From d4778f3fd76a1b3230bb223443e7aa831b043e5b Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 17 Oct 2025 10:29:55 +1100 Subject: [PATCH] feat: add build job - add build job that runs `make plan` - enable provider caching - enable creating client.crt/client.key --- .gitea/workflows/build.yaml | 32 +++++++++++++++++++ Makefile | 8 ++++- .../ausyd1nxvm2062_images/terragrunt.hcl | 3 +- config/nodes/prodnxsr0009/terragrunt.hcl | 3 +- config/nodes/prodnxsr0010/terragrunt.hcl | 3 +- config/nodes/prodnxsr0011/terragrunt.hcl | 3 +- config/nodes/prodnxsr0012/terragrunt.hcl | 3 +- config/nodes/prodnxsr0013/terragrunt.hcl | 3 +- 8 files changed, 51 insertions(+), 7 deletions(-) create mode 100644 .gitea/workflows/build.yaml diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml new file mode 100644 index 0000000..db8ab15 --- /dev/null +++ b/.gitea/workflows/build.yaml @@ -0,0 +1,32 @@ +--- +name: Build + +on: + pull_request: + +jobs: + build: + runs-on: almalinux-8 + container: + image: git.unkin.net/unkin/almalinux9-actionsdind:latest + options: --privileged + + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Fetch master branch + run: | + git fetch origin master:master + + - name: Show changed files + run: | + git diff --name-only master + + - name: Run Terraform Plan + env: + VAULT_ROLEID: ${{ secrets.TERRAFORM_INCUS_VAULT_ROLEID }} + run: | + make plan diff --git a/Makefile b/Makefile index e42187b..916b420 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,13 @@ define vault_env export PUPPET_CERT_PUB=$$(vault kv get -field=public_key kv/service/puppet/certificates/terraform) && \ export PUPPET_CERT_PRIV=$$(vault kv get -field=private_key kv/service/puppet/certificates/terraform) && \ export TG_QUEUE_EXCLUDE_DIR="templates/base" && \ - export $$(vault read -format=json kv/data/service/terraform/incus | jq -r '.data.data | to_entries[] | "\(.key)=\(.value)"') + export TG_PROVIDER_CACHE=1 && \ + eval "$$(vault read -format=json kv/data/service/terraform/incus \ + | jq -r '.data.data | to_entries[] | "export \(.key)=\(.value|@sh)"')" && \ + export INCUS_CONFIG_DIR=$$(mktemp -d) && \ + mkdir -p $$INCUS_CONFIG_DIR && \ + printf '%s\n' "$$INCUS_CLIENT_CRT" > $$INCUS_CONFIG_DIR/client.crt && \ + printf '%s\n' "$$INCUS_CLIENT_KEY" > $$INCUS_CONFIG_DIR/client.key endef clean: diff --git a/config/nodes/ausyd1nxvm2062_images/terragrunt.hcl b/config/nodes/ausyd1nxvm2062_images/terragrunt.hcl index 0a57118..22d0ac4 100644 --- a/config/nodes/ausyd1nxvm2062_images/terragrunt.hcl +++ b/config/nodes/ausyd1nxvm2062_images/terragrunt.hcl @@ -34,8 +34,9 @@ generate "provider" { if_exists = "overwrite_terragrunt" contents = <<-EOF provider "incus" { - generate_client_certificates = true + generate_client_certificates = false accept_remote_certificate = true + config_dir = "${get_env("INCUS_CONFIG_DIR")}" remote { name = "${basename(get_terragrunt_dir())}" diff --git a/config/nodes/prodnxsr0009/terragrunt.hcl b/config/nodes/prodnxsr0009/terragrunt.hcl index 4f5bd58..d74d08c 100644 --- a/config/nodes/prodnxsr0009/terragrunt.hcl +++ b/config/nodes/prodnxsr0009/terragrunt.hcl @@ -26,8 +26,9 @@ generate "provider" { if_exists = "overwrite_terragrunt" contents = <<-EOF provider "incus" { - generate_client_certificates = true + generate_client_certificates = false accept_remote_certificate = true + config_dir = "${get_env("INCUS_CONFIG_DIR")}" remote { name = "${basename(get_terragrunt_dir())}" diff --git a/config/nodes/prodnxsr0010/terragrunt.hcl b/config/nodes/prodnxsr0010/terragrunt.hcl index 4f5bd58..d74d08c 100644 --- a/config/nodes/prodnxsr0010/terragrunt.hcl +++ b/config/nodes/prodnxsr0010/terragrunt.hcl @@ -26,8 +26,9 @@ generate "provider" { if_exists = "overwrite_terragrunt" contents = <<-EOF provider "incus" { - generate_client_certificates = true + generate_client_certificates = false accept_remote_certificate = true + config_dir = "${get_env("INCUS_CONFIG_DIR")}" remote { name = "${basename(get_terragrunt_dir())}" diff --git a/config/nodes/prodnxsr0011/terragrunt.hcl b/config/nodes/prodnxsr0011/terragrunt.hcl index 4f5bd58..d74d08c 100644 --- a/config/nodes/prodnxsr0011/terragrunt.hcl +++ b/config/nodes/prodnxsr0011/terragrunt.hcl @@ -26,8 +26,9 @@ generate "provider" { if_exists = "overwrite_terragrunt" contents = <<-EOF provider "incus" { - generate_client_certificates = true + generate_client_certificates = false accept_remote_certificate = true + config_dir = "${get_env("INCUS_CONFIG_DIR")}" remote { name = "${basename(get_terragrunt_dir())}" diff --git a/config/nodes/prodnxsr0012/terragrunt.hcl b/config/nodes/prodnxsr0012/terragrunt.hcl index 4f5bd58..d74d08c 100644 --- a/config/nodes/prodnxsr0012/terragrunt.hcl +++ b/config/nodes/prodnxsr0012/terragrunt.hcl @@ -26,8 +26,9 @@ generate "provider" { if_exists = "overwrite_terragrunt" contents = <<-EOF provider "incus" { - generate_client_certificates = true + generate_client_certificates = false accept_remote_certificate = true + config_dir = "${get_env("INCUS_CONFIG_DIR")}" remote { name = "${basename(get_terragrunt_dir())}" diff --git a/config/nodes/prodnxsr0013/terragrunt.hcl b/config/nodes/prodnxsr0013/terragrunt.hcl index 4f5bd58..d74d08c 100644 --- a/config/nodes/prodnxsr0013/terragrunt.hcl +++ b/config/nodes/prodnxsr0013/terragrunt.hcl @@ -26,8 +26,9 @@ generate "provider" { if_exists = "overwrite_terragrunt" contents = <<-EOF provider "incus" { - generate_client_certificates = true + generate_client_certificates = false accept_remote_certificate = true + config_dir = "${get_env("INCUS_CONFIG_DIR")}" remote { name = "${basename(get_terragrunt_dir())}"