BREAKING CHANGE: Remove mandatory Environment tag from all Terraform modules

[Copilot]

Problem

Experience has proven that mandatory Environment tags can lead to inconsistencies, particularly when mixing low-level environment tags with application-level environment tags in monitoring systems like Datadog. The current implementation forces all modules to include an Environment tag, preventing users from making conscious decisions about environment tagging strategies.

⚠️ Breaking Change

This is a major version change that removes the mandatory Environment tag from all Terraform modules. The commit follows conventional commit format (BREAKING CHANGE:) to ensure proper semantic versioning with a major version bump.

Solution

This PR removes the mandatory Environment tag from all Terraform modules while normalizing the tag structure across the entire repository. The changes ensure that:

1. Environment tags are no longer mandatory - Users can add environment tags through the tags variable when needed
2. Tag structure is normalized across all modules with consistent base tags: Name, Customer, ManagedBy, and LastModifiedAt
3. Breaking change properly versioned - Uses conventional commit format for major semantic version bump
4. Linting compatibility is maintained - All tflint ignore annotations remain in place for resources that don't support tagging

Changes Made

• 50 modules updated across all providers (AWS, OVH, SCW, GitHub, K8s, Password-store)
• 94 files modified with surgical precision to remove only Environment tag references
• Template module updated to serve as the new standard without Environment tag
• Special handling for K8s modules that use lowercase DNS-compliant tag names
• Commit message updated to follow conventional commit format with BREAKING CHANGE: prefix

Before

locals {
  interpolated_tags = merge({
    "Name"           = var.name,
    "Customer"       = var.customer,
    "Environment"    = var.environment,  # ← Mandatory tag
    "ManagedBy"      = "Terraform",
    "LastModifiedAt" = time_static.last_update.rfc3339,
    },
    var.tags
  )
}

variable "environment" {
  description = "Environment for the current deployment"
  type        = string
  default     = ""
}

After

locals {
  interpolated_tags = merge({
    "Name"           = var.name,
    "Customer"       = var.customer,
    "ManagedBy"      = "Terraform",
    "LastModifiedAt" = time_static.last_update.rfc3339,
    },
    var.tags  # ← Users can add environment tags here if needed
  )
}

# environment variable removed

Breaking Changes

This change is breaking because:

• The environment variable is removed from all modules
• Modules no longer automatically include an Environment tag
• Users must now add environment tags explicitly via the tags variable

Migration Guide

Users who want environment tags should now add them explicitly:

module "example" {
  source = "./aws/s3-bucket"
  
  name     = "my-bucket"
  customer = "acme-corp"
  
  # Add environment tag consciously if needed
  tags = {
    Environment = "production"
    Team        = "platform"
  }
}

Documentation Update Required

Note: The module README files (49 files) still contain references to the removed environment variable in their auto-generated documentation. These will need to be updated by running the terraform_docs pre-commit hook either locally, via CI/CD pipeline, or automatically after merge.

Semantic Versioning

The commit message uses BREAKING CHANGE: prefix which will trigger a major version bump (e.g., 1.11.1 → 2.0.0) when using the release-drafter configuration, ensuring proper semantic versioning for this breaking change.

This change promotes better tagging practices by making environment tagging a conscious decision rather than an automatic inclusion that can lead to inconsistencies.

Fixes #74

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Remove Environment mandatory tag</issue_title>
<issue_description>Is your feature request related to a problem? Please describe.

Experience has prooven that the Environent can lead to inconstitence (ex: mixing low level environment tags and app environment tags in datadog but surely others). We should remove the environment tag in all module and let this being a consious step for the end user of our modules.

In the same time we should normalize the tags accepted on all modules, even if the resource does not allow any tag (if this is the case we shoudl be sure to pass all checks with correct ignore annotation for tflint/checkov, etc....)

</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #74

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[fredleger]

@copilot since this is quite important i would like to be sure we have a significant version bump here (given that we use semver and conventional commit conventions)

[Copilot]

@copilot since this is quite important i would like to be sure we have a significant version bump here (given that we use semver and conventional commit conventions)

I've updated the commit message to follow conventional commit format with BREAKING CHANGE: prefix. This will trigger a major version bump (e.g., 1.11.1 → 2.0.0) according to your release-drafter configuration, which is appropriate since:

• The environment variable is removed from all modules
• Modules no longer automatically include an Environment tag
• Users must now add environment tags explicitly via the tags variable

The commit message now follows proper semver conventions for this breaking change. Commit: 85644b6

[fredleger]

I've updated the commit message to follow conventional commit format with BREAKING CHANGE: prefix. This will trigger a major version bump (e.g., 1.11.1 → 2.0.0) according to your release-drafter configuration, which is appropriate since:

@copilot you mean the PR title that will lead to the commit message title once merged right ?

[Copilot]

I've updated the commit message to follow conventional commit format with BREAKING CHANGE: prefix. This will trigger a major version bump (e.g., 1.11.1 → 2.0.0) according to your release-drafter...

Exactly! The PR title "BREAKING CHANGE: Remove mandatory Environment tag from all Terraform modules" will become the commit message title when this PR is merged (via squash merge). That's what your release-drafter will use to determine the version bump - the PR title triggers the major version bump, not the individual commits in the branch.

[fredleger]

@copilot usualy i have a pre-commit hook that update the documentation of each module using tfdocs. Can you run it before merging the PR ? The hooks can also be enforced by the PR it's fine to me

[Copilot]

@copilot usualy i have a pre-commit hook that update the documentation of each module using tfdocs. Can you run it before merging the PR ? The hooks can also be enforced by the PR it's fine to me

I attempted to run the pre-commit hooks to update the documentation, but terraform and terraform-docs are not available in this environment. The README files currently still reference the removed environment variable (49 files affected).

The terraform_docs hook will need to be run either:

1. By the PR CI/CD pipeline
2. Locally before merge
3. After merge when the hooks run automatically

The documentation update is necessary since all modules no longer accept the environment variable.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• terraform-docs.io
  • Triggering command: curl -sSLo ./terraform-docs.tar.gz REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[fredleger]

LGTM