.drone.yml

---
global-variables:
#  testrunner-image: &testrunner-image quay.io/ukhomeofficedigital/tf-testrunner:32
  testrunner-image: &testrunner-image quay.io/ukhomeofficedigital/tf-testrunner:TF1.6
  vault-image: &vault-image docker.digital.homeoffice.gov.uk/dq/dq-vault-awscli:1.43

kind: pipeline
name: default
type: kubernetes

platform:
  os: linux
  arch: amd64

x-anchors:
  retrieve-deployment-aws-key: &retrieve-deployment-aws-key
    - vault --version
    # Set AWS Account from step's environment variable AWS_ENV
    - export AWS_CREDS_FILE="aws_creds_$${AWS_ENV}.json"
    - export AWS_SECRETS_FILE="set_aws_secrets_$${AWS_ENV}.sh"
    # Retrieve vault secrets
    - vault read aws_dacc_dq/creds/drone > $${AWS_CREDS_FILE}
    - export LEASE_ID=$(cat $${AWS_CREDS_FILE} | grep lease_id | awk -F ' ' '{print $2}')
    - export ACCESS_KEY=$(cat $${AWS_CREDS_FILE} | grep access_key | awk -F ' ' '{print $2}')
    - export SECRET_KEY=$(cat $${AWS_CREDS_FILE} | grep secret_key | awk -F ' ' '{print $2}')
    - export REGION=eu-west-2
    # Update the token TTL to 10mins
    - vault lease renew -increment=3600 $${LEASE_ID}
    # Get the AWS credentials - to allow TestRunner access to the Target Account
    - echo "export AWS_ACCESS_KEY_ID=$${ACCESS_KEY}" > $${AWS_SECRETS_FILE}
    - echo "export AWS_SECRET_ACCESS_KEY=$${SECRET_KEY}" >> $${AWS_SECRETS_FILE}
    - echo "export AWS_DEFAULT_REGION=$${REGION}" >> $${AWS_SECRETS_FILE}

  check-format: &check-format
    - terraform --version
    - terraform fmt --diff --check

  run-testrunner: &run-testrunner
    # Get AWS secrets for Target Account
    - export AWS_SECRETS_FILE="set_aws_secrets_$${AWS_ENV}.sh"
    - source ./$${AWS_SECRETS_FILE}
    - python -m unittest tests/*_test.py

steps:
- name: retrieve_aws_secrets_test
  pull: if-not-exists
  image: *vault-image
  commands:
    *retrieve-deployment-aws-key
  environment:
    AWS_ENV: test
    VAULT_ADDR:
      from_secret: VAULT_ADDR_DEV
    VAULT_TOKEN:
      from_secret: VAULT_TOKEN_DEV
  when:
    event:
      - push

- name: check-format
  pull: always
  image: *testrunner-image
  commands: *check-format
  when:
    event:
      - push

- name: run-testrunner-tests
  pull: if-not-exists
  image: *testrunner-image
  commands: *run-testrunner
  environment:
    AWS_ENV: test
  when:
    event:
      - push