERSION
2.64.0

[tfupdate@master|✔]$ cat tmp/main.tf
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.63.0"
}

[tfupdate@master|✔]$ tfupdate module -v "$VERSION" terraform-aws-modules/vpc/aws tmp/main.tf

[tfupdate@master|✔]$ cat tmp/main.tf
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.64.0"
}

Does it also work in AWS CodeCommit?

minamijoyo avatar Dec 08 '20 05:12 minamijoyo

Yes, the CodeCommit remote supports that just fine. Perhaps a generic "git" provider would be a convenient fallback. Perhaps I'm struggling a bit to understand the tfupdate workflow. With dependabot, I just point it at the directory. It does something like this:

  1. Read all .tf and .hcl (for terragrunt) files
  2. Parse out the module labels and source lines
  3. Retrieve latest version info from remote sources
  4. Update the file
  5. Open the pull request

With tfupdate, it looks like 3 & 4 are covered? We'd have to somehow provide or parse out all the module sources ourselves, to feed to tfupdate?

lorengordon avatar Dec 08 '20 14:12 lorengordon

Yes, tfupdate mainly focuses 4, and partially supports 3 for now.

minamijoyo avatar Dec 09 '20 08:12 minamijoyo