homelab: add tf verbs + stack/git-crypt substrate
Adds the tf verb-group and the resolver substrate beneath it, continuing the v0.1 infra-loop build. - substrate: findInfraRoot (walk up to terragrunt.hcl + stacks/), stack→dir resolver, and repo/remote/git-crypt detection (preferRemote forgejo>origin, hasGitCryptAttr, gitCryptFlags) — the last is for `work` next. - tf plan/validate/fmt/force-unlock/apply, resolving the stack from cwd and delegating to scripts/tg (which owns state decrypt/encrypt, the Vault lock, and the ingress auth-comment check) rather than calling terragrunt directly. - tf apply is presence-coupled: claims stack:<name>, ALWAYS releases on exit (normal, error, or SIGINT/SIGTERM via sync.Once + signal handler) — fixing the documented ~200-claim leak — and prints an out-of-band reminder since CI applies canonically on push. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
ed6f22fd53
commit
36d562c15c
8 changed files with 362 additions and 0 deletions
54
cli/stack.go
Normal file
54
cli/stack.go
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// findInfraRoot walks up from start to the infra repo root — the directory
|
||||
// holding both terragrunt.hcl and a stacks/ directory.
|
||||
func findInfraRoot(start string) (string, error) {
|
||||
dir := start
|
||||
for {
|
||||
if isFile(filepath.Join(dir, "terragrunt.hcl")) && isDir(filepath.Join(dir, "stacks")) {
|
||||
return dir, nil
|
||||
}
|
||||
parent := filepath.Dir(dir)
|
||||
if parent == dir {
|
||||
return "", fmt.Errorf("not inside an infra checkout (no terragrunt.hcl + stacks/ found above %s)", start)
|
||||
}
|
||||
dir = parent
|
||||
}
|
||||
}
|
||||
|
||||
// resolveStack maps a bare stack name to its directory under <infraRoot>/stacks.
|
||||
func resolveStack(infraRoot, name string) (string, error) {
|
||||
dir := filepath.Join(infraRoot, "stacks", name)
|
||||
if isDir(dir) {
|
||||
return dir, nil
|
||||
}
|
||||
avail := listStacks(infraRoot)
|
||||
return "", fmt.Errorf("stack %q not found under stacks/; available: %s", name, strings.Join(avail, ", "))
|
||||
}
|
||||
|
||||
// listStacks returns the sorted names of every directory under <infraRoot>/stacks.
|
||||
func listStacks(infraRoot string) []string {
|
||||
entries, err := os.ReadDir(filepath.Join(infraRoot, "stacks"))
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
var out []string
|
||||
for _, e := range entries {
|
||||
if e.IsDir() {
|
||||
out = append(out, e.Name())
|
||||
}
|
||||
}
|
||||
sort.Strings(out)
|
||||
return out
|
||||
}
|
||||
|
||||
func isFile(p string) bool { fi, err := os.Stat(p); return err == nil && !fi.IsDir() }
|
||||
func isDir(p string) bool { fi, err := os.Stat(p); return err == nil && fi.IsDir() }
|
||||
Loading…
Add table
Add a link
Reference in a new issue