Adds disaster recovery tooling for the terraform promotion script #542
Conversation
Adds tooling to locally run promotions to the terraform registry in the event of errors in the Drone process. Expected process is expected to look something like: ``` $ (cd tooling; go build -o .. ./cmd/with-secrets) $ sops -d $plugins_secrets | ./with-secrets ./tooling/bin/release $terraform_provider_version ``` ...substituting the appropriate `$plugins_secrets` Drone secrets file and `$terrafom_provider_version` tag (e.g. `terraform-provider-teleport-v9.1.3`)
tcsc
requested review from
klizhentas,
russjones,
r0mant,
Joerger and
zmb3
as code owners
There was a problem hiding this comment.
Expected process looks something like:
$ (cd tooling; go build -o .. ./cmd/with-secrets) $ sops -d $plugins_secrets | ./with-secrets ./tooling/bin/release $terraform_provider_version...substituting the appropriate
$plugins_secretsDrone secrets file and$terrafom_provider_versiontag (e.g.terraform-provider-teleport-v9.1.3)
Could we capture these instructions in a README.md, or maybe RELEASE.md? I see value in the scripts as a template for how things happen, but I'm concerned without context, only you or I would know what to do with them.
Also: It'd be worth having pointers in both these scripts and the drone logic to each other, to help increase the chance they stay in sync. I expect updates will get made to one, but not the other eventually. Any quick edits to decrease that likelihood is time well invested IMO.
Or maybe chuck a commit into |
|
I've created a bare-bones |
Adds tooling to locally run promotions to the terraform registry in the event of errors in the Drone process.
Expected process looks something like:
...substituting the appropriate
$plugins_secretsDrone secrets file and$terrafom_provider_versiontag (e.g.terraform-provider-teleport-v9.1.3)See
tooling/cmd/with-secrets/main.gofor more info on whywith-secretsis required.