feat: Add luthername max_length + modernize CI (#57)

* feat: Add max_length support to luthername (#56)

When downstream modules append suffixes (e.g., -exec, -role), names can
exceed AWS service limits. Add an optional max_length variable that
truncates the prefix while preserving the ID suffix for uniqueness.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: Modernize CI workflow following insideout-terraform-presets patterns

- Dynamic module/example discovery with matrix strategy for parallel validation
- Upgrade from hashicorp/terraform:1.5.7 container to hashicorp/setup-terraform@v3 (1.7.5)
- Update actions/checkout v3 → v4
- Add push-to-main trigger alongside pull request trigger
- Separate jobs for modules, examples, format check, and terraform tests
- Use -backend=false for init to avoid backend configuration issues
- Support .validate-skip and .tftest.hcl patterns from insideout-terraform-presets

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: Fix CI failures from workflow modernization

- Skip modules with tests/ dirs from validate-modules (they use provider
  aliases that can't validate standalone, matching old validate.sh behavior)
- Remove validate-examples job (examples use SSH git sources unavailable in CI,
  matching old validate.sh which excluded examples)
- Fix pre-existing formatting in config.tfvars (now caught by -recursive flag)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: sam-at-luther

.github/workflows/main.yml

@@ -1,22 +1,97 @@
 name: Terraform CI
 
 on:
+  push:
+    branches: [main]
   pull_request:
-    branches: ["main"]
+    branches: [main]
 
 jobs:
-  check_format_and_validate:
+  discover:
     runs-on: ubuntu-latest
-    container:
-      image: hashicorp/terraform:1.5.7
-    env:
-      TF_PLUGIN_CACHE_DIR: /github/home/.terraform.d/plugin-cache
+    outputs:
+      modules: ${{ steps.find-modules.outputs.dirs }}
+      modules_with_tests: ${{ steps.find-testable.outputs.dirs }}
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Create Plugin Cache Dir
-        run: mkdir -p $TF_PLUGIN_CACHE_DIR
-      - name: Check format
-        run: terraform fmt -diff=true -check=true
-      - name: Validate
-        run: ./validate.sh
+      - uses: actions/checkout@v4
+
+      - id: find-modules
+        name: Discover modules
+        run: |
+          dirs=$(find . -maxdepth 1 -type d ! -name '.*' | sed 's|^\./||' | sort | while read -r d; do
+            if ls "$d"/*.tf >/dev/null 2>&1; then
+              # Skip modules with .validate-skip or tests/ (tests handle their own validation)
+              [ -f "$d/.validate-skip" ] && continue
+              [ -d "$d/tests" ] && continue
+              echo "$d"
+            fi
+          done | jq -R -s -c 'split("\n") | map(select(length > 0))')
+          echo "dirs=$dirs" >> "$GITHUB_OUTPUT"
+
+      - id: find-testable
+        name: Discover modules with terraform tests
+        run: |
+          dirs=$(find . -maxdepth 1 -type d ! -name '.*' | sed 's|^\./||' | sort | while read -r d; do
+            if ls "$d"/tests/*.tftest.hcl >/dev/null 2>&1 || ls "$d"/*.tftest.hcl >/dev/null 2>&1; then
+              echo "$d"
+            fi
+          done | jq -R -s -c 'split("\n") | map(select(length > 0))')
+          echo "dirs=$dirs" >> "$GITHUB_OUTPUT"
+
+  validate-modules:
+    needs: discover
+    if: ${{ needs.discover.outputs.modules != '[]' }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        dir: ${{ fromJson(needs.discover.outputs.modules) }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.5"
+
+      - name: Terraform Init
+        run: terraform init -backend=false -input=false
+        working-directory: ${{ matrix.dir }}
+
+      - name: Terraform Validate
+        run: terraform validate
+        working-directory: ${{ matrix.dir }}
+
+  test-modules:
+    needs: discover
+    if: ${{ needs.discover.outputs.modules_with_tests != '[]' }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        dir: ${{ fromJson(needs.discover.outputs.modules_with_tests) }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.5"
+
+      - name: Terraform Init
+        run: terraform init -backend=false -input=false
+        working-directory: ${{ matrix.dir }}
+
+      - name: Terraform Test
+        run: terraform test -no-color
+        working-directory: ${{ matrix.dir }}
+
+  format-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.5"
+
+      - name: Terraform Format Check
+        run: terraform fmt -check -recursive

aws-cogpool-client/examples/simple-cogpool-client/vars/default/config.tfvars

@@ -1,11 +1,11 @@
-luther_project = "tst"
-luther_project_name = "testp"
+luther_project       = "tst"
+luther_project_name  = "testp"
 luther_project_human = "Test Project"
-luther_env = "test"
-org_name = "testo"
-org_human = "Test Organization"
+luther_env           = "test"
+org_name             = "testo"
+org_human            = "Test Organization"
 
 aws_region = "eu-west-2"
 
-callback_url = "https://test.luthersystemsapp.com/callback"
+callback_url         = "https://test.luthersystemsapp.com/callback"
 default_redirect_uri = "https://test.luthersystemsapp.com/callback"

luthername/README.md

@@ -1,3 +1,15 @@
 # Uniquely Identifying Names
 
 Luther Style!
+
+## Variables
+
+### `max_length`
+
+Optional. Maximum length for generated names. Default is `0` (no limit).
+
+When set, the prefix portion of the name is truncated to fit within the limit
+while always preserving the ID suffix for uniqueness. This is useful when
+downstream modules append suffixes (e.g., `-exec`, `-role`) and the combined
+name must stay within AWS service limits (64-char IAM roles, 50-char backup
+rules, etc.).

luthername/data.tf

@@ -12,8 +12,14 @@ locals {
       var.resource,
   ]))
 
-  ids   = [for i in range(var.replication) : "${var.subcomponent}${var.id == "" ? i : var.id}"]
-  names = [for i in range(var.replication) : "${local.prefix}${var.delim}${local.ids[i]}"]
+  ids       = [for i in range(var.replication) : "${var.subcomponent}${var.id == "" ? i : var.id}"]
+  raw_names = [for i in range(var.replication) : "${local.prefix}${var.delim}${local.ids[i]}"]
+
+  names = [for i in range(var.replication) :
+    var.max_length > 0 && length(local.raw_names[i]) > var.max_length
+    ? "${substr(local.prefix, 0, max(0, var.max_length - length(local.ids[i]) - length(var.delim)))}${var.delim}${local.ids[i]}"
+    : local.raw_names[i]
+  ]
 
   id   = var.replication == 1 ? local.ids[0] : null
   name = var.replication == 1 ? local.names[0] : null

luthername/examples/simple-luthername/main.tf

@@ -7,3 +7,14 @@ module "luthername" {
   component      = "infra"
   resource       = "tf"
 }
+
+module "luthername_short" {
+  source         = "git::ssh://git@bitbucket.org/luthersystems/tf-modules.git//luthername?ref=master"
+  luther_project = "terraform-test"
+  aws_region     = "eu-west-2"
+  luther_env     = "dev"
+  org_name       = "luther"
+  component      = "infra"
+  resource       = "tf"
+  max_length     = 40
+}

luthername/variables.tf

@@ -50,3 +50,14 @@ variable "delim" {
   type    = string
   default = "-"
 }
+
+variable "max_length" {
+  type        = number
+  default     = 0
+  description = "Maximum length for generated names. 0 means no limit. When set, the prefix is truncated to fit within the limit while preserving the ID suffix for uniqueness."
+
+  validation {
+    condition     = var.max_length >= 0
+    error_message = "max_length must be non-negative."
+  }
+}