Modernizing many things

- use hashicorp/setup-terraform action
- bump terraform requirement to 0.13
- bump digitalocean provider requirement to 1.22
- bump to latest nvm
- remove a bunch of unnecessary quotes

.github/workflows/terraform.yml

@@ -1,23 +1,18 @@
 name: terraform
-on: [push, pull_request]
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 jobs:
   terraform:
     name: Terraform
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: fmt
-      uses: hashicorp/terraform-github-actions@master
+    - uses: actions/checkout@v2
+    - uses: hashicorp/setup-terraform@v1
       with:
-        tf_actions_version: 0.12.21
-        tf_actions_subcommand: fmt
-    - name: init
-      uses: hashicorp/terraform-github-actions@master
-      with:
-        tf_actions_version: 0.12.21
-        tf_actions_subcommand: init
-    - name: validate
-      uses: hashicorp/terraform-github-actions@master
-      with:
-        tf_actions_version: 0.12.21
-        tf_actions_subcommand: validate
+        terraform_version: 0.13.0
+    - run: terraform fmt -check -recursive
+    - run: terraform init
+    - run: terraform validate

.gitignore

@@ -1,29 +1,8 @@
-# Local .terraform directories
 **/.terraform/*
-
-# .tfstate files
 *.tfstate
 *.tfstate.*
-
-# Crash log files
-crash.log
-
-# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
-# .tfvars files are managed as part of configuration and so should be included in
-# version control.
-#
-# example.tfvars
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
 *_override.tf
 *_override.tf.json
-
-# Include override files you do wish to add to version control using negated pattern
-#
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
+crash.log
+override.tf
+override.tf.json

README.md

@@ -6,7 +6,7 @@ This is a terraform module that provisions a
 
 ## Terraform versions
 
-This module is compatible with Terraform version `0.12+`.
+This module is compatible with Terraform version `0.13+`.
 
 ## Usage
 
@@ -48,21 +48,28 @@ module "digitalocean_spoke" {
 }
 ```
 
+## Requirements
+
+| Name | Version |
+|------|---------|
+| digitalocean | >= 1.22 |
+
 ## Providers
 
 | Name | Version |
 |------|---------|
-| digitalocean | >= 1.14 |
+| digitalocean | >= 1.22 |
 | null | n/a |
 | random | n/a |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:-----:|
+|------|-------------|------|---------|:--------:|
 | base\_url | Fully qualified https URL of the app | `string` | n/a | yes |
 | cert\_certificate | Certificate with leaf and intermediates to pass to nginx | `string` | n/a | yes |
 | cert\_private\_key | Certificate key to pass to nginx | `string` | n/a | yes |
+| droplet\_image | Image to use when provisioning app droplet | `string` | `"ubuntu-20-04-x64"` | no |
 | droplet\_size | Size value passed when provisioning app droplet | `string` | `"s-1vcpu-1gb"` | no |
 | env | Arbitrary *additional* environment variables passed at build time and run time | `map(string)` | `{}` | no |
 | node\_env | Value defined at build time and run time as NODE\_ENV | `string` | `"production"` | no |
@@ -71,7 +78,7 @@ module "digitalocean_spoke" {
 | region | Region in which all resources will be provisioned | `string` | `"nyc1"` | no |
 | resource\_prefix | Prefix prepended to resource names | `string` | `"spoke-"` | no |
 | server\_name | Server name used in nginx config | `string` | n/a | yes |
-| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v5.2"` | no |
+| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v8.0"` | no |
 | ssh\_keys | List of ssh public keys to pass to droplet provisioning | `list(string)` | n/a | yes |
 
 ## Outputs

main.tf

@@ -7,7 +7,7 @@
  *
  * ## Terraform versions
  *
- * This module is compatible with Terraform version `0.12+`.
+ * This module is compatible with Terraform version `0.13+`.
  *
  * ## Usage
  *
@@ -52,91 +52,97 @@
 
 terraform {
   required_providers {
-    digitalocean = ">= 1.14"
+    digitalocean = ">= 1.22"
   }
 }
 
-variable "server_name" {
+variable server_name {
   description = "Server name used in nginx config"
   type        = string
 }
 
-variable "base_url" {
+variable base_url {
   description = "Fully qualified https URL of the app"
   type        = string
 }
 
-variable "resource_prefix" {
+variable resource_prefix {
   description = "Prefix prepended to resource names"
   default     = "spoke-"
   type        = string
 }
 
-variable "node_options" {
+variable node_options {
   description = "Value defined at build time and run time as NODE_OPTIONS"
   default     = "--max_old_space_size=8192"
   type        = string
 }
 
-variable "node_env" {
+variable node_env {
   description = "Value defined at build time and run time as NODE_ENV"
   default     = "production"
   type        = string
 }
 
-variable "port" {
+variable port {
   description = "TCP port used to communicate between droplet and nginx"
   default     = "3000"
   type        = string
 }
 
-variable "droplet_size" {
+variable droplet_image {
+  description = "Image to use when provisioning app droplet"
+  default     = "ubuntu-20-04-x64"
+  type        = string
+}
+
+variable droplet_size {
   description = "Size value passed when provisioning app droplet"
   default     = "s-1vcpu-1gb"
   type        = string
 }
 
-variable "region" {
+variable region {
   description = "Region in which all resources will be provisioned"
   default     = "nyc1"
   type        = string
 }
 
-variable "spoke_version" {
+variable spoke_version {
   description = "Git ref of MoveOnOrg/Spoke to deploy"
-  default     = "v5.2"
+  default     = "v8.0"
   type        = string
 }
 
-variable "ssh_keys" {
+variable ssh_keys {
   type        = list(string)
   description = "List of ssh public keys to pass to droplet provisioning"
 }
 
-variable "cert_private_key" {
+variable cert_private_key {
   description = "Certificate key to pass to nginx"
   type        = string
 }
 
-variable "cert_certificate" {
+variable cert_certificate {
   description = "Certificate with leaf and intermediates to pass to nginx"
   type        = string
 }
 
-variable "env" {
+variable env {
   description = "Arbitrary *additional* environment variables passed at build time and run time"
   default     = {}
   type        = map(string)
 }
 
-resource "digitalocean_ssh_key" "app" {
+resource digitalocean_ssh_key app {
   count      = length(var.ssh_keys)
   name       = "${var.resource_prefix}app-${count.index}"
   public_key = element(var.ssh_keys, count.index)
 }
 
-resource "digitalocean_droplet" "app" {
-  image  = "ubuntu-18-04-x64"
+resource digitalocean_droplet app {
+  image  = var.droplet_image
   name   = "${var.resource_prefix}app"
   region = var.region
   size   = var.droplet_size
@@ -144,17 +150,17 @@ resource "digitalocean_droplet" "app" {
   ssh_keys = digitalocean_ssh_key.app[*].id
 }
 
-resource "digitalocean_floating_ip" "app" {
+resource digitalocean_floating_ip app {
   droplet_id = digitalocean_droplet.app.id
   region     = digitalocean_droplet.app.region
 }
 
-resource "digitalocean_firewall" "app" {
+resource digitalocean_firewall app {
   name = "pghdsa-spoke-app"
 
   droplet_ids = [digitalocean_droplet.app.id]
 
-  dynamic "inbound_rule" {
+  dynamic inbound_rule {
     for_each = ["22", "80", "443"]
     content {
       protocol         = "tcp"
@@ -168,7 +174,7 @@ resource "digitalocean_firewall" "app" {
     source_addresses = ["0.0.0.0/0", "::/0"]
   }
 
-  dynamic "outbound_rule" {
+  dynamic outbound_rule {
     for_each = ["tcp", "udp"]
     content {
       protocol              = outbound_rule.value
@@ -183,12 +189,12 @@ resource "digitalocean_firewall" "app" {
   }
 }
 
-resource "random_string" "session_secret" {
+resource random_string session_secret {
   length  = 199
   special = false
 }
 
-resource "random_string" "pg_password" {
+resource random_string pg_password {
   length = 31
 }
 
@@ -216,7 +222,7 @@ locals {
   }, var.env)
 }
 
-resource "null_resource" "app_provision" {
+resource null_resource app_provision {
   triggers = {
     droplet_id            = digitalocean_droplet.app.id
     provision_script_sha1 = filesha1("${path.module}/spoke-app-provision")
@@ -236,17 +242,17 @@ resource "null_resource" "app_provision" {
     host = digitalocean_droplet.app.ipv4_address
   }
 
-  provisioner "file" {
+  provisioner file {
     source      = "${path.module}/spoke-app-provision"
     destination = "/tmp/spoke-app-provision"
   }
 
-  provisioner "file" {
+  provisioner file {
     source      = "${path.module}/spoke-app-run"
     destination = "/tmp/spoke-app-run"
   }
 
-  provisioner "file" {
+  provisioner file {
     content = templatefile("${path.module}/nginx-sites-default.conf.tpl", {
       server_name = var.server_name,
       port        = var.port,
@@ -254,32 +260,32 @@ resource "null_resource" "app_provision" {
     destination = "/tmp/nginx-sites-default.conf"
   }
 
-  provisioner "file" {
+  provisioner file {
     content     = var.cert_certificate
     destination = "/tmp/spoke.crt"
   }
 
-  provisioner "file" {
+  provisioner file {
     content     = var.cert_private_key
     destination = "/tmp/spoke.key"
   }
 
-  provisioner "file" {
-    content = <<-ENV_TMPL
+  provisioner file {
+    content = <<-ENVTMPL
 %{for key, value in local.env_map~}
 ${key}='${value}'
 %{endfor~}
-ENV_TMPL
+ENVTMPL
 
     destination = "/tmp/app.env"
   }
 
-  provisioner "file" {
+  provisioner file {
     source      = "${path.module}/spoke.service"
     destination = "/tmp/spoke.service"
   }
 
-  provisioner "remote-exec" {
+  provisioner remote-exec {
     inline = [
       "bash /tmp/spoke-app-provision system0",
       "sudo -H -u spoke bash /tmp/spoke-app-provision spoke0",
@@ -288,22 +294,22 @@ ENV_TMPL
   }
 }
 
-output "droplet_urn" {
+output droplet_urn {
   description = "urn of the droplet suitable for adding to project resources"
   value       = digitalocean_droplet.app.urn
 }
 
-output "droplet_ipv4_address" {
+output droplet_ipv4_address {
   description = "ipv4 address of the droplet"
   value       = digitalocean_droplet.app.ipv4_address
 }
 
-output "floating_ip_address" {
+output floating_ip_address {
   description = "floating IP address assigned to the droplet suitable for creating a DNS A record"
   value       = digitalocean_floating_ip.app.ip_address
 }
 
-output "floating_ip_urn" {
+output floating_ip_urn {
   description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources"
   value       = digitalocean_floating_ip.app.urn
 }

spoke-app-provision

@@ -116,7 +116,7 @@ _run_spoke0() {
 
   if ! command -v nvm; then
     curl -fsSL \
-      https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh | bash
+      https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
     set +o errexit
     set +o xtrace
     # shellcheck source=/dev/null