diff --git a/.aliases b/.aliases index 9b4c483..88f4b3d 100644 --- a/.aliases +++ b/.aliases @@ -7,3 +7,4 @@ alias tfp='terraform init || terraform providers && terraform validate && terraf alias tfr='terraform destroy --auto-approve; terraform apply --auto-approve' alias k='kubectl' alias tt='cd tests; go test -v -parallel=10 -timeout=80m' +alias nix='nix --extra-experimental-features nix-command --extra-experimental-features flakes' \ No newline at end of file diff --git a/.envrc b/.envrc index 7e06b10..4b57f8f 100644 --- a/.envrc +++ b/.envrc @@ -1,7 +1,21 @@ if [ -z "${name}" ]; then echo "entering dev environment..." - nix develop . --extra-experimental-features nix-command --extra-experimental-features flakes + nix develop \ + --ignore-environment \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + --keep HOME \ + --keep SSH_AUTH_SOCK \ + --keep GITHUB_TOKEN \ + --keep AWS_ROLE \ + --keep AWS_REGION \ + --keep AWS_DEFAULT_REGION \ + --keep AWS_ACCESS_KEY_ID \ + --keep AWS_SECRET_ACCESS_KEY \ + --keep AWS_SESSION_TOKEN \ + --keep TERM \ + $(pwd) else echo "setting up dev environment..." @@ -9,4 +23,16 @@ else source .functions source .variables source .rcs -fi \ No newline at end of file +fi +if [ -z "$SSH_AUTH_SOCK" ]; then + echo "Unable to find SSH_AUTH_SOCK, is your agent running?"; +fi +if [ -z "$(ssh-add -l | grep -v 'The agent has no identities.')" ]; then + echo "Your agent doesn't appear to have any identities loaded, please load a key or forward your agent."; +fi +if [ -z "$(env | grep 'AWS')" ]; then + echo "Unable to find AWS authentication information in the environment, please make sure you authenticate with AWS."; +fi +if [ -z "$(env | grep 'GITHUB_TOKEN')" ]; then + echo "Unable to find GITHUB authentication information in the environment, please make sure you authenticate with GITHUB."; +fi diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 43bb582..1de974a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,6 +8,7 @@ on: env: AWS_REGION: us-west-1 AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} permissions: write-all @@ -19,7 +20,6 @@ jobs: id: release-please with: release-type: terraform-module - pull-request-title-pattern: "chore${scope}: release${component} ${version}" - uses: peter-evans/create-or-update-comment@v3 name: 'Remind to wait' if: steps.release-please.outputs.pr @@ -32,52 +32,72 @@ jobs: if: steps.release-please.outputs.pr with: token: ${{secrets.GITHUB_TOKEN}} + - run: sudo rm -rf /nix/store + if: steps.release-please.outputs.pr + - run: sudo install -d /nix/store + if: steps.release-please.outputs.pr + - run: sudo chown -R "$(whoami)" /nix/store + if: steps.release-please.outputs.pr + - run: sudo chmod 0755 /nix/store + if: steps.release-please.outputs.pr + - uses: actions/cache/restore@v3 + id: cache-nix-restore + if: steps.release-please.outputs.pr + with: + path: /nix/store + key: nix-${{ hashFiles('**/flake.nix') }} - uses: DeterminateSystems/nix-installer-action@main if: steps.release-please.outputs.pr - - name: 'Restore Nix Store Cache' + - uses: nicknovitski/nix-develop@v1.1.0 + if: steps.release-please.outputs.pr + with: + arguments: | + --ignore-environment \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + --keep HOME \ + --keep SSH_AUTH_SOCK \ + --keep GITHUB_TOKEN \ + --keep AWS_ROLE \ + --keep AWS_REGION \ + --keep AWS_DEFAULT_REGION \ + --keep AWS_ACCESS_KEY_ID \ + --keep AWS_SECRET_ACCESS_KEY \ + --keep AWS_SESSION_TOKEN \ + --keep TERM \ + ${{ github.workspace }} + - uses: actions/cache/save@v3 + id: cache-nix-save if: steps.release-please.outputs.pr - id: cache-nix-store-restore - uses: actions/cache/restore@v3 with: path: /nix/store - key: nix-store - - uses: nicknovitski/nix-develop@v1 - if: steps.release-please.outputs.pr - - name: 'Cache Nix Store' - if: steps.release-please.outputs.pr - id: cache-nix-store-save - uses: actions/cache/save@v3 - with: - path: /nix/store - key: ${{ steps.cache-nix-store-restore.outputs.cache-primary-key }} + key: ${{ steps.cache-nix-restore.outputs.cache-primary-key }} - uses: aws-actions/configure-aws-credentials@v4 if: steps.release-please.outputs.pr with: role-to-assume: ${{env.AWS_ROLE}} role-session-name: ${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}} aws-region: ${{env.AWS_REGION}} - - name: 'Restore Terraform Cache' - if: steps.release-please.outputs.pr + - uses: actions/cache/restore@v3 id: cache-terraform-restore - uses: actions/cache/restore@v3 + if: steps.release-please.outputs.pr with: path: ${{ github.workspace }}/.terraform - key: terraform + key: terraform-${{hashFiles('**/versions.tf','**/main.tf')}} - run: terraform init -upgrade if: steps.release-please.outputs.pr - - name: 'Cache Terraform' - if: steps.release-please.outputs.pr + - uses: actions/cache/save@v3 id: cache-terraform-save - uses: actions/cache/save@v3 + if: steps.release-please.outputs.pr with: path: ${{ github.workspace }}/.terraform key: ${{ steps.cache-terraform-restore.outputs.cache-primary-key }} - - run: cd ./tests && go test -v -timeout=40m -parallel=10 - name: 'Terratest' + - run: go version && cd ${{github.workspace}}/tests && go test -v -timeout=40m -parallel=10 && cd ${{github.workspace}} if: steps.release-please.outputs.pr env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} GITHUB_OWNER: rancher + IDENTIFIER: ${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}} - uses: peter-evans/create-or-update-comment@v3 name: 'Report Success' if: steps.release-please.outputs.pr diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 5157088..611cb67 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -12,9 +12,36 @@ jobs: steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - uses: nicknovitski/nix-develop@v1 - - run: cd examples/basic && terraform version && terraform init -upgrade && terraform validate + - uses: nicknovitski/nix-develop@v1.1.0 + with: + arguments: | + --ignore-environment \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + --keep HOME \ + --keep SSH_AUTH_SOCK \ + --keep GITHUB_TOKEN \ + --keep AWS_ROLE \ + --keep AWS_REGION \ + --keep AWS_DEFAULT_REGION \ + --keep AWS_ACCESS_KEY_ID \ + --keep AWS_SECRET_ACCESS_KEY \ + --keep AWS_SESSION_TOKEN \ + --keep TERM \ + ${{ github.workspace }} + - uses: actions/cache/restore@v3 + id: cache-terraform-restore + with: + path: ${{ github.workspace }}/.terraform + key: terraform + - run: terraform init -upgrade + - uses: actions/cache/save@v3 + id: cache-terraform-save + with: + path: ${{ github.workspace }}/.terraform + key: ${{ steps.cache-terraform-restore.outputs.cache-primary-key }} + - run: cd ${{ github.workspace }}/examples/basic && terraform version && terraform init -upgrade && terraform validate && cd ${{ github.workspace }} + - run: terraform fmt -check -recursive actionlint: name: 'Lint Workflows' @@ -22,8 +49,23 @@ jobs: steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - uses: nicknovitski/nix-develop@v1 + - uses: nicknovitski/nix-develop@v1.1.0 + with: + arguments: | + --ignore-environment \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + --keep HOME \ + --keep SSH_AUTH_SOCK \ + --keep GITHUB_TOKEN \ + --keep AWS_ROLE \ + --keep AWS_REGION \ + --keep AWS_DEFAULT_REGION \ + --keep AWS_ACCESS_KEY_ID \ + --keep AWS_SECRET_ACCESS_KEY \ + --keep AWS_SESSION_TOKEN \ + --keep TERM \ + ${{ github.workspace }} - run: actionlint tflint: diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index 312522f..e61d26c 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -1,4 +1,4 @@ -name: "Updatecli: Dependency Management" +name: "Updatecli" on: schedule: @@ -7,28 +7,19 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: -permissions: - contents: write - issues: write - pull-requests: write +permissions: write-all jobs: updatecli: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Go - uses: actions/setup-go@v5 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: go-version: 'stable' - - - name: Install Updatecli - uses: updatecli/updatecli-action@v2 - - - name: Delete leftover UpdateCLI branches + - uses: updatecli/updatecli-action@v2 + - name: 'Delete leftover UpdateCLI branches' run: | gh pr list \ --search "is:closed is:pr head:updatecli_" \ @@ -46,10 +37,9 @@ jobs: done env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Apply Updatecli # Never use '--debug' option, because it might leak the access tokens. run: "updatecli apply --clean --config ./updatecli/updatecli.d/ --values ./updatecli/values.yaml" env: UPDATECLI_GITHUB_ACTOR: ${{ github.actor }} - UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.rcs b/.rcs index 6387534..fb07861 100644 --- a/.rcs +++ b/.rcs @@ -1,4 +1,2 @@ -# load aws config -source ~/.config/aws/default/rc -# load personal aliases -source ~/.config/alias/default/rc \ No newline at end of file +source ~/.config/aws/default/rc # add personal aws auth vars +source ~/.config/alias/default/rc # add personal aliases \ No newline at end of file diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index a14bd91..6ba84f6 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -3,17 +3,17 @@ output "vpc" { } output "subnet" { - value = module.TestBasic.subnet + value = module.TestBasic.subnet } output "cidr" { - value = module.TestBasic.cidr + value = module.TestBasic.cidr } output "security_group" { - value = module.TestBasic.security_group + value = module.TestBasic.security_group } output "ssh_key" { - value = module.TestBasic.ssh_key + value = module.TestBasic.ssh_key } diff --git a/examples/override/outputs.tf b/examples/override/outputs.tf index 7558bc7..9b98a3d 100644 --- a/examples/override/outputs.tf +++ b/examples/override/outputs.tf @@ -3,17 +3,17 @@ output "vpc" { } output "subnet" { - value = module.TestOverride.subnet + value = module.TestOverride.subnet } output "cidr" { - value = module.TestOverride.cidr + value = module.TestOverride.cidr } output "security_group" { - value = module.TestOverride.security_group + value = module.TestOverride.security_group } output "ssh_key" { - value = module.TestOverride.ssh_key + value = module.TestOverride.ssh_key } diff --git a/examples/personal/outputs.tf b/examples/personal/outputs.tf index 0fcdd77..f82ab55 100644 --- a/examples/personal/outputs.tf +++ b/examples/personal/outputs.tf @@ -3,17 +3,17 @@ output "vpc" { } output "subnet" { - value = module.TestPersonal.subnet + value = module.TestPersonal.subnet } output "cidr" { - value = module.TestPersonal.cidr + value = module.TestPersonal.cidr } output "security_group" { - value = module.TestPersonal.security_group + value = module.TestPersonal.security_group } output "ssh_key" { - value = module.TestPersonal.ssh_key + value = module.TestPersonal.ssh_key } diff --git a/examples/project/outputs.tf b/examples/project/outputs.tf index 1672af1..3650f74 100644 --- a/examples/project/outputs.tf +++ b/examples/project/outputs.tf @@ -3,17 +3,17 @@ output "vpc" { } output "subnet" { - value = module.TestProject.subnet + value = module.TestProject.subnet } output "cidr" { - value = module.TestProject.cidr + value = module.TestProject.cidr } output "security_group" { - value = module.TestProject.security_group + value = module.TestProject.security_group } output "ssh_key" { - value = module.TestProject.ssh_key + value = module.TestProject.ssh_key } diff --git a/flake.lock b/flake.lock index d415d0f..0caacc9 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701174899, - "narHash": "sha256-1W+FMe8mWsJKXoBc+QgKmEeRj33kTFnPq7XCjU+bfnA=", + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "010c7296f3b19a58b206fdf7d68d75a5b0a09e9e", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 769fda7..9f16b8e 100644 --- a/flake.nix +++ b/flake.nix @@ -59,13 +59,18 @@ { devShells.default = pkgs.mkShell { buildInputs = with pkgs; [ - bashInteractive - git - tflint - shellcheck - tfswitch - actionlint act + actionlint + bashInteractive + curl + git + gnupg + go + less + openssh + shellcheck + tflint + tfswitch ]; shellHook = '' rm -rf "/usr/local/bin/switched-terraform" diff --git a/main.tf b/main.tf index 132b426..6337bb1 100644 --- a/main.tf +++ b/main.tf @@ -15,11 +15,17 @@ locals { ssh_key_name = var.ssh_key_name public_ssh_key = var.public_ssh_key # create when public key is given, otherwise select with name + + ifconfig_co_json = jsondecode(data.http.my_public_ip[0].response_body) + ip = (local.security_group_ip == "" ? local.ifconfig_co_json.ip : local.security_group_ip) } -data "http" "get_my_ip" { +data "http" "my_public_ip" { count = (local.security_group_ip == "" ? 1 : 0) - url = "https://ipinfo.io/ip" + url = "https://ifconfig.co/json" + request_headers = { + Accept = "application/json" + } } module "vpc" { @@ -40,7 +46,7 @@ module "subnet" { module "security_group" { source = "./modules/security_group" name = local.security_group_name - ip = (local.security_group_ip == "" ? data.http.get_my_ip[0].response_body : local.security_group_ip) + ip = local.ip cidr = module.subnet.cidr owner = local.owner type = local.security_group_type diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf index a5a4709..20cfb65 100644 --- a/modules/vpc/main.tf +++ b/modules/vpc/main.tf @@ -23,7 +23,7 @@ resource "aws_vpc" "new" { } resource "aws_internet_gateway" "new" { - count = local.create + count = local.create depends_on = [ aws_vpc.new, ] @@ -31,7 +31,7 @@ resource "aws_internet_gateway" "new" { } resource "aws_route" "public" { - count = local.create + count = local.create depends_on = [ aws_internet_gateway.new, aws_vpc.new,