mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
make Dependabot tofu validate stubs satisfy provider validators (#132)
This commit is contained in:
parent
8665a5fe99
commit
26f8224941
1 changed files with 12 additions and 2 deletions
14
.github/workflows/validate-terraform.yml
vendored
14
.github/workflows/validate-terraform.yml
vendored
|
|
@ -37,9 +37,19 @@ jobs:
|
||||||
# secrets.yaml is decrypted from SOPS at plan time and can't be
|
# secrets.yaml is decrypted from SOPS at plan time and can't be
|
||||||
# produced here, so stub the keys the config reads (kept in sync by
|
# produced here, so stub the keys the config reads (kept in sync by
|
||||||
# deriving them from the actual secrets["..."] references).
|
# deriving them from the actual secrets["..."] references).
|
||||||
|
# Stub values must satisfy provider config validators: hcloud
|
||||||
|
# requires a 64-char token, and Grafana's fleet_management_auth
|
||||||
|
# must look like `username:password`.
|
||||||
|
stub64=$(printf 'stub%.0s' {1..16})
|
||||||
grep -rhoE 'secrets\["[^"]+"\]' . \
|
grep -rhoE 'secrets\["[^"]+"\]' . \
|
||||||
| sed -E 's/.*secrets\["([^"]+)"\].*/\1: "stub"/' \
|
| sed -E 's/.*secrets\["([^"]+)"\].*/\1/' \
|
||||||
| sort -u > secrets.yaml
|
| sort -u \
|
||||||
|
| while read -r key; do
|
||||||
|
case "$key" in
|
||||||
|
*_auth) echo "$key: \"stub:stub\"" ;;
|
||||||
|
*) echo "$key: \"$stub64\"" ;;
|
||||||
|
esac
|
||||||
|
done > secrets.yaml
|
||||||
tofu init -backend=false
|
tofu init -backend=false
|
||||||
tofu validate
|
tofu validate
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue