transition from terraform/terraspace to pulumi

.github/AUTORELEASE.md

@@ -0,0 +1,43 @@
+# Autorelease action
+
+## Overview
+Auto-release workflows automate the process of creating software releases in response to specific triggers like merging a pull request or pushing to a certain branch. This automation helps streamline the development process, reduce human error, and ensure consistent release practices.
+
+---
+## Why You Might Need Auto-Release
+Consistency: Automating the release process ensures that every release adheres to predefined standards and procedures, reducing the risk of human error and inconsistency in the release quality.
+
+Efficiency: By automating the changelog generation and release process, teams can save time and focus on development and testing rather than on the operational details of creating a release.
+
+Integration: Auto-release workflows can be integrated with other tools and workflows, such as continuous integration (CI) systems, to ensure that releases are made only when all tests pass, maintaining the quality of the code in the production.
+
+Traceability: Automated releases include detailed logs and changelogs, providing a clear audit trail for changes, which is beneficial for debugging and understanding the project’s history.
+
+Speed: Automation speeds up the process of releasing and deploying software, which is especially crucial in high-paced agile environments where multiple releases might occur in a single day.
+
+---
+## Setting Up an Auto-Release Workflow
+### Step-by-Step Guide
+#### 1) The GitHub App configuration
+
+Let's start by creating and configuring a GitHub App. Go to Settings > Developer Settings > GitHub Apps (Developer Settings is at the bottom of the Settings page). Click on New GitHub App.
+
+Once you are creating a new GitHub app, make sure to configure the following:
+
+    Complete the necessary details for the application.
+    Uncheck the active webhook.
+    From the Repository Permissions, set the following:
+        Administration to Read and Write.
+        Contents to Read and Write.
+        Issues to Read and Write.
+        Metadata to Read Only.
+        Pull Requests to Read and Write.
+    Check Install Only on this account.
+Once you have created the app, you need to install it on the repository you want to use it. Follow GitHub's guide on installing your apps to repositories you own.
+One more thing you need to do from the app's settings. Go to the app's settings and generate a new private key. Copy that private key to a safe place and then copy the app ID. You will need both values as repository secrets.
+You can easily find ID here(Settings > Application > configure your github APP > app settings > you can see app id)
+#### 2) The GitHub repository configuration
+Go to Settings > Secrets and Variables > Actions to create new secrets. Add one secret for the private key(VILNACRM_APP_PRIVATE_KEY) and another for the app ID(VILNACRM_APP_ID).
+#### 3) Allow force push
+To configure the repository branch protection rules, go to Settings > Branches.
+Check the option to Allow force pushes and specify that the only allowed actor is the GitHub app you already installed.

.github/TEMPLATE_SYNC_APP.md

@@ -0,0 +1,58 @@
+# Template synchronization with GitHub App
+
+Alternatively, you can configure a GitHub App to handle workflow permissions. This method offers a more integrated and secure approach compared to using a Personal Access Token (PAT).
+
+For a detailed guide on how to set up a GitHub App and configure the necessary permissions, refer to the **[Autorelease action documentation](https://github.com/VilnaCRM-Org/php-service-template/blob/main/.github/AUTORELEASE.md)**.
+
+## Overview
+
+By configuring a GitHub App, you can automate repository synchronization while ensuring secure handling of repository permissions without manual token management.
+
+### Steps Overview
+
+1. **GitHub App Configuration**:
+    -  Create and configure the GitHub App with the required permissions (`Administration`, `Contents`, `Issues`, `Metadata`, and `Pull Requests`).
+
+2. **Repository Secrets**:
+    - Configure secrets for the private key and App ID.
+
+3. **Branch Protection Rules**:
+    - Set branch protection rules to allow force pushing by the GitHub App.
+
+### GitHub Action Configuration
+
+Below is an example of a GitHub action using the GitHub App for repository synchronization:
+
+```yaml
+name: Template Sync
+
+on:
+  schedule:
+    - cron: "0 9 * * MON"
+  workflow_dispatch:
+
+jobs:
+  repo-sync:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Generate token to read from source repo
+        id: generate_token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.<GITHUB_APP_ID> }}
+          private_key: ${{ secrets.<GITHUB_APP_PRIVATE_KEY> }}
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+
+      - name: actions-template-sync
+        uses: AndreasAugustin/actions-template-sync@v2
+        with:
+          github_token: ${{ steps.generate_token.outputs.token }}
+          source_repo_path: <owner/repo>
+          upstream_branch: <target_branch> # defaults to main
+          pr_labels: <label1>,<label2>[,...] # optional, no default
+```

.github/TEMPLATE_SYNC_PAT.md

@@ -0,0 +1,56 @@
+# Template synchronization with a Personal Access Token (PAT)
+
+Currently, the `GITHUB_TOKEN` cannot be granted workflow permissions by default. You can grant the workflow permissions using a Personal Access Token (PAT) by following these steps:
+
+1. [Create a PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token) with the following repository permissions:
+    - `contents:write`
+    - `workflows:write`
+    - `metadata:read`
+
+To make the options for repository permissions (such as contents:write, workflows:write, and metadata:read) appear, ensure that the access level is not set to read-only.
+
+2. Copy the generated token and [create a new secret](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository) for your target repository.
+
+3. Configure the checkout action to use the token in secrets, as shown below:
+
+    ```yaml
+    # File: .github/workflows/template-sync-app.yml
+
+    on:
+      # cronjob trigger
+      schedule:
+        - cron: "0 0 1 * *"
+      # manual trigger
+      workflow_dispatch:
+
+    jobs:
+      repo-sync:
+        runs-on: ubuntu-latest
+        # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+        permissions:
+          contents: write
+          pull-requests: write
+
+        steps:
+          # To use this repository's private action, you must check out the repository
+          - name: Checkout
+            uses: actions/checkout@v4
+            with:
+              # submodules: true
+              token: ${{ secrets.<secret_name> }}
+
+          - name: actions-template-sync
+            uses: AndreasAugustin/actions-template-sync@v2
+            with:
+              github_token: ${{ secrets.GITHUB_TOKEN }}
+              source_repo_path: <owner/repo>
+              upstream_branch: <target_branch> # defaults to main
+              pr_labels: <label1>,<label2>[,...] # optional, no default
+    ```
+
+4. If you encounter the error `pull request create failed: Actions is not permitted to create or approve pull requests (createPullRequest)`, follow these additional steps:
+
+    - Go to your project’s **Settings** > **Actions** > **General**.
+    - Under the **Workflow permissions** section, check the box for **Allow GitHub Actions to create and approve pull requests**.
+
+Following these steps should resolve any permission issues with workflows, allowing smooth synchronization between repositories.

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "pulumi"
+    schedule:
+      interval: "weekly"

.github/linters/.yaml-lint.yml

@@ -0,0 +1,34 @@
+extends: default
+
+rules:
+  document-start: disable
+
+  indentation:
+    spaces: 2
+    level: error # Enforce strict indentation
+
+  line-length:
+    max: 120
+    level: warning # Consider changing this to 100 for better readability
+
+  new-line-at-end-of-file:
+    level: warning
+
+  trailing-spaces:
+    level: error # Enforce no trailing spaces
+
+  brackets:
+    level: error # Enforce proper bracket usage
+
+  commas:
+    level: error # Enforce proper comma usage
+
+  braces:
+    level: error # Enforce proper brace usage
+
+  empty-lines:
+    max: 1 # Allow at least one empty line for readability
+    level: warning
+
+  colons:
+    level: error # Enforce proper colon usage

.github/workflows/autorelease.yml

@@ -1,37 +1,39 @@
-name: generate changelog and create release
+name: Generate Changelog and Create Release
 
 on:
   push:
-    branches: [ "main" ]
-    paths-ignore:
-      - 'CHANGELOG.md'
+    branches:
+      - main
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: write
-
     steps:
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@v1
+        with:
+          app_id: ${{ secrets.VILNACRM_APP_ID }}
+          private_key: ${{ secrets.VILNACRM_APP_PRIVATE_KEY }}
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
         with:
-          ref: 'main'
+          token: ${{ steps.generate_token.outputs.token }}
 
       - name: Conventional Changelog Action
         id: changelog
-        uses: TriPSs/conventional-changelog-action@v4
+        uses: TriPSs/conventional-changelog-action@v5
         with:
-          github-token: ${{ secrets.REPO_GITHUB_TOKEN }}
-          output-file: 'CHANGELOG.md'
-
+          github-token: ${{ steps.generate_token.outputs.token }}
+          output-file: "CHANGELOG.md"
+          version-file: "pulumi/pyproject.toml"
       - name: Create Release
         uses: actions/create-release@v1
         if: ${{ steps.changelog.outputs.skipped == 'false' }}
         env:
-          GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
         with:
           tag_name: ${{ steps.changelog.outputs.tag }}
           release_name: ${{ steps.changelog.outputs.tag }}
-          body: ${{ steps.changelog.outputs.clean_changelog }}
+          body: ${{ steps.changelog.outputs.clean_changelog }}