chore: adds recent GH + CodeRabbit configs

[gberenice]

what

• During the recent testing of a root module that uses this child module, I encountered an issue when the data source fetched an old AMI that didn't contain an SSM agent. This PR updates the filter to prevent this issue.
• This PR updates the repo with Mastrerpoint's recent GH + CodeRabbit configs.

why

• Prevent fetching old AMI.
• Follow Masterpoint's internal best practices.

references

• N/A

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced new configuration files for CodeRabbit integration, GitHub Actions workflows, and automated release processes.
  • Added a monthly scheduled job for trunk upgrades.

• Improvements

  • Updated version references for various packages in the aqua.yaml file.
  • Enhanced AWS AMI selection criteria in the data.tf file.

• Bug Fixes

  • Added .DS_Store to .gitignore to prevent unnecessary file tracking.

[coderabbitai]

Walkthrough

The changes introduce several new configuration files and workflows for the CodeRabbit integration, enhancing automated processes for code reviews and releases. A new .coderabbit.yaml file specifies settings for language, tone, knowledge base, and review parameters. Additionally, new GitHub Actions workflows for linting, monthly trunk upgrades, and release automation are established, along with updates to existing configuration files and the .gitignore. The modifications also include version updates in the aqua.yaml file and a change in the AMI selection criteria in data.tf.

Changes

File	Change Summary
.coderabbit.yaml	New configuration file defining language, tone instructions, knowledge base, and review settings.
.github/lint.yaml	New workflow configuration for linting checks, including jobs for trunk checks and commit title validation.
.github/release-please.yaml	New configuration file for automating the release process on pushes to the main branch.
.github/trunk-upgrade.yaml	New workflow for monthly trunk upgrades, including a job to perform the upgrade and create pull requests.
.gitignore	Added entry to ignore *.DS_Store files.
aqua.yaml	Updated version references for the aqua-registry and packages for Terraform and OpenTofu.
data.tf	Modified AWS AMI data source filter to target Amazon Linux 2 AMIs instead of Amazon Linux 2023.

Possibly related PRs

• feat: adds GH + CRabbit configs terraform-spacelift-automation#6: This PR introduces a similar .coderabbit.yaml configuration file with enhancements for CodeRabbit integration, including language settings, tone instructions, and review parameters, directly relating to the changes made in the main PR.

Suggested reviewers

• Gowiem

🌟 In the land of code, where changes unfold,
New configs and workflows, a sight to behold!
With linting and releases, all set to align,
Each line of code polished, like a fine wine.
So here's to the updates, both big and small,
Together we rise, let's enhance one and all! 🎉

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (10)

data.tf (1)

Line range hint 4-11: Update data source name and comment to reflect Amazon Linux 2

The data source name and comment suggest Amazon Linux 2023, but the filter is now looking for Amazon Linux 2 AMIs. This inconsistency could be confusing for future maintainers.

Apply this diff to maintain consistency:

- # Most recent Amazon Linux 2023 AMI
- data "aws_ami" "amazon_linux_2023" {
+ # Most recent Amazon Linux 2 AMI
+ data "aws_ami" "amazon_linux_2" {

.github/lint.yaml (3)

7-7: Consider being more specific with the trigger configuration

The current trigger runs on all pull request events. To optimize workflow execution, consider specifying relevant event types.

-on: pull_request
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]

---

16-23: Enhance trunk-check job with caching and timeout

While the job configuration is solid, consider adding caching and timeout limits to improve performance and reliability.

 trunk-check:
    runs-on: ubuntu-latest
+   timeout-minutes: 10
    steps:
      - name: Check out Git repository
        uses: actions/checkout@v4
+     - name: Cache Trunk
+       uses: actions/cache@v3
+       with:
+         path: ~/.cache/trunk
+         key: trunk-${{ runner.os }}-${{ hashFiles('**/.trunk/trunk.yaml') }}
      - name: Trunk Check
        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19

---

24-29: Add timeout to conventional-title job

Consider adding a timeout to prevent potential hanging jobs.

 conventional-title:
    runs-on: ubuntu-latest
+   timeout-minutes: 5
    steps:
      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/trunk-upgrade.yaml (2)

21-21: Consider using version tag instead of commit hash

While using a commit hash provides immutability, it makes version tracking and updates less intuitive. Consider using the version tag directly:

-        uses: trunk-io/trunk-action/upgrade@2eaee169140ec559bd556208f9f99cdfdf468da8 # v1.1.18
+        uses: trunk-io/trunk-action/upgrade@v1.1.18

---

23-25: Consider a more specific commit prefix

The current prefix "chore: " is good, but could be more specific to help with changelog organization. Consider using "chore(deps): " to clearly indicate dependency updates.

-          prefix: "chore: "
+          prefix: "chore(deps): "

.coderabbit.yaml (4)

19-24: Consider repository-specific knowledge base requirements

All knowledge base scopes are set to 'global', which means they'll use organization-wide learnings. While this can be beneficial for consistency, consider if any repository-specific knowledge should be maintained locally.

---

27-27: Document the 'chill' profile characteristics

Consider adding a comment explaining what the 'chill' profile entails to help future maintainers understand the review behavior.

-  profile: chill
+  # The 'chill' profile provides balanced feedback focusing on significant issues
+  # while being less strict about minor stylistic concerns
+  profile: chill

---

30-33: Consider expanding ignore keywords

The ignore keywords list could be enhanced with additional common patterns.

   ignore_title_keywords:
     - wip
     - draft
     - test
+    - do-not-review
+    - no-review
+    - work-in-progress

---

44-90: Consider selective tool enablement

While using Trunk is great, some CodeRabbit tools might provide complementary value. Consider enabling specific tools that don't overlap with Trunk's functionality or provide additional insights.

For example:

• languagetool for documentation review
• gitleaks for additional security scanning
• checkov for infrastructure-specific checks

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between c7953f1 and 4fcfe49.

📒 Files selected for processing (7)

• .coderabbit.yaml (1 hunks)
• .github/lint.yaml (1 hunks)
• .github/release-please.yaml (1 hunks)
• .github/trunk-upgrade.yaml (1 hunks)
• .gitignore (1 hunks)
• aqua.yaml (1 hunks)
• data.tf (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• .github/release-please.yaml
• .gitignore
• aqua.yaml

🧰 Additional context used

📓 Path-based instructions (1)

data.tf (1)

Pattern **/*.tf: You're a Terraform expert who has thoroughly studied all the documentation from Hashicorp https://developer.hashicorp.com/terraform/docs and OpenTofu https://opentofu.org/docs/.
You have a strong grasp of Terraform syntax and prioritize providing accurate and insightful code suggestions.
As a fan of the Cloud Posse / SweetOps ecosystem, you incorporate many of their best practices https://docs.cloudposse.com/best-practices/terraform/ while balancing them with general Terraform guidelines.

🔇 Additional comments (5)

data.tf (1)

11-11: Verify AMI selection strategy

Switching from Amazon Linux 2023 to Amazon Linux 2 appears to be a regression since AL2023 is newer. While this might solve the immediate SSM agent issue, consider:

1. AL2023 is the recommended choice for new deployments
2. AL2 will eventually reach end-of-life (December 31, 2025)

If SSM agent is the concern, consider:

• Using AL2023 with a more specific filter to ensure SSM agent presence
• Documenting why AL2 is specifically required

Let's verify the available AMIs and their SSM agent status:

Consider adding explicit tags or filters to ensure SSM agent presence, regardless of the chosen AMI:

filter {
  name   = "name"
  values = ["al2023-ami-*"]
}

filter {
  name   = "description"
  values = ["*with SSM*"]  # Adjust pattern based on actual AMI descriptions
}

.github/lint.yaml (1)

9-13: Well-structured permissions following security best practices!

The permissions configuration follows the principle of least privilege, granting only the necessary access levels required for the workflow to function.

.github/trunk-upgrade.yaml (2)

3-7: Verify cron schedule timezone impact

The cron schedule is set to run at 8 AM on the first day of each month. Note that GitHub Actions uses UTC timezone, so this will run at 8 AM UTC. Ensure this timing aligns with your team's working hours and maintenance windows.

---

10-15: LGTM! Well-configured job permissions

The job permissions are properly scoped with the minimum required access levels for trunk upgrade operations.

.coderabbit.yaml (1)

11-11: Verify early access feature compatibility

The configuration enables early access features. Please ensure that all team members have access to these features and that they are stable enough for your use case.

[oycyc]

👍 - this is the only thing to review.

[Gowiem]

This looks good overall, but we need to discuss as this looks like a revert and our data source name is no longer accurate. Mind sharing some more details + the error you were seeing?

[Gowiem]

I'm confused about this one. AL2 is OLDER than AL2023. Why are we needing to revert back? Can you explain what the issue was and where you found it?

[gberenice]

The issue was that the fetched AMI didn't contain SSM agent.
I've tried reproducing the issue, but it didn't happen. I assume it was some old local terraform cache with one of the previous versions of this module. Just did a cleanup and tested it - all went well. Reverting this back, thank you!

[Gowiem]