Make registry modules lock scripts resilient (#196)

pagopa · Jan 16, 2025 · 1d56ff3 · 1d56ff3
1 parent ee11f17
commit 1d56ff3
Show file tree

Hide file tree

Showing 38 changed files with 355 additions and 103 deletions.
diff --git a/.changeset/shaggy-vans-check.md b/.changeset/shaggy-vans-check.md
@@ -0,0 +1,5 @@
+---
+"pre_commit_scripts": patch
+---
+
+First working version of the lock_modules pre-commit script
diff --git a/.changeset/tall-keys-protect.md b/.changeset/tall-keys-protect.md
@@ -0,0 +1,15 @@
+---
+"github_selfhosted_runner_on_container_app_jobs": patch
+"azure_function_app_exposed": patch
+"azure_app_service_exposed": patch
+"azure_postgres_server": patch
+"azure_storage_account": patch
+"azure_api_management": patch
+"azure_cosmos_account": patch
+"azure_function_app": patch
+"azure_app_service": patch
+"azure_core_infra": patch
+"azure_event_hub": patch
+---
+
+Relative module referencing substituted with terraform registry referencing
diff --git a/.github/workflows/static_analysis.yaml b/.github/workflows/static_analysis.yaml
@@ -25,6 +25,10 @@ on:
         type: boolean
         required: false
         default: false
+      check_to_run:
+        description: If set, it runs only the specified pre-commit hook check. Otherwise, all checks are run.
+        type: string
+        required: false
 
 concurrency:
   group: tf-static-analysis-${{ github.head_ref }}
@@ -77,7 +81,8 @@ jobs:
             --color=always \
             --show-diff-on-failure \
             --from-ref origin/${{ github.event.pull_request.base.ref }} \
-            --to-ref origin/${{ github.event.pull_request.head.ref }}
+            --to-ref origin/${{ github.event.pull_request.head.ref }} \
+            ${{ inputs.check_to_run }}
 
       - name: Run pre-commit
         if: ${{ github.event_name != 'pull_request' || !inputs.enable_modified_files_detection }}
@@ -89,4 +94,5 @@ jobs:
 
           pre-commit run \
             --color=always \
-            --all-files
+            --all-files \
+            ${{ inputs.check_to_run }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,4 +1,15 @@
 repos:
+  - repo: local
+    hooks:
+      - id: lock_modules
+        name: Lock Terraform Registry modules
+        description: 'Locks Terraform module versions and maintains hashes'
+        entry: infra/scripts/lock-modules.sh
+        language: script
+        files: '\.tf$'
+        exclude: ^.*\/modules\/.*
+        pass_filenames: true
+        require_serial: true
   - repo: https://github.com/antonbabenko/pre-commit-terraform
     rev: v1.96.2
     hooks:

diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
@@ -1,9 +1,11 @@
 - id: lock_modules
   name: Lock Terraform Registry modules
-  description: Create the file that contains terraform registry modules hashes
+  description: 'Locks Terraform module versions and maintains hashes'
   entry: infra/scripts/lock-modules.sh
   language: script
-
+  files: '\.tf$'
+  pass_filenames: true
+  require_serial: true
 - id: terraform_providers_lock_staged
   name: Terraform Providers Lock (on staged .terraform.lock.hcl files)
   entry: infra/scripts/terraform_lock_precommit.sh

diff --git a/infra/github-runner/dev/tfmodules.lock.json b/infra/github-runner/dev/tfmodules.lock.json
@@ -0,0 +1,3 @@
+{
+  "container_app_job_selfhosted_runner.naming_convention": "807e8fafaf3cda8d1df7cc5c624715555ff150e87a8df0becc7e5cab3e54f855"
+}
diff --git a/infra/identity/dev/.terraform.lock.hcl b/infra/identity/dev/.terraform.lock.hcl
diff --git a/infra/identity/dev/tfmodules.lock.json b/infra/identity/dev/tfmodules.lock.json
@@ -0,0 +1 @@
+{}
diff --git a/infra/modules/azure_api_management/README.md b/infra/modules/azure_api_management/README.md
@@ -48,7 +48,7 @@ module "apim" {
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_api_management/main.tf b/infra/modules/azure_api_management/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_app_service/README.md b/infra/modules/azure_app_service/README.md
@@ -12,7 +12,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_app_service/main.tf b/infra/modules/azure_app_service/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_app_service_exposed/README.md b/infra/modules/azure_app_service_exposed/README.md
@@ -14,7 +14,7 @@ This module is used to create an Azure App Service, allowing it to be configured
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_app_service_exposed/main.tf b/infra/modules/azure_app_service_exposed/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_core_infra/README.md b/infra/modules/azure_core_infra/README.md
@@ -46,7 +46,7 @@ module "core" {
 | <a name="module_dns"></a> [dns](#module\_dns) | ./_modules/dns | n/a |
 | <a name="module_github_runner"></a> [github\_runner](#module\_github\_runner) | ./_modules/github_runner | n/a |
 | <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | ./_modules/key_vault | n/a |
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 | <a name="module_naming_convention_gh_runner"></a> [naming\_convention\_gh\_runner](#module\_naming\_convention\_gh\_runner) | ../azure_naming_convention | n/a |
 | <a name="module_nat_gateway"></a> [nat\_gateway](#module\_nat\_gateway) | ./_modules/nat_gateway | n/a |
 | <a name="module_network"></a> [network](#module\_network) | ./_modules/networking | n/a |

diff --git a/infra/modules/azure_core_infra/main.tf b/infra/modules/azure_core_infra/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_cosmos_account/README.md b/infra/modules/azure_cosmos_account/README.md
@@ -11,7 +11,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_cosmos_account/main.tf b/infra/modules/azure_cosmos_account/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_event_hub/README.md b/infra/modules/azure_event_hub/README.md
@@ -12,7 +12,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_event_hub/main.tf b/infra/modules/azure_event_hub/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_function_app/README.md b/infra/modules/azure_function_app/README.md
@@ -12,7 +12,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_function_app/main.tf b/infra/modules/azure_function_app/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_function_app_exposed/README.md b/infra/modules/azure_function_app_exposed/README.md
@@ -12,7 +12,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_function_app_exposed/main.tf b/infra/modules/azure_function_app_exposed/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_postgres_server/README.md b/infra/modules/azure_postgres_server/README.md
@@ -12,7 +12,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_postgres_server/main.tf b/infra/modules/azure_postgres_server/main.tf
@@ -8,7 +8,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/azure_storage_account/README.md b/infra/modules/azure_storage_account/README.md
@@ -11,7 +11,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/azure_storage_account/main.tf b/infra/modules/azure_storage_account/main.tf
@@ -12,7 +12,8 @@ provider "azurerm" {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/modules/github_selfhosted_runner_on_container_app_jobs/README.md b/infra/modules/github_selfhosted_runner_on_container_app_jobs/README.md
@@ -12,7 +12,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| <a name="module_naming_convention"></a> [naming\_convention](#module\_naming\_convention) | pagopa/dx-azure-naming-convention/azurerm | ~> 0 |
 
 ## Resources
 

diff --git a/infra/modules/github_selfhosted_runner_on_container_app_jobs/main.tf b/infra/modules/github_selfhosted_runner_on_container_app_jobs/main.tf
@@ -9,7 +9,8 @@ terraform {
 }
 
 module "naming_convention" {
-  source = "../azure_naming_convention"
+  source  = "pagopa/dx-azure-naming-convention/azurerm"
+  version = "~> 0"
 
   environment = {
     prefix          = var.environment.prefix

diff --git a/infra/repository/.terraform.lock.hcl b/infra/repository/.terraform.lock.hcl
diff --git a/infra/repository/README.md b/infra/repository/README.md
@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.111.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.15.0 |
 | <a name="provider_github"></a> [github](#provider\_github) | 6.1.0 |
 
 ## Modules

diff --git a/infra/repository/tfmodules.lock.json b/infra/repository/tfmodules.lock.json
@@ -0,0 +1 @@
+{}
diff --git a/infra/resources/dev/main.tf b/infra/resources/dev/main.tf
@@ -51,4 +51,4 @@ module "core" {
   test_enabled = true
 
   tags = local.tags
-}
+}
diff --git a/infra/resources/dev/tfmodules.lock.json b/infra/resources/dev/tfmodules.lock.json
@@ -0,0 +1,3 @@
+{
+  "core.naming_convention": "807e8fafaf3cda8d1df7cc5c624715555ff150e87a8df0becc7e5cab3e54f855"
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -51,4 +51,4 @@ module "core" { @@
       test_enabled = true
       tags = local.tags
-    }
+    }