cloudposse/terraform-aws-ecs-container-definition

📦 what

• Add `restartPolicy` parameter
• Add `versionConsistency` parameter
• Update docs
• Update `complete` example

📦 why

• In order to support new parameters added to container definition.
• `restartPolicy` parameter
• `versionConsistency` parameter added in AWS provider [v5.77.0](https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.77.0)

📦 references

• [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html)
• Implements #192
• Closes #191
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Migrate new test account @osterman (#190)</summary>

📦 what

• Update `.github/settings.yml`
• Update `.github/chatops.yml` files

📦 why

• Re-apply `.github/settings.yml` from org level to get `terratest` environment
• Migrate to new `test` account

📦 References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC
• </details>
• <details>
• <summary>Update .github/settings.yml @osterman (#189)</summary>

📦 what

• Update `.github/settings.yml`
• Drop `.github/auto-release.yml` files

📦 why

• Re-apply `.github/settings.yml` from org level
• Use organization level auto-release settings

📦 references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub
• </details>
• <details>
• <summary>Update .github/settings.yml @osterman (#187)</summary>

📦 what

• Update `.github/settings.yml`
• Drop `.github/auto-release.yml` files

📦 why

• Re-apply `.github/settings.yml` from org level
• Use organization level auto-release settings

📦 references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub
• </details>
• <details>
• <summary>Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#186)</summary>

📦 what

• Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

📦 why

• Reduce nested levels of reusable workflows
• </details>
• <details>
• <summary>Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#185)</summary>

📦 what

• Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

📦 why

• The ReviewDog action will comment with line-level suggestions based on linting failures
• </details>
• <details>
• <summary>Update GitHub workflows @osterman (#184)</summary>

📦 what

• Update workflows (`.github/workflows/settings.yaml`)

📦 why

• Support new readme generation workflow.
• Generate banners
• </details>
• <details>
• <summary>Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#183)</summary>

📦 what

• Install latest GitHub Action Workflows

📦 why

• Use shared workflows from `cldouposse/.github` repository
• Simplify management of workflows from centralized hub of configuration
• </details>
• <details>
• <summary>Add GitHub Settings @osterman (#182)</summary>

📦 what

• Install a repository config (`.github/settings.yaml`)

📦 why

• Programmatically manage GitHub repo settings
• </details>
• <details>
• <summary>Update Scaffolding @osterman (#180)</summary>

📦 what

• Reran `make readme` to rebuild `README.md` from `README.yaml`
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

📦 why

• Upstream template changed in the `.github` repo
• Work better with repository rulesets
• Modernize look & feel
• </details>

📦 🚀 Enhancements

• <details>
• <summary>Fix: Duplicate name in portMapping fixed & Docs Updated @Hackerbone (#171)</summary>

📦 what

• The `portMapping` parameter had a duplicate `name` field occurrence

📦 why

• Failure in creating services in the new release v0.61.0

📦 references

• I was waiting for the previous PR to get merged since I use this module in my project for a while. Saw CI checks didn't pass so I made a new fix PR.
• closes #170
• </details>

📦 what

• added `name` and `appProtocol` to `portMapping` variables

📦 why

• Service Connect uses these fields

📦 references

• [Service
• Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html)
• </details>

📦 what

• Add optional variable `name` to `portMappings` to allow Service Discovery registration

📦 why

• Unable to allow ECS container definitions to register with Service Discovery

📦 references

• closes #162
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Update README.md and docs @cloudpossebot (#167)</summary>

📦 what

• This is an auto-generated PR that updates the README.md and docs

📦 why

• To have most recent changes of README.md and doc from origin templates
• </details>

📦 what

• enable & use optional attributes where AWS API marks fields optional
• remove redundant lookups
• strengthen types for `log_configuration`, `repository_credentials`, `system_controls`, `container_definition`
• reorder object var attributes to match AWS docs
• simplify log configuration sanitization/munging
• simplify secret & environment var sorting
• expose unencoded container definition output directly without requiring pointless `jsonencode`/`jsondecode` cycle

📦 why

• [`optional`](https://www.terraform.io/language/expressions/type-constraints#experimental-optional-object-type-attributes) obviates `lookup(..., null)` calls for objects
• [`lookup(o, k)`](https://www.terraform.io/language/functions/lookup#lookup-function) without a `default` is deprecated in favor of `o[k]` or direct attr access (`o.k`)
• `log_configuration`, `repository_credentials`, and `system_controls` had needlessly opaque `any` types which hinder DX and make subtle bugs more likely (e.g. in the types of `log_configuration.options` values)
• since all attributes of `container_definition` are now typed there's no reason not to type it as well
• following the AWS documentation's field order makes types easier to verify for completeness & correctness
• typing `log_configuration` appropriately obviates explicit `tostring` & `null` handling; resolves #151
• env/secret map sorting can be dramatically simplified since `for`-expressions iterate over maps & objects by key in lexicographic order
• `jsonencode`-ing the final container definition only to `jsondecode` for `json_map_object` is redundant

📦 Refs

• #154
• @obataku
• </details>
• <details>
• <summary>Sync github @max-lobur (#161)</summary>
• Sync github from the template
• </details>

📋 Changes

• No changes

📦 🚀 Enhancements

• <details>
• <summary>fix: eternal churn of environment variables @kevcube (#159)</summary>

📦 what

• Maybe the AWS container definition API changed but applying a container constructed from this module will post with `environment = null` which amazon translates to `environment = []`
• So every subsequent apply will have changes in terraform like `environment = [] ~> null`

📦 why

• if we match what amazon translates to, then the terraform state stays consistent
• </details>

📦 what

• Remove unused provider

📦 why

• Do not download the [provider for local.file and local.sensitive_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) as this is not required for the module to run
• This makes terraform init run faster as well as download resources that are not used

📦 references

• Local provider that is being defined (https://github.com/cloudposse/terraform-aws-ecs-container-definition/issues/156)
• closes #156
• </details>
• <details>
• <summary>git.io->cloudposse.tools update @dylanbannon (#152)</summary>

📦 what and why

• Change all references to `git.io/build-harness` into `cloudposse.tools/build-harness`, since `git.io` redirects will stop working on April 29th, 2022.

📦 References

• DEV-143
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Update README.md and docs @cloudpossebot (#155)</summary>

📦 what

• This is an auto-generated PR that updates the README.md and docs

📦 why

• To have most recent changes of README.md and doc from origin templates
• </details>

📦 🚀 Enhancements

• <details>
• <summary>Add quick usage using correct source @nitrocode (#141)</summary>

📦 what

• Add quick usage using correct source

📦 why

• It's difficult to figure out how to source the module correctly without having to look back at the terraform registry. You could look at the examples too but those `source` arguments use relative paths instead of the registry source.

📦 references

• N/A
• </details>

📦 what

• Add backwards compatibility with TF15 related to mount_points variable

📦 why

• Incompatibility with TF15, root cause is unknown

📦 references

• closes #136

📦 comments/notes

• This will force users to specify the readOnly bool, previously where `null` was specified should now be `false` [per AWS default](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions-mountpoints.html)
• Initially wanted to use default `optional` function within the variable, but this feature is only [available in TF15](https://www.terraform.io/docs/language/functions/defaults.html)
• </details>

📦 what

• Ensure `examples/complete` is creating an `aws_ecs_task_definition` and test the task definition in the automated testing.
• Fix `examples/multiple_definitions`
• Bump minimum Terraform required version to `0.13.0`
• Add context.tf to `examples/complete` to ensure `aws_ecs_task_definition` has tags.

📦 why

• We should be ensuring that the entire container definition output of this module is accepted by `aws_ecs_task_definition` and produces an identical result to the resource `container_definitions` output.
• Bumping to `0.13.0` as the minimum supported version ensures this module is easier to maintain down the road.

📦 references

• N/A
• </details>

📦 what

• Cleaner multiple definition example using json_map

📦 why

• Best practices and readability

📦 references

• N/A
• </details>

📦 what

• Small fix in PR https://github.com/cloudposse/terraform-aws-ecs-container-definition/pull/129

📦 why

• See previous PR https://github.com/cloudposse/terraform-aws-ecs-container-definition/pull/129

📦 references

• N/A
• </details>

📦 what

• Adds a null check for secrets and environment

📦 why

• For backwards compatibility https://github.com/cloudposse/terraform-aws-ecs-web-app/pull/134#issuecomment-801882377

📦 references

• N/A
• </details>

📦 what

• Add additional outputs which are marked sensitive which can be used when passing on secrets (`secrets`) or secret maps (`map_secrets`).

📦 why

• When using `secrets` (or `map_secrets`) and without sensitive outputs TF 0.14 will fail with `Error: Output refers to sensitive values`

📦 references

• Suggestion to implement it this way was done in https://github.com/cloudposse/terraform-aws-ecs-container-definition/pull/118#issuecomment-785060412
• </details>

📦 what

• Fixes an issue in a previous PR https://github.com/cloudposse/terraform-aws-ecs-container-definition/pull/123 where `value` was used instead of `valueFrom` for the `secrets` key

📦 why

• This fixes a bug in which the `secrets` key will break the module due to the incorrect key

📦 references

• Closes https://github.com/cloudposse/terraform-aws-ecs-container-definition/issues/125
• </details>

📦 what

• Revert `sensitive = true` outputs

📦 why

• Cannot see the difference in task definitions in `terraform plan` due to `sensitive = true`

📦 references

• Revert https://github.com/cloudposse/terraform-aws-ecs-container-definition/pull/118
• </details>

🐛 🐛 Bug Fixes

• <details>
• <summary>Fix typo in key of container definition @clifford-sanders (#121)</summary>

📦 what

• A key in the container definition had a typo. `preudoTerminal` instead of `pseudoTerminal`

📦 why

• Because of this typo it was impossible to enable the pseudoTerminal (tty)

📦 references

• n/a
• </details>

📦 🚀 Enhancements

• <details>
• <summary>fix: mark outputs as sensitive @syphernl (#118)</summary>

📦 what

• Marks the outputs as sensitive
• Update workflows etc. missed by #119

📦 why

• Otherwise TF 0.14 would give an `Error: Output refers to sensitive values` when using these outputs to feed into other modules (e.g. `terraform-aws-ecs-alb-service-task`)
• Keep modules in sync per request of Cloud Posse

📦 references

• https://www.terraform.io/upgrade-guides/0-14.html#sensitive-values-in-plan-output
• </details>

📦 what

• update context.tf to v0.24.1
• minimum required Terraform version bumped to 0.13.0
• readme updated, Bridgecrew compliance badges added

📦 why

• It allows for setting the letter case of tag names and labels, back compatibility with context v0.22.0 and below
• we have dropped support for Terraform 0.12
• To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Update README.md and docs @cloudpossebot (#117)</summary>

📦 what

• This is an auto-generated PR that updates the README.md and docs

📦 why

• To have most recent changes of README.md and doc from origin templates
• </details>

📦 what

• Upgrade to support Terraform 0.14 and bring up to current Cloud Posse standard

📦 why

• Support Terraform 0.14
• </details>

📦 Release Notes

• <details>
• <summary>mszostok/codeowners-validator</summary>

📦 [`v0.6.0`](https://togithub.com/mszostok/codeowners-validator/releases/v0.6.0)

• [Compare Source](https://togithub.com/mszostok/codeowners-validator/compare/v0.5.1...v0.6.0)
• 🚨GitHub Codeowners Validator 0.6.0 is now available!
• ✨ Add validation for checking if team has a proper permission
• Due to the new permission validation step in Owners Checker, this check takes a little more time.
• 🐛 Fix bug in Owners Checker. Now Owners Checker supports child teams with inherited repo perms.
• ⚠️ Error message was changed in Owners Checker.
• From
• `[err] line 15: Team "avengers" does not have permissions associated with the repository "codeowners-samples".`
• + 20 more

📦 [`v0.5.1`](https://togithub.com/mszostok/codeowners-validator/releases/v0.5.1)

• [Compare Source](https://togithub.com/mszostok/codeowners-validator/compare/v0.5.0...v0.5.1)
• [`d6bdfac`](https://togithub.com/mszostok/codeowners-validator/commit/d6bdfac) Add CONTRIBUTING.md and development.md ([#&#8203;56](https://togithub.com/mszostok/codeowners-validator/issues/56))
• [`085f270`](https://togithub.com/mszostok/codeowners-validator/commit/085f270) Adjust docs and GitHub action for v0.5.1 release
• [`97fb795`](https://togithub.com/mszostok/codeowners-validator/commit/97fb795) Ignore ghost user ([#&#8203;53](https://togithub.com/mszostok/codeowners-validator/issues/53))
• [`0b6c2ef`](https://togithub.com/mszostok/codeowners-validator/commit/0b6c2ef) Update info about new checker ([#&#8203;51](https://togithub.com/mszostok/codeowners-validator/issues/51))
• `docker pull mszostok/codeowners-validator:latest`
• `docker pull mszostok/codeowners-validator:v0.5.1`
• `docker pull mszostok/codeowners-validator:v0.5`
• + 2 more

📦 Renovate configuration

• :date: Schedule: At any time (no schedule defined).
• :vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
• :recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
• :no_bell: Ignore: Close this PR and you won't be reminded about this update again.
• ---
• [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
• ---
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Update README.md and docs @cloudpossebot (#111)</summary>

📦 what

• This is an auto-generated PR that updates the README.md and docs

📦 why

• To have most recent changes of README.md and doc from origin templates
• </details>

📦 🚀 Enhancements

• <details>
• <summary>Terraform 0.14 upgrade @maximmi (#110)</summary>

📦 what

• Upgrade to support Terraform 0.14 and bring up to current Cloud Posse standard

📦 why

• Support Terraform 0.14
• </details>

📦 what

• The key `resourceRequirements` is added based on https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html
• Very simple addition of one variable that is a list of `ResourceRequirement` objects https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html

📦 why

• The key `resourceRequirements` was missing and I was not able to add a GPU requirement to the container definition

📦 references

• https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html
• https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html
• https://github.com/cloudposse/terraform-aws-ecs-container-definition/issues/105
• `closes #105`
• </details>

📦 Release Notes

• <details>
• <summary>cloudposse/actions</summary>

📦 [`v0.21.0`](https://togithub.com/cloudposse/actions/releases/0.21.0)

• [Compare Source](https://togithub.com/cloudposse/actions/compare/0.20.0...0.21.0)
• Update GitHub actions to replace deprecated set-env ([#&#8203;58](https://togithub.com/cloudposse/actions/issues/58))
• Actions calling any of the following affected commands need to be updated:
• test-command
• repository-dispatch
• slash-command-dispatch
• create-or-update-comment
• New version of `create-or-update-comment` deprecates `reaction-type` in favor of comma-separated list of `reactions`. Actions calling `create-or-update-comment` should switch to `reactions`.
• + 1 more

📦 [`v0.20.0`](https://togithub.com/cloudposse/actions/compare/0.19.0...0.20.0)

• [Compare Source](https://togithub.com/cloudposse/actions/compare/0.19.0...0.20.0)

📦 [`v0.19.0`](https://togithub.com/cloudposse/actions/releases/0.19.0)

• [Compare Source](https://togithub.com/cloudposse/actions/compare/0.18.0...0.19.0)
• Add GitHub Actions job to test on AWS & Datadog
• We have repos that require provisioning Datadog resources that need DD credentials
• In the new job, we use ENV variables `DD_API_KEY` and `DD_APP_KEY` to specify `api_key` and `app_key` to the Datadog terraform provider

📦 [`v0.18.0`](https://togithub.com/cloudposse/actions/releases/0.18.0)

• [Compare Source](https://togithub.com/cloudposse/actions/compare/0.17.0...0.18.0)
• update version for auto-merge
• update version for auto-approve

📦 [`v0.17.0`](https://togithub.com/cloudposse/actions/compare/0.16.0...0.17.0)

• [Compare Source](https://togithub.com/cloudposse/actions/compare/0.16.0...0.17.0)
• </details>
• ---

📦 Renovate configuration

• :date: Schedule: At any time (no schedule defined).
• :vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
• :recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
• :no_bell: Ignore: Close this PR and you won't be reminded about this update again.
• ---
• [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
• ---
• </details>

📦 Detected Package Files

• `.github/workflows/auto-release.yml` (github-actions)
• `.github/workflows/chatops.yml` (github-actions)
• `versions.tf` (terraform)

📦 Configuration Summary

• Based on the default config's presets, Renovate will:
• Start dependency updates only once this onboarding PR is merged
• Separate major versions of dependencies into individual branches/PRs
• Do not separate patch and minor upgrades into separate PRs for the same dependency
• Upgrade to unstable versions only if the existing version is unstable
• Raise PRs immediately (after branch is created)
• If semantic commits detected, use semantic commit type <code>fix</code> for dependencies and <code>chore</code> for all others
• Keep existing branches updated even when not scheduled
• + 9 more

📦 What to Expect

• With your current configuration, Renovate will create 1 Pull Request:
• <details>
• <summary>Update cloudposse/actions action to v0.21.0</summary>
• Schedule: ["at any time"]
• Branch name: `renovate/cloudposse-actions-0.x`
• Merge into: `master`
• Upgrade [cloudposse/actions](https://togithub.com/cloudposse/actions) to `0.21.0`
• </details>
• + 6 more

📦 what

• relax provider pinning
• add chatops
• add autorelease
• use new terratest structure

📦 why

• Allow this module to be consumed by modules using later version of providers
• Add gitops automation

📦 references

• closes #101
• </details>