.drone.yml

---
global-variables:
  vault-image: &vault-image docker.digital.homeoffice.gov.uk/dq/dq-vault-awscli:1.43

kind: pipeline
name: default
type: kubernetes
platform:
  os: linux
  arch: amd64

x-anchors:
  retrieve-deployment-aws-key: &retrieve-deployment-aws-key
    # Retrive vault secrets
    - vault read aws_dacc_dq/creds/drone > aws_creds.json
    - export LEASE_ID=$(cat aws_creds.json | grep lease_id | awk -F ' ' '{print $2}')
    # Update the token TTL to 10mins
    - vault lease renew -increment=600 $${LEASE_ID}
    # Get the AWS credentials
    - echo "export AWS_ACCESS_KEY_ID=$(cat aws_creds.json | grep access_key | awk -F ' ' '{print $2}')" > set_aws_secrets.sh
    - echo "export AWS_SECRET_ACCESS_KEY=$(cat aws_creds.json | grep secret_key | awk -F ' ' '{print $2}')" >> set_aws_secrets.sh
    - echo "export AWS_DEFAULT_REGION=eu-west-2" >> set_aws_secrets.sh
    # Since AWS is eventually consistent we need to sleep a little while so the AWS key is created and made available
    - sleep 15

steps:
- name: run-fmt-tests
  pull: always
  image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind:latest
  commands:
  - /usr/local/bin/wait 30
  - docker run --rm -v $(pwd):/data -w /data hashicorp/terraform fmt --diff --check
  when:
    event:
    - push

- name: retrieve_aws_secrets_test
  pull: if-not-exists
  image: *vault-image
  commands:
    *retrieve-deployment-aws-key
  environment:
    VAULT_ADDR:
      from_secret: VAULT_ADDR_NOTPROD
    VAULT_TOKEN:
      from_secret: VAULT_TOKEN_NOTPROD
  when:
    event:
      - push
      - promote

- name: run-testrunner-tests
  pull: if-not-exists
  image: quay.io/ukhomeofficedigital/tf-testrunner:32
  commands:
  - source ./set_aws_secrets.sh
  - python -m unittest tests/*_test.py
  when:
    event:
    - push

- name: renew-vault-tokens
  pull: if-not-exists
  image: *vault-image
  commands:

    # the below Dev section needs to be uncommented
    - export VAULT_TOKEN=$${VAULT_TOKEN_DEV}
    - export VAULT_ADDR=$${VAULT_ADDR_DEV}
    - vault token renew > /dev/null
  environment:
    VAULT_ADDR_DEV:
      from_secret: VAULT_ADDR_DEV
    VAULT_TOKEN_DEV:
      from_secret: VAULT_TOKEN_DEV
  when:
    event:
      - cron
    cron:
      - renew-vault-tokens

services:
  - name: docker
    image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind:latest