about summary refs log tree commit diff
path: root/tools/checks/default.nix
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-06-06T21·09+0000
committertazjin <tazjin@tvl.su>2022-06-07T09·32+0000
commite0c6198d582970fa7b03fd885ca151ec4964f670 (patch)
tree76281b150e9942ac29a97880ebf62225b7056740 /tools/checks/default.nix
parent45458207df0815f0f3bb050a3fc5f5a83debe7b6 (diff)
feat(tools/checks): Add factored-out Terraform config check r/4224
This can be re-used across Terraform environments.

Change-Id: I3d964a17d1cda1aff1df12bd4c0c3ee84b7f7748
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5850
Tested-by: BuildkiteCI
Reviewed-by: asmundo <asmundo@gmail.com>
Diffstat (limited to 'tools/checks/default.nix')
-rw-r--r--tools/checks/default.nix38
1 files changed, 38 insertions, 0 deletions
diff --git a/tools/checks/default.nix b/tools/checks/default.nix
new file mode 100644
index 000000000000..618405d3ae67
--- /dev/null
+++ b/tools/checks/default.nix
@@ -0,0 +1,38 @@
+# Utilities for CI checks that work with the readTree-based CI.
+{ pkgs, ... }:
+
+let
+  inherit (pkgs.lib.strings) sanitizeDerivationName;
+in
+{
+  # Utility for verifying Terraform configuration.
+  #
+  # Expects to be passed a pre-configured Terraform derivation and a
+  # source path, and will do a dummy-initialisation and config
+  # validation inside of that Terraform configuration.
+  validateTerraform =
+    {
+      # Environment name to use (inconsequential, only for drv name)
+      name ? "main"
+    , # Terraform package to use. Should be pre-onfigured with the
+      # correct providers.
+      terraform ? pkgs.terraform
+    , # Source path for Terraform configuration. Be careful about
+      # relative imports. Use the 'subDir' parameter to optionally cd
+      # into a subdirectory of source, e.g. if there is a flat structure
+      # with modules.
+      src
+    , # Sub-directory of $src from which to run the check. Useful in
+      # case of relative Terraform imports from a code tree
+      subDir ? "."
+    , # Environment variables to pass to Terraform. Necessary in case of
+      # dummy environment variables that need to be set.
+      env ? { }
+    }:
+    pkgs.runCommand "tf-validate-${sanitizeDerivationName name}" env ''
+      cp -r ${src}/* . && chmod -R u+w .
+      cd ${subDir}
+      ${terraform}/bin/terraform init -upgrade -backend=false -input=false
+      ${terraform}/bin/terraform validate | tee $out
+    '';
+}