shar1z

export AWS_ROLE_ARN=arn:aws:iam::1234567890:role/RoleToAssume
export AWS_WEB_IDENTITY_TOKEN_FILE=/tmp/awscreds
export AWS_DEFAULT_REGION=<region>
export DEFAULT_PARALLEL_JOBS=4

OUTPUT_TOKEN_REQUEST=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL")
echo "$OUTPUT_TOKEN_REQUEST"  | jq -r '.value' > /tmp/awscreds

RET=1
MAX_RETRIES=5

shar1z

module "terraform-aws-s3-bucket" {
 source = "github.com/terraform-aws-modules/terraform-aws-s3-bucket"

 object_lock_enabled = false
 bucket       = "<BUCKET_NAME>"
}

These resources are listed in the module but not in the dependencies 
(hence will be created in the next terraform apply): 
# aws_s3_bucket_logging

shar1z

terraform import module.terraform-aws-s3-bucket.aws_s3_bucket.main_bucket[0] BUCKET_NAME

shar1z

name: Terraform

on: [push]

jobs:
  terraform:
    name: Apply Terraform
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2

shar1z

node {
stage("Clone repository") {
git url: "https://github.com/<username>/<repository>.git"
}
stage("Scan code with trivy") {
sh "trivy --exit-code 1 --severity CRITICAL <repository>"
}
stage("Run infracost") {
sh "infracost --no-color"
}

shar1z

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/sns"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        // Create an S3 bucket.
        bucket, err := s3.NewBucket(ctx, "my-bucket", &s3.BucketArgs{

shar1z

provider "aws" {
  region = "us-east-1"
}

# Create an EKS cluster
resource "aws_eks_cluster" "eks_cluster" {
  name     = "my-eks-cluster"
  role_arn = aws_iam_role.eks_cluster_role.arn
}

shar1z

{ "data": { "project": { "id": "gid://gitlab/Project/", "terraformStates": { "count": 1, "nodes": [ { "id": "gid://gitlab/Terraform::State/", "name": "", "lockedAt": null, "updatedAt": "2022-08-02T19:55:26Z", "deletedAt": null, "lockedByUser": null, "latestVersion": { "id": "gid://gitlab/Terraform::StateVersion/", "downloadPath": "/api/v4/projects//terraform/state//versions/0", "serial": 0, "updatedAt": "2022-08-02T19:55:26Z", "createdByUser": null, "job": null, "__typename": "TerraformStateVersion" }, "__typename": "TerraformState" } ], "pageInfo": { "hasNextPage": false, "hasPreviousPage": false, "startCursor": "", "endCursor": "", "__typename": "PageInfo" }, "__typename": "TerraformStateConnection" },

shar1z

POST https://{{GITLAB-HOST}}/api/graphql { "operationName": "getStates", "variables": { "projectPath": "sefi/tf-demo", "first": 50, "after": null, "last": null, "before": null }, "query": "query getStates($projectPath: ID!, $first: Int, $last: Int, $before: String, $after: String) {\n project(fullPath: $projectPath) {\n id\n terraformStates(first: $first, last: $last, before: $before, after: $after) {\n count\n nodes {\n ...State\n __typename\n }\n pageInfo {\n ...PageInfo\n __typename\n }\n __typename\n }\n __typename\n }\n}\n\nfragment State on TerraformState {\n id\n name\n lockedAt\n updatedAt\n deletedAt\n lockedByUser {\n ...User\n __typename\n }\n latestVersion {\n ...StateVersion\n __typename\n }\n __typename\n}\n\nfragment User on User {\n id\n avatarUrl\n name\n username\n webUrl\n __typename\n}\n\nfragment StateVersion on TerraformStateVersion {\n id\n downloadPath\n serial\n updatedAt\n createdByUser {\n ...User\n __typename\n }\n job {\n id\n detailedStatus {\n id\n detailsPath\n group\n icon\n l

shar1z

def _handle_event(event_detail_type: str, event_detail: dict) -> None:
    try:
        handle_task(event_detail_type, event)
    except ExecutionSyncError:  # Raised if this is a "task_completed" event, and "task_started" hasn't arrive yet
        if event.retry_count < MAX_RETRY_COUNT:
            logger.info('Events are not in sync, sending this event to the retry queue '
                        f'(retry_count={event.retry_count})')
            event.retry_count += 1
            message = {
                DETAIL_TYPE: event_detail_type,