@@ -168,10 +168,149 @@ model ModuleDefaults {
168168 */
169169 env ? : Record <string >;
170170
171+ /**
172+ * Determines if a module should execute.
173+ *
174+ * There are various methods that a module can be
175+ * conditionally run. If a string is passed to it,
176+ * it will be executed by `/bin/sh` at build-time
177+ * and the exit code will determine if the module executes.
178+ * A check failing doesn't fail the build, it will just skip the module.
179+ *
180+ * The other methods are checking `os-release` at build-time, checking for
181+ * a host file before build-time, or running a command on the host before build-time.
182+ *
183+ * All checks must pass for the module to be executed.
184+ */
185+ `if` ? : string | ModuleIf ;
186+
171187 /** Secrets to mount for this module call. */
172188 secrets ? : Array <Secret >;
173189}
174190
191+ alias FlexVal = string | integer | float ;
192+
193+ model ModuleIf {
194+ /**
195+ * Check if the value in the `/etc/os-release` file
196+ * matches. This is useful for checking the type/version
197+ * of the OS before executing the module.
198+ *
199+ * A single value or an array of values can be passed in.
200+ * If an array is passed in, a successful check means at least
201+ * one value matched.
202+ */
203+ `os-release` ? : Record <FlexVal | Array <FlexVal >>;
204+
205+ /**
206+ * Checks for the existance or non-existance of
207+ * environment variables at build-time before
208+ * continuing with the module.
209+ *
210+ * You can also check if an environment variable
211+ * is equal to a value.
212+ */
213+ env ? : ModuleIfEnv ;
214+
215+ /**
216+ * Evaluate the string in a shell at build-time,
217+ * and use the exit-code to determine if the module
218+ * should run.
219+ *
220+ * Equivalent to passing a string to `if:` directly.
221+ */
222+ eval ? : string ;
223+
224+ /**
225+ * Checks for the existance or non-existance of a file
226+ * on the host machine before deciding to template the
227+ * module call.
228+ *
229+ * This can be useful for module calls that use secret files
230+ * that not every user that clones the repo will have access to.
231+ */
232+ `host-file` ? : ModuleIfHostFile ;
233+
234+ /**
235+ * Checks for the existance or non-existance of
236+ * environment variables on the host machine before
237+ * deciding to template a module call.
238+ *
239+ * You can also check if an environment variable
240+ * is equal to a value.
241+ */
242+ `host-env` ? : ModuleIfEnv ;
243+
244+ /**
245+ * Executes a command on the host machine to determine
246+ * if the module should be templated.
247+ *
248+ * Execution will be performed in the repo directory.
249+ *
250+ * CAUTION: This allows arbitrary code execution on the host machine.
251+ * Be sure to trust the code you are executing by this function. We cannot
252+ * prevent scripts from operating outside of the repo directory.
253+ */
254+ `host-exec` ? : ModuleIfHostExec ;
255+ }
256+
257+ model ModuleIfHostFile {
258+ /**
259+ * A file or list of files that should exist
260+ * to allow a module to be templated.
261+ *
262+ * All paths will be normalized to the root of the
263+ * the project.
264+ */
265+ exists ? : string | Array <string >;
266+
267+ /**
268+ * A file or list of files that should not exist
269+ * to allow a module to be templated.
270+ *
271+ * All paths will be normalized to the root of the
272+ * the project.
273+ */
274+ `not-exists` ? : string | Array <string >;
275+ }
276+
277+ model ModuleIfEnv {
278+ /**
279+ * Check if a or all listed environment variables
280+ * exist and are not empty strings.
281+ */
282+ exists ? : string | Array <string >;
283+
284+ /**
285+ * Check if a or all listed environment variables
286+ * do not exist, and if they do, that they are empty strings.
287+ */
288+ `not-exists` ? : string | Array <string >;
289+
290+ /**
291+ * Checks if an environment variable equals to
292+ * one or any listed string.
293+ */
294+ equals : Record <string | Array <string >>;
295+ }
296+
297+ model ModuleIfHostExec {
298+ /**
299+ * The command to run.
300+ *
301+ * It must be a path to an executable file.
302+ *
303+ * CAUTION: For safety purposes, setting `sudo`, `run0`, or `pkexec`
304+ * will error out the program.
305+ */
306+ cmd : string ;
307+
308+ /**
309+ * The arguments to pass into the command.
310+ */
311+ args ? : Array <string >;
312+ }
313+
175314@ oneOf
176315union Secret {
177316 SecretEnv ,
0 commit comments