From 4563652c5ad55bfed96f0b5eeb7e360ec376aad1 Mon Sep 17 00:00:00 2001 From: Martin Bruzina Date: Sun, 12 Oct 2025 22:07:25 +0200 Subject: [PATCH 1/4] chore(gitignore): fix direnv and add private key rules --- .gitignore | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 6240748..eef346c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,9 @@ -# Dotenv files -.env* +# Direnv files +.env +.envrc + +# Private Keys +*.pem # Local .terraform directories **/.terraform/* From 5503cea3a77a6c7a829f92025d9f37d1513a29db Mon Sep 17 00:00:00 2001 From: Martin Bruzina Date: Sun, 12 Oct 2025 22:08:49 +0200 Subject: [PATCH 2/4] fix: empty organization or repositories configurations shouldn't fail --- terraform/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index c0d183a..21e9c66 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,10 +1,10 @@ locals { config = yamldecode(file(var.path)) - all_repositories = try(local.config.organization.all-repositories, null) - repositories = local.config.repositories + all_repositories = try(local.config.organization.all-repositories, []) + repositories = try(local.config.repositories, []) all_repositories_rulesets = [ - for pair in setproduct(local.repositories, local.all_repositories.rulesets) : { - repository = pair[0] + for pair in try(setproduct(local.repositories, local.all_repositories.rulesets), []) : { + repository = pair[0], ruleset = pair[1] } ] From cb6cb6146c0318a455c58ecfec5d0e6b2152e1a1 Mon Sep 17 00:00:00 2001 From: Martin Bruzina Date: Sun, 12 Oct 2025 22:21:14 +0200 Subject: [PATCH 3/4] test: add empty configuration test scenario --- README.md | 10 ++++++++++ terraform/tests/empty.tftest.hcl | 12 ++++++++++++ terraform/tests/fixtures/empty.yaml | 1 + 3 files changed, 23 insertions(+) create mode 100644 terraform/tests/empty.tftest.hcl create mode 100644 terraform/tests/fixtures/empty.yaml diff --git a/README.md b/README.md index 7bb8bba..9ac2a23 100644 --- a/README.md +++ b/README.md @@ -245,8 +245,18 @@ terraform -chdir=terraform plan terraform -chdir=terraform apply ``` +## Development + +Format Terraform configuration by `terraform -chdir=terraform fmt -recursive`. + ## Testing +### Terraform Test + +Run test scenarios in [`terraform/tests`](terraform/tests/) by `terraform -chdir=terraform test`. + +### End-to-end Tessting + This repository is tested using [`test.yaml`](test.yaml) as the configuration file for the [Xebis Test GitHub Organization](https://github.com/xebis-test) settings and repositories. The workflow is designed to post a Terraform plan as a pull request comment whenever a pull request to the main branch is created or whenever a new commit to the pull request is pushed. Once the pull request is merged into `main`, the plan is applied automatically. diff --git a/terraform/tests/empty.tftest.hcl b/terraform/tests/empty.tftest.hcl new file mode 100644 index 0000000..f4352e0 --- /dev/null +++ b/terraform/tests/empty.tftest.hcl @@ -0,0 +1,12 @@ +run "empty_file" { + command = plan + + variables { + path = "tests/fixtures/empty.yaml" + } + + assert { + condition = local.config == null + error_message = "Expected empty file to produce empty result." + } +} diff --git a/terraform/tests/fixtures/empty.yaml b/terraform/tests/fixtures/empty.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/terraform/tests/fixtures/empty.yaml @@ -0,0 +1 @@ +--- From 9b69ebf1204836dc2d064b745a874dcdc59206ba Mon Sep 17 00:00:00 2001 From: Martin Bruzina Date: Sun, 12 Oct 2025 22:39:42 +0200 Subject: [PATCH 4/4] ci: add terraform format check and test run workflow --- .github/workflows/terraform-qa.yaml | 46 +++++++++++++++++++++++++++++ .github/workflows/terraform.yaml | 6 ++-- README.md | 2 +- 3 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/terraform-qa.yaml diff --git a/.github/workflows/terraform-qa.yaml b/.github/workflows/terraform-qa.yaml new file mode 100644 index 0000000..3dc3ffe --- /dev/null +++ b/.github/workflows/terraform-qa.yaml @@ -0,0 +1,46 @@ +--- +on: + push: + exclude-branches: + - main + pull_request: + branches: + - main + +env: + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ENDPOINT_URL_S3: ${{ vars.AWS_ENDPOINT_URL_S3 }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_OWNER: ${{ vars.GH_OWNER }} + GITHUB_APP_ID: ${{ vars.GH_APP_ID }} + GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} + GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }} + TF_WORKSPACE: ${{ vars.GH_OWNER }} + TF_VAR_path: ${{ '../test.yaml' }} + +jobs: + terraform-qa: + name: "Terraform QA" + runs-on: ubuntu-latest + defaults: + run: + shell: bash + + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Setup Terraform with specified version + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.13.3 + + - name: Terraform init + run: terraform -chdir=terraform init + + - name: Terraform format check + run: terraform -chdir=terraform fmt -check -recursive -no-color + + - name: Terraform run tests + run: terraform -chdir=terraform test -no-color diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 2a785c5..8e8f5f8 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -56,13 +56,13 @@ jobs: steps: - name: Checkout called repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: 'xebis/github-organization-as-code' - name: Checkout caller YAML configuration if: github.repository != 'xebis/github-organization-as-code' - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: path: iac sparse-checkout: ${{ inputs.path || 'test.yaml' }} @@ -71,7 +71,7 @@ jobs: - name: Setup Terraform with specified version uses: hashicorp/setup-terraform@v3 with: - terraform_version: 1.11.0 + terraform_version: 1.13.3 - name: Terraform init id: init diff --git a/README.md b/README.md index 9ac2a23..e8071b9 100644 --- a/README.md +++ b/README.md @@ -255,7 +255,7 @@ Format Terraform configuration by `terraform -chdir=terraform fmt -recursive`. Run test scenarios in [`terraform/tests`](terraform/tests/) by `terraform -chdir=terraform test`. -### End-to-end Tessting +### End-to-end Testing This repository is tested using [`test.yaml`](test.yaml) as the configuration file for the [Xebis Test GitHub Organization](https://github.com/xebis-test) settings and repositories.