Setting embedded_manifest to true and repo visibility to private.

Signed-off-by: Steven Wade <[email protected]>

Author: swade1987

.github/workflows/pre-commit.yaml

@@ -36,15 +36,42 @@ jobs:
       matrix:
         directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
     steps:
+      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
+      - name: Delete huge unnecessary tools folder
+        run: |
+          rm -rf /opt/hostedtoolcache/CodeQL
+          rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
+          rm -rf /opt/hostedtoolcache/Ruby
+          rm -rf /opt/hostedtoolcache/go
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+          cache-dependency-path: |
+            **/go.sum
+            **/go.mod
+      - name: Build provider
+        run: |
+          make build
+          make terraformrc
+          TF_IN_AUTOMATION=true
+          TF_PLUGIN_VERSION="99.0.0"
+          TF_PLUGIN_BINARY_NAME="terraform-provider-flux"
+          TF_PLUGIN_BINARY_PATH="${HOME}/.terraform.d/plugins/registry.terraform.io/fluxcd/flux/$TF_PLUGIN_VERSION/$(go env GOOS)_$(go env GOARCH)/"
+
+          if [ ! -f $TF_PLUGIN_BINARY_PATH ]; then
+              mkdir -p $TF_PLUGIN_BINARY_PATH
+          fi
 
+          cp ./bin/$TF_PLUGIN_BINARY_NAME $TF_PLUGIN_BINARY_PATH
       - name: Terraform min/max versions
         id: minMax
         uses: clowdhaus/[email protected]
         with:
           directory: ${{ matrix.directory }}
-
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' }}
@@ -54,7 +81,6 @@ jobs:
           tflint-version: ${{ env.TFLINT_VERSION }}
           terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
-
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
       - id: check-byte-order-marker
       - id: check-case-conflict
@@ -23,7 +23,7 @@ repos:
       - id: go-unit-tests
       - id: golangci-lint
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.0
+    rev: v1.88.2
     files: examples
     hooks:
       - id: terraform_fmt
@@ -33,18 +33,19 @@ repos:
           - '--args=--lockfile=false'
       - id: terraform_tflint
         args:
-          - '--args=--only=terraform_deprecated_interpolation'
-          - '--args=--only=terraform_deprecated_index'
-          - '--args=--only=terraform_unused_declarations'
           - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_deprecated_interpolation'
           - '--args=--only=terraform_documented_outputs'
           - '--args=--only=terraform_documented_variables'
-          - '--args=--only=terraform_typed_variables'
           - '--args=--only=terraform_module_pinned_source'
           - '--args=--only=terraform_naming_convention'
-          - '--args=--only=terraform_required_version'
           - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_required_version'
           - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_unused_required_providers'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/FalcoSuessgott/tfplugindocs
     rev: v0.0.2

examples/github-self-managed-ssh-keypair/main.tf

@@ -40,7 +40,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -98,6 +98,7 @@ resource "kubernetes_secret" "ssh_keypair" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this, kubernetes_secret.ssh_keypair]
 
-  path                    = "clusters/my-cluster"
   disable_secret_creation = true
+  embedded_manifests      = true
+  path                    = "clusters/my-cluster"
 }

examples/github-via-pat/main.tf

@@ -32,7 +32,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -43,5 +43,6 @@ resource "github_repository" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/github-via-ssh-with-gpg/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,5 +63,6 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/github-via-ssh/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,5 +63,6 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/github-with-customizations/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,10 +63,11 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
   components_extra = [
     "image-reflector-controller",
     "image-automation-controller"
   ]
+  embedded_manifests     = true
   kustomization_override = file("${path.root}/resources/flux-kustomization-patch.yaml")
+  path                   = "clusters/my-cluster"
 }

examples/github-with-inline-customizations/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,10 +63,11 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
   components_extra = [
     "image-reflector-controller",
     "image-automation-controller"
   ]
+  embedded_manifests     = true
   kustomization_override = templatefile("${path.root}/resources/flux-kustomization-patch.tftpl", { role_arn = var.role_arn })
+  path                   = "clusters/my-cluster"
 }

examples/gitlab-via-ssh-with-gpg/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "gitlab_project" "this" {
   name                   = var.gitlab_project
   description            = "flux-bootstrap"
-  visibility_level       = "public"
+  visibility_level       = "private"
   initialize_with_readme = true # This is extremely important as Flux expects an initialised repository
 }
 
@@ -63,5 +63,6 @@ resource "gitlab_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [gitlab_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/gitlab-via-ssh/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "gitlab_project" "this" {
   name                   = var.gitlab_project
   description            = "flux-bootstrap"
-  visibility_level       = "public"
+  visibility_level       = "private"
   initialize_with_readme = true # This is extremely important as Flux expects an initialised repository
 }
 
@@ -63,5 +63,6 @@ resource "gitlab_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [gitlab_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/helm-install/README.md

@@ -14,7 +14,6 @@ However, using the Flux Helm chart is a better option when Flux needs to be inst
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.7.0 |
-| <a name="requirement_flux"></a> [flux](#requirement\_flux) | >= 1.2 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | >= 6.1 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.12 |
 | <a name="requirement_kind"></a> [kind](#requirement\_kind) | >= 0.4 |

examples/helm-install/main.tf

@@ -2,10 +2,6 @@ terraform {
   required_version = ">= 1.7.0"
 
   required_providers {
-    flux = {
-      source  = "fluxcd/flux"
-      version = ">= 1.2"
-    }
     github = {
       source  = "integrations/github"
       version = ">= 6.1"

internal/provider/resource_bootstrap_git.go

@@ -203,6 +203,8 @@ func (r *bootstrapGitResource) Schema(ctx context.Context, req resource.SchemaRe
 			"embedded_manifests": schema.BoolAttribute{
 				Description: "When enabled, the Flux manifests will be extracted from the provider binary instead of being downloaded from github.com. Defaults to `false`.",
 				Optional:    true,
+				Computed:    true,
+				Default:     booldefault.StaticBool(false),
 			},
 			"id": schema.StringAttribute{
 				Computed: true,