Update depndencies (#8)

* Update provider versions

* Move locals to separate file

* Add sensitive flag

* Update Makefile

* Update actions

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "08:00"
+      timezone: Europe/Berlin

.github/workflows/lint.yml

@@ -1,22 +1,9 @@
 ---
-
-# -------------------------------------------------------------------------------------------------
-# Job Name
-# -------------------------------------------------------------------------------------------------
 name: lint
 
-
-# -------------------------------------------------------------------------------------------------
-# When to run
-# -------------------------------------------------------------------------------------------------
 on:
-  # Runs on Pull Requests
   pull_request:
 
-
-# -------------------------------------------------------------------------------------------------
-# What to run
-# -------------------------------------------------------------------------------------------------
 jobs:
   lint:
     name: "Lint"
@@ -29,17 +16,10 @@ jobs:
           - gen
 
     steps:
-      # ------------------------------------------------------------
-      # Setup repository
-      # ------------------------------------------------------------
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
-      # ------------------------------------------------------------
-      # Lint repository
-      # ------------------------------------------------------------
       - name: "make ${{ matrix.target }}"
         run: |
           retry() {

.github/workflows/release-drafter.yml

@@ -14,6 +14,6 @@ jobs:
   update_release_draft:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@v5
+      - uses: release-drafter/release-drafter@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -1,33 +1,16 @@
 ---
-
-# -------------------------------------------------------------------------------------------------
-# Job Name
-# -------------------------------------------------------------------------------------------------
 name: test
 
-
-# -------------------------------------------------------------------------------------------------
-# When to run
-# -------------------------------------------------------------------------------------------------
 on:
-  # Runs on Pull Requests
   pull_request:
 
-
-# -------------------------------------------------------------------------------------------------
-# What to run
-# -------------------------------------------------------------------------------------------------
 jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
     steps:
-
-      # ------------------------------------------------------------
-      # Checkout repository
-      # ------------------------------------------------------------
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.gitignore

@@ -1,12 +1,22 @@
-#  Local .terraform directories
+# Local .terraform directories
 **/.terraform/*
 
 # .tfstate files
 *.tfstate
 *.tfstate.*
 
-# .tfvars files
-*.tfvars
+# Crash log files
+crash.log
 
-# lock file
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Lock file
 .terraform.lock.hcl
+
+#IDEA
+.idea

Makefile

@@ -4,18 +4,18 @@ endif
 
 .PHONY: help gen lint test _gen-main _gen-examples _gen-modules _lint-files _lint-fmt _lint-json _pull-tf _pull-tfdocs _pull-fl _pull-jl
 
-CURRENT_DIR = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
-TF_EXAMPLES = $(sort $(dir $(wildcard $(CURRENT_DIR)examples/*/)))
-TF_MODULES  = $(sort $(dir $(wildcard $(CURRENT_DIR)modules/*/)))
+CURRENT_DIR     = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+TF_EXAMPLES     = $(sort $(dir $(wildcard $(CURRENT_DIR)examples/*/)))
+TF_MODULES      = $(sort $(dir $(wildcard $(CURRENT_DIR)modules/*/)))
+FL_IGNORE_PATHS = .git/,.github/,.terraform/,.idea/
 
 # -------------------------------------------------------------------------------------------------
 # Container versions
 # -------------------------------------------------------------------------------------------------
-TF_VERSION      = 1.0.11
-TFDOCS_VERSION  = 0.16.0-0.31
+TF_VERSION      = 1.5.7
+TFDOCS_VERSION  = 0.16.0-0.34
 FL_VERSION      = latest-0.8
-JL_VERSION      = 1.6.0-0.5
-
+JL_VERSION      = 1.6.0-0.14
 
 # -------------------------------------------------------------------------------------------------
 # Enable linter (file-lint, terraform fmt, jsonlint)
@@ -79,10 +79,12 @@ test: _pull-tf
 		echo "------------------------------------------------------------"; \
 		if docker run $$(tty -s && echo "-it" || echo) --rm -v "$(CURRENT_DIR):/t" --workdir "$${DOCKER_PATH}" hashicorp/terraform:$(TF_VERSION) \
 			init \
-				-upgrade=true \
+				-lock=false \
+				-upgrade \
 				-reconfigure \
 				-input=false \
-				-get=true; then \
+				-get=true; \
+		then \
 			echo "OK"; \
 		else \
 			echo "Failed"; \
@@ -216,12 +218,12 @@ _lint-files: _pull-fl
 	@echo "################################################################################"
 	@echo "# File-lint"
 	@echo "################################################################################"
-	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-cr --text --ignore '.git/,.github/,.terraform/' --path .
-	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-crlf --text --ignore '.git/,.github/,.terraform/' --path .
-	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-trailing-single-newline --text --ignore '.git/,.github/,.terraform/' --path .
-	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-trailing-space --text --ignore '.git/,.github/,.terraform/' --path .
-	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-utf8 --text --ignore '.git/,.github/,.terraform/' --path .
-	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-utf8-bom --text --ignore '.git/,.github/,.terraform/' --path .
+	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-cr --text --ignore '$(FL_IGNORE_PATHS)' --path .
+	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-crlf --text --ignore '$(FL_IGNORE_PATHS)' --path .
+	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-trailing-single-newline --text --ignore '$(FL_IGNORE_PATHS)' --path .
+	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-trailing-space --text --ignore '$(FL_IGNORE_PATHS)' --path .
+	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-utf8 --text --ignore '$(FL_IGNORE_PATHS)' --path .
+	@docker run $$(tty -s && echo "-it" || echo) --rm -v $(CURRENT_DIR):/data cytopia/file-lint:$(FL_VERSION) file-utf8-bom --text --ignore '$(FL_IGNORE_PATHS)' --path .
 
 _lint-fmt: _pull-tf
 	@# Lint all Terraform files
@@ -233,7 +235,7 @@ _lint-fmt: _pull-tf
 	@echo "# *.tf files"
 	@echo "------------------------------------------------------------"
 	@if docker run $$(tty -s && echo "-it" || echo) --rm -v "$(CURRENT_DIR):/t:ro" --workdir "/t" hashicorp/terraform:$(TF_VERSION) \
-		fmt -check=true -diff=true -write=false -list=true .; then \
+		fmt -recursive -check=true -diff=true -write=true -list=true .; then \
 		echo "OK"; \
 	else \
 		echo "Failed"; \
@@ -244,7 +246,7 @@ _lint-fmt: _pull-tf
 	@echo "# *.tfvars files"
 	@echo "------------------------------------------------------------"
 	@if docker run $$(tty -s && echo "-it" || echo) --rm --entrypoint=/bin/sh -v "$(CURRENT_DIR):/t:ro" --workdir "/t" hashicorp/terraform:$(TF_VERSION) \
-		-c "find . -name '*.tfvars' -type f -print0 | xargs -0 -n1 terraform fmt -check=true -write=false -diff=true -list=true"; then \
+		-c "find . -name '*.tfvars' -type f -print0 | xargs -0 -n1 terraform fmt -check=true -write=true -diff=true -list=true"; then \
 		echo "OK"; \
 	else \
 		echo "Failed"; \

README.md

@@ -17,8 +17,8 @@ Create ACM certificate with DNS validation and validate using Cloudflare Hosted
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4 |
-| <a name="provider_cloudflare"></a> [cloudflare](#provider\_cloudflare) | >= 3.34 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5 |
+| <a name="provider_cloudflare"></a> [cloudflare](#provider\_cloudflare) | >= 4.20 |
 
 <!-- TFDOCS_PROVIDER_END -->
 
@@ -28,8 +28,8 @@ Create ACM certificate with DNS validation and validate using Cloudflare Hosted
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4 |
-| <a name="requirement_cloudflare"></a> [cloudflare](#requirement\_cloudflare) | >= 3.34 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5 |
+| <a name="requirement_cloudflare"></a> [cloudflare](#requirement\_cloudflare) | >= 4.20 |
 
 <!-- TFDOCS_REQUIREMENTS_END -->
 

examples/san/variables.tf

@@ -7,6 +7,7 @@ variable "region" {
 variable "cloudflare_api_token" {
   description = "The Cloudflare API token."
   type        = string
+  sensitive   = true
 }
 
 variable "domain_name" {

examples/simple/variables.tf

@@ -7,6 +7,7 @@ variable "region" {
 variable "cloudflare_api_token" {
   description = "The Cloudflare API token."
   type        = string
+  sensitive   = true
 }
 
 variable "domain_name" {

locals.tf

@@ -0,0 +1,14 @@
+locals {
+  # Get distinct list of domains and SANs
+  distinct_domain_names = distinct(
+    [for s in concat([var.domain_name], var.subject_alternative_names) : replace(s, "*.", "")]
+  )
+
+  # Get the list of distinct domain_validation_options, with wildcard
+  # domain names replaced by the domain name
+  validation_domains = var.create_certificate ? distinct(
+    [for k, v in aws_acm_certificate.this[0].domain_validation_options : merge(
+      tomap(v), { domain_name = replace(v.domain_name, "*.", "") }
+    )]
+  ) : []
+}

main.tf

@@ -1,18 +1,3 @@
-locals {
-  # Get distinct list of domains and SANs
-  distinct_domain_names = distinct(
-    [for s in concat([var.domain_name], var.subject_alternative_names) : replace(s, "*.", "")]
-  )
-
-  # Get the list of distinct domain_validation_options, with wildcard
-  # domain names replaced by the domain name
-  validation_domains = var.create_certificate ? distinct(
-    [for k, v in aws_acm_certificate.this[0].domain_validation_options : merge(
-      tomap(v), { domain_name = replace(v.domain_name, "*.", "") }
-    )]
-  ) : []
-}
-
 resource "aws_acm_certificate" "this" {
   count = var.create_certificate ? 1 : 0
 

variables.tf

@@ -1,6 +1,7 @@
 variable "cloudflare_api_token" {
   description = "The Cloudflare API token."
   type        = string
+  sensitive   = true
 }
 
 variable "create_certificate" {

versions.tf

@@ -3,11 +3,11 @@ terraform {
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
-      version = ">= 3.34"
+      version = ">= 4.20"
     }
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4"
+      version = ">= 5"
     }
   }
   required_version = ">= 1.0"