diff --git a/.mega-linter.yml b/.mega-linter.yml index 202985dbb3b4e06852a4e28e45b542b6488aa39f..4702c00255410df3de59410af0ff517a20211fbe 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -21,6 +21,8 @@ DISABLE: DISABLE_LINTERS: - JSON_V8R - YAML_PRETTIER + - REPOSITORY_CHECKOV + - TERRAFORM_TERRASCAN FLAVOR_SUGGESTIONS: false diff --git a/README-fr.md b/README-fr.md index 29841a6d6789214b224177d70912825465ce96af..092c8932dc8995cbe4194da35aa51c1cf39a4e16 100644 --- a/README-fr.md +++ b/README-fr.md @@ -68,6 +68,7 @@ Chaque fonctionnalité testée peut être activée avec une variable `MGCI_TEST_ | `MGCI_TEST_REGISTRY_GENERIC` | Lancement du test du registre de paquets génériques | `false` | | `MGCI_TEST_REGISTRY_CONTAINER` | Lancement du test du registre des conteneurs | `false` | | `MGCI_TEST_RUNNERS_TAGS` | Lancement du test des tags de runner | `false` | +| `MGCI_TEST_TERRAFORM_MODULE` | Lancement du test de module Terraform | `false` | | `MGCI_RUNNERS_TAGS` | Liste des Tags de runners à tester, format | `` | | `MGCI_API_TOKEN` | Token d'accès `Owner` au dépôt pour tester l'API | `` | | `MATTERMOST_URL` | URL de l'instance Mattermost à tester | `` | @@ -187,15 +188,15 @@ MGCI_TEST_CACHE_JOB_TAGS=cache - [x] Registre : NPM - [x] Proxy de dépendances - [x] Releases -- [X] Runners : tags attendus -- [X] Runners : enregistrement et suppression d'un runner +- [x] Runners : tags attendus +- [x] Runners : enregistrement et suppression d'un runner - [x] Health check (uniquement disponible pour une instance auto-hébergée) -- [X] Mattermost : Health check -- [X] Environnement : création et destruction +- [x] Mattermost : Health check +- [x] Environnement : création et destruction +- [x] Terraform module ### 🏗️ À venir -- [ ] [Terraform module](https://gitlab.com/froggit/tools/mgci/-/issues/16) - [ ] [Terraform state](https://gitlab.com/froggit/tools/mgci/-/issues/13) ## Test de l'API @@ -278,6 +279,12 @@ Si vous activez ce test, il faut également créer la variable `MATTERMOST_URL`, - **Nom des jobs** : `runners:register` - **Description** : le job `runners:register` teste la fonctionnalité d'enregistrement et de suppression d'un runner. Il va enregistrer un runner pour le projet avec le tag `test-runner` puis le supprimer tout de suite après. +## Test du module Terraform + +- **Nom du fichier** : `templates/terraform.yml` +- **Nom des jobs** : `terraform:module:upload` et `terraform:module:test` +-- **Description** : le job `terraform:module:upload` va téléverser notre module Terraform de test situé dans `src/terraform` vers le registre de modules Terraform de Gitlab. Dans un second temps, le job `terraform:module:test` va tester ce module. + ## Contribuer Ce projet étant sous la licence [GPL3](https://www.gnu.org/licenses/gpl.html), il est possible d'y contribuer pour y apporter des améliorations, des nouvelles fonctionnalités. diff --git a/README.md b/README.md index 5c443a08a09638b950f4caf1440d8bb2fc99c3b0..5052b326e0d6bb9336d436ca261d51274ed0b60b 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ Each tested feature can be activated with a `MGCI_TEST_` variable that | `MGCI_TEST_REGISTRY_GENERIC` | Run the generic packages registry test | `false` | | `MGCI_TEST_REGISTRY_CONTAINER` | Run the container registry test | `false` | | `MGCI_TEST_RUNNERS_TAGS` | Run the runner tags test | `false` | +| `MGCI_TEST_TERRAFORM_MODULE` | Run the Terraform module test | `false` | | `MGCI_RUNNERS_TAGS` | List of runner tags to test, format | `` | | `MGCI_API_TOKEN` | `Owner` access token to the repository for API testing | `` | | `MATTERMOST_URL` | URL of the Mattermost instance to test | `` | @@ -191,6 +192,7 @@ MGCI_TEST_CACHE_JOB_TAGS=cache - [x] Health check (only available for self-hosted Gitlab) - [x] Mattermost: Health check - [x] Environment: creation and deletion +- [x] Terraform module ### 🏗️ Upcoming @@ -279,6 +281,12 @@ If you enable this test, you also need to create the `MATTERMOST_URL` variable, - **Job names**: `runners:register` - **Description**: the `runners:register` job tests the functionality of registering and deleting a runner. It will register a runner for the project with the `test-runner` tag and then delete it immediately after. +## Test du module Terraform + +- **File name** : `templates/terraform.yml` +- **Job names** : `terraform:module:upload` et `terraform:module:test` +-- **Description** : the`terraform:module:upload` job uploads our Terraform test module located in `src/terraform` to the Gitlab Terraform module registry. Then, the `terraform:module:test` job tests that module. + ## Contributing This project is licensed under [GPL3](https://www.gnu.org/licenses/gpl.html), and contributions are welcome to bring improvements, new features, etc. diff --git a/includes-if/tags/terraform.yml b/includes-if/tags/terraform.yml new file mode 100644 index 0000000000000000000000000000000000000000..6454f66d3b6ba4e21e78bc401032239e1a16bce0 --- /dev/null +++ b/includes-if/tags/terraform.yml @@ -0,0 +1,3 @@ +--- +.terraform: + tags: [$MGCI_TEST_TERRAFORM_MODULE_MODULE_JOB_TAGS] diff --git a/src/terraform/main.tf b/src/terraform/main.tf new file mode 100644 index 0000000000000000000000000000000000000000..0514e4fac627b5cb624ee84a157d6901601af4a4 --- /dev/null +++ b/src/terraform/main.tf @@ -0,0 +1,10 @@ +terraform { + required_version = "= 1.10.5" +} + +resource "local_file" "file" { + content = var.text + filename = "${var.filename}.txt" + file_permission = "0644" + directory_permission = "0755" +} diff --git a/src/terraform/outputs.tf b/src/terraform/outputs.tf new file mode 100644 index 0000000000000000000000000000000000000000..b9a847c2fe038ff162bfbeffe390f8317674f4de --- /dev/null +++ b/src/terraform/outputs.tf @@ -0,0 +1,4 @@ +output "bytes" { + value = length(local_file.file.content) + description = "Lorem ipsum" +} diff --git a/src/terraform/variables.tf b/src/terraform/variables.tf new file mode 100644 index 0000000000000000000000000000000000000000..84eb40e3941306af35c9368ef054bc5b2724f0d1 --- /dev/null +++ b/src/terraform/variables.tf @@ -0,0 +1,11 @@ +variable "filename" { + description = "The filename of the file to be created." + type = string + default = null +} + +variable "text" { + description = "The text contents of the file to be created." + type = string + default = null +} diff --git a/templates/bases/variables.yml b/templates/bases/variables.yml index c645e6c472b56f83d79b6db36c729315d5976aec..aeba0d9571c17c583dac42e6ce542eff83e10af7 100644 --- a/templates/bases/variables.yml +++ b/templates/bases/variables.yml @@ -33,3 +33,4 @@ variables: MGCI_TEST_REGISTRY_NPM: "false" MGCI_TEST_REGISTRY_GENERIC: "false" MGCI_TEST_REGISTRY_CONTAINER: "false" + MGCI_TEST_TERRAFORM_MODULE: "false" diff --git a/templates/set_packages_version.yml b/templates/set_packages_version.yml index 4de293ecda109bc109cf9c337de1bb9bd0a7f0f7..d74a895aabf85b1b29dd329273b47e32995f60ae 100644 --- a/templates/set_packages_version.yml +++ b/templates/set_packages_version.yml @@ -13,3 +13,4 @@ packages:version: - if: $MGCI_TEST_RELEASE == "true" - if: $MGCI_TEST_REGISTRY_NPM == "true" - if: $MGCI_TEST_REGISTRY_GENERIC == "true" + - if: $MGCI_TEST_TERRAFORM_MODULE == "true" diff --git a/templates/terraform.yml b/templates/terraform.yml new file mode 100644 index 0000000000000000000000000000000000000000..b25e408b3ded63c7351446b2f3c1fbedb3162296 --- /dev/null +++ b/templates/terraform.yml @@ -0,0 +1,72 @@ +--- + +terraform:module:upload: + stage: build + image: curlimages/curl:latest + variables: + TERRAFORM_MODULE_DIR: ${CI_PROJECT_DIR}/src/terraform + TERRAFORM_MODULE_NAME: terraform-module-test + TERRAFORM_MODULE_SYSTEM: local + TERRAFORM_MODULE_VERSION: 0.1.0 + script: + - tar -cvzf ${TERRAFORM_MODULE_NAME}-${TERRAFORM_MODULE_SYSTEM}-${TERRAFORM_MODULE_VERSION}.tgz -C ${TERRAFORM_MODULE_DIR} --exclude=./.git . + - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${TERRAFORM_MODULE_NAME}-${TERRAFORM_MODULE_SYSTEM}-${TERRAFORM_MODULE_VERSION}.tgz ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/${TERRAFORM_MODULE_NAME}/${TERRAFORM_MODULE_SYSTEM}/${TERRAFORM_MODULE_VERSION}/file' + rules: + - if: $MGCI_TEST_TERRAFORM_MODULE == "true" && ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_PROJECT_PATH == 'froggit/tools/mgci') + +terraform:module:test: + stage: test + image: + name: hashicorp/terraform:1.10.5 + entrypoint: [""] + before_script: + - apk add --no-cache jq curl + - cd ${CI_PROJECT_DIR}/test/terraform + - sed -i "s/gitlab\.com/${CI_SERVER_HOST}/g" main.tf + - cat main.tf + variables: + FILENAME: test + TEXT: "Hello world" + TF_ADDRESS: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}" + TF_USERNAME: "gitlab-ci-token" + TF_PASSWORD: "${CI_JOB_TOKEN}" + script: + - terraform init -backend-config="address=${TF_ADDRESS}" -backend-config="lock_address=${TF_ADDRESS}/lock" -backend-config="unlock_address=${TF_ADDRESS}/lock" -backend-config="username=${TF_USERNAME}" -backend-config="password=${TF_PASSWORD}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" + - terraform validate + - terraform fmt --check + + - echo "Test du Terraform state lock" + - | + curl --request POST \ + --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ + --header "Content-Type: application/json" \ + --data '{"ID": "test-lock", "Operation": "OperationTypeApply"}' \ + "${TF_ADDRESS}/lock" + - echo "✅ Verrouillage d'état testé" + - >- + terraform apply -auto-approve + -var="filename=${FILENAME}" + -var="text=${TEXT}" + -backend-config="username=${TF_USERNAME}" + -backend-config="password=${TF_PASSWORD}" + - cat ${FILENAME}.txt | grep "${TEXT}" + - terraform state list + - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}" | jq "."' + + - echo "Test du Terraform state unlock" + - | + curl --request DELETE \ + --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ + --header "Content-Type: application/json" \ + --data '{"ID": "test-lock"}' \ + "${TF_ADDRESS}/lock" + - echo "✅ Déverrouillage d'état testé" + + - terraform destroy -auto-approve + rules: + - if: $MGCI_TEST_TERRAFORM_MODULE == "true" && ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_PROJECT_PATH == 'froggit/tools/mgci') + +include: + - local: 'includes-if/tags/terraform.yml' + rules: + - if: $MGCI_TEST_TERRAFORM_MODULE_JOB_TAGS diff --git a/test/terraform/backend.tf b/test/terraform/backend.tf new file mode 100644 index 0000000000000000000000000000000000000000..4ca44e9b5b43795a8d841c9a86ffcf33a9590d84 --- /dev/null +++ b/test/terraform/backend.tf @@ -0,0 +1,4 @@ +terraform { + backend "http" { + } +} diff --git a/test/terraform/main.tf b/test/terraform/main.tf new file mode 100644 index 0000000000000000000000000000000000000000..f5b2d38ad700f99231d26b38826f85157a215cf2 --- /dev/null +++ b/test/terraform/main.tf @@ -0,0 +1,10 @@ +terraform { + required_version = "= 1.10.5" +} + +module "terraform-module-test" { + source = "gitlab.com/froggit/terraform-module-test/local" + version = "0.1.0" + filename = var.filename + text = var.text +} diff --git a/test/terraform/variables.tf b/test/terraform/variables.tf new file mode 100644 index 0000000000000000000000000000000000000000..84eb40e3941306af35c9368ef054bc5b2724f0d1 --- /dev/null +++ b/test/terraform/variables.tf @@ -0,0 +1,11 @@ +variable "filename" { + description = "The filename of the file to be created." + type = string + default = null +} + +variable "text" { + description = "The text contents of the file to be created." + type = string + default = null +}