Skip to content

Commit daa8c67

Browse files
Roxxas96Roxxas96
committed
feat: Add CI for terraform files
This CI, validate your `terraform` code and apply on manual trigger.
1 parent 134ee9b commit daa8c67

File tree

10 files changed

+53
-47
lines changed

10 files changed

+53
-47
lines changed

.gitlab-ci.yml

+42
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
stages:
2+
- provision
3+
- deploy
4+
5+
include:
6+
- remote: https://api.r2devops.io/job/r/r2devops-bot/gitlab-terraform_plan/latest.yaml
7+
- remote: https://api.r2devops.io/job/r/r2devops-bot/gitlab-terraform_apply/latest.yaml
8+
9+
.parallel: &parallel
10+
parallel:
11+
matrix:
12+
- TF_ROOT: ${CI_PROJECT_DIR}/terraform/gitlab
13+
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/gitlab
14+
- TF_ROOT: ${CI_PROJECT_DIR}/terraform/prod/k8s-cluster
15+
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/prod-cluster
16+
- TF_ROOT: ${CI_PROJECT_DIR}/terraform/staging/k8s-cluster
17+
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/staging-cluster
18+
- TF_ROOT: ${CI_PROJECT_DIR}/terraform/dev/k8s-cluster
19+
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-cluster
20+
21+
gitlab-terraform_plan:
22+
before_script:
23+
- cat ${GITLAB_TFVARS} > ${TF_ROOT}/terraform.tfvars
24+
<<: *parallel
25+
only:
26+
refs:
27+
- merge_requests
28+
- web
29+
changes:
30+
- ${TF_ROOT}/**
31+
gitlab-terraform_apply:
32+
before_script:
33+
- cat ${GITLAB_TFVARS} > ${TF_ROOT}/terraform.tfvars
34+
<<: *parallel
35+
only:
36+
refs:
37+
- merge_requests
38+
- web
39+
changes:
40+
- ${TF_ROOT}/**
41+
dependencies:
42+
- gitlab-terraform_plan

terraform/dev/k8s-cluster/versions.tf

+1-10
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,5 @@
11
terraform {
2-
backend "http" {
3-
address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/dev-cluster"
4-
lock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/dev-cluster/lock"
5-
unlock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/dev-cluster/lock"
6-
username = "do-polycode"
7-
# Don't forget to export $GITLAB_ACCESS_TOKEN
8-
lock_method = "POST"
9-
unlock_method = "DELETE"
10-
retry_wait_min = 5
11-
}
2+
backend "http" {}
123

134
required_providers {
145
kubernetes = {

terraform/gitlab/group.tf

+1-1
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ resource "gitlab_group_variable" "ci_access_token_group_variable" {
6262
resource "gitlab_group_variable" "deploy_key_group_variable" {
6363
group = gitlab_group.do_polycode_group.id
6464
key = "GITLAB_GIT_PRIVATE_KEY"
65-
value = file("${var.gitlab_project_deploy_private_key_path}")
65+
value = var.gitlab_project_deploy_private_key
6666

6767
protected = true
6868
masked = false

terraform/gitlab/ops-project.tf

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ resource "gitlab_project" "ops_project" {
1919
resource "gitlab_deploy_key" "ops_do_bot_deploy_key" {
2020
project = gitlab_project.ops_project.id
2121
title = "do-bot"
22-
key = file("${var.gitlab_project_deploy_public_key_path}")
22+
key = var.gitlab_project_deploy_public_key
2323

2424
can_push = true
2525
}

terraform/gitlab/variables.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,12 @@ variable "dev_k8s_tfvars" {
3333
sensitive = true
3434
}
3535

36-
variable "gitlab_project_deploy_public_key_path" {
36+
variable "gitlab_project_deploy_public_key" {
3737
type = string
3838
description = "The public key used by ci to push to repositories"
3939
}
4040

41-
variable "gitlab_project_deploy_private_key_path" {
41+
variable "gitlab_project_deploy_private_key" {
4242
type = string
4343
description = "The private key used by ci to push to repositories"
4444
sensitive = true

terraform/gitlab/versions.tf

+1-10
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,5 @@
11
terraform {
2-
backend "http" {
3-
address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/gitlab"
4-
lock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/gitlab/lock"
5-
unlock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/gitlab/lock"
6-
username = "do-polycode"
7-
# Don't forget to export $GITLAB_ACCESS_TOKEN
8-
lock_method = "POST"
9-
unlock_method = "DELETE"
10-
retry_wait_min = 5
11-
}
2+
backend "http" {}
123

134
required_providers {
145
gitlab = {

terraform/prod/k8s-cluster/deployment.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,12 @@ resource "helm_release" "argo_cd_release" {
1414

1515
set_sensitive {
1616
name = "configs.repositories.frontend.sshPrivateKey"
17-
value = file(var.gitlab_deploy_key_path)
17+
value = var.gitlab_deploy_key
1818
}
1919

2020
set_sensitive {
2121
name = "configs.repositories.backend.sshPrivateKey"
22-
value = file(var.gitlab_deploy_key_path)
22+
value = var.gitlab_deploy_key
2323
}
2424

2525
depends_on = [

terraform/prod/k8s-cluster/variables.tf

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ variable "argo_cd_admin_password" {
2020
sensitive = true
2121
}
2222

23-
variable "gitlab_deploy_key_path" {
23+
variable "gitlab_deploy_key" {
2424
type = string
2525
description = "The path to the private key used to connect to the Gitlab repositories"
2626
sensitive = true

terraform/prod/k8s-cluster/versions.tf

+1-10
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,5 @@
11
terraform {
2-
backend "http" {
3-
address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/prod-cluster"
4-
lock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/prod-cluster/lock"
5-
unlock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/prod-cluster/lock"
6-
username = "do-polycode"
7-
# Don't forget to export $GITLAB_ACCESS_TOKEN
8-
lock_method = "POST"
9-
unlock_method = "DELETE"
10-
retry_wait_min = 5
11-
}
2+
backend "http" {}
123

134
required_providers {
145
kubernetes = {

terraform/staging/k8s-cluster/versions.tf

+1-10
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,5 @@
11
terraform {
2-
backend "http" {
3-
address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/staging-cluster"
4-
lock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/staging-cluster/lock"
5-
unlock_address = "https://gitlab.polytech.umontpellier.fr/api/v4/projects/2135/terraform/state/staging-cluster/lock"
6-
username = "do-polycode"
7-
# Don't forget to export $GITLAB_ACCESS_TOKEN
8-
lock_method = "POST"
9-
unlock_method = "DELETE"
10-
retry_wait_min = 5
11-
}
2+
backend "http" {}
123

134
required_providers {
145
kubernetes = {

0 commit comments

Comments
 (0)