diff --git a/.github/actions/terragrunt/README.md b/.github/actions/terragrunt/README.md index ffd5d51f..3a327127 100644 --- a/.github/actions/terragrunt/README.md +++ b/.github/actions/terragrunt/README.md @@ -5,7 +5,7 @@ This GitHub Action sets up **Terraform** and **Terragrunt** and runs a specified ## Features - Installs pinned versions of Terraform and Terragrunt -- Installs Terragrunt through `jdx/mise-action@v3` +- Installs Terragrunt through `jdx/mise-action@v4` - Uses AWS credentials already configured earlier in the same job when needed - Optionally passes Terragrunt variables via JSON tfvars - Supports `plan` mode for producing local saved plan files diff --git a/.github/actions/terragrunt/action.yml b/.github/actions/terragrunt/action.yml index 0601cba9..e3b4940e 100644 --- a/.github/actions/terragrunt/action.yml +++ b/.github/actions/terragrunt/action.yml @@ -40,7 +40,7 @@ runs: terraform_wrapper: false - name: Install Terragrunt - uses: jdx/mise-action@v3 + uses: jdx/mise-action@v4 with: tool_versions: | terragrunt ${{ inputs.tg_version }} diff --git a/.github/docs/README.md b/.github/docs/README.md index 18e5df6a..adc8d651 100644 --- a/.github/docs/README.md +++ b/.github/docs/README.md @@ -51,7 +51,7 @@ If you are unsure, the live `aws/oidc` stack in the target environment is the so - `release.yml` Creates release tags, prepares shared CI artifacts, builds release outputs, and publishes the GitHub release. Version bumps come from a repo-local action that scans commit subjects since the latest semver tag and matches configurable major/minor/patch prefixes. - `pull_request.yml` - Provides fast validation for workflow syntax, Terraform formatting/linting, changed runtime builds, and a direct execution check of the repo-local `get-next-version` Docker action. The version preview job classifies the PR title, so it reflects the version that would be implied if that PR title lands on `main`. Its `check` job normally runs the repo-local `get-changes` Docker action directly, using the PR base SHA for a PR-style `base...HEAD` diff, but manual `workflow_dispatch` runs now force every change flag on and rerun the full validation surface without a PR diff. When `.github/actions/**` changed, the workflow reuses `shared_directories_get.yml` to discover action directories with `Dockerfile`s and runs a Docker unit-test matrix for them after the GitHub formatting job. The Lambda naming check only runs when Lambda sources changed, and the ECS task/service pair check runs when container sources or Terragrunt live-stack directories changed; each is an explicit prerequisite for the corresponding build job. Terragrunt installation in that workflow now uses `jdx/mise-action@v3`, and TFLint setup now uses the Node 24 `terraform-linters/setup-tflint@v6` line. + Provides fast validation for workflow syntax, Terraform formatting/linting, changed runtime builds, and a direct execution check of the repo-local `get-next-version` Docker action. The version preview job classifies the PR title, so it reflects the version that would be implied if that PR title lands on `main`. Its `check` job normally runs the repo-local `get-changes` Docker action directly, using the PR base SHA for a PR-style `base...HEAD` diff, but manual `workflow_dispatch` runs now force every change flag on and rerun the full validation surface without a PR diff. When `.github/actions/**` changed, the workflow reuses `shared_directories_get.yml` to discover action directories with `Dockerfile`s and runs a Docker unit-test matrix for them after the GitHub formatting job. The Lambda naming check only runs when Lambda sources changed, and the ECS task/service pair check runs when container sources or Terragrunt live-stack directories changed; each is an explicit prerequisite for the corresponding build job. Terragrunt installation in that workflow now uses `jdx/mise-action@v4`, and TFLint setup now uses the Node 24 `terraform-linters/setup-tflint@v6` line. The local version action can also be tested outside GitHub Actions, either by running the Python entrypoint directly or through its dedicated Docker image. @@ -145,7 +145,7 @@ Run these checks on every CI, workflow, or deploy-contract change. - `./.github/actions/terragrunt` always uploads per-stack plan artifacts on `plan` and always downloads them on `apply_plan`, using the caller-provided `PLAN_ARTIFACT_S3_PREFIX` environment variable, so graph executors like `shared_infra.yml` do not need separate `./.github/actions/just` steps for those transfers - both repo-local composite actions, `./.github/actions/just` and `./.github/actions/terragrunt`, now assume AWS credentials are already configured in the current job when they need AWS access. The repo pattern is to run `aws-actions/configure-aws-credentials` at the top of each AWS-using job and then call the local actions without extra auth inputs - `./.github/actions/just` installs the requested `just` version through `extractions/setup-crate@v2` in the same minimal composite-action shape as `extractions/setup-just`, rather than depending on `extractions/setup-just` itself -- `./.github/actions/terragrunt` installs the requested Terragrunt version through `jdx/mise-action@v3`, while Terraform stays pinned separately through `hashicorp/setup-terraform` +- `./.github/actions/terragrunt` installs the requested Terragrunt version through `jdx/mise-action@v4`, while Terraform stays pinned separately through `hashicorp/setup-terraform` - saved infra-plan storage is intentionally split into two levels: - one run-level metadata file at `/infra-plan-metadata/plan-metadata.json` - one per-stack plan bundle under `/terragrunt-plan-/` diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 09c32bd5..93914a73 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -173,7 +173,7 @@ jobs: steps: - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 - - uses: jdx/mise-action@v3 + - uses: jdx/mise-action@v4 with: tool_versions: | terragrunt 0.45.10