2023-04-06 11:49:28 +10:00
|
|
|
{ withSystem, ... }:
|
|
|
|
|
{
|
|
|
|
|
herculesCI = { config, ... }:
|
|
|
|
|
let
|
|
|
|
|
inherit (config.repo) ref;
|
|
|
|
|
in
|
|
|
|
|
{
|
2023-05-19 23:51:43 +10:00
|
|
|
onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, self', ... }:
|
2023-04-06 11:49:28 +10:00
|
|
|
{
|
|
|
|
|
terraform-deploy =
|
2023-05-02 18:35:18 +10:00
|
|
|
hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" ref)
|
2023-04-06 11:49:28 +10:00
|
|
|
(hci-effects.mkEffect {
|
|
|
|
|
name = "terraform-deploy";
|
2023-05-19 23:51:43 +10:00
|
|
|
inputs = [ self'.devShells.terraform.nativeBuildInputs ];
|
2023-04-06 11:49:28 +10:00
|
|
|
src = pkgs.lib.cleanSource ./.;
|
|
|
|
|
secretsMap.tf-secrets = "tf-secrets";
|
|
|
|
|
effectScript = ''
|
|
|
|
|
export TF_IN_AUTOMATION=1
|
|
|
|
|
export TF_INPUT=0
|
|
|
|
|
export SOPS_AGE_KEY="$(readSecretString tf-secrets .SOPS_AGE_KEY)"
|
|
|
|
|
export TF_TOKEN_app_terraform_io="$(readSecretString tf-secrets .TF_TOKEN_app_terraform_io)"
|
|
|
|
|
|
|
|
|
|
pushd terraform
|
|
|
|
|
terraform init
|
|
|
|
|
terraform validate
|
2023-05-02 18:35:18 +10:00
|
|
|
terraform apply -auto-approve
|
2023-04-06 11:49:28 +10:00
|
|
|
'';
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
}
|
