[HN Gopher] My attempt at Gitlab PR review environments with Nomad
       ___________________________________________________________________
        
       My attempt at Gitlab PR review environments with Nomad
        
       Author : mrmattyboy
       Score  : 28 points
       Date   : 2024-02-25 09:06 UTC (13 hours ago)
        
 (HTM) web link (blog.mattsbit.co.uk)
 (TXT) w3m dump (blog.mattsbit.co.uk)
        
       | mdaniel wrote:
       | heh, terraform is just ... special                 resource
       | "nomad_job" "terrareg" {         jobspec = <<EOHCL       job
       | "terrareg" {
       | 
       | but to be actually constructive, a fun trick is that one can
       | patch this stanza in via the GL pipeline and thus allow local
       | $(tofu plan) runs without needing, or running the risk of, live
       | gitlab credentials                 variables:         # Backend
       | required for Gitlab state         BACKEND_TF: |
       | terraform {             backend "http" {             }
       | }       before_script:       - echo "$BACKEND_TF" > backend.tf
       | 
       | it may also interest this audience that due to gitlab's in-
       | container shell detection scheme, often a better entrypoint
       | override is entrypoint: ["/usr/bin/env"] (assuming such a thing
       | exists, of course)
        
         | mrmattyboy wrote:
         | Hey :)
         | 
         | That's a good idea for the backend - thank you!
         | 
         | And yes, I should have used the used a separate HCL file for
         | the nomad_job - aside from being cleaner, it would have also
         | avoided some horrific JSON encode that I had to use for an
         | environment variable (think: `env { blah = eplace("\"",
         | "\\\\\"", jsonencode(local.something))`), since I could just
         | pass the jsonencode value straight to the value of the
         | parameter, rather than getting Terraform to convert it to a
         | string for the template.
        
       | mrmattyboy wrote:
       | One thing that I haven't out how to do is allowing
       | unauthenticated Gitlab users to view deployments/environments for
       | public projects.
       | 
       | Not only is the "deployments" tab missing (which isn't the _end_
       | of the world), but the environment (with the link to the
       | instance) isn't shown in pull requests until the user logs in.
       | 
       | Does anyone know if this is possible? I couldn't find much in
       | Gitlab's docs
        
       | salamander014 wrote:
       | Hey this is very cool.
       | 
       | I did something similar with Kubernetes, work has some OSE
       | clusters that will generate DNS for you, it works great and the
       | devs love using it. It's a little bespoke but its simple and gets
       | a lot of attention.
       | 
       | Plus since the namespaces preexist the workloads, we spin them up
       | for the entire branch lifetime (times out after n days). Makes
       | everyones jobs a lot easier.
       | 
       | Anything that helps shift lifecycle requirements and testing left
       | has huge impact on DX.
        
       ___________________________________________________________________
       (page generated 2024-02-25 23:01 UTC)