67 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			67 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| default:
 | |
|   image: ghcr.io/vojtechmares/container-images/tfenv:sha-32fe5b4f990b687bb05717255bc1c9febd4f282e
 | |
|   cache:
 | |
|     key: terraform
 | |
|     paths:
 | |
|       - $CI_PROJECT_DIR/.terraform
 | |
|       - /opt/tfenv/versions
 | |
| 
 | |
| stages:
 | |
|   - init
 | |
|   - format
 | |
|   - validate
 | |
|   - plan
 | |
|   - apply
 | |
| 
 | |
| variables:
 | |
|   PLAN: plan.cache
 | |
|   PLAN_JSON: plan.json
 | |
| 
 | |
| init:
 | |
|   stage: init
 | |
|   script:
 | |
|     - terraform init
 | |
| 
 | |
| format:
 | |
|   stage: format
 | |
|   script:
 | |
|     - terraform fmt -check -recursive -diff
 | |
| 
 | |
| validate:
 | |
|   stage: validate
 | |
|   script:
 | |
|     - terraform validate
 | |
| 
 | |
| plan:
 | |
|   stage: plan
 | |
|   variables:
 | |
|     TF_VAR_cloudflare_email: $CLOUDFLARE_EMAIL
 | |
|     TF_VAR_cloudflare_api_key: $CLOUDFLARE_API_KEY
 | |
|     TF_VAR_hcloud_token: $HCLOUD_TOKEN
 | |
|   before_script:
 | |
|     - apt-get update && apt-get install -y jq
 | |
|     - shopt -s expand_aliases
 | |
|     - alias convert_report="jq -r '([.resource_changes[]?.change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
 | |
|   script:
 | |
|     - terraform plan -out=$PLAN
 | |
|     - terraform show --json $PLAN | convert_report > $PLAN_JSON
 | |
|   artifacts:
 | |
|     name: plan
 | |
|     paths:
 | |
|       - plan.cache
 | |
|     reports:
 | |
|       terraform: $PLAN_JSON
 | |
| 
 | |
| apply:
 | |
|   stage: apply
 | |
|   variables:
 | |
|     TF_VAR_cloudflare_email: $CLOUDFLARE_EMAIL
 | |
|     TF_VAR_cloudflare_api_key: $CLOUDFLARE_API_KEY
 | |
|     TF_VAR_hcloud_token: $HCLOUD_TOKEN
 | |
|   script:
 | |
|     - terraform apply -auto-approve
 | |
|   dependencies:
 | |
|     - plan
 | |
|   rules:
 | |
|     - if: $CI_COMMIT_BRANCH == 'main'
 | |
|       when: manual
 |