From e0c6198d582970fa7b03fd885ca151ec4964f670 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 6 Jun 2022 21:09:06 +0000 Subject: feat(tools/checks): Add factored-out Terraform config check This can be re-used across Terraform environments. Change-Id: I3d964a17d1cda1aff1df12bd4c0c3ee84b7f7748 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5850 Tested-by: BuildkiteCI Reviewed-by: asmundo --- tools/checks/default.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 tools/checks/default.nix (limited to 'tools/checks/default.nix') diff --git a/tools/checks/default.nix b/tools/checks/default.nix new file mode 100644 index 0000000000..618405d3ae --- /dev/null +++ b/tools/checks/default.nix @@ -0,0 +1,38 @@ +# Utilities for CI checks that work with the readTree-based CI. +{ pkgs, ... }: + +let + inherit (pkgs.lib.strings) sanitizeDerivationName; +in +{ + # Utility for verifying Terraform configuration. + # + # Expects to be passed a pre-configured Terraform derivation and a + # source path, and will do a dummy-initialisation and config + # validation inside of that Terraform configuration. + validateTerraform = + { + # Environment name to use (inconsequential, only for drv name) + name ? "main" + , # Terraform package to use. Should be pre-onfigured with the + # correct providers. + terraform ? pkgs.terraform + , # Source path for Terraform configuration. Be careful about + # relative imports. Use the 'subDir' parameter to optionally cd + # into a subdirectory of source, e.g. if there is a flat structure + # with modules. + src + , # Sub-directory of $src from which to run the check. Useful in + # case of relative Terraform imports from a code tree + subDir ? "." + , # Environment variables to pass to Terraform. Necessary in case of + # dummy environment variables that need to be set. + env ? { } + }: + pkgs.runCommand "tf-validate-${sanitizeDerivationName name}" env '' + cp -r ${src}/* . && chmod -R u+w . + cd ${subDir} + ${terraform}/bin/terraform init -upgrade -backend=false -input=false + ${terraform}/bin/terraform validate | tee $out + ''; +} -- cgit 1.4.1