Last active
January 30, 2018 14:35
-
-
Save iGEL/3cecd4bf5518a627cb2aaf9802c37f14 to your computer and use it in GitHub Desktop.
Enforce terraform workspaces can be only applied from a certain branch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: https://gist.github.com/iGEL/3cecd4bf5518a627cb2aaf9802c37f14 | |
| # Fails if the user is currently not on the configured branch in git. | |
| # Output doesn't matter, only that it succeeds (exit status 0). | |
| # Current terraform version: v0.11.2 | |
| data "external" "enforce_workspace" { | |
| program = ["./git-branch"] | |
| query = { | |
| workspace = "${terraform.workspace}" | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # Source: https://gist.github.com/iGEL/3cecd4bf5518a627cb2aaf9802c37f14 | |
| require "json" | |
| MAP = { | |
| "staging" => "master", | |
| "demo" => "production", | |
| "default" => "production" | |
| } | |
| workspace = JSON.parse(STDIN.gets)["workspace"] | |
| branch = `git rev-parse --abbrev-ref HEAD`.strip | |
| unless MAP.key?(workspace) | |
| STDERR.puts "No branch configured for terraform workspace '#{workspace}'!" | |
| exit 1 | |
| end | |
| unless MAP[workspace] == branch | |
| STDERR.puts "terraform workspace '#{workspace}' must be deployed from git branch '#{MAP[workspace]}', not '#{branch}'!" | |
| exit 1 | |
| end | |
| puts '{"status": "success"}' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment