fix: Update CI workflow versions to remove deprecated runtime warnings (#67)

bryantbiggs · web-flow · commit e62e629d56ef · 2024-03-06T18:18:36.000-08:00
diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
@@ -8,7 +8,7 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           issue-comment: >
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       # Please look up the latest version from
       # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v5.0.2
+      - uses: amannn/action-semantic-pull-request@v5.4.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -8,7 +8,7 @@ on:
 
 env:
   TERRAFORM_DOCS_VERSION: v0.16.0
-  TFLINT_VERSION: v0.44.1
+  TFLINT_VERSION: v0.50.3
 
 jobs:
   collectInputs:
@@ -18,11 +18,11 @@ jobs:
       directories: ${{ steps.dirs.outputs.directories }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Get root directories
         id: dirs
-        uses: clowdhaus/terraform-composite-actions/directories@v1.8.0
+        uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
 
   preCommitMinVersions:
     name: Min TF pre-commit
@@ -32,19 +32,27 @@ jobs:
       matrix:
         directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
     steps:
+      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
+      - name: Delete huge unnecessary tools folder
+        run: |
+          rm -rf /opt/hostedtoolcache/CodeQL
+          rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
+          rm -rf /opt/hostedtoolcache/Ruby
+          rm -rf /opt/hostedtoolcache/go
+
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.0
+        uses: clowdhaus/terraform-min-max@v1.3.0
         with:
           directory: ${{ matrix.directory }}
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
-        if: ${{ matrix.directory !=  '.' && !contains(matrix.directory, 'wrappers') }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
+        if: ${{ matrix.directory !=  '.' }}
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           tflint-version: ${{ env.TFLINT_VERSION }}
@@ -53,7 +61,7 @@ jobs:
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           tflint-version: ${{ env.TFLINT_VERSION }}
@@ -64,18 +72,26 @@ jobs:
     runs-on: ubuntu-latest
     needs: collectInputs
     steps:
+      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
+      - name: Delete huge unnecessary tools folder
+        run: |
+          rm -rf /opt/hostedtoolcache/CodeQL
+          rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
+          rm -rf /opt/hostedtoolcache/Ruby
+          rm -rf /opt/hostedtoolcache/go
+
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{github.event.pull_request.head.repo.full_name}}
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.0
+        uses: clowdhaus/terraform-min-max@v1.3.0
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
           tflint-version: ${{ env.TFLINT_VERSION }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,18 +20,18 @@ jobs:
     if: github.repository_owner == 'terraform-aws-modules'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
           fetch-depth: 0
 
       - name: Release
-        uses: cycjimmy/semantic-release-action@v3
+        uses: cycjimmy/semantic-release-action@v4
         with:
-          semantic_version: 18.0.0
+          semantic_version: 23.0.2
           extra_plugins: |
-            @semantic-release/changelog@6.0.0
-            @semantic-release/git@10.0.0
-            conventional-changelog-conventionalcommits@4.6.3
+            @semantic-release/changelog@6.0.3
+            @semantic-release/git@10.0.1
+            conventional-changelog-conventionalcommits@7.0.2
         env:
           GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml
@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v6
+      - uses: actions/stale@v9
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # Staling issues and PR's
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,10 +1,9 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.88.0
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
-      - id: terraform_validate
       - id: terraform_docs
         args:
           - '--args=--lockfile=false'
@@ -23,8 +22,11 @@ repos:
           - '--args=--only=terraform_required_providers'
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
+          - '--args=--only=terraform_unused_required_providers'
+      - id: terraform_validate
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
+      - id: trailing-whitespace
diff --git a/README.md b/README.md
@@ -120,7 +120,7 @@ module "cis_alarms" {
 
 AWS CloudTrail normally publishes logs into AWS CloudWatch Logs. This module creates log metric filters together with metric alarms according to [CIS AWS Foundations Benchmark v1.4.0 (05-28-2021)](https://www.cisecurity.org/benchmark/amazon_web_services/). Read more about [CIS AWS Foundations Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html).
 
-### Metric Stream 
+### Metric Stream
 
 ```hcl
 module "metric_stream" {
@@ -170,7 +170,7 @@ module "metric_stream" {
 module "query_definition" {
   source  = "terraform-aws-modules/cloudwatch/aws//modules/query-definition"
   version = "~> 4.0"
-  
+
   name = "my-query-definition"
   log_group_names = ["my-log-group-name"]
   query_string = <<EOF
diff --git a/wrappers/cis-alarms/main.tf b/wrappers/cis-alarms/main.tf
@@ -3,16 +3,16 @@ module "wrapper" {
 
   for_each = var.items
 
-  create                    = try(each.value.create, var.defaults.create, true)
-  use_random_name_prefix    = try(each.value.use_random_name_prefix, var.defaults.use_random_name_prefix, false)
-  name_prefix               = try(each.value.name_prefix, var.defaults.name_prefix, "")
+  actions_enabled           = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
+  alarm_actions             = try(each.value.alarm_actions, var.defaults.alarm_actions, [])
   control_overrides         = try(each.value.control_overrides, var.defaults.control_overrides, {})
+  create                    = try(each.value.create, var.defaults.create, true)
   disabled_controls         = try(each.value.disabled_controls, var.defaults.disabled_controls, [])
-  namespace                 = try(each.value.namespace, var.defaults.namespace, "CISBenchmark")
+  insufficient_data_actions = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, [])
   log_group_name            = try(each.value.log_group_name, var.defaults.log_group_name, "")
-  alarm_actions             = try(each.value.alarm_actions, var.defaults.alarm_actions, [])
-  actions_enabled           = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
-  tags                      = try(each.value.tags, var.defaults.tags, {})
+  name_prefix               = try(each.value.name_prefix, var.defaults.name_prefix, "")
+  namespace                 = try(each.value.namespace, var.defaults.namespace, "CISBenchmark")
   ok_actions                = try(each.value.ok_actions, var.defaults.ok_actions, [])
-  insufficient_data_actions = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, [])
+  tags                      = try(each.value.tags, var.defaults.tags, {})
+  use_random_name_prefix    = try(each.value.use_random_name_prefix, var.defaults.use_random_name_prefix, false)
 }
diff --git a/wrappers/cis-alarms/outputs.tf b/wrappers/cis-alarms/outputs.tf
@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }
diff --git a/wrappers/composite-alarm/main.tf b/wrappers/composite-alarm/main.tf
@@ -3,14 +3,14 @@ module "wrapper" {
 
   for_each = var.items
 
-  create                    = try(each.value.create, var.defaults.create, true)
-  alarm_name                = try(each.value.alarm_name, var.defaults.alarm_name, null)
-  alarm_description         = try(each.value.alarm_description, var.defaults.alarm_description, null)
   actions_enabled           = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
   actions_suppressor        = try(each.value.actions_suppressor, var.defaults.actions_suppressor, {})
   alarm_actions             = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
+  alarm_description         = try(each.value.alarm_description, var.defaults.alarm_description, null)
+  alarm_name                = try(each.value.alarm_name, var.defaults.alarm_name, null)
+  alarm_rule                = try(each.value.alarm_rule, var.defaults.alarm_rule, null)
+  create                    = try(each.value.create, var.defaults.create, true)
   insufficient_data_actions = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
   ok_actions                = try(each.value.ok_actions, var.defaults.ok_actions, null)
-  alarm_rule                = try(each.value.alarm_rule, var.defaults.alarm_rule, null)
   tags                      = try(each.value.tags, var.defaults.tags, {})
 }
diff --git a/wrappers/composite-alarm/outputs.tf b/wrappers/composite-alarm/outputs.tf
@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }
diff --git a/wrappers/log-group/main.tf b/wrappers/log-group/main.tf
@@ -4,11 +4,11 @@ module "wrapper" {
   for_each = var.items
 
   create            = try(each.value.create, var.defaults.create, true)
+  kms_key_id        = try(each.value.kms_key_id, var.defaults.kms_key_id, null)
+  log_group_class   = try(each.value.log_group_class, var.defaults.log_group_class, null)
   name              = try(each.value.name, var.defaults.name, null)
   name_prefix       = try(each.value.name_prefix, var.defaults.name_prefix, null)
   retention_in_days = try(each.value.retention_in_days, var.defaults.retention_in_days, null)
-  kms_key_id        = try(each.value.kms_key_id, var.defaults.kms_key_id, null)
-  log_group_class   = try(each.value.log_group_class, var.defaults.log_group_class, null)
   skip_destroy      = try(each.value.skip_destroy, var.defaults.skip_destroy, null)
   tags              = try(each.value.tags, var.defaults.tags, {})
 }
diff --git a/wrappers/log-group/outputs.tf b/wrappers/log-group/outputs.tf
@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }
diff --git a/wrappers/log-metric-filter/main.tf b/wrappers/log-metric-filter/main.tf
@@ -4,13 +4,13 @@ module "wrapper" {
   for_each = var.items
 
   create_cloudwatch_log_metric_filter = try(each.value.create_cloudwatch_log_metric_filter, var.defaults.create_cloudwatch_log_metric_filter, true)
-  name                                = try(each.value.name, var.defaults.name)
-  pattern                             = try(each.value.pattern, var.defaults.pattern)
   log_group_name                      = try(each.value.log_group_name, var.defaults.log_group_name)
+  metric_transformation_default_value = try(each.value.metric_transformation_default_value, var.defaults.metric_transformation_default_value, null)
+  metric_transformation_dimensions    = try(each.value.metric_transformation_dimensions, var.defaults.metric_transformation_dimensions, {})
   metric_transformation_name          = try(each.value.metric_transformation_name, var.defaults.metric_transformation_name)
   metric_transformation_namespace     = try(each.value.metric_transformation_namespace, var.defaults.metric_transformation_namespace)
-  metric_transformation_value         = try(each.value.metric_transformation_value, var.defaults.metric_transformation_value, "1")
-  metric_transformation_default_value = try(each.value.metric_transformation_default_value, var.defaults.metric_transformation_default_value, null)
   metric_transformation_unit          = try(each.value.metric_transformation_unit, var.defaults.metric_transformation_unit, null)
-  metric_transformation_dimensions    = try(each.value.metric_transformation_dimensions, var.defaults.metric_transformation_dimensions, {})
+  metric_transformation_value         = try(each.value.metric_transformation_value, var.defaults.metric_transformation_value, "1")
+  name                                = try(each.value.name, var.defaults.name)
+  pattern                             = try(each.value.pattern, var.defaults.pattern)
 }
diff --git a/wrappers/log-metric-filter/outputs.tf b/wrappers/log-metric-filter/outputs.tf
@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }
diff --git a/wrappers/log-stream/main.tf b/wrappers/log-stream/main.tf
@@ -4,6 +4,6 @@ module "wrapper" {
   for_each = var.items
 
   create         = try(each.value.create, var.defaults.create, true)
-  name           = try(each.value.name, var.defaults.name, null)
   log_group_name = try(each.value.log_group_name, var.defaults.log_group_name, null)
+  name           = try(each.value.name, var.defaults.name, null)
 }
diff --git a/wrappers/log-stream/outputs.tf b/wrappers/log-stream/outputs.tf
@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }
diff --git a/wrappers/metric-alarm/main.tf b/wrappers/metric-alarm/main.tf
@@ -3,27 +3,27 @@ module "wrapper" {
 
   for_each = var.items
 
-  create_metric_alarm                   = try(each.value.create_metric_alarm, var.defaults.create_metric_alarm, true)
-  alarm_name                            = try(each.value.alarm_name, var.defaults.alarm_name)
+  actions_enabled                       = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
+  alarm_actions                         = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
   alarm_description                     = try(each.value.alarm_description, var.defaults.alarm_description, null)
+  alarm_name                            = try(each.value.alarm_name, var.defaults.alarm_name)
   comparison_operator                   = try(each.value.comparison_operator, var.defaults.comparison_operator)
+  create_metric_alarm                   = try(each.value.create_metric_alarm, var.defaults.create_metric_alarm, true)
+  datapoints_to_alarm                   = try(each.value.datapoints_to_alarm, var.defaults.datapoints_to_alarm, null)
+  dimensions                            = try(each.value.dimensions, var.defaults.dimensions, null)
+  evaluate_low_sample_count_percentiles = try(each.value.evaluate_low_sample_count_percentiles, var.defaults.evaluate_low_sample_count_percentiles, null)
   evaluation_periods                    = try(each.value.evaluation_periods, var.defaults.evaluation_periods)
-  threshold                             = try(each.value.threshold, var.defaults.threshold, null)
-  threshold_metric_id                   = try(each.value.threshold_metric_id, var.defaults.threshold_metric_id, null)
-  unit                                  = try(each.value.unit, var.defaults.unit, null)
+  extended_statistic                    = try(each.value.extended_statistic, var.defaults.extended_statistic, null)
+  insufficient_data_actions             = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
   metric_name                           = try(each.value.metric_name, var.defaults.metric_name, null)
+  metric_query                          = try(each.value.metric_query, var.defaults.metric_query, [])
   namespace                             = try(each.value.namespace, var.defaults.namespace, null)
+  ok_actions                            = try(each.value.ok_actions, var.defaults.ok_actions, null)
   period                                = try(each.value.period, var.defaults.period, null)
   statistic                             = try(each.value.statistic, var.defaults.statistic, null)
-  actions_enabled                       = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
-  datapoints_to_alarm                   = try(each.value.datapoints_to_alarm, var.defaults.datapoints_to_alarm, null)
-  dimensions                            = try(each.value.dimensions, var.defaults.dimensions, null)
-  alarm_actions                         = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
-  insufficient_data_actions             = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
-  ok_actions                            = try(each.value.ok_actions, var.defaults.ok_actions, null)
-  extended_statistic                    = try(each.value.extended_statistic, var.defaults.extended_statistic, null)
-  treat_missing_data                    = try(each.value.treat_missing_data, var.defaults.treat_missing_data, "missing")
-  evaluate_low_sample_count_percentiles = try(each.value.evaluate_low_sample_count_percentiles, var.defaults.evaluate_low_sample_count_percentiles, null)
-  metric_query                          = try(each.value.metric_query, var.defaults.metric_query, [])
   tags                                  = try(each.value.tags, var.defaults.tags, {})
+  threshold                             = try(each.value.threshold, var.defaults.threshold, null)
+  threshold_metric_id                   = try(each.value.threshold_metric_id, var.defaults.threshold_metric_id, null)
+  treat_missing_data                    = try(each.value.treat_missing_data, var.defaults.treat_missing_data, "missing")
+  unit                                  = try(each.value.unit, var.defaults.unit, null)
 }
diff --git a/wrappers/metric-alarm/outputs.tf b/wrappers/metric-alarm/outputs.tf
@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }
diff --git a/wrappers/metric-alarms-by-multiple-dimensions/main.tf b/wrappers/metric-alarms-by-multiple-dimensions/main.tf
diff --git a/wrappers/metric-alarms-by-multiple-dimensions/outputs.tf b/wrappers/metric-alarms-by-multiple-dimensions/outputs.tf
diff --git a/wrappers/metric-stream/main.tf b/wrappers/metric-stream/main.tf
diff --git a/wrappers/metric-stream/outputs.tf b/wrappers/metric-stream/outputs.tf
diff --git a/wrappers/query-definition/main.tf b/wrappers/query-definition/main.tf
diff --git a/wrappers/query-definition/outputs.tf b/wrappers/query-definition/outputs.tf

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`output "wrapper" {`
`2`	`2`	`description = "Map of outputs of a wrapper."`
`3`	`3`	`value = module.wrapper`
`4`		`- # sensitive = false # No sensitive module output found`
	`4`	`+ # sensitive = false # No sensitive module output found`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,6 @@ module "wrapper" {`
`4`	`4`	`for_each = var.items`
`5`	`5`
`6`	`6`	`create = try(each.value.create, var.defaults.create, true)`
`7`		`- name = try(each.value.name, var.defaults.name, null)`
`8`	`7`	`log_group_name = try(each.value.log_group_name, var.defaults.log_group_name, null)`
	`8`	`+ name = try(each.value.name, var.defaults.name, null)`
`9`	`9`	`}`