feat: initial mise files and tests (#3)

Author: ruzickap

.github/workflows/run-tests.yml

@@ -0,0 +1,67 @@
+---
+name: run-tests
+
+on:
+  workflow_dispatch:
+
+permissions: read-all
+
+env:
+  SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+  MISE_SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+
+jobs:
+  docker-mise-linux:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-24.04, ubuntu-24.04-arm, macos-15]
+    timeout-minutes: 30
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run mise
+        run: |
+          docker run --rm -it \
+            --env SOPS_AGE_KEY --env MISE_SOPS_AGE_KEY \
+            -v "$PWD:/mnt" \
+            -v "/var/run/docker.sock:/var/run/docker.sock" \
+            --workdir /mnt \
+            bash bash -c 'set -euxo pipefail && \
+              apk add docker && \
+              wget https://mise.run -O - | sh && \
+              eval "$(~/.local/bin/mise activate bash)" && \
+              mise run "create:*:*" && \
+              mise run "delete:*:*" \
+            '
+
+  mise-linux:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-24.04, ubuntu-24.04-arm, macos-15]
+    timeout-minutes: 30
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run mise
+        run: |
+          wget https://mise.run -O - | sh
+          eval "$(~/.local/bin/mise activate bash)"
+          mise run "create:*:*"
+          mise run "delete:*:*"
+
+  mise-windows:
+    runs-on: windows-2025
+    timeout-minutes: 30
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run mise
+        run: |
+          scoop install mise
+          mise run "create:*:*"
+          mise run "delete:*:*"

README.md

@@ -2,3 +2,25 @@
 
 Infrastructure as Code for provisioning multiple Kubernetes clusters, managed
 using GitOps with ArgoCD
+
+Tests:
+
+```bash
+SOPS_AGE_KEY="$(grep -v ^# ~/Documents/secrets/age.txt)"
+export SOPS_AGE_KEY
+MISE_SOPS_AGE_KEY="$(grep -v ^# ~/Documents/secrets/age.txt)"
+export MISE_SOPS_AGE_KEY
+
+docker run --rm -it \
+  --env SOPS_AGE_KEY --env MISE_SOPS_AGE_KEY \
+  -v "$PWD:/mnt" \
+  -v "/var/run/docker.sock:/var/run/docker.sock" \
+  --workdir /mnt \
+  bash bash -c 'set -euxo pipefail && \
+    apk add docker && \
+    wget https://mise.run -O - | sh && \
+    eval "$(~/.local/bin/mise activate bash)" && \
+    mise run "create:*:*" && \
+    mise run "delete:*:*" \
+  '
+```

clusters/kind01-internal/.env.yaml

@@ -0,0 +1,21 @@
+SECRET: ENC[AES256_GCM,data:QIOd+nLFzAQ=,iv:6o+BhThDyGAQ1jwjG04bS95c55xdUCdB6XhezYrKv90=,tag:tnwKw9zZjc7OLDi7YbiYnw==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1jjuamrdk3vrk6g8qhrjnqtt4x2yvvxw7fz2nkvf78398dj7vav7s74z4zz
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNXVyZWd4bTFWekVKbjdn
+        dzlPcWZnWUxsME9UWlN2NjgzMGhoQ1VIV0drCnlScGZTYitqcTYyR291eVArYWVs
+        c1JyU2FTVWJBajdWdFVGRFN5TXFsMWMKLS0tIEt2WjdNN3FWaU5UQnNwRDNseTVy
+        TXhtbU94bVFjOTJiUmQyQ2U5VWU0WlkK5Ur8KSyl5/4/AJrADYLRF/27r7hEZzY1
+        0Qo5LZDZOLXoJ6RBEAYi7WNj/hYbgoBd6maB93fMUaEW6MfC5zK6DA==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2025-03-14T09:14:06Z"
+  mac: ENC[AES256_GCM,data:kDFNXFwtCNtUISMdYQG0yu38ORYdwsp5v02KrzFZS/zj3mPSNU71RGRPn44Vp9noztBRzz0C6kwql7BaWC2twDVAlR9FIrQDl+jf9PQiO9kBmrQo60TJq4gFe0jesWaBFyKDAG3ffi/oELJs8NZVkbBXwpshNoLs0C06nwc989g=,iv:fPVkLhox+xd5KXFmC6t+CJJ8c4Nsjh8u0DSCvnanYKM=,tag:2isNCgC8yxDaZOojyqgEjA==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.4

clusters/kind01-internal/mise.toml

@@ -0,0 +1,14 @@
+[env]
+_.file = ".env.yaml"
+# keep-sorted start
+CLUSTER_FQDN = "kind01.internal"
+CLUSTER_NAME = "kind01"
+# keep-sorted end
+
+[tasks."create"]
+description = 'Create K8s cluster'
+run = '${CLUSTERS_RUN_SCRIPT_DIRECTORY}/run-kind.sh create'
+
+[tasks."delete"]
+description = 'Delete K8s cluster'
+run = '${CLUSTERS_RUN_SCRIPT_DIRECTORY}/run-kind.sh delete'

clusters/kind02-internal/.env.yaml

@@ -0,0 +1,21 @@
+SECRET: ENC[AES256_GCM,data:QIOd+nLFzAQ=,iv:6o+BhThDyGAQ1jwjG04bS95c55xdUCdB6XhezYrKv90=,tag:tnwKw9zZjc7OLDi7YbiYnw==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1jjuamrdk3vrk6g8qhrjnqtt4x2yvvxw7fz2nkvf78398dj7vav7s74z4zz
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNXVyZWd4bTFWekVKbjdn
+        dzlPcWZnWUxsME9UWlN2NjgzMGhoQ1VIV0drCnlScGZTYitqcTYyR291eVArYWVs
+        c1JyU2FTVWJBajdWdFVGRFN5TXFsMWMKLS0tIEt2WjdNN3FWaU5UQnNwRDNseTVy
+        TXhtbU94bVFjOTJiUmQyQ2U5VWU0WlkK5Ur8KSyl5/4/AJrADYLRF/27r7hEZzY1
+        0Qo5LZDZOLXoJ6RBEAYi7WNj/hYbgoBd6maB93fMUaEW6MfC5zK6DA==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2025-03-14T09:14:06Z"
+  mac: ENC[AES256_GCM,data:kDFNXFwtCNtUISMdYQG0yu38ORYdwsp5v02KrzFZS/zj3mPSNU71RGRPn44Vp9noztBRzz0C6kwql7BaWC2twDVAlR9FIrQDl+jf9PQiO9kBmrQo60TJq4gFe0jesWaBFyKDAG3ffi/oELJs8NZVkbBXwpshNoLs0C06nwc989g=,iv:fPVkLhox+xd5KXFmC6t+CJJ8c4Nsjh8u0DSCvnanYKM=,tag:2isNCgC8yxDaZOojyqgEjA==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.4

clusters/kind02-internal/mise.toml

@@ -0,0 +1,14 @@
+[env]
+_.file = ".env.yaml"
+# keep-sorted start
+CLUSTER_FQDN = "kind02.internal"
+CLUSTER_NAME = "kind02"
+# keep-sorted end
+
+[tasks."create"]
+description = 'Create K8s cluster'
+run = '${CLUSTERS_RUN_SCRIPT_DIRECTORY}/run-kind.sh create'
+
+[tasks."delete"]
+description = 'Delete K8s cluster'
+run = '${CLUSTERS_RUN_SCRIPT_DIRECTORY}/run-kind.sh delete'

mise.toml

@@ -0,0 +1,40 @@
+[tools]
+# keep-sorted start
+eksctl = "0.205.0"
+kind = "0.27.0"
+kubectl = "1.32.3"
+opentofu = "1.9.0"
+sops = "3.9.4"
+# keep-sorted end
+
+[settings]
+experimental = true
+# Use MISE_SOPS_AGE_KEY="$(grep -v ^# ~/Documents/secrets/age.txt)" instead
+# sops.age_key_file = "~/Documents/secrets/age.txt"
+trusted_config_paths = ["/"]
+
+[env]
+_.file = ".env.yaml"
+# Directory which contains the clusters mise configurations
+CLUSTERS_DIRECTORY = "{{ config_root }}/clusters"
+# Directory which contains the kubeconfig files for the created clusters (will be create if not exists)
+CLUSTERS_KUBECONFIG_DIRECTORY = "{{ config_root }}/clusters/.kubeconfig"
+# Directory which contains the scripts to create and delete the clusters
+CLUSTERS_RUN_SCRIPT_DIRECTORY = "{{ config_root }}/scripts"
+
+[tasks."create:kind:kind01-internal"]
+description = 'Create kind01.internal K8s cluster'
+# Run mise again due to missing support for SOPS-encrypted environment variables in tasks: https://github.com/jdx/mise/discussions/4593
+run = 'cd "${CLUSTERS_DIRECTORY}/${MISE_TASK_NAME##*:}" && mise run create'
+
+[tasks."delete:kind:kind01-internal"]
+description = 'Delete kind01.internal K8s cluster'
+run = 'cd "${CLUSTERS_DIRECTORY}/${MISE_TASK_NAME##*:}" && mise run delete'
+
+[tasks."create:kind:kind02-internal"]
+description = 'Create kind02.internal K8s cluster'
+run = 'cd "${CLUSTERS_DIRECTORY}/${MISE_TASK_NAME##*:}" && mise run create'
+
+[tasks."delete:kind:kind02-internal"]
+description = 'Delete kind02.internal K8s cluster'
+run = 'cd "${CLUSTERS_DIRECTORY}/${MISE_TASK_NAME##*:}" && mise run delete'

scripts/run-kind.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+# The "create" needs to be idempotent !
+create() {
+  if kind get clusters 2>&1 | grep -q "^${CLUSTER_FQDN}$"; then
+    echo "*** Cluster \"${CLUSTER_FQDN}\" already exists...."
+  else
+    mkdir -p "${CLUSTERS_KUBECONFIG_DIRECTORY}"
+    cat << EOF | kind create cluster --name "${CLUSTER_FQDN}" --kubeconfig "${CLUSTERS_KUBECONFIG_DIRECTORY}/kubeconfig_${CLUSTER_FQDN}.yml" --config -
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+- role: worker
+EOF
+  fi
+}
+
+delete() {
+  if kind get clusters | grep -q "^${CLUSTER_FQDN}$"; then
+    kind delete cluster --name "${CLUSTER_FQDN}" --kubeconfig "${CLUSTERS_KUBECONFIG_DIRECTORY}/kubeconfig_${CLUSTER_FQDN}.yml"
+    if [[ -f "${CLUSTERS_KUBECONFIG_DIRECTORY}/kubeconfig_${CLUSTER_FQDN}.yml" ]]; then
+      echo "*** Deleting \"${CLUSTERS_KUBECONFIG_DIRECTORY}/kubeconfig_${CLUSTER_FQDN}.yml\" ..."
+      rm "${CLUSTERS_KUBECONFIG_DIRECTORY}/kubeconfig_${CLUSTER_FQDN}.yml"
+    fi
+    if [[ -d "${CLUSTERS_KUBECONFIG_DIRECTORY}" && -z "$(ls -A "${CLUSTERS_KUBECONFIG_DIRECTORY}")" ]]; then
+      echo "*** Deleting empty \"${CLUSTERS_KUBECONFIG_DIRECTORY}\" ..."
+      rmdir "${CLUSTERS_KUBECONFIG_DIRECTORY}"
+    fi
+  else
+    echo "*** Cluster \"${CLUSTER_FQDN}\" does not exist..."
+  fi
+}
+
+usage() {
+  echo "*** Usage: $0 {create|delete}"
+  exit 1
+}
+
+: "${CLUSTER_FQDN:?Error: CLUSTER_FQDN environment variable is not set!}"
+: "${CLUSTERS_KUBECONFIG_DIRECTORY:?Error: CLUSTERS_KUBECONFIG_DIRECTORY environment variable is not set!}"
+
+if [[ $# -ne 1 ]]; then
+  usage
+fi
+
+case "$1" in
+  create)
+    echo "*** Creating K8s cluster..."
+    create
+    ;;
+  delete)
+    echo "*** Deleting K8s cluster..."
+    delete
+    ;;
+  *)
+    usage
+    ;;
+esac