2018-03-17 18:26:18 +05:30
# Official image for Hashicorp's Terraform. It uses light image which is Alpine
# based as it is much lighter.
#
# Entrypoint is also needed as image by default set `terraform` binary as an
# entrypoint.
image :
2020-04-22 19:07:51 +05:30
name : registry.gitlab.com/gitlab-org/gitlab-build-images:terraform
2018-03-17 18:26:18 +05:30
entrypoint :
- '/usr/bin/env'
- 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
# Default output file for Terraform plan
variables :
PLAN : plan.tfplan
2020-04-22 19:07:51 +05:30
JSON_PLAN_FILE : tfplan.json
2018-03-17 18:26:18 +05:30
cache :
paths :
- .terraform
2021-03-08 18:12:59 +05:30
- .terraform.lock.hcl
2018-03-17 18:26:18 +05:30
before_script :
2020-05-24 23:13:21 +05:30
- alias convert_report="jq -r '([.resource_changes[]?.change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
2018-03-17 18:26:18 +05:30
- terraform --version
- terraform init
stages :
- validate
- build
2019-07-31 22:56:46 +05:30
- test
2018-03-17 18:26:18 +05:30
- deploy
validate :
stage : validate
script :
- terraform validate
plan :
stage : build
script :
- terraform plan -out=$PLAN
2020-04-22 19:07:51 +05:30
- "terraform show --json $PLAN | convert_report > $JSON_PLAN_FILE"
2018-03-17 18:26:18 +05:30
artifacts :
paths :
- $PLAN
2020-04-22 19:07:51 +05:30
reports :
terraform : $JSON_PLAN_FILE
2018-03-17 18:26:18 +05:30
# Separate apply job for manual launching Terraform as it can be destructive
# action.
apply :
stage : deploy
environment :
name : production
script :
- terraform apply -input=false $PLAN
dependencies :
- plan
2021-06-08 01:23:25 +05:30
rules :
- if : $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
when : manual