Merge branch 'main' into soerenmartius/change-db-size

.github/workflows/deploy.yml

@@ -16,6 +16,7 @@ jobs:
       id-token: write
       contents: read
       pull-requests: read
+      checks: read
 
     runs-on: ubuntu-latest
 
@@ -86,10 +87,11 @@ jobs:
         run: |
           terramate run \
             --changed \
-            --cloud-sync-deployment \
-            --cloud-sync-terraform-plan-file=out.tfplan \
+            --sync-deployment \
+            --sync-terraform-plan-file=out.tfplan \
             --terragrunt \
-            -- terragrunt apply -input=false -auto-approve -lock-timeout=5m out.tfplan
+            -- \
+            terragrunt apply -input=false -auto-approve -lock-timeout=5m out.tfplan
         env:
           TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }}
 
@@ -98,10 +100,11 @@ jobs:
         run: |
           terramate run \
             --changed \
-            --cloud-sync-drift-status \
-            --cloud-sync-terraform-plan-file=drift.tfplan \
+            --sync-drift-status \
+            --sync-terraform-plan-file=drift.tfplan \
             --terragrunt \
-            -- terragrunt plan -out drift.tfplan -detailed-exitcode
+            -- \
+            terragrunt plan -out drift.tfplan -detailed-exitcode
         env:
           TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }}
 

.github/workflows/drift-detection.yml

@@ -16,6 +16,7 @@ jobs:
       id-token: write
       contents: read
       pull-requests: read
+      checks: read
 
     runs-on: ubuntu-latest
 
@@ -67,6 +68,7 @@ jobs:
         id: drift-detect
         run: |
           terramate run \
+            --parallel 5 \
             --cloud-sync-drift-status \
             --cloud-sync-terraform-plan-file=drift.tfplan \
             --terragrunt \
@@ -89,10 +91,11 @@ jobs:
         run: |
           terramate run \
             --cloud-status=drifted \
-            --tags reconcile,
+            --tags reconcile \
             --cloud-sync-deployment \
             --cloud-sync-terraform-plan-file=drift.tfplan \
             --terragrunt \
-            -- terragrunt apply -input=false -auto-approve -lock-timeout=5m drift.tfplan
+            -- \
+            terragrunt apply -input=false -auto-approve -lock-timeout=5m drift.tfplan
         env:
           TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }}

.github/workflows/preview.yml

@@ -94,12 +94,13 @@ jobs:
           terramate run \
             --parallel 5 \
             --changed \
-            --cloud-sync-preview \
-            --cloud-sync-terraform-plan-file=out.tfplan \
+            --sync-preview \
+            --sync-terraform-plan-file=out.tfplan \
             --debug-preview-url preview_url.txt \
             --continue-on-error \
             --terragrunt \
-            -- terragrunt plan -out out.tfplan \
+            -- \
+            terragrunt plan -out out.tfplan \
             -detailed-exitcode \
             -lock=false
         env:
@@ -127,7 +128,8 @@ jobs:
           terramate run \
             --changed \
             --terragrunt \
-            -- terragrunt show -no-color out.tfplan \
+            -- \
+            terragrunt show -no-color out.tfplan \
             |& dd bs=1024 count=248 >>pr-comment.txt
           [ "${PIPESTATUS[0]}" == "141" ] && sed -i 's/#### Terragrunt Plan/#### :warning: Terragrunt Plan truncated: please check console output :warning:/' pr-comment.txt
           echo >>pr-comment.txt '```'

.tool-versions

@@ -1,3 +1,3 @@
-terragrunt 0.55.14
-terramate 0.6.0
-terraform 1.7.5
+terragrunt 0.57.13
+terramate 0.8.1
+terraform 1.8.2

CODEOWNERS

@@ -1 +1 @@
-* @brikis98 @denis256
+* @terramate-io/engineering

LICENSE.txt

@@ -187,6 +187,7 @@
       identification within third-party archives.
 
    Copyright 2016 Gruntwork, Inc
+   Copyright 2024 Terramate GmbH
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,149 +1,17 @@
-[![Maintained by Gruntwork.io](https://img.shields.io/badge/maintained%20by-gruntwork.io-%235849a6.svg)](https://gruntwork.io/?ref=repo_terragrunt-infra-live-example)
+# Example of how to integrate Terragrunt with Terramate
 
-# Example infrastructure-live for Terragrunt
+This repository is a fork of the [Terragrunt reference architecture](https://github.com/gruntwork-io/terragrunt-infrastructure-live-example)
+to demonstrate how to enhance Terragrunt with Terramate by adding:
 
-This repo, along with the [terragrunt-infrastructure-modules-example
-repo](https://github.com/gruntwork-io/terragrunt-infrastructure-modules-example), show an example file/folder structure
-you can use with [Terragrunt](https://github.com/gruntwork-io/terragrunt) to keep your
-[Terraform](https://www.terraform.io) and [OpenTofu](https://opentofu.org/) code DRY. For background information, 
-check out the [Keep your code DRY](https://github.com/gruntwork-io/terragrunt#keep-your-terraform-code-dry) 
-section of the Terragrunt documentation.
+- **Orchestration with Change Detection** to automatically detect and execute modules that contain changes only using
+`terragrunt plan` and `terragrunt apply`.
+- **GitOps automation workflows in GitHub Actions** (or any other CI/CD) to automate Terragrunt with plan previews in
+Pull Requests in your CI/CD without requiring any additional tooling such as Atlantis.
+- **Drift detection and reconciliation** to keep your Terragrunt modules drift-free with scheduled workflows in GitHub actions.
+- **Observability and Visibility** to understand the health and infrastructure managed in your modules.
 
-This repo shows an example of how to use the modules from the `terragrunt-infrastructure-modules-example` repo to
-deploy an Auto Scaling Group (ASG) and a MySQL DB across three environments (qa, stage, prod) and two AWS accounts
-(non-prod, prod), all with minimal duplication of code. That's because there is just a single copy of
-the code, defined in the `terragrunt-infrastructure-modules-example` repo, and in this repo, we solely define
-`terragrunt.hcl` files that reference that code (at a specific version, too!) and fill in variables specific to each
-environment.
+Please read our [Terramate and Terragrunt guide](https://terramate.io/rethinking-iac/how-terramate-adds-superpowers-to-terragrunt-in-just-5-minutes/) to learn more about how this repository works and how you can use Terramate to supercharge Terragrunt.
 
-Be sure to read through [the Terragrunt documentation on DRY
-Architectures](https://terragrunt.gruntwork.io/docs/features/keep-your-terragrunt-architecture-dry/) to understand the
-features of Terragrunt used in this folder organization.
+## Terragrunt reference architecture documentation
 
-Note: This code is solely for demonstration purposes. This is not production-ready code, so use at your own risk. If
-you are interested in battle-tested, production-ready Terraform code, check out [Gruntwork](http://www.gruntwork.io/).
-
-
-
-
-## How do you deploy the infrastructure in this repo?
-
-
-### Pre-requisites
-
-1. Install [OpenTofu](https://opentofu.org/) version `1.6.0` or newer and
-   [Terragrunt](https://github.com/gruntwork-io/terragrunt) version `v0.52.0` or newer.
-2. Update the `bucket` parameter in the root `terragrunt.hcl`. We use S3 [as a Terraform
-   backend](https://opentofu.org/docs/language/settings/backends/s3/) to store your
-   state, and S3 bucket names must be globally unique. The name currently in
-   the file is already taken, so you'll have to specify your own. Alternatives, you can
-   set the environment variable `TG_BUCKET_PREFIX` to set a custom prefix.
-3. Update the `account_name` and `aws_account_id` parameters in [`non-prod/account.hcl`](/non-prod/account.hcl) and
-   [`prod/account.hcl`](/prod/account.hcl) with the names and IDs of accounts you want to use for non production and 
-   production workloads, respectively.
-4. Configure your AWS credentials using one of the supported [authentication
-   mechanisms](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html).
-
-
-### Deploying a single module
-
-1. `cd` into the module's folder (e.g. `cd non-prod/us-east-1/qa/mysql`).
-1. Note: if you're deploying the MySQL DB, you'll need to configure your DB password as an environment variable:
-   `export TF_VAR_master_password=(...)`.
-1. Run `terragrunt plan` to see the changes you're about to apply.
-1. If the plan looks good, run `terragrunt apply`.
-
-
-### Deploying all modules in a region
-
-1. `cd` into the region folder (e.g. `cd non-prod/us-east-1`).
-1. Configure the password for the MySQL DB as an environment variable: `export TF_VAR_master_password=(...)`.
-1. Run `terragrunt run-all plan` to see all the changes you're about to apply.
-1. If the plan looks good, run `terragrunt run-all apply`.
-
-
-### Testing the infrastructure after it's deployed
-
-After each module is finished deploying, it will write a bunch of outputs to the screen. For example, the ASG will
-output something like the following:
-
-```
-Outputs:
-
-asg_name = tf-asg-00343cdb2415e9d5f20cda6620
-asg_security_group_id = sg-d27df1a3
-elb_dns_name = webserver-example-prod-1234567890.us-east-1.elb.amazonaws.com
-elb_security_group_id = sg-fe62ee8f
-url = http://webserver-example-prod-1234567890.us-east-1.elb.amazonaws.com:80
-```
-
-A minute or two after the deployment finishes, and the servers in the ASG have passed their health checks, you should
-be able to test the `url` output in your browser or with `curl`:
-
-```
-curl http://webserver-example-prod-1234567890.us-east-1.elb.amazonaws.com:80
-
-Hello, World
-```
-
-Similarly, the MySQL module produces outputs that will look something like this:
-
-```
-Outputs:
-
-arn = arn:aws:rds:us-east-1:1234567890:db:tofu-00d7a11c1e02cf617f80bbe301
-db_name = mysql_prod
-endpoint = tofu-1234567890.abcdefghijklmonp.us-east-1.rds.amazonaws.com:3306
-```
-
-You can use the `endpoint` and `db_name` outputs with any MySQL client:
-
-```
-mysql --host=tofu-1234567890.abcdefghijklmonp.us-east-1.rds.amazonaws.com:3306 --user=admin --password mysql_prod
-```
-
-
-
-
-
-
-## How is the code in this repo organized?
-
-The code in this repo uses the following folder hierarchy:
-
-```
-account
- └ _global
- └ region
-    └ _global
-    └ environment
-       └ resource
-```
-
-Where:
-
-* **Account**: At the top level are each of your AWS accounts, such as `stage-account`, `prod-account`, `mgmt-account`,
-  etc. If you have everything deployed in a single AWS account, there will just be a single folder at the root (e.g.
-  `main-account`).
-
-* **Region**: Within each account, there will be one or more [AWS
-  regions](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html), such as
-  `us-east-1`, `eu-west-1`, and `ap-southeast-2`, where you've deployed resources. There may also be a `_global`
-  folder that defines resources that are available across all the AWS regions in this account, such as IAM users,
-  Route 53 hosted zones, and CloudTrail.
-
-* **Environment**: Within each region, there will be one or more "environments", such as `qa`, `stage`, etc. Typically,
-  an environment will correspond to a single [AWS Virtual Private Cloud (VPC)](https://aws.amazon.com/vpc/), which
-  isolates that environment from everything else in that AWS account. There may also be a `_global` folder
-  that defines resources that are available across all the environments in this AWS region, such as Route 53 A records,
-  SNS topics, and ECR repos.
-
-* **Resource**: Within each environment, you deploy all the resources for that environment, such as EC2 Instances, Auto
-  Scaling Groups, ECS Clusters, Databases, Load Balancers, and so on. Note that the code for most of these
-  resources lives in the [terragrunt-infrastructure-modules-example repo](https://github.com/gruntwork-io/terragrunt-infrastructure-modules-example).
-
-## Creating and using root (account) level variables
-
-In the situation where you have multiple AWS accounts or regions, you often have to pass common variables down to each
-of your modules. Rather than copy/pasting the same variables into each `terragrunt.hcl` file, in every region, and in
-every environment, you can inherit them from the `inputs` defined in the root `terragrunt.hcl` file.
+To learn more about Terragrunt and the infrastructure-live example, please look at the [terragrunt-infrastructure-live-example](https://github.com/gruntwork-io/terragrunt-infrastructure-live-example) repository.

terramate.tm.hcl

@@ -5,10 +5,6 @@ terramate {
       organization = "terramate-demo"
     }
 
-    experiments = [
-      "terragrunt",
-    ]
-
     run {
       env {
         TG_BUCKET_PREFIX = "tmcd-"