This repository was archived by the owner on Feb 18, 2025. It is now read-only.
TLS-133-tracking-wpengine-pre-commit-terraform-via-dependabot-bump-tj-actions-changed-files-to-41 #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Description of your changes * Tested out that it works on Ubuntu 22.04.3 * Add needed link to python3 * Update infracost command as it was changed
And partially revert syntax as GH Markdown is buggy: https://github.com/orgs/community/discussions/16925#discussioncomment-7574895
## [1.86.1](v1.86.0...v1.86.1) (2024-02-16) ### Bug Fixes * `grep: warning: stray \ before /` which pop-up in `grep 3.8` ([#625](#625)) ([e1a93b2](e1a93b2))
…ction in README (#620) ### Reasoning We have a GH workflow that runs lockflies updates every week (implementation and reasoning [here](https://grem1.in/post/terraform-lockfiles-maxymvlasov/)). It usually takes from 2h 30min to 3h 15min. That was fine for us, till we found that our GH runners, based on AWS EC2s, started silently failing after 30min "without recent logs", and that was fixed by crutch which sends a dummy log every 10min. However, during the debugging, I spent some time describing why hooks were not utilizing all the provided resources. And that means a waste of time and money, not only for that corner case but for every huge commit, which can cause opting out by `git commit -n` of using hooks locally for changes that affect many directories. ### Description of your changes * Add per-hook `--parallelism-limit` setting to `--hook-config`. Defaults to `number of logical CPUs - 1` * As quick tests show, ~5% of stacks face race condition problem, no matter if any locking mechanism exists or dirs try to init in parallel. I suppose the lock failed as it uses disk when hooks run in memory, so the creation of the lock can take some time as there bunch of caches between Mem and Disk. These milliseconds are enough to allow running a few `t init` in parallel. * Final implementation uses a retry mechanism for cases when race condition failed to `t init` directory. In quick tests, I can say that on big changes: * Up to 2000% speed increase for `terraform_validate`, and up to 500% - for other affected hooks. * When `--parallelism-limit=1` I observed an insignificant increase in time (about 5-10%) compared to v1.86.0 which has no parallelism at all. This may be the cost of maintaining parallelism or the result of external factors since the tests were not conducted in a vacuum. For small changes, improvements are less significant. ----- Other significant findings/solutions included to this PR: * feat: Investigate and fix issue with wrong CPU count for containers (#623) So, I found that `nproc` always shows how many CPUs available is. K8s "limits" and docker `--cpus` are throttling mechanisms, which do not hide the visibility of all cores. There are a few workarounds, but IMO, it is better to implement checks for that than do them >Workaround for docker - set `--cpuset-cpus` >Workaraund for K8s - somehow deal with [kubelet static CPU management policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies), as [recommend in Reddit](https://news.ycombinator.com/item?id=25224714) * Send all "colorify" logs through stderr, as make able to add user-facing-logs in functions that also need to return same value to the function-caller. Needed for `common::get_cpu_num` err_msg show up ------ * Count --parallelism-ci-cpu-cores only in edge-cases Details: #620 (review) --------- Co-authored-by: George L. Yermulnik <[email protected]>
# [1.87.0](v1.86.1...v1.87.0) (2024-02-17) ### Features * Add parallelism to major chunk of hooks. Check `Parallelism` section in README ([#620](#620)) ([6c6eca4](6c6eca4))
fix: Replace `mapfile` to support Bash 3.2.57 pre-installed in macOS
## [1.87.1](v1.87.0...v1.87.1) (2024-02-19) ### Bug Fixes * Replace `mapfile` to support Bash 3.2.57 pre-installed in macOS ([#628](#628)) ([01ab3f0](01ab3f0))
# [1.88.0](v1.87.1...v1.88.0) (2024-02-22) ### Features * Add `terragrunt_providers_lock` hook ([#632](#632)) ([77940fd](77940fd))
… arm64. Workaround till issue will be fixed in `checkov` itself (#635) --------- Co-authored-by: George L. Yermulnik <[email protected]> Co-authored-by: MaxymVlasov <[email protected]>
## [1.88.1](v1.88.0...v1.88.1) (2024-03-11) ### Bug Fixes * **docker:** Checkov installation silently fails on `docker build` in arm64. Workaround till issue will be fixed in `checkov` itself ([#635](#635)) ([f255b05](f255b05))
…+ Add `trace` log level (#645) --------- Co-authored-by: George L. Yermulnik <[email protected]>
## [1.88.2](v1.88.1...v1.88.2) (2024-03-13) ### Bug Fixes * **non-linux:** Bash environment variables in arguments not expanded + Add `trace` log level ([#645](#645)) ([a2a2990](a2a2990))
--------- Co-authored-by: George L. Yermulnik <[email protected]>
…form_validate` hook) run when only lockfile changed (#649) ### Description of your changes  When the terraform root module contains any child module it requires `terraform init` to run to be able to successfully run the provider lock operation. Previously, `terraform init` was in `terraform_providers_lock` hook too, but moved out to be only in `terraform_validate`, because there was little sense in trying to lock anything that was code invalid. If we return `terraform init` back to `terraform_providers_lock` - major changes in providers that remove resources etc. can be successfully written to lockfile without any checks, as such checks done in `terraform_validate` ## Workaround till the release of that stuff Add `files: (\.tf|\.tfvars|\.terraform\.lock\.hcl)$` to `terraform_validate` hook call --- Co-authored-by: George L. Yermulnik <[email protected]>
# [1.99.0](v1.98.1...v1.99.0) (2025-04-14) ### Features * Add support for running hooks on `.tofu` files by default ([#875](#875)) ([fe1f62f](fe1f62f))
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…885) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ps should be find out and installed manually (#892) ### Description of your changes * Previously, these docs wrongly assumed that repo was `git init`/`git clone` after setting up of `init.templateDir`, which is not the case for 90%+ of newcomers. * Installation instructions were too far away for list of dependencies, so it were easy to interpret that you need to install all these deps manually, and only then find out that there are already instructions that cover their installation. Rearranging them slightly, fix that issues --------- Co-authored-by: George L. Yermulnik <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#898) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…1.11 (#897) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…+ instead of deprecated ones (#901) --------- Co-authored-by: MaxymVlasov <[email protected]> Co-authored-by: Julien Rottenberg <[email protected]> Co-authored-by: George L. Yermulnik <[email protected]>
## [1.99.1](v1.99.0...v1.99.1) (2025-05-29) ### Bug Fixes * **`terragrunt_*` hooks:** Use new subcommands for terragrunt v0.78.0+ instead of deprecated ones ([#901](#901)) ([54468bb](54468bb))
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
That PR integrate one more static analysis tool, as CodeQL is good, but it not cover all cases Here is an article about zizmor value - https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection zizmor repo - https://github.com/woodruffw/zizmor --------- Co-authored-by: George L. Yermulnik <[email protected]>
Pinned by `pre-commit autoupdate --freeze` as `pre-commit` in Renovate currently [does not support](renovatebot/renovate#22488) freezing style used by `pre-commit`
Signed-off-by: Oliver Ladner <[email protected]> Co-authored-by: Oliver Ladner <[email protected]>
## [1.99.2](v1.99.1...v1.99.2) (2025-06-05) ### Bug Fixes * make infracost_breakdown.sh compatible with bash 3.2 (macOS) ([#903](#903)) ([dcb4c36](dcb4c36))
….tofu` files support (#904) --------- Co-authored-by: T. Hinrichsmeyer <[email protected]> Co-authored-by: George L. Yermulnik <[email protected]>
## [1.99.3](v1.99.2...v1.99.3) (2025-06-06) ### Bug Fixes * **`terraform_docs`, `terraform_wrapper_module_for_each`:** Improve `.tofu` files support ([#904](#904)) ([4f85212](4f85212))
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Put an
xinto the box if that apply:Description of your changes
How can we test changes