feat: generate logan-terraform jobs dynamically
This allows us to build images for new versions of Terraform as soon as they are released.
Copying this straight out of the included script as it gives a good account of what this change aims to achieve.
This script is used to dynamically generate the logan-terraform image build jobs for each minor release of Terraform. The job uses the Hashicorp releases API to search for the latest patch release for every minor release of Terraform, starting at 1.1.x. It then generates a GitLab pipeline yaml file containing the job configuration which is triggered in the main .gitlab-ci.yml pipeline.
This ensures that we:
Build logan-terraform images for new minor versions of Terraform automatically.
Automatically use the latest patch release for any versions of logan-terraform that have previously been built.
- For example, if we'd previously built logan-terraform-1.3 using Terraform version 1.3.9, this job would automatically detect that 1.3.10 had been released and our logan-terraform-1.3 image would automatically be built using the newer version the next time the pipeline is run.
Here is an example pipeline:
https://gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/-/pipelines/412956
Also, if you simply run the script in the repo (i.e. ./scripts/generate-logan-terraform-jobs.py
), a logan-terraform-jobs.yaml
file is created in the current directory with the generated job configuration for inspection.
NOTE - To simplify this I have removed the SH256 checking of the Terraform binaries. I personally think this is acceptable but I appreciate others may not want this removed. It would be significantly more difficult to implement the check in this automation given the multi-arch etc. So I guess we would way up which is more important.
Part of #77 (closed)