From 05b93eb9f55f8bb9a9c990e18fc5cf48367aac27 Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Mon, 20 Oct 2025 19:37:03 +0100
Subject: [PATCH 1/6] feat: Add the family chat repo

Adding the family chat repo.

Also updated the pre-commit hooks.
---
 .pre-commit-config.yaml                       |  4 +--
 .../repos/family-chat/terragrunt.hcl          | 35 +++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 github/unicornops/repos/family-chat/terragrunt.hcl

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c23c5a5..8f75e27 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,10 +1,10 @@
 repos:
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.96.1
+  rev: v1.103.0
   hooks:
     - id: terragrunt_fmt
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v5.0.0
+  rev: v6.0.0
   hooks:
     - id: check-merge-conflict
     - id: end-of-file-fixer
diff --git a/github/unicornops/repos/family-chat/terragrunt.hcl b/github/unicornops/repos/family-chat/terragrunt.hcl
new file mode 100644
index 0000000..a961286
--- /dev/null
+++ b/github/unicornops/repos/family-chat/terragrunt.hcl
@@ -0,0 +1,35 @@
+terraform {
+  source = "tfr:///mineiros-io/repository/github?version=0.18.0"
+}
+
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+# Indicate what region to deploy the resources into
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "github" {
+  owner = "${local.org_vars.github_owner}"
+}
+terraform {
+  backend "s3" {}
+}
+EOF
+}
+
+locals {
+  org_vars  = yamldecode(file(find_in_parent_folders("org.yaml")))
+  repo_name = basename(get_terragrunt_dir())
+}
+
+inputs = {
+  name                 = local.repo_name
+  vulnerability_alerts = true
+  visibility           = "private"
+  description          = "Repo for the family chat project"
+  has_issues           = true
+  has_wiki             = true
+}

From 80212ab7cba11f8fcff1a2a052868ae2b4f6d57b Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Mon, 20 Oct 2025 19:42:45 +0100
Subject: [PATCH 2/6] fix: Migrate old terragrunt config to new version

---
 github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl b/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl
index 1c7899a..d612cee 100644
--- a/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl
+++ b/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl
@@ -2,8 +2,8 @@ terraform {
   source = "tfr:///mineiros-io/repository/github?version=0.18.0"
 }
 
-include {
-  path = find_in_parent_folders()
+include "root" {
+  path = find_in_parent_folders("root.hcl")
 }
 
 # Indicate what region to deploy the resources into

From c9eb7b1109247a1bb75e798b08bc7e77936dcf1a Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Mon, 20 Oct 2025 19:45:09 +0100
Subject: [PATCH 3/6] fix: Fix the pull request cocogitto check

---
 .github/workflows/pull_request.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 6829844..4f47190 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -14,3 +14,5 @@ jobs:
 
       - name: Conventional commit check
         uses: cocogitto/cocogitto-action@v4
+        with:
+          command: check

From ff7acee1dfb8901bc701dd8bdb32aa71e2c1261a Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Mon, 20 Oct 2025 19:52:52 +0100
Subject: [PATCH 4/6] feat: Ensure Terragrunt has the correct perms

---
 .github/workflows/terragrunt_plan.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/terragrunt_plan.yml b/.github/workflows/terragrunt_plan.yml
index e380e41..1f9f322 100644
--- a/.github/workflows/terragrunt_plan.yml
+++ b/.github/workflows/terragrunt_plan.yml
@@ -43,6 +43,7 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.TERRAGRUNT_GITHUB_API_TOKEN }}
         run: |
           terragrunt run-all plan --terragrunt-non-interactive
 

From 29b9aa554bee8e26ecd81955d8757b264012d450 Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Mon, 20 Oct 2025 19:54:50 +0100
Subject: [PATCH 5/6] fix: Giving the Terragrunt action required perms

---
 .github/workflows/terragrunt_plan.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/terragrunt_plan.yml b/.github/workflows/terragrunt_plan.yml
index 1f9f322..758f0bd 100644
--- a/.github/workflows/terragrunt_plan.yml
+++ b/.github/workflows/terragrunt_plan.yml
@@ -11,6 +11,10 @@ jobs:
   terragrunt_plan:
     runs-on: ubuntu-latest
     name: Run Terragrunt Plan for GitHub Directory
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
 
     steps:
       - name: Checkout code

From 32f6455055c8e483fd4323b14036c2a310b9a008 Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Mon, 20 Oct 2025 20:05:40 +0100
Subject: [PATCH 6/6] feat: Adding the Terragrunt apply workflow

---
 .github/workflows/terragrunt_apply.yml | 65 ++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 .github/workflows/terragrunt_apply.yml

diff --git a/.github/workflows/terragrunt_apply.yml b/.github/workflows/terragrunt_apply.yml
new file mode 100644
index 0000000..4ff3b8a
--- /dev/null
+++ b/.github/workflows/terragrunt_apply.yml
@@ -0,0 +1,65 @@
+---
+name: Terragrunt Apply
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "github/**"
+      - ".github/workflows/terragrunt_apply.yml"
+
+jobs:
+  terragrunt_apply:
+    runs-on: ubuntu-latest
+    name: Run Terragrunt Apply for GitHub Directory
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1
+        with:
+          tofu_version: 1.8.1
+
+      - name: Setup Terragrunt
+        run: |
+          wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.67.16/terragrunt_linux_amd64
+          chmod +x terragrunt_linux_amd64
+          sudo mv terragrunt_linux_amd64 /usr/local/bin/terragrunt
+          terragrunt --version
+
+      - name: Configure MinIO credentials (for S3 backend)
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_ACCESS_KEY }}
+        run: |
+          echo "MinIO credentials configured"
+
+      - name: Run Terragrunt Apply
+        working-directory: ./github
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.TERRAGRUNT_GITHUB_API_TOKEN }}
+        run: |
+          terragrunt run-all apply --terragrunt-non-interactive
+
+      - name: Create Issue on Failure
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: `Terragrunt Apply Failed - ${context.sha.substring(0, 7)}`,
+              body: `❌ Terragrunt apply failed for commit ${context.sha}\n\nWorkflow run: ${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}\n\nPlease check the logs for details.`,
+              labels: ['terragrunt', 'deployment-failure']
+            })