Merge pull request '🔧 Renovate: Update (patch) Terraform signoz to v0.0.12' (#38) from renovate/terraform-signoz-0-0-12 into main

Merged by Trez.One

.gitea/workflows/auto-pr-tofu-plan.yml

@@ -1,188 +0,0 @@
-name: Auto-PR Check/Creation and TF/OpenTofu Plan
-
-on:
-  workflow_dispatch:
-  push:
-    branches-ignore:
-      - "main"
-      - "renovate/**"
-    paths:
-      - "cloudflare/**"
-
-env:
-  OPENTOFU_VERSION: "1.10.6"
-  HC_VAULT_VERSION: "1.20.4"
-  TEA_VERSION: "0.10.1"
-
-jobs:
-  check-and-create-pr:
-    name: Check and Create PR
-    outputs:
-      pr_number: ${{ steps.pr-check-create.outputs.pr_number }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Setting Vault Token
-        run: echo "VAULT_TOKEN=${{ secrets.VAULT_GITEA_TOKEN }}" >> $GITHUB_ENV
-
-      - name: Gotify Notification - Start
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
-          gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
-          notification_title: "GITEA: PR Check @ Rinoa"
-          notification_message: "Checking for existing PR... 🔍"
-
-      - name: PR Check/Creation
-        id: pr-check-create
-        uses: https://git.trez.wtf/Trez/gitea-auto-pr@main
-        with:
-          url: ${{ secrets.TREZ_GITEA_URL }}
-          token: ${{ secrets.BOT_GITEA_TOKEN }}
-          pr-label: "docker-compose,manual"
-          assignee: ${{ github.actor }}
-
-      - name: Gotify Notification - Done
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
-          gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
-          notification_title: "GITEA: PR Check @ Rinoa"
-          notification_message: "PR Check done 🎟️"
-
-  plan-approval:
-    name: OpenTofu Plan
-    needs: check-and-create-pr
-    runs-on: ubuntu-latest
-    env:
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-    outputs:
-      tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup OpenTofu
-        uses: opentofu/setup-opentofu@v1.0.6
-        with:
-          version: ${{ env.OPENTOFU_VERSION }}
-          tofu_wrapper: true
-
-      - name: Generate .env from Hashicorp Vault
-        uses: https://git.trez.wtf/Trez/hc-vault-env@main
-        with:
-          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
-          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
-          HC_VAULT_AUTH: token
-          HC_VAULT_TOKEN: ${{ env.VAULT_TOKEN }}
-          HC_VAULT_SECRETS_PATH: tar-valon-terraform/env
-          ENV_FILE_NAME: cloudflare/.env
-
-      - name: Export env vars from Vault .env
-        id: env-vault-vars
-        run: |
-          sed -i 's/[\"'\'']//g' cloudflare/.env
-          set -a
-          source cloudflare/.env
-          set +a
-          while IFS='=' read -r key value; do
-            if [[ -n "$key" ]]; then
-              echo "$key=$value" >> $GITHUB_ENV
-            fi
-          done < cloudflare/.env
-          repo_name=$(echo "${{ github.repository }}" | awk -F"/" '{print $2}')
-          echo "repo_name=$repo_name" >> "$GITHUB_OUTPUT"
-
-      - name: Run tofu init
-        uses: dnogu/tofu-init@v1
-        with:
-          working-directory: .
-          chdir: cloudflare
-
-      - name: Tofu Plan
-        id: tofu_plan
-        continue-on-error: true
-        uses: dnogu/tofu-plan@v1
-        with:
-          working-directory: .
-          chdir: cloudflare
-          out: cloudflare.tfplan
-
-      - name: Build Markdown PR comment from plan file
-        run: |
-          mkdir -p tmp
-          {
-            echo "## 🧩 OpenTofu Plan — Cloudflare"
-            echo "**Branch:** \`${{ github.ref_name }}\`"
-            echo "**Exit Code:** \`${{ steps.tofu_plan.outputs.exitcode }}\`"
-            echo "**Working Directory:** \`cloudflare\`"
-            echo ""
-            echo "<details><summary>🪶 Click to expand full plan output</summary>"
-            echo ""
-            echo '```hcl'
-            cat ${GITHUB_WORKSPACE}/cloudflare/cloudflare.tfplan         # <-- read file directly, ACT-safe
-            echo '```'
-            echo ""
-            echo "</details>"
-            echo ""
-            echo "*(This plan was automatically generated by the workflow.)*"
-          } > tmp/tofu-plan.md
-          echo "Markdown PR comment built: tmp/tofu-plan.md"
-
-      - name: Comment full Tofu Plan on PR (Gitea safe)
-        uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
-        with:
-          platform: gitea
-          api_url: https://git.trez.wtf/api/v1
-          token: ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
-          repo_owner: ${{ github.repository_owner }}
-          repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
-          comment_template_path: tmp/tofu-plan.md
-
-      - name: Wait for manual approval
-        uses: trstringer/manual-approval@v1
-        with:
-          secret: ${{ secrets.BOT_GITEA_TOKEN }}
-          approvers: WTF
-          minimum-approvals: 1
-          issue-title: "Tofu Plan for ${{ needs.check-and-create-pr.outputs.pr_number }}"
-          issue-body: "Please approve or deny the deployment of the below Tofu plan"
-          issue-body-file-path: cloudflare/cloudflare.tfplan
-          exclude-workflow-initiator-as-approver: false
-          fail-on-denial: true
-
-  # apply:
-  #   name: Apply Tofu Plan
-  #   needs: plan-approval
-  #   runs-on: ubuntu-latest
-  #   if: ${{ needs.plan-approval.result == 'success' }}
-  #   env:
-  #     VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v4
-  #
-  #     - name: Setup OpenTofu
-  #       uses: opentofu/setup-opentofu@v1.0.6
-  #       with:
-  #         version: ${{ env.OPENTOFU_VERSION }}
-  #         tofu_wrapper: true
-  #
-  #     - name: Export env from Vault
-  #       run: |
-  #         set -a
-  #         source cloudflare/.env
-  #         set +a
-  #
-  #     - name: Run Tofu Apply
-  #       uses: dnogu/tofu-apply@v1
-  #       with:
-  #         working-directory: .
-  #         chdir: cloudflare
-  #         plan: cloudflare.tfplan

.gitea/workflows/cloudflare-auto-pr-tofu-pipeline.yml

@@ -0,0 +1,328 @@
+name: Auto-PR Check/Creation and TF/OpenTofu Plan
+
+on:
+  workflow_dispatch:
+  push:
+    branches-ignore:
+      - "main"
+      - "renovate/**"
+    paths:
+      - "cloudflare/**"
+
+env:
+  OPENTOFU_VERSION: "1.10.6"
+  HC_VAULT_VERSION: "1.20.4"
+  TEA_VERSION: "0.10.1"
+
+jobs:
+  check-and-create-pr:
+    name: Check and Create PR
+    outputs:
+      pr_number: ${{ steps.pr-check-create.outputs.pr_number }}
+      pr_url: ${{ steps.pr-check-create.outputs.pr_url }}
+      pr_comments_url: ${{ steps.pr-check-create.outputs.pr_comments_url }}
+      pr_comment_id: ${{ steps.pr-check-create.outputs.pr_comment_id }}
+      pr_comment_uri: ${{ steps.pr-check-create.outputs.pr_comment_uri }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Setting Vault Token
+        run: echo "VAULT_TOKEN=${{ secrets.VAULT_GITEA_TOKEN }}" >> $GITHUB_ENV
+
+      - name: Gotify Notification - Start
+        uses: eikendev/gotify-action@0.0.3
+        with:
+          gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
+          gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
+          notification_title: "GITEA: PR Check @ Rinoa"
+          notification_message: "Checking for existing PR... 🔍"
+
+      - name: PR Check/Creation
+        id: pr-check-create
+        uses: https://git.trez.wtf/Trez/gitea-auto-pr@main
+        with:
+          url: ${{ secrets.TREZ_GITEA_URL }}
+          token: ${{ secrets.BOT_GITEA_TOKEN }}
+          pr-label: "opentofu,manual"
+          assignee: ${{ github.actor }}
+
+      - name: Gotify Notification - Done
+        uses: eikendev/gotify-action@0.0.3
+        with:
+          gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
+          gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
+          notification_title: "GITEA: PR Check @ Rinoa"
+          notification_message: "PR Check done 🎟️"
+
+  plan-approval:
+    name: OpenTofu Plan and Approval
+    needs: check-and-create-pr
+    runs-on: ubuntu-latest
+    env:
+      PR_NUMBER: ${{ needs.check-and-create-pr.outputs.pr_number }}
+      PR_URL: ${{ needs.check-and-create-pr.outputs.pr_url }}
+      PR_COMMENTS_URL: ${{ needs.check-and-create-pr.outputs.pr_comments_url }}
+      PR_COMMENT_ID: ${{ needs.check-and-create-pr.outputs.pr_comment_id }}
+      PR_COMMENT_URI: ${{ needs.check-and-create-pr.outputs.pr_comment_uri }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+    outputs:
+      tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }}
+      approval_status: ${{ steps.tf-plan-approval.outputs.approval_status }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: Terraform/OpenTofu"
+          notification_message: "Starting plan..."
+
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1.0.6
+        with:
+          version: ${{ env.OPENTOFU_VERSION }}
+          tofu_wrapper: true
+
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_AUTH: token
+          HC_VAULT_TOKEN: ${{ env.VAULT_TOKEN }}
+          HC_VAULT_SECRETS_PATH: tar-valon-terraform/env
+          ENV_FILE_NAME: cloudflare/.env
+
+      - name: Export env vars from Vault .env
+        id: env-vault-vars
+        run: |
+          sed -i 's/[\"'\'']//g' cloudflare/.env
+          set -a
+          source cloudflare/.env
+          set +a
+          while IFS='=' read -r key value; do
+            if [[ -n "$key" ]]; then
+              echo "$key=$value" >> $GITHUB_ENV
+            fi
+          done < cloudflare/.env
+          repo_name=$(echo "${{ github.repository }}" | awk -F"/" '{print $2}')
+          echo "repo_name=$repo_name" >> "$GITHUB_OUTPUT"
+
+      - name: Run tofu init
+        id: tofu-init
+        uses: dnogu/tofu-init@v1
+        with:
+          working-directory: .
+          chdir: cloudflare
+
+      - name: Strip ANSI codes
+        id: plain-tofu-init
+        uses: marcransome/remove-ansi-colors@v1.7.56
+        with:
+          colored: ${{ steps.tofu-init.outputs.init-output }}
+
+      - name: Tofu PR Commenter
+        uses: https://git.trez.wtf/Trez/tf-pr-commenter@main
+        env:
+          GITEA_API_URL: ${{ gitea.api_url }}
+          GITEA_REPOSITORY: ${{ github.repository }}
+          GITEA_PULL_REQUEST_ID: ${{ github.event.pull_request.number }}
+          GITHUB_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
+        with:
+          commenter_type: init
+          commenter_input: ${{ steps.plain-tofu-init.outputs.uncolored }}
+          commenter_exitcode: ${{ steps.tofu-init.outputs.exitcode }}
+          git_token: ${{ secrets.BOT_GITEA_TOKEN }}
+          pr_comments_url: ${{ env.PR_COMMENTS_URL }}
+          working_directory: cloudflare
+
+      - name: Tofu Plan
+        id: tofu-plan
+        continue-on-error: true
+        uses: dnogu/tofu-plan@v1
+        with:
+          working-directory: .
+          chdir: cloudflare
+          out: cloudflare.tfplan
+
+      - name: Upload Tofu Plan as artifact
+        uses: https://github.com/christopherHX/gitea-upload-artifact@v4
+        with:
+          name: cloudflare-tfplan
+          path: cloudflare/cloudflare.tfplan
+
+      - name: Strip ANSI codes
+        id: plain-tofu-plan
+        uses: marcransome/remove-ansi-colors@v1.7.56
+        with:
+          colored: ${{ steps.tofu-plan.outputs.plan-output }}
+
+      - name: Tofu PR Commenter
+        uses: https://git.trez.wtf/Trez/tf-pr-commenter@main
+        env:
+          GITEA_API_URL: ${{ gitea.api_url }}
+          GITEA_REPOSITORY: ${{ github.repository }}
+          GITEA_PULL_REQUEST_ID: ${{ github.event.pull_request.number }}
+          GITHUB_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
+        with:
+          commenter_type: plan
+          commenter_input: |
+            <details><summary>Tofu Plan (click to expand)</summary>
+
+            ```terraform
+            ${{ steps.plain-tofu-plan.outputs.uncolored }}
+            ```
+            </details>
+          commenter_exitcode: ${{ steps.tofu-plan.outputs.exitcode }}
+          git_token: ${{ secrets.BOT_GITEA_TOKEN }}
+          pr_comments_url: ${{ env.PR_COMMENTS_URL }}
+          working_directory: cloudflare
+
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: Terraform/OpenTofu"
+          notification_message: "Plan completed, awaiting approval..."
+
+      - name: Wait for manual approval
+        id: tf-plan-approval
+        uses: https://git.trez.wtf/Trez/gitea-manual-approval@main
+        with:
+          token: ${{ secrets.BOT_GITEA_TOKEN }}
+          api_url: ${{ gitea.api_url }}
+          repo_owner: ${{ github.repository_owner }}
+          repo_name: ${{ github.event.repository.name }}
+          reminder_interval: 120
+          approvers: "Trez.One,gitea-sonarqube-bot"
+          apprise_api_url: ${{ secrets.APPRISE_URL }}
+          initial_comment: |
+            <details><summary>Tofu Plan (click to expand)</summary>
+
+            ```terraform
+            ${{ steps.plain-tofu-plan.outputs.uncolored }}
+            ```
+            </details>
+
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: Terraform/OpenTofu"
+          notification_message: "Plan approved 👍🏽"
+
+  pr-merge:
+    name: PR Merge
+    needs: [check-and-create-pr, plan-approval]
+    env:
+      pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
+    if: github.ref != 'refs/heads/main' && ${{ needs.plan-approval.outputs.approval_status == 'approved' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Install tea
+        uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1
+        with:
+          uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
+          name: tea
+          version: ${{ env.TEA_VERSION }}
+
+      - name: PR Merge
+        id: pr_merge
+        run: |
+          tea login add \
+            --name gitea-rinoa \
+            --url "${{ secrets.TREZ_GITEA_URL }}" \
+            --user gitea-sonarqube-bot \
+            --password "${{ secrets.BOT_GITEA_PASSWORD }}" \
+            --token ${{ secrets.BOT_GITEA_TOKEN }}
+
+          tea login default gitea-rinoa
+
+          echo "Merging PR..."
+
+          tea pr m \
+            --repo ${{ github.repository }} \
+            --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" \
+            --message "Merged by ${{ github.actor }}" ${pr_index}
+
+          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: PR Merge Successful"
+          notification_message: "PR #${{ steps.pr_merge.outputs.pr_index }} merged."
+
+  apply:
+    name: Apply Tofu Plan
+    needs: [plan-approval,pr-merge]
+    runs-on: ubuntu-latest
+    if: ${{ needs.plan-approval.outputs.approval_status == 'approved' }}
+    env:
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download Tofu Plan
+        uses: https://github.com/ChristopherHX/gitea-download-artifact@v4
+        with:
+          name: cloudflare-tfplan
+          path: cloudflare/cloudflare.tfplan
+
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1.0.6
+        with:
+          version: ${{ env.OPENTOFU_VERSION }}
+          tofu_wrapper: true
+
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_AUTH: token
+          HC_VAULT_TOKEN: ${{ env.VAULT_TOKEN }}
+          HC_VAULT_SECRETS_PATH: tar-valon-terraform/env
+          ENV_FILE_NAME: cloudflare/.env
+
+      - name: Export env vars from Vault .env
+        id: env-vault-vars
+        run: |
+          sed -i 's/[\"'\'']//g' cloudflare/.env
+          set -a
+          source cloudflare/.env
+          set +a
+          while IFS='=' read -r key value; do
+            if [[ -n "$key" ]]; then
+              echo "$key=$value" >> $GITHUB_ENV
+            fi
+          done < cloudflare/.env
+
+      - name: Run tofu init
+        id: tofu-init
+        uses: dnogu/tofu-init@v1
+        with:
+          working-directory: .
+          chdir: cloudflare
+
+      - name: Run Tofu Apply
+        uses: dnogu/tofu-apply@v1
+        with:
+          working-directory: .
+          chdir: cloudflare
+          plan: cloudflare.tfplan

.gitignore

@@ -43,4 +43,4 @@ terraform.rc
 *.env*
 
 **/*.txt
-**/cloudflare*.tf
+**/cloudflare_resource_imp.tf

signoz/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     signoz = {
       source = "signoz/signoz"
-      version = "0.0.9"
+      version = "0.0.12"
     }
   }