diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..b21e1bf --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,34 @@ +stages: + - triggers + +build_dmz: + stage: triggers + trigger: + include: dmz/.gitlab/.gitlab-ci.yml + rules: + - changes: + - "dmz/terraform/*.tf" + +build_infra: + stage: triggers + trigger: + include: infra/.gitlab/.gitlab-ci.yml + rules: + - changes: + - "infra/terraform/*.tf" + +build_dev: + stage: triggers + trigger: + include: dev/.gitlab/.gitlab-ci.yml + rules: + - changes: + - "dev/terraform/*.tf" + +build_prd: + stage: triggers + trigger: + include: prd/.gitlab/.gitlab-ci.yml + rules: + - changes: + - "prd/terraform/*.tf" diff --git a/dev/.gitlab/.gitlab-ci.yml b/dev/.gitlab/.gitlab-ci.yml new file mode 100644 index 0000000..16cef81 --- /dev/null +++ b/dev/.gitlab/.gitlab-ci.yml @@ -0,0 +1,95 @@ +stages: + - plan + - apply + - destroy + +variables: + WORKDIR: $CI_PROJECT_DIR/dev/terraform + GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev + +image: + name: registry.durp.info/opentofu/opentofu:latest + entrypoint: [""] + +.tf-init: + before_script: + - cd $WORKDIR + - tofu init + -reconfigure + -backend-config="address=${GITLAB_TF_ADDRESS}" + -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="username=gitlab-ci-token" + -backend-config="password=${CI_JOB_TOKEN}" + -backend-config="lock_method=POST" + -backend-config="unlock_method=DELETE" + -backend-config="retry_wait_min=5" + +format: + stage: .pre + allow_failure: false + script: + - cd $WORKDIR + - tofu fmt -diff -check -write=false + rules: + - changes: + - "dev/terraform/*.tf" + +validate: + stage: .pre + allow_failure: false + extends: .tf-init + script: + - tofu validate + rules: + - changes: + - "dev/terraform/*.tf" + +plan-dev-infrastructure: + stage: plan + variables: + PLAN: plan.tfplan + JSON_PLAN_FILE: tfplan.json + ENVIRONMENT_NAME: dev + allow_failure: false + extends: .tf-init + script: + - apk add --update curl jq + - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" + - tofu plan -out=$PLAN $ARGUMENTS + - tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE + artifacts: + reports: + terraform: $WORKDIR/$JSON_PLAN_FILE + needs: ["validate","format"] + rules: + - changes: + - "dev/terraform/*.tf" + +apply-dev-infrastructure: + stage: apply + variables: + ENVIRONMENT_NAME: dev + allow_failure: false + extends: .tf-init + script: + - tofu apply -auto-approve $ARGUMENTS + rules: + - changes: + - "dev/terraform/*.tf" + when: manual + needs: ["plan-dev-infrastructure"] + +destroy-dev-infrastructure: + stage: destroy + variables: + ENVIRONMENT_NAME: dev + allow_failure: false + extends: .tf-init + script: + - tofu destroy -auto-approve $ARGUMENTS + rules: + - changes: + - "dev/terraform/*.tf" + when: manual + needs: ["plan-dev-infrastructure"] diff --git a/dmz/.gitlab/.gitlab-ci.yml b/dmz/.gitlab/.gitlab-ci.yml new file mode 100644 index 0000000..e0532bc --- /dev/null +++ b/dmz/.gitlab/.gitlab-ci.yml @@ -0,0 +1,95 @@ +stages: + - plan + - apply + - destroy + +variables: + WORKDIR: $CI_PROJECT_DIR/dmz/terraform + GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dmz + +image: + name: registry.durp.info/opentofu/opentofu:latest + entrypoint: [""] + +.tf-init: + before_script: + - cd $WORKDIR + - tofu init + -reconfigure + -backend-config="address=${GITLAB_TF_ADDRESS}" + -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="username=gitlab-ci-token" + -backend-config="password=${CI_JOB_TOKEN}" + -backend-config="lock_method=POST" + -backend-config="unlock_method=DELETE" + -backend-config="retry_wait_min=5" + +format: + stage: .pre + allow_failure: false + script: + - cd $WORKDIR + - tofu fmt -diff -check -write=false + rules: + - changes: + - "dmz/terraform/*.tf" + +validate: + stage: .pre + allow_failure: false + extends: .tf-init + script: + - tofu validate + rules: + - changes: + - "dmz/terraform/*.tf" + +plan-dmz-infrastructure: + stage: plan + variables: + PLAN: plan.tfplan + JSON_PLAN_FILE: tfplan.json + ENVIRONMENT_NAME: dmz + allow_failure: false + extends: .tf-init + script: + - apk add --update curl jq + - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" + - tofu plan -out=$PLAN $ARGUMENTS + - tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE + artifacts: + reports: + terraform: $WORKDIR/$JSON_PLAN_FILE + needs: ["validate","format"] + rules: + - changes: + - "dmz/terraform/*.tf" + +apply-dmz-infrastructure: + stage: apply + variables: + ENVIRONMENT_NAME: dmz + allow_failure: false + extends: .tf-init + script: + - tofu apply -auto-approve $ARGUMENTS + rules: + - changes: + - "dmz/terraform/*.tf" + when: manual + needs: ["plan-dmz-infrastructure"] + +destroy-dmz-infrastructure: + stage: destroy + variables: + ENVIRONMENT_NAME: dmz + allow_failure: false + extends: .tf-init + script: + - tofu destroy -auto-approve $ARGUMENTS + rules: + - changes: + - "dmz/terraform/*.tf" + when: manual + needs: ["plan-dmz-infrastructure"] diff --git a/infra/.gitlab/.gitlab-ci.yml b/infra/.gitlab/.gitlab-ci.yml new file mode 100644 index 0000000..78c6ee1 --- /dev/null +++ b/infra/.gitlab/.gitlab-ci.yml @@ -0,0 +1,95 @@ +stages: + - plan + - apply + - destroy + +variables: + WORKDIR: $CI_PROJECT_DIR/infra/terraform + GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/infra + +image: + name: registry.durp.info/opentofu/opentofu:latest + entrypoint: [""] + +.tf-init: + before_script: + - cd $WORKDIR + - tofu init + -reconfigure + -backend-config="address=${GITLAB_TF_ADDRESS}" + -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="username=gitlab-ci-token" + -backend-config="password=${CI_JOB_TOKEN}" + -backend-config="lock_method=POST" + -backend-config="unlock_method=DELETE" + -backend-config="retry_wait_min=5" + +format: + stage: .pre + allow_failure: false + script: + - cd $WORKDIR + - tofu fmt -diff -check -write=false + rules: + - changes: + - "infra/terraform/*.tf" + +validate: + stage: .pre + allow_failure: false + extends: .tf-init + script: + - tofu validate + rules: + - changes: + - "infra/terraform/*.tf" + +plan-infrastructure: + stage: plan + variables: + PLAN: plan.tfplan + JSON_PLAN_FILE: tfplan.json + ENVIRONMENT_NAME: infra + allow_failure: false + extends: .tf-init + script: + - apk add --update curl jq + - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" + - tofu plan -out=$PLAN $ARGUMENTS + - tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE + artifacts: + reports: + terraform: $WORKDIR/$JSON_PLAN_FILE + needs: ["validate","format"] + rules: + - changes: + - "infra/terraform/*.tf" + +apply-infrastructure: + stage: apply + variables: + ENVIRONMENT_NAME: infra + allow_failure: false + extends: .tf-init + script: + - tofu apply -auto-approve $ARGUMENTS + rules: + - changes: + - "infra/terraform/*.tf" + when: manual + needs: ["plan-infrastructure"] + +destroy-infrastructure: + stage: destroy + variables: + ENVIRONMENT_NAME: infra + allow_failure: false + extends: .tf-init + script: + - tofu destroy -auto-approve $ARGUMENTS + rules: + - changes: + - "infra/terraform/*.tf" + when: manual + needs: ["plan-infrastructure"] diff --git a/prd/.gitlab/.gitlab-ci.yml b/prd/.gitlab/.gitlab-ci.yml new file mode 100644 index 0000000..99ddf7b --- /dev/null +++ b/prd/.gitlab/.gitlab-ci.yml @@ -0,0 +1,95 @@ +stages: + - plan + - apply + - destroy + +variables: + WORKDIR: $CI_PROJECT_DIR/prd/terraform + GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/prd + +image: + name: registry.durp.info/opentofu/opentofu:latest + entrypoint: [""] + +.tf-init: + before_script: + - cd $WORKDIR + - tofu init + -reconfigure + -backend-config="address=${GITLAB_TF_ADDRESS}" + -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="username=gitlab-ci-token" + -backend-config="password=${CI_JOB_TOKEN}" + -backend-config="lock_method=POST" + -backend-config="unlock_method=DELETE" + -backend-config="retry_wait_min=5" + +format: + stage: .pre + allow_failure: false + script: + - cd $WORKDIR + - tofu fmt -diff -check -write=false + rules: + - changes: + - "prd/terraform/*.tf" + +validate: + stage: .pre + allow_failure: false + extends: .tf-init + script: + - tofu validate + rules: + - changes: + - "prd/terraform/*.tf" + +plan-prd-infrastructure: + stage: plan + variables: + PLAN: plan.tfplan + JSON_PLAN_FILE: tfplan.json + ENVIRONMENT_NAME: prd + allow_failure: false + extends: .tf-init + script: + - apk add --update curl jq + - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" + - tofu plan -out=$PLAN $ARGUMENTS + - tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE + artifacts: + reports: + terraform: $WORKDIR/$JSON_PLAN_FILE + needs: ["validate","format"] + rules: + - changes: + - "prd/terraform/*.tf" + +apply-prd-infrastructure: + stage: apply + variables: + ENVIRONMENT_NAME: prd + allow_failure: false + extends: .tf-init + script: + - tofu apply -auto-approve $ARGUMENTS + rules: + - changes: + - "prd/terraform/*.tf" + when: manual + needs: ["plan-prd-infrastructure"] + +destroy-prd-infrastructure: + stage: destroy + variables: + ENVIRONMENT_NAME: prd + allow_failure: false + extends: .tf-init + script: + - tofu destroy -auto-approve $ARGUMENTS + rules: + - changes: + - "prd/terraform/*.tf" + when: manual + needs: ["plan-prd-infrastructure"]