mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
make Dependabot tofu validate stubs satisfy provider validators (#132)
This commit is contained in:
parent
8665a5fe99
commit
26f8224941
1 changed files with 12 additions and 2 deletions
14
.github/workflows/validate-terraform.yml
vendored
14
.github/workflows/validate-terraform.yml
vendored
|
|
@ -37,9 +37,19 @@ jobs:
|
|||
# secrets.yaml is decrypted from SOPS at plan time and can't be
|
||||
# produced here, so stub the keys the config reads (kept in sync by
|
||||
# deriving them from the actual secrets["..."] references).
|
||||
# Stub values must satisfy provider config validators: hcloud
|
||||
# requires a 64-char token, and Grafana's fleet_management_auth
|
||||
# must look like `username:password`.
|
||||
stub64=$(printf 'stub%.0s' {1..16})
|
||||
grep -rhoE 'secrets\["[^"]+"\]' . \
|
||||
| sed -E 's/.*secrets\["([^"]+)"\].*/\1: "stub"/' \
|
||||
| sort -u > secrets.yaml
|
||||
| sed -E 's/.*secrets\["([^"]+)"\].*/\1/' \
|
||||
| sort -u \
|
||||
| while read -r key; do
|
||||
case "$key" in
|
||||
*_auth) echo "$key: \"stub:stub\"" ;;
|
||||
*) echo "$key: \"$stub64\"" ;;
|
||||
esac
|
||||
done > secrets.yaml
|
||||
tofu init -backend=false
|
||||
tofu validate
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue