Loading templates/gitlab-ci-terraform.yml +20 −40 Original line number Diff line number Diff line Loading @@ -962,9 +962,6 @@ stages: # job prototype # defines default Docker image, tracking probe, cache policy # @arg ENV_TYPE : environment type # @arg ENV_INIT_OPTS : environment specific tf init options # @arg ENV_WORKSPACE : environment specific tf workspace # @arg ENV_EXTRA_OPTS: environment specific tf extra options (all commands) .tf-base: image: name: "$TF_IMAGE" Loading @@ -980,18 +977,27 @@ stages: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" - !reference [ .tf-commands, init ] - !reference [ .tf-commands, select_workspace ] cache: key: "$CI_COMMIT_REF_SLUG-terraform" paths: - $TF_PROJECT_DIR/.terraform/ # Initialize terraform workspace # @arg ENV_INIT_OPTS : environment specific tf init options # @arg ENV_WORKSPACE : environment specific tf workspace # @arg ENV_EXTRA_OPTS: environment specific tf extra options (all commands) .tf-workspace: extends: .tf-base before_script: - !reference [ .tf-base, before_script ] - !reference [ .tf-commands, init ] - !reference [ .tf-commands, select_workspace ] # Create job prototype # @arg ENV_PLAN_ENABLED : environment specific plan to apply (if transfered from upstream jobs) # @arg ENV_APPLY_OPTS : environment specific tf apply options .tf-create: extends: .tf-base extends: .tf-workspace stage: infra script: - if [[ "$ENV_PLAN_ENABLED" == "true" ]]; then tf_plan="${ENV_TYPE}.tfplan"; fi Loading @@ -1006,7 +1012,7 @@ stages: # plan job for production (on build) # @arg ENV_PLAN_OPTS : environment specific tf plan options .tf-plan: extends: .tf-base extends: .tf-workspace stage: build script: - !reference [ .tf-commands, plan ] Loading @@ -1020,7 +1026,7 @@ stages: # Destroy job prototype # @arg ENV_DESTROY_OPTS: environment tf destroy arguments .tf-destroy: extends: .tf-base extends: .tf-workspace stage: infra # force no dependencies dependencies: [] Loading @@ -1034,11 +1040,8 @@ tf-tfsec: entrypoint: [""] stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" - mkdir -p -m 777 reports script: - mkdir -p -m 777 reports # tfsec allows generating several report formats at once using --format lovely,junit # but the --out option defines the report base name, and each report is generated as "<basename>.format" - tfsec --soft-fail --format junit --out "reports/tfsec.xunit.xml" $TF_TFSEC_ARGS Loading Loading @@ -1066,12 +1069,8 @@ tf-tflint: name: $TF_TFLINT_IMAGE stage: build needs: [] before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" - mkdir -p -m 777 reports script: - mkdir -p -m 777 reports - tflint --init - tflint --force --format=junit $TF_TFLINT_ARGS > reports/tflint.xunit.xml - TFLINT_LOG=${TRACE+debug} tflint $TF_TFLINT_ARGS Loading @@ -1093,12 +1092,8 @@ tf-checkov: name: $TF_CHECKOV_IMAGE stage: test needs: [] before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" - mkdir -p -m 777 reports script: - mkdir -p -m 777 reports # checkov allows generating several report formats at once using multiple --output options # and --output-file-path but the option defines an output directory, and report filenames # can't be chosen ("results_junitxml.xml" and "results_cli.txt") Loading Loading @@ -1128,9 +1123,6 @@ tf-infracost: entrypoint: [""] stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" script: - tf_infracost rules: Loading @@ -1142,9 +1134,6 @@ tf-fmt: extends: .tf-base stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" script: - terraform fmt -check $TF_FMT_ARGS dependencies: [] Loading @@ -1157,11 +1146,8 @@ tf-validate: extends: .tf-base stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" - terraform init -backend=false script: - terraform init -backend=false - terraform validate dependencies: [] rules: Loading @@ -1170,14 +1156,11 @@ tf-validate: - !reference [.test-policy, rules] tf-docs: extends: .tf-base stage: build image: name: $TF_DOCS_IMAGE entrypoint: [""] before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" script: - mkdir -p -m 777 "$TF_DOCS_OUTPUT_DIR" - | Loading @@ -1200,12 +1183,9 @@ tf-docs: - if: '$TF_DOCS_ENABLED == "true"' tf-publish-module: extends: .tf-base stage: publish image: $TF_PUBLISH_IMAGE before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" script: - | # sanitize $TF_MODULE_VERSION (only x.y.z supported) Loading Loading
templates/gitlab-ci-terraform.yml +20 −40 Original line number Diff line number Diff line Loading @@ -962,9 +962,6 @@ stages: # job prototype # defines default Docker image, tracking probe, cache policy # @arg ENV_TYPE : environment type # @arg ENV_INIT_OPTS : environment specific tf init options # @arg ENV_WORKSPACE : environment specific tf workspace # @arg ENV_EXTRA_OPTS: environment specific tf extra options (all commands) .tf-base: image: name: "$TF_IMAGE" Loading @@ -980,18 +977,27 @@ stages: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" - !reference [ .tf-commands, init ] - !reference [ .tf-commands, select_workspace ] cache: key: "$CI_COMMIT_REF_SLUG-terraform" paths: - $TF_PROJECT_DIR/.terraform/ # Initialize terraform workspace # @arg ENV_INIT_OPTS : environment specific tf init options # @arg ENV_WORKSPACE : environment specific tf workspace # @arg ENV_EXTRA_OPTS: environment specific tf extra options (all commands) .tf-workspace: extends: .tf-base before_script: - !reference [ .tf-base, before_script ] - !reference [ .tf-commands, init ] - !reference [ .tf-commands, select_workspace ] # Create job prototype # @arg ENV_PLAN_ENABLED : environment specific plan to apply (if transfered from upstream jobs) # @arg ENV_APPLY_OPTS : environment specific tf apply options .tf-create: extends: .tf-base extends: .tf-workspace stage: infra script: - if [[ "$ENV_PLAN_ENABLED" == "true" ]]; then tf_plan="${ENV_TYPE}.tfplan"; fi Loading @@ -1006,7 +1012,7 @@ stages: # plan job for production (on build) # @arg ENV_PLAN_OPTS : environment specific tf plan options .tf-plan: extends: .tf-base extends: .tf-workspace stage: build script: - !reference [ .tf-commands, plan ] Loading @@ -1020,7 +1026,7 @@ stages: # Destroy job prototype # @arg ENV_DESTROY_OPTS: environment tf destroy arguments .tf-destroy: extends: .tf-base extends: .tf-workspace stage: infra # force no dependencies dependencies: [] Loading @@ -1034,11 +1040,8 @@ tf-tfsec: entrypoint: [""] stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" - mkdir -p -m 777 reports script: - mkdir -p -m 777 reports # tfsec allows generating several report formats at once using --format lovely,junit # but the --out option defines the report base name, and each report is generated as "<basename>.format" - tfsec --soft-fail --format junit --out "reports/tfsec.xunit.xml" $TF_TFSEC_ARGS Loading Loading @@ -1066,12 +1069,8 @@ tf-tflint: name: $TF_TFLINT_IMAGE stage: build needs: [] before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" - mkdir -p -m 777 reports script: - mkdir -p -m 777 reports - tflint --init - tflint --force --format=junit $TF_TFLINT_ARGS > reports/tflint.xunit.xml - TFLINT_LOG=${TRACE+debug} tflint $TF_TFLINT_ARGS Loading @@ -1093,12 +1092,8 @@ tf-checkov: name: $TF_CHECKOV_IMAGE stage: test needs: [] before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" - mkdir -p -m 777 reports script: - mkdir -p -m 777 reports # checkov allows generating several report formats at once using multiple --output options # and --output-file-path but the option defines an output directory, and report filenames # can't be chosen ("results_junitxml.xml" and "results_cli.txt") Loading Loading @@ -1128,9 +1123,6 @@ tf-infracost: entrypoint: [""] stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" script: - tf_infracost rules: Loading @@ -1142,9 +1134,6 @@ tf-fmt: extends: .tf-base stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" script: - terraform fmt -check $TF_FMT_ARGS dependencies: [] Loading @@ -1157,11 +1146,8 @@ tf-validate: extends: .tf-base stage: test needs: [] before_script: - !reference [.tf-scripts] - cd "$TF_PROJECT_DIR" - terraform init -backend=false script: - terraform init -backend=false - terraform validate dependencies: [] rules: Loading @@ -1170,14 +1156,11 @@ tf-validate: - !reference [.test-policy, rules] tf-docs: extends: .tf-base stage: build image: name: $TF_DOCS_IMAGE entrypoint: [""] before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" script: - mkdir -p -m 777 "$TF_DOCS_OUTPUT_DIR" - | Loading @@ -1200,12 +1183,9 @@ tf-docs: - if: '$TF_DOCS_ENABLED == "true"' tf-publish-module: extends: .tf-base stage: publish image: $TF_PUBLISH_IMAGE before_script: - !reference [.tf-scripts] - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - cd "$TF_PROJECT_DIR" script: - | # sanitize $TF_MODULE_VERSION (only x.y.z supported) Loading
