diff --git a/tools/checks/default.nix b/tools/checks/default.nix new file mode 100644 index 000000000..618405d3a --- /dev/null +++ b/tools/checks/default.nix @@ -0,0 +1,38 @@ +# Utilities for CI checks that work with the readTree-based CI. +{ pkgs, ... }: + +let + inherit (pkgs.lib.strings) sanitizeDerivationName; +in +{ + # Utility for verifying Terraform configuration. + # + # Expects to be passed a pre-configured Terraform derivation and a + # source path, and will do a dummy-initialisation and config + # validation inside of that Terraform configuration. + validateTerraform = + { + # Environment name to use (inconsequential, only for drv name) + name ? "main" + , # Terraform package to use. Should be pre-onfigured with the + # correct providers. + terraform ? pkgs.terraform + , # Source path for Terraform configuration. Be careful about + # relative imports. Use the 'subDir' parameter to optionally cd + # into a subdirectory of source, e.g. if there is a flat structure + # with modules. + src + , # Sub-directory of $src from which to run the check. Useful in + # case of relative Terraform imports from a code tree + subDir ? "." + , # Environment variables to pass to Terraform. Necessary in case of + # dummy environment variables that need to be set. + env ? { } + }: + pkgs.runCommand "tf-validate-${sanitizeDerivationName name}" env '' + cp -r ${src}/* . && chmod -R u+w . + cd ${subDir} + ${terraform}/bin/terraform init -upgrade -backend=false -input=false + ${terraform}/bin/terraform validate | tee $out + ''; +}