about summary refs log tree commit diff
path: root/ops (follow)
Commit message (Collapse)AuthorAgeFilesLines
* feat(ops/tf): script to create GCP service accounts and set rolesFranck Cuny2022-08-101-0/+113
| | | | | | | | | | | | | | | Since I'm using terraform for a few things, I want to store the state in a GCP bucket. This script takes care of creating the bucket, creating the service account for terraform, setting the roles, and enabling impersonation. The script is (or at least is intended) to be idempotent. If a new project is created, running will update only what is needed. Change-Id: Ie92703be6d17749dc76dabcf9e73e7b274e8d2ac Reviewed-on: https://cl.fcuny.net/c/world/+/711 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* ref(ops/buildkite): use service account impersonation for GCPFranck Cuny2022-08-103-8/+30
| | | | | | | | | | | | | | | Instead of using a key for the terraform service account, use delegation. This simplifies a bit the setup: - no need to have a local key - principle of least privilege - no need to setup some environment variables Update the documentation in case something goes wrong in the future. Change-Id: I430bdf6816419da35ae8a36cec55ce56491b985c Reviewed-on: https://cl.fcuny.net/c/world/+/710 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(ops/buildkite): use terraform to manage buildkiteFranck Cuny2022-08-076-0/+73
| | | | | | | Change-Id: I63fc8fd81679457f7dbeafc2bd10c0eded0de991 Reviewed-on: https://cl.fcuny.net/c/world/+/707 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(pipeline): the pipeline to be executed with a new buildFranck Cuny2022-08-073-3/+28
| | | | | | | | | | | This is the pipeline that is executed when a new build starts. It wait for all the steps to be completed, and if one of them fail, the build is marked as failed. Change-Id: I1eb22b27749944de78d44e49586a1db1fe07b460 Reviewed-on: https://cl.fcuny.net/c/world/+/706 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(ci): delete custom scripts for formattingFranck Cuny2022-08-063-55/+1
| | | | | | | | | | Since I have configured the pre-commit hooks, I can use them instead of my custom scripts: less things to maintain and easier to read output. Change-Id: Ic833ec88ed9fbcbe52b1b1680f978da3a5a08b31 Reviewed-on: https://cl.fcuny.net/c/world/+/681 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(default): add `apps.ci.shellcheck` to flake.nixFranck Cuny2022-06-101-0/+6
| | | | | | | | | | | | I can now run `nix run .#ci.shellcheck` to validate the shell scripts with shellcheck in the repository. The pipeline in buildKite will need to be updated. Change-Id: Ia52ede86adfa58c9615b0f9e290ef5d5b8adb303 Reviewed-on: https://cl.fcuny.net/c/world/+/409 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(shellcheck): add a script to check shell scriptsFranck Cuny2022-06-101-0/+24
| | | | | | | | | | | | The script uses shellcheck to validates that the shell scripts are correct. This is not used by anything yet. Change-Id: Ia96b132143fa0824eaf23420a72e5b518d618250 Reviewed-on: https://cl.fcuny.net/c/world/+/407 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(fmt): add a script to check the formattingFranck Cuny2022-06-101-0/+27
Add a script for CI to check that all the files are formatted correctly. This is done by using `treefmt' with a configuration for go and nix files (for now). Running `nix run .#ci.fmt' in the repository will check all the files, and fail if there's any problems. It will not modify any files. The pipeline in builKite needs to be updated to run that command. Change-Id: Iec91163f1ab56ceb0cfff6db8f8ce93367ebeefe Reviewed-on: https://cl.fcuny.net/c/world/+/403 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>