Setting embedded_manifest to true and repo visibility to private.

Signed-off-by: Steven Wade <[email protected]>

Author: swade1987

.github/workflows/check-examples.yaml

@@ -0,0 +1,48 @@
+name: Check examples
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "examples/**"
+      - "**.go"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "examples/**"
+      - "**.go"
+  workflow_dispatch:
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        terraform_version:
+          - "1.6.0"
+          - "1.7.0"
+          - "1.8.0"
+    env:
+      TERM: linux
+    steps:
+      - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
+        with:
+          terraform_version: ${{ matrix.terraform_version }}
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+          cache-dependency-path: |
+            **/go.sum
+            **/go.mod
+      - name: Build provider
+        run: |
+          go build
+      - name: Check examples run
+        run: |
+          ./scripts/check_examples.sh

.github/workflows/pre-commit.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
       - id: check-byte-order-marker
       - id: check-case-conflict
@@ -23,7 +23,7 @@ repos:
       - id: go-unit-tests
       - id: golangci-lint
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.0
+    rev: v1.88.2
     files: examples
     hooks:
       - id: terraform_fmt
@@ -33,18 +33,19 @@ repos:
           - '--args=--lockfile=false'
       - id: terraform_tflint
         args:
-          - '--args=--only=terraform_deprecated_interpolation'
-          - '--args=--only=terraform_deprecated_index'
-          - '--args=--only=terraform_unused_declarations'
           - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_deprecated_interpolation'
           - '--args=--only=terraform_documented_outputs'
           - '--args=--only=terraform_documented_variables'
-          - '--args=--only=terraform_typed_variables'
           - '--args=--only=terraform_module_pinned_source'
           - '--args=--only=terraform_naming_convention'
-          - '--args=--only=terraform_required_version'
           - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_required_version'
           - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_unused_required_providers'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/FalcoSuessgott/tfplugindocs
     rev: v0.0.2

.pre-commit-config.yaml

@@ -40,7 +40,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -98,6 +98,7 @@ resource "kubernetes_secret" "ssh_keypair" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this, kubernetes_secret.ssh_keypair]
 
-  path                    = "clusters/my-cluster"
   disable_secret_creation = true
+  embedded_manifests      = true
+  path                    = "clusters/my-cluster"
 }

examples/github-self-managed-ssh-keypair/main.tf

@@ -32,7 +32,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -43,5 +43,6 @@ resource "github_repository" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/github-via-pat/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,5 +63,6 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/github-via-ssh-with-gpg/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,5 +63,6 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/github-via-ssh/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,10 +63,11 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
   components_extra = [
     "image-reflector-controller",
     "image-automation-controller"
   ]
+  embedded_manifests     = true
   kustomization_override = file("${path.root}/resources/flux-kustomization-patch.yaml")
+  path                   = "clusters/my-cluster"
 }

examples/github-with-customizations/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "github_repository" "this" {
   name        = var.github_repository
   description = var.github_repository
-  visibility  = "public"
+  visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
 }
 
@@ -63,10 +63,11 @@ resource "github_repository_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [github_repository_deploy_key.this]
 
-  path = "clusters/my-cluster"
   components_extra = [
     "image-reflector-controller",
     "image-automation-controller"
   ]
+  embedded_manifests     = true
   kustomization_override = templatefile("${path.root}/resources/flux-kustomization-patch.tftpl", { role_arn = var.role_arn })
+  path                   = "clusters/my-cluster"
 }

examples/github-with-inline-customizations/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "gitlab_project" "this" {
   name                   = var.gitlab_project
   description            = "flux-bootstrap"
-  visibility_level       = "public"
+  visibility_level       = "private"
   initialize_with_readme = true # This is extremely important as Flux expects an initialised repository
 }
 
@@ -63,5 +63,6 @@ resource "gitlab_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [gitlab_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/gitlab-via-ssh-with-gpg/main.tf

@@ -36,7 +36,7 @@ resource "kind_cluster" "this" {
 resource "gitlab_project" "this" {
   name                   = var.gitlab_project
   description            = "flux-bootstrap"
-  visibility_level       = "public"
+  visibility_level       = "private"
   initialize_with_readme = true # This is extremely important as Flux expects an initialised repository
 }
 
@@ -63,5 +63,6 @@ resource "gitlab_deploy_key" "this" {
 resource "flux_bootstrap_git" "this" {
   depends_on = [gitlab_deploy_key.this]
 
-  path = "clusters/my-cluster"
+  embedded_manifests = true
+  path               = "clusters/my-cluster"
 }

examples/gitlab-via-ssh/main.tf

@@ -14,7 +14,6 @@ However, using the Flux Helm chart is a better option when Flux needs to be inst
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.7.0 |
-| <a name="requirement_flux"></a> [flux](#requirement\_flux) | >= 1.2 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | >= 6.1 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.12 |
 | <a name="requirement_kind"></a> [kind](#requirement\_kind) | >= 0.4 |

examples/helm-install/README.md

@@ -2,10 +2,6 @@ terraform {
   required_version = ">= 1.7.0"
 
   required_providers {
-    flux = {
-      source  = "fluxcd/flux"
-      version = ">= 1.2"
-    }
     github = {
       source  = "integrations/github"
       version = ">= 6.1"

examples/helm-install/main.tf

@@ -203,6 +203,8 @@ func (r *bootstrapGitResource) Schema(ctx context.Context, req resource.SchemaRe
 			"embedded_manifests": schema.BoolAttribute{
 				Description: "When enabled, the Flux manifests will be extracted from the provider binary instead of being downloaded from github.com. Defaults to `false`.",
 				Optional:    true,
+				Computed:    true,
+				Default:     booldefault.StaticBool(false),
 			},
 			"id": schema.StringAttribute{
 				Computed: true,

internal/provider/resource_bootstrap_git.go

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+set -x
+set -e
+
+TF_IN_AUTOMATION=true
+TF_PLUGIN_VERSION="99.0.0"
+TF_PLUGIN_BINARY_NAME="terraform-provider-flux"
+TF_PLUGIN_BINARY_PATH="${HOME}/.terraform.d/plugins/registry.terraform.io/fluxcd/flux/$TF_PLUGIN_VERSION/$(go env GOOS)_$(go env GOARCH)/"
+
+if [ ! -f $TF_PLUGIN_BINARY_PATH ]; then
+    mkdir -p $TF_PLUGIN_BINARY_PATH
+fi
+
+cp ./$TF_PLUGIN_BINARY_NAME $TF_PLUGIN_BINARY_PATH
+
+SKIP_CHECKS=.skip_checks
+for example in $PWD/examples/*; do
+    cd "$example"
+    echo 🔍 $(tput bold)$(tput setaf 3)Checking $(basename $example)...
+    if [ -f "$SKIP_CHECKS" ]; then
+        echo "$SKIP_CHECKS specified. Skipping this example."
+        continue
+    fi
+    terraform init
+    terraform validate
+    terraform plan -out tfplan > /dev/null
+    terraform apply tfplan
+    terraform refresh
+    terraform destroy -auto-approve
+    echo
+done