release 2026.23.0: update meshstack tf provider to 0.21 for breaking API change

[nroi]

No description provided.

[github-actions]

Scorecard Check

Scorecard run on commit 15972d338db53fc60e98893edc1959d489c04429 relative to origin/main

modules/aks/meshstack_integration.tf

Module directory not found (deleted?).

modules/azure/meshstack_integration.tf

Module directory not found (deleted?).

modules/stackit/meshstack_integration.tf

Module directory not found (deleted?).

📊 meshstack-hub Module Scorecard

Generated: 2026-06-02 | Modules scanned: 20 | Categories: 4

📋 Per-Module Category Summary

Score per category per building block. n/a = category does not apply to this module.

Module	Overall	Core Structure	Integration	Azure Backplane	Testing
aks/github-connector	🟢 86%	🟢 83%	🟢 100%	n/a	🔴 33%
aks/starterkit	🟢 86%	🟢 100%	🟢 100%	n/a	🔴 0%
aws/route53-dns-alias-record	🟢 86%	🟢 83%	🟢 100%	n/a	🔴 33%
aws/route53-dns-record	🟢 86%	🟢 83%	🟢 100%	n/a	🔴 33%
aws/s3_bucket	🟢 86%	🟢 83%	🟢 100%	n/a	🔴 33%
azure/budget-alert	🟢 100%	🟢 100%	🟢 100%	🟢 100%	🟢 100%
azure/resource-group	🟢 100%	🟢 100%	🟢 100%	🟢 100%	🟢 100%
azure/service-principal	🟡 63%	🟢 83%	🟢 100%	🔴 11%	🔴 33%
azure/storage-account	🟢 100%	🟢 100%	🟢 100%	🟢 100%	🟢 100%
gcp/storage-bucket	🟢 86%	🟢 83%	🟢 100%	n/a	🔴 33%
github/repository	🟡 76%	🟡 67%	🟢 100%	n/a	🔴 0%
kubernetes/manifest	🟢 81%	🟡 67%	🟢 100%	n/a	🔴 33%
meshstack/github-workflow	🟢 81%	🟡 50%	🟢 92%	n/a	🟢 100%
meshstack/manual	🟡 76%	🟡 50%	🟢 92%	n/a	🟡 67%
meshstack/noop	🟢 100%	🟢 100%	🟢 100%	n/a	🟢 100%
oci/application-compartment	🔴 40%	🟡 57%	n/a	n/a	🔴 0%
ske/forgejo-connector	🟢 81%	🟢 83%	🟢 100%	n/a	🔴 0%
ske/ske-starterkit	🟢 90%	🟢 83%	🟢 100%	n/a	🟡 67%
stackit/git-repository	🟢 100%	🟢 100%	🟢 100%	n/a	🟢 100%
stackit/storage-bucket	🟢 86%	🟢 83%	🟢 100%	n/a	🔴 33%

⚠️ 15 modules have failing checks — failing categories are expanded below.

Core Structure — some checks failing

Basic module file structure and documentation — applies to 20 modules

Module	Score	📦	🔗	📋	📝	🖼️	📌	🔒
aks/github-connector	🟢 83%	✅	✅	➖	✅	✅	✅	❌
aks/starterkit	🟢 100%	✅	✅	➖	✅	✅	✅	✅
aws/route53-dns-alias-record	🟢 83%	✅	✅	➖	✅	✅	✅	❌
aws/route53-dns-record	🟢 83%	✅	✅	➖	✅	✅	✅	❌
aws/s3_bucket	🟢 83%	✅	✅	➖	✅	✅	✅	❌
azure/budget-alert	🟢 100%	✅	✅	➖	✅	✅	✅	✅
azure/resource-group	🟢 100%	✅	✅	➖	✅	✅	✅	✅
azure/service-principal	🟢 83%	✅	✅	➖	✅	✅	✅	❌
azure/storage-account	🟢 100%	✅	✅	➖	✅	✅	✅	✅
gcp/storage-bucket	🟢 83%	✅	✅	➖	✅	✅	✅	❌
github/repository	🟡 67%	✅	✅	➖	✅	✅	❌	❌
kubernetes/manifest	🟡 67%	✅	✅	➖	✅	❌	✅	❌
meshstack/github-workflow	🟡 50%	✅	✅	➖	✅	❌	❌	❌
meshstack/manual	🟡 50%	✅	✅	➖	✅	❌	❌	❌
meshstack/noop	🟢 100%	✅	✅	➖	✅	✅	✅	✅
oci/application-compartment	🟡 57%	✅	❌	✅	✅	✅	❌	❌
ske/forgejo-connector	🟢 83%	✅	✅	➖	✅	✅	✅	❌
ske/ske-starterkit	🟢 83%	✅	✅	➖	✅	✅	✅	❌
stackit/git-repository	🟢 100%	✅	✅	➖	✅	✅	✅	✅
stackit/storage-bucket	🟢 83%	✅	✅	➖	✅	✅	✅	❌

Core Structure — Summary

Emoji	Criterion	Coverage	Status
📦	buildingblock/ directory exists	20/20	🟢 100%
🔗	meshstack_integration.tf present	19/20	🟢 95%
📋	buildingblock/APP_TEAM_README.md present (no-integration fallback)	1/20	🔴 5%
📝	buildingblock/README.md with YAML front-matter	20/20	🟢 100%
🖼️	buildingblock/logo.png included	17/20	🟢 85%
📌	buildingblock/versions.tf present	16/20	🟢 80%
🔒	Provider versions pinned (~>)	6/20	🔴 30%

Integration — some checks failing

meshstack_integration.tf conventions — applies to 19 modules

Module	Score	🏷️	🏢	📤	🔌	📎	🔀	📋	🏷️	📖	📝	📊	🚫
aks/github-connector	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
aks/starterkit	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
aws/route53-dns-alias-record	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
aws/route53-dns-record	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
aws/s3_bucket	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
azure/budget-alert	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
azure/resource-group	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
azure/service-principal	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
azure/storage-account	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
gcp/storage-bucket	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
github/repository	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
kubernetes/manifest	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
meshstack/github-workflow	🟢 92%	✅	✅	✅	✅	✅	❌	✅	✅	✅	✅	✅	✅
meshstack/manual	🟢 92%	✅	✅	✅	✅	✅	❌	✅	✅	✅	✅	✅	✅
meshstack/noop	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
ske/forgejo-connector	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
ske/ske-starterkit	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
stackit/git-repository	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
stackit/storage-bucket	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅

Integration — Summary

Emoji	Criterion	Coverage	Status
🏷️	variable "hub" in integration	19/19	🟢 100%
🏢	variable "meshstack" in integration	19/19	🟢 100%
📤	building_block_definition output exposed	19/19	🟢 100%
🔌	meshcloud/meshstack in required_providers	19/19	🟢 100%
📎	backplane source uses var.hub.git_ref	19/19	🟢 100%
🔀	ref_name uses var.hub.git_ref	17/19	🟢 89%
📋	version_spec.draft uses var.hub.bbd_draft	19/19	🟢 100%
🏷️	BBD metadata.tags forwards var.meshstack.tags	19/19	🟢 100%
📖	BBD readme field present	19/19	🟢 100%
📝	BBD readme starts with plain-text description (no heading)	19/19	🟢 100%
📊	BBD readme has shared responsibility table (✅/❌)	19/19	🟢 100%
🚫	No documentation_md output in backplane	19/19	🟢 100%

Azure Backplane — some checks failing

Azure UAMI-based automation principal conventions — applies to 4 modules

Module	Score	🪪	🚫	🚫	🔑	🔗	⚡	🧹	📤	📍
azure/budget-alert	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅
azure/resource-group	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅
azure/service-principal	🔴 11%	❌	❌	❌	❌	❌	✅	❌	❌	❌
azure/storage-account	🟢 100%	✅	✅	✅	✅	✅	✅	✅	✅	✅

Azure Backplane — Summary

Emoji	Criterion	Coverage	Status
🪪	Uses azurerm_user_assigned_identity	3/4	🟡 75%
🚫	No azuread_application resources	3/4	🟡 75%
🚫	No azuread_service_principal resources	3/4	🟡 75%
🔑	No azuread_application_password resources	3/4	🟡 75%
🔗	Uses azurerm_federated_identity_credential	3/4	🟡 75%
⚡	workload_identity_federation is non-nullable	4/4	🟢 100%
🧹	No create_service_principal_name toggle	3/4	🟡 75%
📤	Outputs identity (client_id, principal_id, tenant_id)	3/4	🟡 75%
📍	Integration has azure_location	3/4	🟡 75%

Testing — some checks failing

End-to-end test coverage — applies to 20 modules

Module	Score	⚙️	🧪	✅
aks/github-connector	🔴 33%	✅	❌	❌
aks/starterkit	🔴 0%	❌	❌	❌
aws/route53-dns-alias-record	🔴 33%	✅	❌	❌
aws/route53-dns-record	🔴 33%	✅	❌	❌
aws/s3_bucket	🔴 33%	✅	❌	❌
azure/budget-alert	🟢 100%	✅	✅	✅
azure/resource-group	🟢 100%	✅	✅	✅
azure/service-principal	🔴 33%	✅	❌	❌
azure/storage-account	🟢 100%	✅	✅	✅
gcp/storage-bucket	🔴 33%	✅	❌	❌
github/repository	🔴 0%	❌	❌	❌
kubernetes/manifest	🔴 33%	✅	❌	❌
meshstack/github-workflow	🟢 100%	✅	✅	✅
meshstack/manual	🟡 67%	❌	✅	✅
meshstack/noop	🟢 100%	✅	✅	✅
oci/application-compartment	🔴 0%	❌	❌	❌
ske/forgejo-connector	🔴 0%	❌	❌	❌
ske/ske-starterkit	🟡 67%	❌	✅	✅
stackit/git-repository	🟢 100%	✅	✅	✅
stackit/storage-bucket	🔴 33%	✅	❌	❌

Testing — Summary

Emoji	Criterion	Coverage	Status
⚙️	backplane/ directory (optional tier)	14/20	🟡 70%
🧪	e2e/ test directory exists	8/20	🔴 40%
✅	e2e/ contains .tftest.hcl files	8/20	🔴 40%

📈 Overall Summary

Overall Average Score: 85%

Score Distribution

• 🟢 High maturity (≥80%): 16 modules
• 🟡 Medium maturity (50–79%): 3 modules
• 🔴 Low maturity (<50%): 1 modules

[aws-amplify-eu-central-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-191.d1o16zfeoh2slu.amplifyapp.com