infrastructure/.envrc at main · testing-farm/infrastructure · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#
# environment variables
#
export PROJECT_ROOT=$(pwd)
export DIRENV_PATH="$PROJECT_ROOT/.direnv"
export TOOLS_PATH="$DIRENV_PATH/bin"

#
# globals
#
export SECRETS_FILE="$PROJECT_ROOT/ansible/secrets/credentials.yaml"
export ANSIBLE_CONFIG="$PROJECT_ROOT/ansible.cfg"

#
# helper
#
export IS_MAINTAINER="$(test -e $PROJECT_ROOT/.vault_pass && echo yes)"
export VAULT_VIEW="$(poetry run -q ansible-vault view $SECRETS_FILE)"

#
# required
#
if test -z "$IS_MAINTAINER"; then
    echo -e "\e[33m💡 Create '.vault_pass' in project root '$PROJECT_ROOT' to activate Testing Farm maintainer access."
fi

#
# setup
#
if [ ! -e "$DIRENV_PATH" ]; then
  poetry env use python3.12
  source setup/environment.sh
else
  echo -e "\e[32m💡 Use 'make clean; direnv allow' to reinstall\e[0m"
fi

#
# tools
#
PATH_add "$TOOLS_PATH"
PATH_add "$(poetry run bash -c 'echo $VIRTUAL_ENV')/bin"

#
# Configuration below is only for maintainers
#
test -z "$IS_MAINTAINER" && return

#
# aws
#
export AWS_CONFIG_FILE="$DIRENV_PATH/.aws/config"
export AWS_SHARED_CREDENTIALS_FILE="$DIRENV_PATH/.aws/credentials"

#
# kubectl
#
export KUBECONFIG="$DIRENV_PATH/.kube/config"
export KREW_ROOT="$DIRENV_PATH/.krew/"
PATH_add "$DIRENV_PATH/.krew/bin"

#
# terraform
#
export TERRAGRUNT_NON_INTERACTIVE=true
export TERRAGRUNT_INCLUDE_EXTERNAL_DEPENDENCIES=true
export TF_TOKEN_app_terraform_io=$(echo "$VAULT_VIEW" | yq -er .credentials.terraform.cloud.testing_farm_bot.token)
export TF_VAR_terraform_api_url=$(echo "$VAULT_VIEW" | yq -r .credentials.terraform.cloud.api)
export TF_VAR_ansible_vault_password_file="$PROJECT_ROOT/.vault_pass"
export TF_VAR_ansible_vault_credentials="credentials.yaml"
export TF_VAR_ansible_vault_secrets_root="$(dirname $SECRETS_FILE)"
export TF_VAR_gitlab_testing_farm_bot=$(echo "$VAULT_VIEW" | yq -er .credentials.gitlab.testing_farm_bot_infra.token)

#
# Testing Farm
#
export TESTING_FARM_API_URL=$(echo "$VAULT_VIEW" | yq -r .credentials.testing_farm.production.api_url)
export TESTING_FARM_API_TOKEN_PUBLIC=$(echo "$VAULT_VIEW" | yq -er .credentials.testing_farm.production.public.users.bot.token)
# NOTE: this is not used currently, but we plan to use it later
export TESTING_FARM_API_TOKEN_REDHAT=$(echo "$VAULT_VIEW" | yq -er .credentials.testing_farm.production.redhat.bot_api_key)
# Needed for development operations
export TESTING_FARM_DEV_TOKEN_PUBLIC_DEVELOPER=$(echo "$VAULT_VIEW" | yq -r .credentials.testing_farm.dev.public.users.developer.token)
export TESTING_FARM_DEV_TOKEN_PUBLIC_ADMIN=$(echo "$VAULT_VIEW" | yq -r .credentials.testing_farm.dev.public.users.admin.token)
export TESTING_FARM_DEV_TOKEN_PUBLIC_WORKER=$(echo "$VAULT_VIEW" | yq -r .credentials.testing_farm.dev.public.users.worker.token)
export TESTING_FARM_DEV_TOKEN_PUBLIC_DISPATCHER=$(echo "$VAULT_VIEW" | yq -r .credentials.testing_farm.dev.public.users.dispatcher.token)
export TESTING_FARM_DEV_API_URL_PUBLIC="http://api.dev-${USER}.testing-farm.io"

#
# gitlab-ci-linter
#
export GITLAB_PRIVATE_TOKEN=$(echo "$VAULT_VIEW" | yq -er .credentials.gitlab.testing_farm_bot_gitlab_ci_linter.token)

#
# cleanup
#
unset VAULT_VIEW