| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- ---
- spec:
- inputs:
- as:
- default: apply-terraform
- stage:
- default: terraform
- root_dir:
- default: ${CI_PROJECT_DIR}/terraform
- description: 'Root directory for the OpenTofu project.'
- state_name:
- default: default
- description: 'Remote OpenTofu state name.'
- ---
- variables:
- TF_ROOT: "$[[ inputs.root_dir ]]"
- TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/$[[ inputs.state_name ]]
- TF_USERNAME: gitlab-ci-token
- TF_PASSWORD: ${CI_JOB_TOKEN}
- '$[[ inputs.as ]]':
- stage: '$[[ inputs.stage ]]'
- image:
- name: ghcr.io/opentofu/opentofu:latest
- entrypoint: [""]
- before_script: |
- echo "Before → Executing..."
- echo "Before → Enter TF root directory"
- cd ${TF_ROOT}
- script: |
- echo "Script → Executing..."
- echo "Script → Initialize Terraform backend"
- tofu init \
- -backend-config=address=${TF_ADDRESS} \
- -backend-config=lock_address=${TF_ADDRESS}/lock \
- -backend-config=unlock_address=${TF_ADDRESS}/lock \
- -backend-config=username=${TF_USERNAME} \
- -backend-config=password=${TF_PASSWORD} \
- -backend-config=lock_method=POST \
- -backend-config=unlock_method=DELETE \
- -backend-config=retry_wait_min=5
- echo "Script → Validate Terraform"
- tofu validate
- echo "Script → Plan Terraform"
- tofu plan -lock=false -out=tfplan
- echo "Script → Apply Terraform"
- tofu apply -lock=false -auto-approve tfplan
- rules:
- - if: $CI_COMMIT_BRANCH == "main"
- changes:
- - '$[[ inputs.root_dir ]]/**'
|
