Merge branch 'main' into feature/add-custom-headers-to-audit-trail

.github/workflows/analysis-codeql.yml

@@ -17,6 +17,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
+
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:

.github/workflows/analysis-gosec.yml

@@ -25,6 +25,6 @@ jobs:
           args: "-severity=medium -no-fail -fmt sarif -out gosec-results.sarif ./..."
 
       - name: Upload GoSec scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "gosec-results.sarif"

.github/workflows/analysis-lint.yml

@@ -14,9 +14,8 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21"
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
 
       - name: Check formatting using gofmt
         run: gofmt -s -l -d .

.github/workflows/check-documentation.yml

@@ -18,15 +18,14 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21"
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
 
       - name: Generate documentation
         run: cd tools && go generate ./...
 
       - name: Verify Changed files
-        uses: tj-actions/verify-changed-files@v15
+        uses: tj-actions/verify-changed-files@v20
         id: verify-changed-files
         with:
           files: |

.github/workflows/release-beta.yml

@@ -36,29 +36,26 @@ jobs:
           echo -e "project_name: terraform-provider-${{ inputs.providerType }}\n$(cat .goreleaser.yml)" > .goreleaser.yml
 
       - name: Set up Go
-        uses: actions/setup-go@v4
-        with: { go-version: 1.21 }
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
 
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v5
+        uses: crazy-max/ghaction-import-gpg@v6
         id: import_gpg
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
 
       - name: Run GoReleaser to create draft release
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
-          version: latest
           args: release --clean --snapshot
         env:
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install spacectl
         uses: spacelift-io/setup-spacectl@main
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Release to Spacelift registry (preprod)
         run: spacectl provider create-version --type=${{ inputs.providerType }}

.github/workflows/release.yml

@@ -19,18 +19,18 @@ jobs:
         run: git fetch --prune --unshallow
 
       - name: Set up Go
-        uses: actions/setup-go@v4
-        with: { go-version: 1.21 }
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
 
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v5
+        uses: crazy-max/ghaction-import-gpg@v6
         id: import_gpg
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
 
       - name: Run GoReleaser to create draft release
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
           version: latest
           args: release --clean
@@ -40,8 +40,6 @@ jobs:
 
       - name: Install spacectl
         uses: spacelift-io/setup-spacectl@main
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Release to Spacelift registry (preprod)
         run: spacectl provider create-version --type=spacelift

.github/workflows/test-prod.yml

@@ -12,14 +12,13 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      
+
       - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21"
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
 
       - name: Install Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_wrapper: false
 
@@ -84,12 +83,14 @@ jobs:
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_NAME: "GitLab Default"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_ID: "gitlab-default"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_APIHOST: "https://gitlab.com"
+          SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_TOKEN: ${{ secrets.COMMON_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_TOKEN }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKSECRET: ${{ secrets.PROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKSECRET }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKURL: ${{ secrets.PROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKURL }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_NAME: "GitLab Space Level"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_ID: "gitlab-space-level"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_SPACE: "tests-01HPE6H08F8HR8PJR78DPYR3TC"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_APIHOST: "https://gitlab.com"
+          SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_TOKEN: ${{ secrets.COMMON_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_TOKEN }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKSECRET: ${{ secrets.PROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKSECRET }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKURL: ${{ secrets.PROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKURL }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_AZUREDEVOPS_REPOSITORY_NAME: "spacelift-ci"

.github/workflows/test.yml

@@ -14,14 +14,13 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      
+
       - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21"
+        uses: actions/setup-go@v5
+        with: { go-version-file: go.mod }
 
       - name: Install Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_wrapper: false
 
@@ -86,12 +85,14 @@ jobs:
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_NAME: "GitLab Default"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_ID: "gitlab-default"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_APIHOST: "https://gitlab.com"
+          SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_TOKEN: ${{ secrets.COMMON_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_TOKEN }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKSECRET: ${{ secrets.PREPROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKSECRET }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKURL: ${{ secrets.PREPROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_DEFAULT_WEBHOOKURL }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_NAME: "GitLab Space Level"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_ID: "gitlab-space-level"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_SPACE: "tests-01HPE6ENR1AZZ638QSRQRVW4DH"
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_APIHOST: "https://gitlab.com"
+          SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_TOKEN: ${{ secrets.COMMON_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_TOKEN }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKSECRET: ${{ secrets.PREPROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKSECRET }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKURL: ${{ secrets.PREPROD_SPACELIFT_PROVIDER_TEST_SOURCECODE_GITLAB_SPACELEVEL_WEBHOOKURL }}
           SPACELIFT_PROVIDER_TEST_SOURCECODE_AZUREDEVOPS_REPOSITORY_NAME: "spacelift-ci"

.gitignore

@@ -24,3 +24,4 @@ key.*
 dist/
 
 test.env
+.envrc

README.md

@@ -24,7 +24,7 @@ If you want to build from source, you can simply use `go build` in the root of t
 
 To develop the provider locally you need the following tools:
 
-- [Go 1.21](https://go.dev/doc/install).
+- [Go 1.22](https://go.dev/doc/install).
 - [GoReleaser](https://goreleaser.com/).
 - A Spacelift account to use for testing.
 

docs/resources/gitlab_integration.md

@@ -0,0 +1,62 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "spacelift_gitlab_integration Resource - terraform-provider-spacelift"
+subcategory: ""
+description: |-
+  spacelift_gitlab_integration represents an integration with a GitLab instance
+---
+
+# spacelift_gitlab_integration (Resource)
+
+`spacelift_gitlab_integration` represents an integration with a GitLab instance
+
+## Example Usage
+
+```terraform
+resource "spacelift_gitlab_integration" "example" {
+  name             = "GitLab integration (public)"
+  space_id         = "root"
+  api_host         = "https://mygitlab.myorg.com"
+  user_facing_host = "https://mygitlab.myorg.com"
+  private_token    = "gitlab-token"
+}
+
+resource "spacelift_gitlab_integration" "private-example" {
+  name             = "GitLab integration (private)"
+  is_default       = true
+  api_host         = "private://mygitlab"
+  user_facing_host = "https://mygitlab.myorg.com"
+  private_token    = "gitlab-token"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `api_host` (String) API host URL
+- `name` (String) The friendly name of the integration
+- `private_token` (String, Sensitive) The GitLab API Token
+- `user_facing_host` (String) User facing host URL.
+
+### Optional
+
+- `description` (String) Description of the integration
+- `is_default` (Boolean) Is the GitLab integration the default for all spaces? If set to `true` the space must be set to `root` in `space_id` or left empty which uses the default
+- `labels` (Set of String) Labels to set on the integration
+- `space_id` (String) ID (slug) of the space the integration is in; Default: `root`
+
+### Read-Only
+
+- `id` (String) GitLab integration id.
+- `webhook_secret` (String, Sensitive) Secret for webhooks originating from GitLab repositories
+- `webhook_url` (String) URL for webhooks originating from GitLab repositories
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import spacelift_gitlab_integration.example spacelift_gitlab_integration_id
+```

docs/resources/idp_group_mapping.md

@@ -19,10 +19,6 @@ resource "spacelift_idp_group_mapping" "test" {
     space_id = "root"
     role     = "ADMIN"
   }
-  policy {
-    space_id = "legacy"
-    role     = "ADMIN"
-  }
 }
 ```
 

docs/resources/stack.md

@@ -248,7 +248,7 @@ resource "spacelift_stack" "terragrunt-stack" {
 - `runner_image` (String) Name of the Docker image used to process Runs
 - `showcase` (Block List, Max: 1) (see [below for nested schema](#nestedblock--showcase))
 - `slug` (String) Allows setting the custom ID (slug) for the stack
-- `space_id` (String) ID (slug) of the space the stack is in. Defaults to `legacy`.
+- `space_id` (String) ID (slug) of the space the stack is in. Defaults to `legacy` if it exists, otherwise `root`.
 - `terraform_external_state_access` (Boolean) Indicates whether you can access the Stack state file from other stacks or outside of Spacelift. Defaults to `false`.
 - `terraform_smart_sanitization` (Boolean) Indicates whether runs on this will use terraform's sensitive value system to sanitize the outputs of Terraform state and plans in spacelift instead of sanitizing all fields. Note: Requires the terraform version to be v1.0.1 or above. Defaults to `false`.
 - `terraform_version` (String) Terraform version to use

examples/resources/spacelift_gitlab_integration/import.sh

@@ -0,0 +1 @@
+terraform import spacelift_gitlab_integration.example spacelift_gitlab_integration_id

examples/resources/spacelift_gitlab_integration/resource.tf

@@ -0,0 +1,15 @@
+resource "spacelift_gitlab_integration" "example" {
+  name             = "GitLab integration (public)"
+  space_id         = "root"
+  api_host         = "https://mygitlab.myorg.com"
+  user_facing_host = "https://mygitlab.myorg.com"
+  private_token    = "gitlab-token"
+}
+
+resource "spacelift_gitlab_integration" "private-example" {
+  name             = "GitLab integration (private)"
+  is_default       = true
+  api_host         = "private://mygitlab"
+  user_facing_host = "https://mygitlab.myorg.com"
+  private_token    = "gitlab-token"
+}

examples/resources/spacelift_idp_group_mapping/resource.tf

@@ -4,8 +4,4 @@ resource "spacelift_idp_group_mapping" "test" {
     space_id = "root"
     role     = "ADMIN"
   }
-  policy {
-    space_id = "legacy"
-    role     = "ADMIN"
-  }
 }