-
Notifications
You must be signed in to change notification settings - Fork 12
/
Makefile
101 lines (88 loc) · 5.13 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# This makefile implements wrappers around various kitchen test commands. The
# intent is to make it easy to execute a full test suite, or individual actions,
# with a safety net that ensures the test harness is present before executing
# kitchen commands. Specifically, Terraform in /test/setup/ has been applied, and
# the examples have been cloned to an emphemeral folder and source modified to
# use these local files.
#
# Every kitchen command has an equivalent target; kitchen action [pattern] becomes
# make action[.pattern]
#
# E.g.
# kitchen test => make test
# kitchen verify example-gsr => make verify.example-gsr
# kitchen converge pr => make converge.pr
#
# Default target will create necessary test harness, then launch kitchen test.
.DEFAULT: test
.PHONY: test.%
test.%: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen test $*
.PHONY: test
test: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen test
.PHONY: destroy.%
destroy.%: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen destroy $*
.PHONY: destroy
destroy: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen destroy
.PHONY: verify.%
verify.%: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen verify $*
.PHONY: verify
verify: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen verify
.PHONY: converge.%
converge.%: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen converge $*
.PHONY: converge
converge: test/setup/terraform.tfstate
ulimit -n 1024 && bundle exec kitchen converge
EXAMPLES=accessors all-options simple with-random-provider user-managed-replication user-managed-replication-accessors user-managed-replication-with-keys empty-secret-value auto-replication-with-key pubsub ttl
test/setup/terraform.tfstate: $(wildcard test/setup/*.tf) $(wildcard test/setup/*.auto.tfvars) $(wildcard test/setup/terraform.tfvars) $(addprefix test/ephemeral/,$(addsuffix /main.tf,$(EXAMPLES)))
terraform -chdir=test/setup init -input=false
terraform -chdir=test/setup apply -input=false -auto-approve
# We want the examples to use the registry tagged versions of the module, but
# need to test against the local code. Make an ephemeral copy of each example
# with the source redirected to local module
test/ephemeral/%/main.tf: $(wildcard examples/%/*.tf)
mkdir -p $(@D)
rsync -avP --exclude .terraform \
--exclude .terraform.lock.hcl \
--exclude 'terraform.tfstate' \
examples/$*/ $(@D)/
sed -i '' -E -e '1h;2,$$H;$$!d;g' -e 's@module "secret"[ \t]*{[ \t]*\n[ \t]*source[ \t]*=[ \t]*"memes/secret-manager/google"\n[ \t]*version[ \t]*=[ \t]*"[^"]+"@module "secret" {\n source = "../../../"@' $@
sed -i '' -E -e '1h;2,$$H;$$!d;g' -e 's@module "secret"[ \t]*{[ \t]*\n[ \t]*source[ \t]*=[ \t]*"memes/secret-manager/google//modules/([^"]+)"\n[ \t]*version[ \t]*=[ \t]*"[^"]+"@module "secret" {\n source = "../../../modules/\1/"@' $@
.PHONY: clean
clean: $(wildcard test/setup/terraform.tfstate)
if test -n "$<" && test -f "$<"; then ulimit -n 1024 && bundle exec kitchen destroy; fi
if test -n "$<" && test -f "$<"; then terraform -chdir=$(<D) destroy -auto-approve; fi
if test -n "$<" && test -f "$<"; then rm "$<"; fi
.PHONY: realclean
realclean: clean
-find test/reports -depth 1 -type d -exec rm -rf {} +
-find test/ephemeral -depth 1 -type d -exec rm -rf {} +
find . -type d -name .terraform -exec rm -rf {} +
find . -type d -name terraform.tfstate.d -exec rm -rf {} +
find . -type f -name .terraform.lock.hcl -exec rm -f {} +
find . -type f -name terraform.tfstate -exec rm -f {} +
find . -type f -name terraform.tfstate.backup -exec rm -f {} +
rm -rf .kitchen
# Helper to ensure code is ready to merge release-please PR:
# 1. Git tree is clean
# 2. Each example is using a valid Terraform registry source and the version
# matches the version to be released
# 3. Inspec controls have version matching the tag
.PHONY: release-ready.%
release-ready.%:
@echo '$*' | grep -Eq '^v(?:[0-9]+\.){2}[0-9]+$$' || \
(echo "Version doesn't meet requirements"; exit 1)
@awk 'BEGIN{m=0;s=0;v=0}; /module "secret"/ {m=1}; m==1 && /source[ \t]*=[ \t]*"memes\/secret-manager\/google(\/\/modules\/random)?/ {s++}; m==1 && /version[ \t]*=[ \t]*"$(subst .,\.,$(*:v%=%))"/ {v++}; END{if (s==0) { printf "%s has incorrect source\n", FILENAME}; if (v==0) { printf "%s has incorrect version\n", FILENAME}; if (s==0 || v==0) { exit 1}}' README.md
@find examples -type f -name main.tf -print0 | \
xargs -0 awk 'BEGIN{m=0;s=0;v=0}; /module "secret"/ {m=1}; m==1 && /source[ \t]*=[ \t]*"memes\/secret-manager\/google(\/\/modules\/random)?/ {s++}; m==1 && /version[ \t]*=[ \t]*"$(subst .,\.,$(*:v%=%))"/ {v++}; END{if (s==0) { printf "%s has incorrect source\n", FILENAME}; if (v==0) { printf "%s has incorrect version\n", FILENAME}; if (s==0 || v==0) { exit 1}}'
@grep -Eq '^version:[ \t]*$(subst .,\.,$(*:v%=%))[ \t]*$$' test/profiles/secrets/inspec.yml || \
(echo "test/profiles/secrets/inspec.yml has incorrect version"; exit 1)
@test "$(shell git status --porcelain | wc -l | grep -Eo '[0-9]+')" == "0" || \
(echo "Git tree is unclean"; exit 1)
@echo "Source is ready to be released as $1"