Merge pull request #15 from remerge/fix-deprecated-secret-replication

Fix deprecated Google Cloud secret replication

.copier-answers.yml

@@ -1,10 +1,11 @@
 ---
 # Changes here will be overwritten by Copier
-_commit: v2.0.1
+_commit: v2.0.11-3-g8970631
 _src_path: gh:remerge/template
 project_id: terraform-modules
 project_license: apache-2.0
 project_name: Terraform Modules
 project_owner: core
 project_type: terraform-module
+run_workflows_for_all_branches: false
 use_python: false

.envrc

@@ -14,3 +14,6 @@ dotenv_if_exists
 
 # Add local scripts to PATH
 PATH_add "${PWD}/bin"
+
+# Enforce correct 1Password account
+export OP_ACCOUNT=remerge.1password.com

.pre-commit-config.yaml

@@ -33,14 +33,14 @@ repos:
 
   # https://github.com/pre-commit/mirrors-prettier/tags
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: "v3.0.0"
+    rev: "v3.0.3"
     hooks:
       - id: prettier
         exclude: "^project/"
 
   # https://github.com/igorshubovych/markdownlint-cli/tags
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: "v0.35.0"
+    rev: "v0.37.0"
     hooks:
       - id: markdownlint-fix
         name: markdownlint
@@ -67,14 +67,14 @@ repos:
 
   # https://github.com/rhysd/actionlint/tags
   - repo: https://github.com/rhysd/actionlint
-    rev: "v1.6.25"
+    rev: "v1.6.26"
     hooks:
       - id: actionlint-docker
         name: actionlint
 
   # https://github.com/antonbabenko/pre-commit-terraform/tags
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: "v1.81.0"
+    rev: "v1.83.4"
     hooks:
       - id: terraform_fmt
         name: terraform-fmt
@@ -83,7 +83,7 @@ repos:
 
   # https://github.com/bridgecrewio/checkov/tags
   - repo: https://github.com/bridgecrewio/checkov
-    rev: "2.3.340"
+    rev: "2.4.48"
     hooks:
       - id: checkov
         name: checkov

CONTRIBUTING.md

@@ -36,3 +36,7 @@ Most dependencies can be installed using [Homebrew](https://brew.sh):
 brew install --cask docker
 brew install pre-commit pipx direnv copier
 ```
+
+Once `pre-commit` hook is activated (`make pre-commit-install`),
+set of formatting and linting routines is run automatically on each commit.
+The step could be avoided by providing `--no-verify` flag for `git commit`.

Makefile

@@ -82,17 +82,12 @@ update:: copier-update
 
 ## pre-commit
 
-.git/hooks/pre-commit:
-	make pre-commit-install
-
 .PHONY: pre-commit-install
 pre-commit-install: ## install pre-commit hook
 	pre-commit install -t pre-commit -t prepare-commit-msg -t commit-msg
-install:: pre-commit-install
 
 .PHONY: pre-commit-check
 pre-commit-check: ## run pre commit hooks
-pre-commit-check: .git/hooks/pre-commit
 	pre-commit run --all-files
 check:: pre-commit-check
 

google/redis/main.tf

@@ -41,7 +41,7 @@ module "netbox-vm" {
 resource "google_secret_manager_secret" "auth" {
   secret_id = "redis-auth-${var.name}"
   replication {
-    automatic = true
+    auto {}
   }
 }
 

google/sql/database/main.tf

@@ -21,7 +21,7 @@ resource "google_secret_manager_secret" "user" {
   project   = var.project
   secret_id = "sql-${var.instance}-user-${var.name}"
   replication {
-    automatic = true
+    auto {}
   }
 }
 

okta/pam/project/main.tf

@@ -20,7 +20,7 @@ resource "google_secret_manager_secret" "okta_enrollment_token" {
   project   = var.project
   secret_id = "okta-enrollment-token"
   replication {
-    automatic = true
+    auto {}
   }
 }
 

sendgrid/main.tf

@@ -13,7 +13,7 @@ resource "google_secret_manager_secret" "key" {
   project   = var.project
   secret_id = "sendgrid-key-${var.name}"
   replication {
-    automatic = true
+    auto {}
   }
 }