.gitlab-ci.yml 3.16 KB
Newer Older
1 2 3
image: "alpine:latest"

stages:
John Jarvis's avatar
John Jarvis committed
4
  - format
5
  - validate
6 7 8 9
  - planning
  - deployment

before_script:
10
  - apk add --no-cache unzip wget ca-certificates make gnupg ruby build-base ruby-dev openssh-client git && update-ca-certificates
11
  - gem install --no-rdoc --no-ri terraform_landscape json multi_json
Alex Hanselka's avatar
Alex Hanselka committed
12 13 14
  # Terraform requires a key file for TF_VAR_ssh_key. We don't really use it
  # but it has to be there.
  - echo "This is not a real key" > /fake_user_key
15
  - TF_VERSION="$(cat .terraform-version)" make tfinstall
16
  - wget -q https://github.com/wata727/tflint/releases/download/v0.7.3/tflint_linux_amd64.zip && unzip tflint_linux_amd64.zip && mv tflint /bin
John Jarvis's avatar
John Jarvis committed
17 18 19 20 21 22 23 24 25 26 27 28

tf_format:
  stage: format
  script: |
    #!/bin/sh
    fmt_diff=$(find . -name "*.tf" | xargs -I{} /terraform fmt -write=false {} | sed '/^\s*$/d')
    if test -n "$fmt_diff"; then
      echo "******* Terraform formatting error:"
      echo ""
      echo $fmt_diff
      exit 1
    fi
29

30 31 32 33
tf_validate:
  stage: validate
  # Validate every directory that contains terraform config
  # (`terraform validate` does not do a full recurse)
34 35 36 37
  only:
    variables:
      - $SSH_PRIVATE_KEY
      - $SSH_KNOWN_HOSTS
38
  script: |
39
    #!/bin/sh
40 41 42 43 44 45 46 47 48 49 50
    # SSH setup for module cloning
    eval $(ssh-agent -s)
    echo "$SSH_PRIVATE_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null
    mkdir -p ~/.ssh
    chmod 700 ~/.ssh
    echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
    chmod 644 ~/.ssh/known_hosts

    cp private/env_vars/common.env.example private/env_vars/common.env
    dir="environments" # For the "bin/tf-set-env" script
    envs=$(ls -d $dir/*)
51
    for env in $envs; do
52
      tf_opts="-check-variables=false"
53
      (
54
        dirs_to_check=$(find modules "$env" -name "*.tf" -type f -exec dirname {} \; | sort | uniq)
55 56 57 58 59 60 61

        environment=$(basename "$env") # Also used on the "bin/tf-set-env" script
        cp private/env_vars/environment.env.example private/env_vars/$environment.env

        source "bin/tf-set-env"

        /bin/sh -e -c 'for d in $1; do (cd $d && echo "Checking $d for $0" && /terraform init -backend=false && /terraform validate $2 && tflint --error-with-issues); done' "$env" "$dirs_to_check" "$tf_opts"
62 63
      )
    done
64

65 66 67 68 69 70
#gprd_tf_plan:
#  stage: planning
#  environment:
#    name: gprd
#  script:
#    - cd environments/gprd && /terraform init -input=false -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="key=${STATE_S3_KEY}" -backend-config="region=${STATE_S3_REGION}" && /terraform plan -input=false | landscape
71

Ilya Frolov's avatar
Ilya Frolov committed
72 73 74 75 76 77 78 79 80
# NOTE: last time this was enabled the following problems were encountered:
#  1. our bootstrap tied to chef-repo. co chef-repo on ci -- no bootstrap
#  1. TF_var for terraform user is not scoped to 'staging' environment ('*'),
#     but was not available. This may be GitLab bug -- needs more testing.
#staging_tf_apply:
#  stage: deployment
#  environment:
#    name: staging
#  script:
81
#    - TF_VERSION="$(cat environments/staging/.terraform-version)" make tfinstall
Ilya Frolov's avatar
Ilya Frolov committed
82 83 84
#    - cd environments/staging && /terraform init -input=false -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="key=${STATE_S3_KEY}" -backend-config="region=${STATE_S3_REGION}" && /terraform apply -input=false
#  only:
#    - master