# Terraform/Base # # The purpose of this template is to provide flexibility to the user so # they are able to only include the jobs that they find interesting. # # Therefore, this template is not supposed to run any jobs. The idea is to only # create hidden jobs. See: https://docs.gitlab.com/ee/ci/jobs/#hide-jobs # # There is a more opinionated template which we suggest the users to abide, # which is the lib/gitlab/ci/templates/Terraform.gitlab-ci.yml image: name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/1.4:v1.0.0" variables: TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project TF_STATE_NAME: default # The name of the state file used by the GitLab Managed Terraform state backend cache: key: "${TF_ROOT}" paths: - ${TF_ROOT}/.terraform/ .terraform:fmt: &terraform_fmt stage: validate script: - gitlab-terraform fmt allow_failure: true .terraform:validate: &terraform_validate stage: validate script: - gitlab-terraform validate .terraform:build: &terraform_build stage: build script: - gitlab-terraform plan - gitlab-terraform plan-json resource_group: ${TF_STATE_NAME} artifacts: # The next line, which disables public access to pipeline artifacts, may not be available everywhere. # See: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic public: false paths: - ${TF_ROOT}/plan.cache reports: terraform: ${TF_ROOT}/plan.json .terraform:deploy: &terraform_deploy stage: deploy script: - gitlab-terraform apply resource_group: ${TF_STATE_NAME} rules: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $TF_AUTO_DEPLOY == "true" - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH when: manual .terraform:destroy: &terraform_destroy stage: cleanup script: - gitlab-terraform destroy resource_group: ${TF_STATE_NAME} when: manual