merge terraform flake

2023-05-19 23:51:43 +10:00 · 2023-05-19 23:51:43 +10:00 · 098cd362db
commit 098cd362db
parent b6fdc757d6
8 changed files with 52 additions and 64 deletions
--- a/effect.nix
+++ b/effect.nix
@ -5,13 +5,13 @@
      inherit (config.repo) ref;
    in
    {
-      onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, ... }:
+      onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, self', ... }:
        {
          terraform-deploy =
            hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" ref)
              (hci-effects.mkEffect {
                name = "terraform-deploy";
-                inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
+                inputs = [ self'.devShells.terraform.nativeBuildInputs ];
                src = pkgs.lib.cleanSource ./.;
                secretsMap.tf-secrets = "tf-secrets";
                effectScript = ''
--- a/flake.lock
+++ b/flake.lock
@ -160,6 +160,7 @@
        "nur-update": "nur-update",
        "sops-nix": "sops-nix",
        "srvos": "srvos",
+        "tf-pkgs": "tf-pkgs",
        "treefmt-nix": "treefmt-nix"
      }
    },
@ -204,6 +205,22 @@
        "type": "github"
      }
    },
+    "tf-pkgs": {
+      "locked": {
+        "lastModified": 1683212983,
+        "narHash": "sha256-4GwtXD3tBUtBAL20ygoOggZWgLdxU34VZ1vanbV64KI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5751551558d7896ffb30ff3d709b4943bb3eafa8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5751551558d7896ffb30ff3d709b4943bb3eafa8",
+        "type": "github"
+      }
+    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
--- a/flake.nix
+++ b/flake.nix
@ -39,6 +39,8 @@

    treefmt-nix.url = "github:numtide/treefmt-nix";
    treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
+
+    tf-pkgs.url = "github:NixOS/nixpkgs/5751551558d7896ffb30ff3d709b4943bb3eafa8";
  };

  outputs = inputs @ { flake-parts, self, ... }:
@ -75,7 +77,7 @@
        hercules-ci.github-pages.branch = "master";

        perSystem = { config, pkgs, ... }: {
-          imports = [ ./dev/shell.nix ];
+          imports = [ ./dev/shell.nix ./terraform/shell.nix ];
          treefmt.imports = [ ./dev/treefmt.nix ];

          packages.pages = pkgs.runCommand "pages"
--- a/tasks.py
+++ b/tasks.py
@ -95,18 +95,20 @@ def update_terraform(c):
    """
    Update terraform devshell flake
    """
-    with c.cd("terraform"):
-        c.run(
-            """
+    c.run(
+        """
 system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
-old="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
-nix flake update --commit-lock-file
-new="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
+oldShell="$(nix build --no-link --print-out-paths ".#devShells.${system}.terraform")"
+oldRev="$(nix flake metadata --json | jq -r '.locks.nodes."tf-pkgs".locked.rev')"
+newRev="$(nix flake metadata --json | jq -r '.locks.nodes.nixpkgs.locked.rev')"
+sed -i "s|${oldRev}|${newRev}|" flake.nix
+nix flake lock --update-input tf-pkgs --commit-lock-file
+newShell="$(nix build --no-link --print-out-paths ".#devShells.${system}.terraform")"
 commit="$(git log --pretty=format:%B -1)"
-diff="$(nix store diff-closures "${old}" "${new}" | awk -F ',' '/terraform/ && /→/ {print $1}')"
-git commit --amend -m "${commit}" -m "Terraform updates:" -m "${diff}"
+diff="$(nix store diff-closures "${oldShell}" "${newShell}" | awk -F ',' '/terraform/ && /→/ {print $1}')"
+git commit --all --amend -m "${commit}" -m "Terraform updates:" -m "${diff}"
 """
-        )
+    )


@task
--- a/terraform/.envrc
+++ b/terraform/.envrc
@ -1 +1 @@
-use flake
+use flake .#terraform
--- a/terraform/flake.lock
+++ b/terraform/flake.lock
@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1683212983,
-        "narHash": "sha256-4GwtXD3tBUtBAL20ygoOggZWgLdxU34VZ1vanbV64KI=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "5751551558d7896ffb30ff3d709b4943bb3eafa8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable-small",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
--- a/terraform/flake.nix
+++ b/terraform/flake.nix
@ -1,24 +0,0 @@
-{
-  description = "terraform devshell";
-
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small";
-
-  outputs = { nixpkgs, self }: {
-    devShells = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]
-      (system: {
-        default = with nixpkgs.legacyPackages.${system}; mkShellNoCC {
-          packages = [
-            (terraform.withPlugins (p: [
-              p.cloudflare
-              p.external
-              p.gandi
-              p.hydra
-              p.null
-              p.sops
-              p.tfe
-            ]))
-          ];
-        };
-      });
-  };
-}
--- a/terraform/shell.nix
+++ b/terraform/shell.nix
@ -0,0 +1,18 @@
+{ inputs', ... }:
+{
+  devShells = {
+    terraform = with inputs'.tf-pkgs.legacyPackages; mkShellNoCC {
+      packages = [
+        (terraform.withPlugins (p: [
+          p.cloudflare
+          p.external
+          p.gandi
+          p.hydra
+          p.null
+          p.sops
+          p.tfe
+        ]))
+      ];
+    };
+  };
+}