feat(tools/checks): Add factored-out Terraform config check
This can be re-used across Terraform environments. Change-Id: I3d964a17d1cda1aff1df12bd4c0c3ee84b7f7748 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5850 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
This commit is contained in:
parent
45458207df
commit
e0c6198d58
1 changed files with 38 additions and 0 deletions
38
tools/checks/default.nix
Normal file
38
tools/checks/default.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
# Utilities for CI checks that work with the readTree-based CI.
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (pkgs.lib.strings) sanitizeDerivationName;
|
||||
in
|
||||
{
|
||||
# Utility for verifying Terraform configuration.
|
||||
#
|
||||
# Expects to be passed a pre-configured Terraform derivation and a
|
||||
# source path, and will do a dummy-initialisation and config
|
||||
# validation inside of that Terraform configuration.
|
||||
validateTerraform =
|
||||
{
|
||||
# Environment name to use (inconsequential, only for drv name)
|
||||
name ? "main"
|
||||
, # Terraform package to use. Should be pre-onfigured with the
|
||||
# correct providers.
|
||||
terraform ? pkgs.terraform
|
||||
, # Source path for Terraform configuration. Be careful about
|
||||
# relative imports. Use the 'subDir' parameter to optionally cd
|
||||
# into a subdirectory of source, e.g. if there is a flat structure
|
||||
# with modules.
|
||||
src
|
||||
, # Sub-directory of $src from which to run the check. Useful in
|
||||
# case of relative Terraform imports from a code tree
|
||||
subDir ? "."
|
||||
, # Environment variables to pass to Terraform. Necessary in case of
|
||||
# dummy environment variables that need to be set.
|
||||
env ? { }
|
||||
}:
|
||||
pkgs.runCommand "tf-validate-${sanitizeDerivationName name}" env ''
|
||||
cp -r ${src}/* . && chmod -R u+w .
|
||||
cd ${subDir}
|
||||
${terraform}/bin/terraform init -upgrade -backend=false -input=false
|
||||
${terraform}/bin/terraform validate | tee $out
|
||||
'';
|
||||
}
|
Loading…
Reference in a new issue