Skip to content

Implement automated Terraform provider update workflow with changesets #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 32 commits into from
Nov 6, 2025
Merged

Implement automated Terraform provider update workflow with changesets #112

Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
5e6e35d
Initial plan
Copilot Nov 5, 2025
0e5cdb8
feat: add automated package update workflow
Copilot Nov 5, 2025
48b4a51
style: apply prettier formatting to automation files
Copilot Nov 5, 2025
a77cbe3
fix: use spawnSync to prevent command injection in release plan
Copilot Nov 5, 2025
c77ab6a
fix: improve security of automation script
Copilot Nov 5, 2025
53e48b9
feat: use pulumi package add to generate updated packages
Copilot Nov 5, 2025
b29e7cb
fix: improve GitHub Actions output escaping
Copilot Nov 5, 2025
608ebac
feat: fetch versions and changelogs from GitHub releases
Copilot Nov 5, 2025
f52462e
fix: improve security and robustness of update script
Copilot Nov 5, 2025
b789c65
fix: use Terraform registry for pulumi package add command
Copilot Nov 5, 2025
7de3b39
fix: use Terraform registry instead of OpenTofu for API calls
Copilot Nov 5, 2025
8514e3f
feat: add GitHub token authentication for API calls
Copilot Nov 5, 2025
40cc4cf
fix: add PULUMI_CONFIG_PASSPHRASE for temporary projects
Copilot Nov 5, 2025
4826cc3
fix: update pulumi command syntax and exclude .gitignore from copy
Copilot Nov 5, 2025
40f8972
feat: run nx release plan per project with bump type
Copilot Nov 5, 2025
a833366
fix: include changelog in release plan message
Copilot Nov 5, 2025
8e65624
refactor: remove redundant Configure Git step
Copilot Nov 5, 2025
0b1e8cf
update check-updates script refine release message to align with terr…
hckhanh Nov 5, 2025
06eff87
Simplify GitHub Actions workflow by removing unnecessary blank lines
hckhanh Nov 5, 2025
eb23f66
Update GitHub Actions workflows move env variables to steps and refin…
hckhanh Nov 6, 2025
a79c0f9
Relocate GITHUB_TOKEN env variable to correct step in update-packages…
hckhanh Nov 6, 2025
95c22e2
Add git add command after pnpm fix in update-packages workflow
hckhanh Nov 6, 2025
84024ef
feat: commit updates directly to main instead of creating PR
Copilot Nov 6, 2025
d6a42a6
refactor: switch from nx release to changesets for version management
Copilot Nov 6, 2025
f2e548b
feat: use changesets/action for PR creation and publishing
Copilot Nov 6, 2025
2aff0fc
feat: add auto-merge for release PRs using rebase
Copilot Nov 6, 2025
3f18d09
Update workflows to refine package publishing steps and adjust releas…
hckhanh Nov 6, 2025
6ebc664
Update changeset configuration and dependencies to use restricted acc…
hckhanh Nov 6, 2025
bbdab8e
Update changesets CLI and pnpm-lock dependencies to latest versions
hckhanh Nov 6, 2025
45be33e
Remove unused id changesets from publish workflow
hckhanh Nov 6, 2025
6e35242
[autofix.ci] apply automated fixes
autofix-ci[bot] Nov 6, 2025
4769e62
Update publish workflow to trigger on main branch instead of tags
hckhanh Nov 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions .github/scripts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Automation Scripts

This directory contains automation scripts for maintaining the Pulumi provider packages.

## check-updates.js

This script automatically checks for updates to Terraform providers and updates the corresponding Pulumi packages.

### How it works

1. **Scans packages**: Iterates through all packages in the `packages/` directory
2. **Extracts provider info**: Decodes the base64-encoded parameterization value to get the current provider version and registry URL
3. **Gets GitHub repository**: Queries the Terraform registry to get the source GitHub repository
4. **Fetches latest release**: Gets the latest release version and changelog from GitHub API
5. **Updates packages**: For packages with newer versions available:
- Creates a temporary Pulumi project
- Runs `pulumi package add terraform-provider namespace/name@version`
- Copies generated TypeScript files to the package directory
- Updates the `pulumi` property in `package.json` with new parameterization
6. **Creates release plan**: Uses `nx release plan` to prepare versioning and changelog updates
7. **Stages changes**: Adds all changes to git staging area

### Usage

Manual execution:

```bash
node .github/scripts/check-updates.js
```

Automated execution via GitHub Actions:

- Runs weekly on Mondays at 00:00 UTC
- Can be triggered manually via workflow dispatch

### Output

The script produces:

- Updated `package.json` files with new provider versions
- Updated `CHANGELOG.md` files with release information
- Nx release plan files
- GitHub Actions outputs for PR creation

### Environment Variables

When running in GitHub Actions, the script uses:

- `GITHUB_OUTPUT`: To pass update information to subsequent workflow steps

### API Endpoints

- **Terraform Registry**: `https://registry.terraform.io/v1/providers/{namespace}/{name}` - to get the GitHub repository URL
- **GitHub Releases**: `https://api.github.com/repos/{owner}/{repo}/releases/latest` - to get the latest version and changelog

### Error Handling

The script continues processing other packages if one fails, logging errors to console. It only exits with a non-zero status if the release plan creation fails.
Loading