-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
64 lines (58 loc) · 1.4 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
stages:
- verify
- plan
- deploy
image: hashicorp/terraform:1.2.4
variables:
PLAN: plan.cache
PLAN_JSON: plan.json
TF_ROOT: "$CI_PROJECT_DIR/deployment/$CI_ENVIRONMENT_NAME"
TF_ADDRESS: "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$CI_ENVIRONMENT_NAME"
before_script:
- curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.24.2/bin/linux/amd64/kubectl
- chmod +x ./kubectl
- mv ./kubectl /usr/local/bin/kubectl
- echo "$KUBECONFIG_DATA" > "$KUBECONFIG"
- cd $TF_ROOT
- >
terraform init
-backend-config="address=$TF_ADDRESS"
-backend-config="lock_address=$TF_ADDRESS/lock"
-backend-config="unlock_address=$TF_ADDRESS/lock"
-backend-config="username=$CI_REGISTRY_USER"
-backend-config="password=$CI_REGISTRY_PASSWORD"
-backend-config="lock_method=POST"
-backend-config="unlock_method=DELETE"
-backend-config="retry_wait_min=5"
verify prod:
environment: prod
stage: verify
script:
- terraform validate
tags:
- agent
plan prod:
environment: prod
artifacts:
name: plan
paths:
- "$TF_ROOT/$PLAN"
reports:
terraform: "$TF_ROOT/$PLAN_JSON"
script:
- "terraform plan -out=$PLAN"
stage: plan
tags:
- agent
deploy prod:
dependencies:
- plan prod
environment: prod
stage: deploy
script:
- "terraform apply -input=false $PLAN"
tags:
- agent
when: manual
only:
- tags