v2.6.0

Support Migration of Components to a New GitHub Organization @goruha (#46)

## what * Automatically migrate existing components to the new GitHub organization

why

• Makes migration to new component structure simple and stable

Refs

• cloudposse/terraform-aws-components#1177

v2.5.1

Automatically Sign Commits Using GitHub API Instead of GitPython and GPG @goruha (#45)

## what

[!CAUTION]
This change has only undergone local development and has not been adequately tested for merge

• Removes GPG signing key option
• Updates commit signing to use PyGitHub instead of GitPython library

why

• Commits are made using GitPython, while pull requests are handled with PyGitHub. I found that PyGitHub can also make commits, and it could leverage the Atmos App token to automatically sign them. Let me know if you'd be interested in testing this approach

references

• Commit Signing
• #44

🤖 Automatic Updates

Update .github/settings.yml @osterman (#43)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v2.5.0

fix: fix gpg signing using git-plumbing method @RoseSecurity (#42)

## what

• GitPython does not allow you to sign commits with its git-porcelain method. Previously, this method was used but resulted in an error during execution. This change utilizes git-plumbing method to accomplish signed commits

why

• GitPython does not allow you to sign commits with its git-porcelain method. The way you typically commit with GitPython is:

repo = Repo(repo_dir)
index = repo.index
index.add([file_to_commit_path])
author = Actor("An author", "[email protected]")

index.commit("my commit message", author=author)

• index.commit method does not provide any argument to sign commits. If you want to sign commits you have to use the the git-plumbing method git.commit(...):

signingkey = "<KEY_ID>"

repo = Repo.init('.')
# Make changes
update_file = "./testing.txt"
with open(update_file, "a") as f:
    f.write("\nfix gpg signing")

# Add to stage
repo.index.add([update_file])

# Commit
repo.git.commit('-S', f'--gpg-sign={signingkey}', '-m', "my commit message")

The result:

# Grab commit SHA
 ❯ git log

# Verify commit is signed
 ❯ git verify-commit a9d6677
gpg: Signature made Wed Sep 11 18:16:36 2024 CDT
gpg:                using EDDSA key <KEY>
gpg: Good signature from "RoseSecurity (MacBook Pro) <[email protected]>" [ultimate]

references

• Signing Commits with GitPython

v2.4.0

fix: update commit signing method @RoseSecurity (#41)

## what

• The prior release included support for GPG signing of commits. This fails with the following error:

Traceback (most recent call last):
  File "/github/action/src/main.py", line 134, in <module>
    cli_main()
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/github/action/src/main.py", line 129, in cli_main
    main(github_api_token, config)
  File "/github/action/src/main.py", line 15, in main
    component_updater.update()
  File "/github/action/src/component_updater.py", line 65, in update
    responses.extend(self.__update_terraform_dir(infra_terraform_dir))
  File "/github/action/src/component_updater.py", line 84, in __update_terraform_dir
    response = self.__update_component(infra_terraform_dir, component_file)
  File "/github/action/src/component_updater.py", line 217, in __update_component
    pull_request_creation_response: PullRequestCreationResponse = self.__create_branch_and_pr(updated_component.infra_repo_dir,
  File "/github/action/src/component_updater.py", line 278, in __create_branch_and_pr
    self.__github_provider.create_branch_and_push_all_changes(repo_dir,
  File "/github/action/src/github_provider.py", line 94, in create_branch_and_push_all_changes
    repo.index.commit(commit_message, gpg_sign=True, gpg_signing_key=self.__config.gpg_key_id)
TypeError: IndexFile.commit() got an unexpected keyword argument 'gpg_sign'

• This change incorporates a fix for the error

why

• Fixes commit signing for Component Updater

references

• Signing Commit Docs
• Signing Issue

v2.3.2

Add GPG Key ID (#39) @goruha (#40)

## what

[!IMPORTANT]
This pull request is a work in progress as I would love to see this feature but do not want to encroach on any work from the CloudPosse team. If this PR is not on the right track, feel free to close at your will

why

• Provides an interface for teams to sign component updater commits
• The following is an example of how this could be leveraged to sign component updater commits:

name: "atmos-components"

on:
  workflow_dispatch: {}

  schedule:
    - cron:  '0 8 * * 1'         # Execute every week on Monday at 08:00

permissions:
  contents: write
  pull-requests: write

jobs:
  update:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Import GPG Key
        run: |
          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
          git config --global commit.gpgSign true

      - name: Update Atmos Components
        uses: cloudposse/github-action-atmos-component-updater@v2
        with:
          github-access-token: ${{ secrets.GITHUB_TOKEN }}
          max-number-of-prs: 5
          include: |
            aws-*
            eks/*
            bastion
          exclude: aws-sso,aws-saml
        env:
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}

#39

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#35)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• Add comment to PR when it is released

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#33)

## what - Update workflows (`.github/workflows/settings.yaml`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

v2.3.1

Pin base docker image to ubuntu:jammy @goruha (#32)

## what * Pin base docker image to `ubuntu:jammy`

why

• Docker build failed for ubuntu version >= 22.04

references

• https://github.com/cloudposse/github-action-atmos-component-updater/actions/runs/9009606808/job/24754152180
• DEV-2147 github-action-atmos-component-updater is broken for every customer

feat: FAQs for README @milldr (#25)

## what - Added FAQs to the READEME - Rebuild README with latest template

why

• I've missed these a few times, and they should be documented

references

• n/a

🤖 Automatic Updates

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#26)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

v2.3.0

Delete branch on PR close @goruha (#23)

what

• Delete branch on PR close

why

• Fix leaving trunk branches

v2.2.0

chore: remove nodejs @dudymas (#21)

what

• remove nodejs
• debug statements added to tools

why

• improving diagnostics when component yaml files have errors
• nodejs not necessary (slows builds!)

v2.1.0

Fixed bug when component is vendored but vendoring is disabled @zdmytriv (#17)

what

• Set default version of github action in readme to v2
• Fixed bug when component is vendored but vendoring is disabled (again)

why

• Fixed bug and updated readme

references

v2.0.0

Wrapped in Docker @zdmytriv (#14)

what

• Wrapped in Docker
• Renamed input parameter from skip-component-vendoring to vendoring-enabled

why

• Suppose to fix setup-python issue on amazon linux instances

references