Skip to content

Commit 62b3a16

Browse files
committed
feat: initial implementation of Terraform Provider for Pocket-ID
- Implement OIDC client resource with full CRUD operations - Implement user resource with group management - Implement group resource for access control - Add data sources for querying clients and users - Add comprehensive HTTP client with retry logic and logging - Include unit tests and acceptance test framework - Add complete documentation for all resources - Configure CI/CD with GitHub Actions - Add GoReleaser configuration for automated releases - Include comprehensive examples and development tooling
0 parents  commit 62b3a16

34 files changed

Lines changed: 7343 additions & 0 deletions

.github/workflows/ci.yml

Lines changed: 270 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,270 @@
1+
name: CI
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
- develop
8+
tags:
9+
- 'v*'
10+
pull_request:
11+
branches:
12+
- main
13+
- develop
14+
15+
env:
16+
GO_VERSION: '1.21'
17+
GOLANGCI_LINT_VERSION: 'v1.55'
18+
19+
jobs:
20+
lint:
21+
name: Lint
22+
runs-on: ubuntu-latest
23+
steps:
24+
- name: Checkout code
25+
uses: actions/checkout@v4
26+
27+
- name: Set up Go
28+
uses: actions/setup-go@v5
29+
with:
30+
go-version: ${{ env.GO_VERSION }}
31+
cache: true
32+
33+
- name: Run golangci-lint
34+
uses: golangci/golangci-lint-action@v3
35+
with:
36+
version: ${{ env.GOLANGCI_LINT_VERSION }}
37+
args: --timeout 5m
38+
39+
- name: Check code formatting
40+
run: |
41+
if [ -n "$(gofmt -l .)" ]; then
42+
echo "The following files need formatting:"
43+
gofmt -l .
44+
exit 1
45+
fi
46+
47+
test:
48+
name: Test
49+
runs-on: ubuntu-latest
50+
strategy:
51+
matrix:
52+
go-version: ['1.20', '1.21']
53+
steps:
54+
- name: Checkout code
55+
uses: actions/checkout@v4
56+
57+
- name: Set up Go
58+
uses: actions/setup-go@v5
59+
with:
60+
go-version: ${{ matrix.go-version }}
61+
cache: true
62+
63+
- name: Download dependencies
64+
run: go mod download
65+
66+
- name: Run tests
67+
run: go test -v -cover -coverprofile=coverage.out ./internal/...
68+
69+
- name: Upload coverage reports
70+
uses: codecov/codecov-action@v3
71+
if: matrix.go-version == env.GO_VERSION
72+
with:
73+
file: ./coverage.out
74+
flags: unittests
75+
name: codecov-umbrella
76+
77+
build:
78+
name: Build
79+
runs-on: ubuntu-latest
80+
needs: [lint, test]
81+
strategy:
82+
matrix:
83+
include:
84+
- os: linux
85+
arch: amd64
86+
- os: linux
87+
arch: arm64
88+
- os: darwin
89+
arch: amd64
90+
- os: darwin
91+
arch: arm64
92+
- os: windows
93+
arch: amd64
94+
steps:
95+
- name: Checkout code
96+
uses: actions/checkout@v4
97+
98+
- name: Set up Go
99+
uses: actions/setup-go@v5
100+
with:
101+
go-version: ${{ env.GO_VERSION }}
102+
cache: true
103+
104+
- name: Build binary
105+
env:
106+
GOOS: ${{ matrix.os }}
107+
GOARCH: ${{ matrix.arch }}
108+
run: |
109+
output="terraform-provider-pocketid_${{ matrix.os }}_${{ matrix.arch }}"
110+
if [ "${{ matrix.os }}" = "windows" ]; then
111+
output="${output}.exe"
112+
fi
113+
go build -o "$output" -ldflags "-X main.version=${{ github.ref_name }}" .
114+
115+
- name: Upload artifacts
116+
uses: actions/upload-artifact@v3
117+
with:
118+
name: terraform-provider-pocketid_${{ matrix.os }}_${{ matrix.arch }}
119+
path: terraform-provider-pocketid*
120+
121+
acceptance-tests:
122+
name: Acceptance Tests
123+
runs-on: ubuntu-latest
124+
needs: [lint, test]
125+
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
126+
services:
127+
pocket-id:
128+
image: ghcr.io/pocket-id/pocket-id:latest
129+
ports:
130+
- 8080:80
131+
env:
132+
PUBLIC_APP_URL: http://localhost:8080
133+
options: >-
134+
--health-cmd "curl -f http://localhost/health || exit 1"
135+
--health-interval 10s
136+
--health-timeout 5s
137+
--health-retries 5
138+
steps:
139+
- name: Checkout code
140+
uses: actions/checkout@v4
141+
142+
- name: Set up Go
143+
uses: actions/setup-go@v5
144+
with:
145+
go-version: ${{ env.GO_VERSION }}
146+
cache: true
147+
148+
- name: Wait for Pocket-ID to be ready
149+
run: |
150+
for i in {1..30}; do
151+
if curl -f http://localhost:8080/health; then
152+
echo "Pocket-ID is ready"
153+
break
154+
fi
155+
echo "Waiting for Pocket-ID to be ready..."
156+
sleep 2
157+
done
158+
159+
- name: Set up Pocket-ID
160+
run: |
161+
# This would typically involve:
162+
# 1. Creating an admin user
163+
# 2. Getting an API token
164+
# For now, we'll skip this as it requires UI interaction
165+
echo "Pocket-ID setup would go here"
166+
167+
- name: Run acceptance tests
168+
env:
169+
TF_ACC: "1"
170+
POCKETID_BASE_URL: "http://localhost:8080"
171+
POCKETID_API_TOKEN: ${{ secrets.TEST_API_TOKEN }}
172+
run: |
173+
# Skip acceptance tests if no API token is available
174+
if [ -z "$POCKETID_API_TOKEN" ]; then
175+
echo "Skipping acceptance tests - no API token available"
176+
exit 0
177+
fi
178+
go test -v -timeout 30m ./internal/... -tags=acc
179+
180+
docs:
181+
name: Documentation
182+
runs-on: ubuntu-latest
183+
needs: [lint, test]
184+
steps:
185+
- name: Checkout code
186+
uses: actions/checkout@v4
187+
188+
- name: Set up Go
189+
uses: actions/setup-go@v5
190+
with:
191+
go-version: ${{ env.GO_VERSION }}
192+
cache: true
193+
194+
- name: Install tfplugindocs
195+
run: go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest
196+
197+
- name: Generate documentation
198+
run: tfplugindocs generate
199+
200+
- name: Check for uncommitted changes
201+
run: |
202+
if [[ -n $(git status -s) ]]; then
203+
echo "Documentation is out of date. Please run 'make docs' and commit the changes."
204+
git diff
205+
exit 1
206+
fi
207+
208+
release:
209+
name: Release
210+
runs-on: ubuntu-latest
211+
needs: [lint, test, build]
212+
if: startsWith(github.ref, 'refs/tags/v')
213+
steps:
214+
- name: Checkout code
215+
uses: actions/checkout@v4
216+
with:
217+
fetch-depth: 0
218+
219+
- name: Set up Go
220+
uses: actions/setup-go@v5
221+
with:
222+
go-version: ${{ env.GO_VERSION }}
223+
cache: true
224+
225+
- name: Import GPG key
226+
id: import_gpg
227+
uses: crazy-max/ghaction-import-gpg@v6
228+
with:
229+
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
230+
passphrase: ${{ secrets.GPG_PASSPHRASE }}
231+
232+
- name: Run GoReleaser
233+
uses: goreleaser/goreleaser-action@v5
234+
with:
235+
version: latest
236+
args: release --clean
237+
env:
238+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
239+
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
240+
241+
security-scan:
242+
name: Security Scan
243+
runs-on: ubuntu-latest
244+
needs: [lint, test]
245+
steps:
246+
- name: Checkout code
247+
uses: actions/checkout@v4
248+
249+
- name: Run Trivy vulnerability scanner
250+
uses: aquasecurity/trivy-action@master
251+
with:
252+
scan-type: 'fs'
253+
scan-ref: '.'
254+
format: 'sarif'
255+
output: 'trivy-results.sarif'
256+
257+
- name: Upload Trivy scan results to GitHub Security tab
258+
uses: github/codeql-action/upload-sarif@v2
259+
with:
260+
sarif_file: 'trivy-results.sarif'
261+
262+
- name: Run gosec security scanner
263+
uses: securego/gosec@master
264+
with:
265+
args: '-fmt sarif -out gosec-results.sarif ./...'
266+
267+
- name: Upload gosec results
268+
uses: github/codeql-action/upload-sarif@v2
269+
with:
270+
sarif_file: 'gosec-results.sarif'

.gitignore

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
# Binaries
2+
terraform-provider-pocketid
3+
*.exe
4+
*.dll
5+
*.so
6+
*.dylib
7+
8+
# Test binary, built with `go test -c`
9+
*.test
10+
11+
# Output of the go coverage tool
12+
*.out
13+
coverage.html
14+
15+
# Dependency directories
16+
vendor/
17+
18+
# Go workspace file
19+
go.work
20+
21+
# IDE files
22+
.idea/
23+
.vscode/
24+
*.swp
25+
*.swo
26+
*~
27+
28+
# Terraform files
29+
*.tfstate
30+
*.tfstate.*
31+
.terraform/
32+
.terraform.lock.hcl
33+
crash.log
34+
*.tfvars
35+
override.tf
36+
override.tf.json
37+
*_override.tf
38+
*_override.tf.json
39+
40+
# OS files
41+
.DS_Store
42+
Thumbs.db
43+
44+
# Build artifacts
45+
dist/
46+
47+
# Test output
48+
test/terraform.tfstate*
49+
test/.terraform/
50+
test/.terraform.lock.hcl
51+
52+
# Local development
53+
.terraformrc
54+
pocket-id-source/

0 commit comments

Comments
 (0)