Wait and run terraform tests in parallel

.github/workflows/ci.yaml

@@ -150,7 +150,7 @@ jobs:
       - name: Windsor Up
         run: |
           windsor init local --set dns.enabled=false
-          windsor up --install --verbose
+          windsor up --install --verbose --wait
 
       - name: Collect Windsor State
         if: always()

Taskfile.yaml

@@ -3,64 +3,67 @@ version: '3'
 tasks:
   scan:
     desc: Scan for security vulnerabilities
+    silent: true
     cmds:
-      - source .venv/bin/activate && checkov -d {{.CLI_ARGS | default "terraform/"}} 2>/dev/null
+      - cmd: source .venv/bin/activate && checkov -d {{.CLI_ARGS | default "terraform/"}} 2>/dev/null
 
   test:
     desc: Run Terraform tests (all or specific module)
+    silent: true
     cmds:
-      - |
-        MODULE={{.CLI_ARGS | default "terraform"}}
-        if [ -d "$MODULE" ]; then
-          # Create a temporary directory for test results
-          TEMP_DIR=$(mktemp -d)
-          # Find all test files and run them in parallel
-          find "$MODULE" -type f -name '*.tftest.hcl' | while read testfile; do
-            testdir=$(dirname "$testfile")
-            (
-              cd "$testdir" && \
-              terraform init -input=false -reconfigure && \
-              terraform test > "$TEMP_DIR/$(basename "$testfile").log" 2>&1 || \
-              echo "FAILED: $testfile" >> "$TEMP_DIR/failures"
-            ) &
-          done
-          # Wait for all background jobs to complete
-          wait
-          # Check if any tests failed
-          if [ -f "$TEMP_DIR/failures" ]; then
-            echo "Test failures:"
-            cat "$TEMP_DIR/failures"
-            echo "Test logs:"
-            find "$TEMP_DIR" -name "*.log" -type f -exec echo "=== {} ===" \; -exec cat {} \;
+      - cmd: |
+          MODULE={{.CLI_ARGS | default "terraform"}}
+          if [ -d "$MODULE" ]; then
+            # Create a temporary directory for test results
+            TEMP_DIR=$(mktemp -d)
+            # Find all test files and run them in parallel
+            find "$MODULE" -type f -name '*.tftest.hcl' | while read testfile; do
+              testdir=$(dirname "$testfile")
+              (
+                cd "$testdir" && \
+                echo "Running tests in $testdir..." && \
+                terraform init -input=false -reconfigure && \
+                terraform test || \
+                echo "FAILED: $testfile" >> "$TEMP_DIR/failures"
+              ) &
+            done
+            # Wait for all background jobs to complete
+            wait
+            # Check if any tests failed
+            if [ -f "$TEMP_DIR/failures" ]; then
+              echo "Test failures:"
+              cat "$TEMP_DIR/failures"
+              rm -rf "$TEMP_DIR"
+              exit 1
+            fi
             rm -rf "$TEMP_DIR"
+          else
+            echo "Module path '$MODULE' does not exist."
             exit 1
           fi
-          rm -rf "$TEMP_DIR"
-        else
-          echo "Module path '$MODULE' does not exist."
-          exit 1
-        fi
 
   fmt:
     desc: Check Terraform formatting
+    silent: true
     cmds:
-      - terraform fmt -recursive
+      - cmd: terraform fmt -recursive
 
   docs:
     desc: Generate Terraform documentation
+    silent: true
     cmds:
-      - rm -rf docs/terraform/*
-      - |
-        find terraform -type d -exec test -e '{}/main.tf' -a -e '{}/variables.tf' \; -print | while read -r dir; do
-          if [[ "$dir" == *"/modules/"* ]]; then
-            continue
-          fi
-          rel_path="${dir#terraform/}"
-          output_file="docs/terraform/$rel_path.md"
-          mkdir -p "$(dirname "$output_file")"
-          if [ -f "$dir/README.md" ]; then
-            cat "$dir/README.md" > "$output_file"
-            echo >> "$output_file"
-          fi
-          docker run --rm -v "$(pwd):/src" -w "/src/$dir" quay.io/terraform-docs/terraform-docs:0.20.0 markdown . >> "$output_file"
-        done
+      - cmd: rm -rf docs/terraform/*
+      - cmd: |
+          find terraform -type d -exec test -e '{}/main.tf' -a -e '{}/variables.tf' \; -print | while read -r dir; do
+            if [[ "$dir" == *"/modules/"* ]]; then
+              continue
+            fi
+            rel_path="${dir#terraform/}"
+            output_file="docs/terraform/$rel_path.md"
+            mkdir -p "$(dirname "$output_file")"
+            if [ -f "$dir/README.md" ]; then
+              cat "$dir/README.md" > "$output_file"
+              echo >> "$output_file"
+            fi
+            docker run --rm -v "$(pwd):/src" -w "/src/$dir" quay.io/terraform-docs/terraform-docs:0.20.0 markdown . >> "$output_file"
+          done

contexts/local/blueprint.yaml

@@ -14,39 +14,33 @@ sources:
   ref:
     branch: main
 terraform:
-- source: core
-  path: cluster/talos
-- source: core
-  path: gitops/flux
+- path: cluster/talos
+- path: gitops/flux
   destroy: false
 kustomize:
 - name: telemetry-base
   path: telemetry/base
-  source: core
   components:
   - prometheus
   - prometheus/flux
 - name: telemetry-resources
   path: telemetry/resources
-  source: core
   dependsOn:
   - telemetry-base
   components:
+  - metrics-server
   - prometheus
   - prometheus/flux
 - name: policy-base
   path: policy/base
-  source: core
   components:
   - kyverno
 - name: policy-resources
   path: policy/resources
-  source: core
   dependsOn:
   - policy-base
 - name: csi
   path: csi
-  source: core
   dependsOn:
   - policy-resources
   force: true
@@ -55,7 +49,6 @@ kustomize:
   - openebs/dynamic-localpv
 - name: ingress-base
   path: ingress/base
-  source: core
   dependsOn:
   - pki-resources
   force: true
@@ -67,7 +60,6 @@ kustomize:
   - nginx/web
 - name: pki-base
   path: pki/base
-  source: core
   dependsOn:
   - policy-resources
   force: true
@@ -76,7 +68,6 @@ kustomize:
   - trust-manager
 - name: pki-resources
   path: pki/resources
-  source: core
   dependsOn:
   - pki-base
   force: true
@@ -85,7 +76,6 @@ kustomize:
   - public-issuer/selfsigned
 - name: dns
   path: dns
-  source: core
   dependsOn:
   - pki-base
   force: true
@@ -98,7 +88,6 @@ kustomize:
   - external-dns/ingress
 - name: gitops
   path: gitops/flux
-  source: core
   dependsOn:
   - ingress-base
   force: true

contexts/local/terraform/cluster/talos.tfvars

@@ -32,10 +32,15 @@ common_config_patches = <<EOF
     "certSANs":
     - "localhost"
     - "127.0.0.1"
+  "extraManifests":
+  - "https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml"
 "machine":
   "certSANs":
   - "localhost"
   - "127.0.0.1"
+  "kubelet":
+    "extraArgs":
+      "rotate-server-certificates": "true"
   "network":
     "interfaces":
     - "ignore": true
@@ -78,4 +83,3 @@ worker_config_patches = <<EOF
       "source": "/var/local"
       "type": "bind"
 EOF
-

docs/terraform/cluster/talos.md

@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_local"></a> [local](#provider\_local) | 2.5.2 |
+| <a name="provider_local"></a> [local](#provider\_local) | 2.5.3 |
 | <a name="provider_null"></a> [null](#provider\_null) | 3.2.4 |
 | <a name="provider_talos"></a> [talos](#provider\_talos) | 0.8.1 |
 

lefthook.yml

@@ -4,13 +4,15 @@ pre-commit:
     terraform-fmt:
       glob: "*.{tf,tfvars}"
       run: terraform fmt {staged_files}
+      stage_fixed: true
+    terraform-docs:
+      glob: "*.{tf,tfvars}"
+      run: task docs
+      stage_fixed: true
 
 pre-push:
   parallel: true
   commands:
     terraform-test:
       glob: "*.{tf,tfvars}"
       run: task test
-    terraform-docs:
-      glob: "*.{tf,tfvars}"
-      run: task docs