ci(terraform): dagger pipeline for terraform

.archived/.github/workflows/checks.yml

@@ -0,0 +1,112 @@
+# This file was generated. See https://daggerverse.dev/mod/github.com/shykes/gha
+name: check-matrix
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+  workflow_dispatch: {}
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.checks.outputs.targets }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: scripts/install-dagger.sh
+        id: install-dagger
+        run: |
+          #!/bin/bash
+
+          set -o pipefail
+          # Fallback to /usr/local for backwards compatability
+          prefix_dir="${RUNNER_TEMP:-/usr/local}"
+
+          # Ensure the dir is writable otherwise fallback to tmpdir
+          if [[ ! -d "$prefix_dir" ]] || [[ ! -w "$prefix_dir" ]]; then
+              prefix_dir="$(mktemp -d)"
+          fi
+          printf '%s/bin' "$prefix_dir" >> $GITHUB_PATH
+
+          # If the dagger version is 'latest', set the version back to an empty
+          # string. This allows the install script to detect and install the latest
+          # version itself
+          if [[ "$DAGGER_VERSION" == "latest" ]]; then
+            DAGGER_VERSION=
+          fi
+
+          # The install.sh script creates path ${prefix_dir}/bin
+          curl -fsS https://dl.dagger.io/dagger/install.sh | BIN_DIR=${prefix_dir}/bin sh
+        env:
+          DAGGER_VERSION: v0.13.0
+        shell: bash
+      - name: scripts/warm-engine.sh
+        id: warm-engine
+        shell: bash
+        run: |
+          #!/bin/bash
+
+          # Make sure not to load any implicit module
+          cd $(mktemp -d)
+          # Run a simple query to "warm up" the engine
+          dagger core version
+      - id: checks
+        name: Generate target list
+        shell: bash
+        run: |
+          #!/bin/bash
+          targets=$(dagger call -s -j --ci check-list | jq -c .)
+          echo ::set-output name=targets::${targets}
+  check:
+    needs: setup
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    strategy:
+      matrix:
+        targets: ${{ fromJSON(needs.setup.outputs.targets) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: scripts/install-dagger.sh
+        id: install-dagger
+        run: |
+          #!/bin/bash
+
+          set -o pipefail
+          # Fallback to /usr/local for backwards compatability
+          prefix_dir="${RUNNER_TEMP:-/usr/local}"
+
+          # Ensure the dir is writable otherwise fallback to tmpdir
+          if [[ ! -d "$prefix_dir" ]] || [[ ! -w "$prefix_dir" ]]; then
+              prefix_dir="$(mktemp -d)"
+          fi
+          printf '%s/bin' "$prefix_dir" >> $GITHUB_PATH
+
+          # If the dagger version is 'latest', set the version back to an empty
+          # string. This allows the install script to detect and install the latest
+          # version itself
+          if [[ "$DAGGER_VERSION" == "latest" ]]; then
+            DAGGER_VERSION=
+          fi
+
+          # The install.sh script creates path ${prefix_dir}/bin
+          curl -fsS https://dl.dagger.io/dagger/install.sh | BIN_DIR=${prefix_dir}/bin sh
+        env:
+          DAGGER_VERSION: v0.13.0
+        shell: bash
+      - shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          #!/bin/bash
+          dagger call -q --ci --pr ${{ github.event.pull_request.number }} --gh-token=env:GITHUB_TOKEN check --targets ${{ matrix.targets }}

.dagger/checks.go

@@ -0,0 +1,169 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	"go.opentelemetry.io/otel/codes"
+	"golang.org/x/sync/errgroup"
+)
+
+func (m *HomeInfra) Check(
+	ctx context.Context,
+	// +optional
+	// +default=[""]
+	targets []string,
+) error {
+	var routes checkRouter
+	tfChecks, err := m.terraformChecks(ctx)
+	if err != nil {
+		return err
+	}
+	routes.Add(tfChecks...)
+
+	eg := errgroup.Group{}
+	for _, check := range routes.Get(targets...) {
+		ctx, span := Tracer().Start(ctx, check.Name)
+		eg.Go(func() (rerr error) {
+			defer func() {
+				if rerr != nil {
+					span.SetStatus(codes.Error, rerr.Error())
+				}
+				span.End()
+			}()
+
+			rerr = check.Check(ctx)
+			if m.IsCi {
+				gh := m.Github(ctx, "kid", "home-infra")
+				if rerr != nil {
+					checkErr := &CheckError{}
+					if errors.As(rerr, &checkErr) {
+						if checkErr.Markdown != "" {
+							gh.CreateOrUpdateComment(ctx, m.GhPr, checkErr.Markdown, check.Name)
+						}
+					}
+				} else {
+					gh.DeleteComment(ctx, m.GhPr, check.Name)
+				}
+			}
+
+			return rerr
+		})
+	}
+
+	return eg.Wait()
+}
+
+func (m *HomeInfra) CheckList(
+	ctx context.Context,
+	// +optional
+	// +default=[""]
+	targets []string,
+) (checks []string, err error) {
+	var routes checkRouter
+	tfChecks, err := m.terraformChecks(ctx)
+	if err != nil {
+		return
+	}
+	routes.Add(tfChecks...)
+
+	for _, check := range routes.Get(targets...) {
+		checks = append(checks, check.Name)
+	}
+
+	return
+}
+
+type Check struct {
+	Name  string
+	Check func(context.Context) error
+}
+
+type CheckError struct {
+	original error
+	Markdown string
+}
+
+func (e *CheckError) Error() string {
+	return fmt.Sprintf("check failed: %v", e.original)
+}
+
+func (e *CheckError) Message() string {
+	// if e.Markdown != "" {
+	// 	return e.Markdown
+	// }
+	return e.original.Error()
+}
+
+func (e *CheckError) Unwrap() error {
+	return e.original
+}
+
+type checkRouter struct {
+	check    Check
+	children map[string]*checkRouter
+}
+
+func (r *checkRouter) Add(checks ...Check) {
+	for _, check := range checks {
+		r.add(check.Name, check)
+	}
+}
+
+func (r *checkRouter) Get(targets ...string) []Check {
+	var checks []Check
+	for _, target := range targets {
+		checks = append(checks, r.get(target).all()...)
+	}
+	return checks
+}
+
+func (r *checkRouter) add(target string, check Check) {
+	if target == "" {
+		r.check = check
+		return
+	}
+
+	target, rest, _ := strings.Cut(target, "/")
+	if r.children == nil {
+		r.children = make(map[string]*checkRouter)
+	}
+	if _, ok := r.children[target]; !ok {
+		r.children[target] = &checkRouter{}
+	}
+	r.children[target].add(rest, check)
+}
+
+func (r *checkRouter) get(target string) *checkRouter {
+	if r == nil {
+		return nil
+	}
+	if target == "" {
+		return r
+	}
+
+	target, rest, _ := strings.Cut(target, "/")
+	if r.children == nil {
+		return nil
+	}
+	if _, ok := r.children[target]; !ok {
+		return nil
+	}
+	return r.children[target].get(rest)
+}
+
+func (r *checkRouter) all() []Check {
+	if r == nil {
+		return nil
+	}
+	var checks []Check
+	if r.check.Check != nil {
+		checks = append(checks, r.check)
+	}
+	for _, child := range r.children {
+		checks = append(checks, child.all()...)
+	}
+	return checks
+}

.dagger/commitlint.go

@@ -2,9 +2,8 @@ package main
 
 import (
 	"context"
+
 	"github.com/kid/home-infra/.dagger/internal/dagger"
-	"path/filepath"
-	"strings"
 )
 
 func (m *HomeInfra) LintCommits(
@@ -47,22 +46,3 @@ func (m *HomeInfra) LintCommits(
 
 	return out, nil
 }
-
-func (m *HomeInfra) Containing(ctx context.Context, filename string) ([]string, error) {
-	entries, err := m.Source.Glob(ctx, "**/"+filename)
-	if err != nil {
-		return nil, err
-	}
-
-	var parents []string
-	for _, entry := range entries {
-		entry = filepath.Clean(entry)
-		parent := strings.TrimSuffix(entry, filename)
-		if parent == "" {
-			parent = "."
-		}
-		parents = append(parents, parent)
-	}
-
-	return parents, nil
-}