From a7f8992b5ebf3bb9e3badf1286a0b785d7a2c10d Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 7 Aug 2022 14:24:28 -0700 Subject: feat(ops/buildkite): use terraform to manage buildkite Change-Id: I63fc8fd81679457f7dbeafc2bd10c0eded0de991 Reviewed-on: https://cl.fcuny.net/c/world/+/707 Tested-by: CI Reviewed-by: Franck Cuny --- flake.nix | 2 +- ops/buildkite/.gitignore | 3 +++ ops/buildkite/README.org | 5 +++++ ops/buildkite/buildkite.tf | 29 +++++++++++++++++++++++++++++ ops/buildkite/default.nix | 25 +++++++++++++++++++++++++ ops/buildkite/steps.yml | 6 ++++++ ops/default.nix | 5 +++++ 7 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 ops/buildkite/.gitignore create mode 100644 ops/buildkite/README.org create mode 100644 ops/buildkite/buildkite.tf create mode 100644 ops/buildkite/default.nix create mode 100644 ops/buildkite/steps.yml create mode 100644 ops/default.nix diff --git a/flake.nix b/flake.nix index 6e48370..76e6369 100644 --- a/flake.nix +++ b/flake.nix @@ -60,7 +60,7 @@ inherit home-manager; tools = import ./tools { inherit pkgs; }; - + ops = import ./ops { inherit pkgs; }; users.fcuny = import ./users/fcuny { inherit pkgs; }; }; diff --git a/ops/buildkite/.gitignore b/ops/buildkite/.gitignore new file mode 100644 index 0000000..112bb96 --- /dev/null +++ b/ops/buildkite/.gitignore @@ -0,0 +1,3 @@ +# ignore the various terraform files that are generate. The state is +# stored in a GCS bucket. +.terraform* diff --git a/ops/buildkite/README.org b/ops/buildkite/README.org new file mode 100644 index 0000000..f3a09ef --- /dev/null +++ b/ops/buildkite/README.org @@ -0,0 +1,5 @@ +This is to configure the pipelines in buildkite. + +To upload them, run =nix run .#ops.buildkite.upload=. + +The state is stored in a GCS bucket. The GCS bucket needs to be created before this can be run. The credentials are expected to be stored in =pass= under =gcloud/terraform/fcuny-homelab=. diff --git a/ops/buildkite/buildkite.tf b/ops/buildkite/buildkite.tf new file mode 100644 index 0000000..e663adb --- /dev/null +++ b/ops/buildkite/buildkite.tf @@ -0,0 +1,29 @@ +provider "google" { + project = "fcuny-homelab" + region = "us-west1" + zone = "us-west1-c" +} + +terraform { + required_providers { + buildkite = { + source = "buildkite/buildkite" + } + } + + backend "gcs" { + bucket = "world-tf-state" + prefix = "buildkite/state" + } +} + +provider "buildkite" { + organization = "fcuny-dot-xyz" +} + +resource "buildkite_pipeline" "world" { + name = "world" + description = "CI pipeline for the world repository." + repository = "https://cl.fcuny.net/world" + steps = file("./steps.yml") +} diff --git a/ops/buildkite/default.nix b/ops/buildkite/default.nix new file mode 100644 index 0000000..7daf7c2 --- /dev/null +++ b/ops/buildkite/default.nix @@ -0,0 +1,25 @@ +{ pkgs }: +let + terraform = pkgs.terraform.withPlugins (p: [ + p.buildkite + p.google + ]); +in +pkgs.stdenv.mkDerivation rec { + name = "tf-buildkite"; + src = ./.; + + upload = pkgs.writeShellScriptBin "tf-buildkite-upload" '' + set -ueo pipefail + + cd $(git rev-parse --show-toplevel)/ops/buildkite + pass gcloud/terraform/fcuny-homelab > /dev/shm/tf-fcuny-homelab + + export BUILDKITE_API_TOKEN=$(pass api/buildkite-terraform-token) + export GOOGLE_APPLICATION_CREDENTIALS=/dev/shm/tf-fcuny-homelab + + ${terraform}/bin/terraform init + ${terraform}/bin/terraform plan + ${terraform}/bin/terraform apply + ''; +} diff --git a/ops/buildkite/steps.yml b/ops/buildkite/steps.yml new file mode 100644 index 0000000..9f30b8a --- /dev/null +++ b/ops/buildkite/steps.yml @@ -0,0 +1,6 @@ +--- +steps: + - label: ":buildkite:" + key: ":init:" + command: | + buildkite-agent pipeline upload ops/ci/pipeline.yml diff --git a/ops/default.nix b/ops/default.nix new file mode 100644 index 0000000..500f9ec --- /dev/null +++ b/ops/default.nix @@ -0,0 +1,5 @@ +{ pkgs }: + +pkgs.lib.makeScope pkgs.newScope (pkgs: { + buildkite = pkgs.callPackage ./buildkite { }; +}) -- cgit 1.4.1