Added Spindle pipeline · sans-self.org/infrastructure@3a228f9

sans-self.org / infrastructure

fork atom

this repo has no description

fork atom

Added Spindle pipeline

sans-self.org 1 month ago 3a228f9b b3d7844d

+51

1 changed file

expand all

.tangled

workflows

validate.yml

+51

.tangled/workflows/validate.yml

··· 1 + when: 2 + - event: ["push"] 3 + branch: ["main"] 4 + - event: ["pull_request"] 5 + branch: ["main"] 6 + 7 + engine: "nixery" 8 + 9 + dependencies: 10 + nixpkgs: 11 + - kustomize 12 + - kubeconform 13 + - opentofu 14 + - yamllint 15 + - shellcheck 16 + 17 + steps: 18 + - name: "Stub encrypted secrets" 19 + command: | 20 + for f in k8s/pds/admin-password.secret \ 21 + k8s/pds/jwt.secret \ 22 + k8s/pds/plc-rotation-key.secret \ 23 + k8s/pds/smtp-url.secret \ 24 + k8s/shared/s3-access-key.secret \ 25 + k8s/shared/s3-secret-key.secret; do 26 + echo "stub" > "$f" 27 + done 28 + 29 + mkdir -p keypair 30 + echo "stub" > keypair/id_ed25519_homelab 31 + echo "stub" > keypair/id_ed25519_homelab.pub 32 + 33 + - name: "Lint YAML" 34 + command: | 35 + yamllint -d '{extends: relaxed, rules: {line-length: disable}}' \ 36 + k8s/**/*.yaml 37 + 38 + - name: "Lint shell scripts" 39 + command: shellcheck k8s/shared/backup.sh 40 + 41 + - name: "Validate kustomize manifests" 42 + command: | 43 + kustomize build k8s/ | kubeconform \ 44 + -strict \ 45 + -ignore-missing-schemas \ 46 + -summary 47 + 48 + - name: "Validate OpenTofu" 49 + command: | 50 + tofu init -backend=false 51 + tofu validate