Skip to content

Instantly share code, notes, and snippets.

@emmeowzing

emmeowzing/.gitlab-ci.yml

Created December 22, 2022 03:42
Show Gist options
  • Save emmeowzing/999e0b94ca256865902f6d6573f28906 to your computer and use it in GitHub Desktop.
Save emmeowzing/999e0b94ca256865902f6d6573f28906 to your computer and use it in GitHub Desktop.
Download ZIP
Run Terraform in different environments and cloud providers
Raw
.gitlab-ci.yml
stages:
- init
- validate
- plan
- apply
- destroy
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
when: never
- if: $CI_COMMIT_BRANCH
- if: $CI_COMMIT_TAG
## Templates
.terraform-base:
interruptible: true
rules:
- changes:
paths:
- environments/${_PATH}/**/*.tf
image:
name: hashicorp/terraform:1.3.6
entrypoint: [""]
cache:
key: terraform-${_PATH}
paths:
- environments/${_PATH}/.terraform/
- environments/${_PATH}/.terraform.plan
when: on_success
tags:
- docker
.terraform-base-development:
extends: .terraform-base
parallel:
matrix:
- _PATH: development/aws
_STATE: development-aws
- _PATH: development/azure
_STATE: development-azure
- _PATH: development/gcp
_STATE: development-gcp
- _PATH: development/on-premise
_STATE: development-on-premise
.terraform-base-load:
extends: .terraform-base
parallel:
matrix:
- _PATH: load/aws
_STATE: load-aws
- _PATH: load/azure
_STATE: load-azure
- _PATH: load/gcp
_STATE: load-gcp
- _PATH: load/on-premise
_STATE: load-on-premise
.terraform-base-production:
extends: .terraform-base
parallel:
matrix:
- _PATH: production/aws
_STATE: production-aws
- _PATH: production/azure
_STATE: production-azure
- _PATH: production/gcp
_STATE: production-gcp
- _PATH: production/on-premise
_STATE: production-on-premise
.terraform-base-staging:
extends: .terraform-base
parallel:
matrix:
- _PATH: staging/aws
_STATE: staging-aws
- _PATH: staging/azure
_STATE: staging-azure
- _PATH: staging/gcp
_STATE: staging-gcp
- _PATH: staging/on-premise
_STATE: staging-on-premise
## Stages
# init
terraform-init-development:
extends: .terraform-base-development
stage: init
script:
# https://git.ops.sbe-vision.com/help/user/infrastructure/iac/terraform_state#set-up-the-initial-backend
- terraform -chdir="environments/$_PATH" init -no-color
-backend-config=address=${TF_ADDRESS}/${_STATE}
-backend-config=lock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=unlock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=username=${TF_USERNAME}
-backend-config=password=${TF_PASSWORD}
-backend-config=lock_method=POST
-backend-config=unlock_method=DELETE
-backend-config=retry_wait_min=5
-migrate-state
-force-copy
terraform-init-load:
extends: .terraform-base-load
stage: init
script:
- terraform -chdir="environments/$_PATH" init -no-color
-backend-config=address=${TF_ADDRESS}/${_STATE}
-backend-config=lock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=unlock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=username=${TF_USERNAME}
-backend-config=password=${TF_PASSWORD}
-backend-config=lock_method=POST
-backend-config=unlock_method=DELETE
-backend-config=retry_wait_min=5
-migrate-state
-force-copy
terraform-init-production:
extends: .terraform-base-production
stage: init
script:
- terraform -chdir="environments/$_PATH" init -no-color
-backend-config=address=${TF_ADDRESS}/${_STATE}
-backend-config=lock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=unlock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=username=${TF_USERNAME}
-backend-config=password=${TF_PASSWORD}
-backend-config=lock_method=POST
-backend-config=unlock_method=DELETE
-backend-config=retry_wait_min=5
-migrate-state
-force-copy
terraform-init-staging:
extends: .terraform-base-staging
stage: init
script:
- terraform -chdir="environments/$_PATH" init -no-color
-backend-config=address=${TF_ADDRESS}/${_STATE}
-backend-config=lock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=unlock_address=${TF_ADDRESS}/${_STATE}/lock
-backend-config=username=${TF_USERNAME}
-backend-config=password=${TF_PASSWORD}
-backend-config=lock_method=POST
-backend-config=unlock_method=DELETE
-backend-config=retry_wait_min=5
-migrate-state
-force-copy
# validate
terraform-validate-development:
extends: .terraform-base-development
stage: validate
script:
- terraform -chdir="environments/$_PATH" validate -no-color
terraform-validate-load:
extends: .terraform-base-load
stage: validate
script:
- terraform -chdir="environments/$_PATH" validate -no-color
terraform-validate-production:
extends: .terraform-base-production
stage: validate
script:
- terraform -chdir="environments/$_PATH" validate -no-color
terraform-validate-staging:
extends: .terraform-base-staging
stage: validate
script:
- terraform -chdir="environments/$_PATH" validate -no-color
shellcheck:
stage: validate
interruptible: true
image:
name: cimg/base:stable
before_script:
- |
scversion="stable" # or "v0.4.7", or "latest"
wget -qO- "https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.x86_64.tar.xz" | tar -xJv
sudo install "shellcheck-${scversion}/shellcheck" /usr/bin/shellcheck
shellcheck --version
script:
- find scripts/ -type f -name "*.sh" | xargs shellcheck -x
rules:
- changes:
paths:
- scripts/**/*.sh
tags:
- docker
# plan
terraform-plan-development:
extends: .terraform-base-development
stage: plan
script:
- terraform -chdir="environments/$_PATH" plan -no-color -out=.terraform.plan
-var=gcp-sbe-develop-credentials='${DEVELOPMENT_GCP_ACCOUNT_KEY}'
terraform-plan-load:
extends: .terraform-base-load
stage: plan
script:
- terraform -chdir="environments/$_PATH" plan -no-color -out=.terraform.plan
terraform-plan-production:
extends: .terraform-base-production
stage: plan
script:
- terraform -chdir="environments/$_PATH" plan -no-color -out=.terraform.plan
terraform-plan-staging:
extends: .terraform-base-staging
stage: plan
script:
- terraform -chdir="environments/$_PATH" plan -no-color -out=.terraform.plan
# apply
terraform-apply-development:
extends: .terraform-base-development
stage: apply
script:
- terraform -chdir "environments/$_PATH" apply -auto-approve -no-color .terraform.plan
rules:
- changes:
paths:
- environments/${_PATH}/**/*.tf
if: $CI_COMMIT_REF_NAME == "master"
terraform-apply-load:
extends: .terraform-base-load
stage: apply
script:
- terraform -chdir "environments/$_PATH" apply -auto-approve -no-color .terraform.plan
rules:
- changes:
paths:
- environments/${_PATH}/**/*.tf
if: $CI_COMMIT_REF_NAME == "master"
terraform-apply-production:
extends: .terraform-base-production
stage: apply
script:
- terraform -chdir "environments/$_PATH" apply -auto-approve -no-color .terraform.plan
rules:
- changes:
paths:
- environments/${_PATH}/**/*.tf
if: $CI_COMMIT_REF_NAME == "master"
terraform-apply-staging:
extends: .terraform-base-staging
stage: apply
script:
- terraform -chdir "environments/$_PATH" apply -auto-approve -no-color .terraform.plan
rules:
- changes:
paths:
- environments/${_PATH}/**/*.tf
if: $CI_COMMIT_REF_NAME == "master"
# destroy
##
# Manual destroy.
# terraform-destroy:
# when: manual
# extends: .terraform-base
# stage: destroy
# script:
# - terraform -chdir "$_PATH" apply -destroy -auto-approve
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment