durfy/homelab-iac
1
0
Fork 0
mirror of https://gitlab.durp.info/durfy/homelab/iac.git synced 2026-05-07 07:50:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

add ci

Browse source
This commit is contained in:
DeveloperDurp 2026-01-31 06:22:52 -06:00
parent 144c32726a
commit baeb625b07
5 changed files with 414 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

34
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,34 @@
stages:
- triggers
build_dmz:
stage: triggers
trigger:
include: dmz/.gitlab/.gitlab-ci.yml
rules:
- changes:
- "dmz/terraform/*.tf"
build_infra:
stage: triggers
trigger:
include: infra/.gitlab/.gitlab-ci.yml
rules:
- changes:
- "infra/terraform/*.tf"
build_dev:
stage: triggers
trigger:
include: dev/.gitlab/.gitlab-ci.yml
rules:
- changes:
- "dev/terraform/*.tf"
build_prd:
stage: triggers
trigger:
include: prd/.gitlab/.gitlab-ci.yml
rules:
- changes:
- "prd/terraform/*.tf"

95
dev/.gitlab/.gitlab-ci.yml Normal file
View file

@ -0,0 +1,95 @@
stages:
- plan
- apply
- destroy
variables:
WORKDIR: $CI_PROJECT_DIR/dev/terraform
GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev
image:
name: registry.durp.info/opentofu/opentofu:latest
entrypoint: [""]
.tf-init:
before_script:
- cd $WORKDIR
- tofu init
-reconfigure
-backend-config="address=${GITLAB_TF_ADDRESS}"
-backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="username=gitlab-ci-token"
-backend-config="password=${CI_JOB_TOKEN}"
-backend-config="lock_method=POST"
-backend-config="unlock_method=DELETE"
-backend-config="retry_wait_min=5"
format:
stage: .pre
allow_failure: false
script:
- cd $WORKDIR
- tofu fmt -diff -check -write=false
rules:
- changes:
- "dev/terraform/*.tf"
validate:
stage: .pre
allow_failure: false
extends: .tf-init
script:
- tofu validate
rules:
- changes:
- "dev/terraform/*.tf"
plan-dev-infrastructure:
stage: plan
variables:
PLAN: plan.tfplan
JSON_PLAN_FILE: tfplan.json
ENVIRONMENT_NAME: dev
allow_failure: false
extends: .tf-init
script:
- apk add --update curl jq
- alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
- tofu plan -out=$PLAN $ARGUMENTS
- tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE
artifacts:
reports:
terraform: $WORKDIR/$JSON_PLAN_FILE
needs: ["validate","format"]
rules:
- changes:
- "dev/terraform/*.tf"
apply-dev-infrastructure:
stage: apply
variables:
ENVIRONMENT_NAME: dev
allow_failure: false
extends: .tf-init
script:
- tofu apply -auto-approve $ARGUMENTS
rules:
- changes:
- "dev/terraform/*.tf"
when: manual
needs: ["plan-dev-infrastructure"]
destroy-dev-infrastructure:
stage: destroy
variables:
ENVIRONMENT_NAME: dev
allow_failure: false
extends: .tf-init
script:
- tofu destroy -auto-approve $ARGUMENTS
rules:
- changes:
- "dev/terraform/*.tf"
when: manual
needs: ["plan-dev-infrastructure"]

95
dmz/.gitlab/.gitlab-ci.yml Normal file
View file

@ -0,0 +1,95 @@
stages:
- plan
- apply
- destroy
variables:
WORKDIR: $CI_PROJECT_DIR/dmz/terraform
GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dmz
image:
name: registry.durp.info/opentofu/opentofu:latest
entrypoint: [""]
.tf-init:
before_script:
- cd $WORKDIR
- tofu init
-reconfigure
-backend-config="address=${GITLAB_TF_ADDRESS}"
-backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="username=gitlab-ci-token"
-backend-config="password=${CI_JOB_TOKEN}"
-backend-config="lock_method=POST"
-backend-config="unlock_method=DELETE"
-backend-config="retry_wait_min=5"
format:
stage: .pre
allow_failure: false
script:
- cd $WORKDIR
- tofu fmt -diff -check -write=false
rules:
- changes:
- "dmz/terraform/*.tf"
validate:
stage: .pre
allow_failure: false
extends: .tf-init
script:
- tofu validate
rules:
- changes:
- "dmz/terraform/*.tf"
plan-dmz-infrastructure:
stage: plan
variables:
PLAN: plan.tfplan
JSON_PLAN_FILE: tfplan.json
ENVIRONMENT_NAME: dmz
allow_failure: false
extends: .tf-init
script:
- apk add --update curl jq
- alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
- tofu plan -out=$PLAN $ARGUMENTS
- tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE
artifacts:
reports:
terraform: $WORKDIR/$JSON_PLAN_FILE
needs: ["validate","format"]
rules:
- changes:
- "dmz/terraform/*.tf"
apply-dmz-infrastructure:
stage: apply
variables:
ENVIRONMENT_NAME: dmz
allow_failure: false
extends: .tf-init
script:
- tofu apply -auto-approve $ARGUMENTS
rules:
- changes:
- "dmz/terraform/*.tf"
when: manual
needs: ["plan-dmz-infrastructure"]
destroy-dmz-infrastructure:
stage: destroy
variables:
ENVIRONMENT_NAME: dmz
allow_failure: false
extends: .tf-init
script:
- tofu destroy -auto-approve $ARGUMENTS
rules:
- changes:
- "dmz/terraform/*.tf"
when: manual
needs: ["plan-dmz-infrastructure"]

95
infra/.gitlab/.gitlab-ci.yml Normal file
View file

@ -0,0 +1,95 @@
stages:
- plan
- apply
- destroy
variables:
WORKDIR: $CI_PROJECT_DIR/infra/terraform
GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/infra
image:
name: registry.durp.info/opentofu/opentofu:latest
entrypoint: [""]
.tf-init:
before_script:
- cd $WORKDIR
- tofu init
-reconfigure
-backend-config="address=${GITLAB_TF_ADDRESS}"
-backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="username=gitlab-ci-token"
-backend-config="password=${CI_JOB_TOKEN}"
-backend-config="lock_method=POST"
-backend-config="unlock_method=DELETE"
-backend-config="retry_wait_min=5"
format:
stage: .pre
allow_failure: false
script:
- cd $WORKDIR
- tofu fmt -diff -check -write=false
rules:
- changes:
- "infra/terraform/*.tf"
validate:
stage: .pre
allow_failure: false
extends: .tf-init
script:
- tofu validate
rules:
- changes:
- "infra/terraform/*.tf"
plan-infrastructure:
stage: plan
variables:
PLAN: plan.tfplan
JSON_PLAN_FILE: tfplan.json
ENVIRONMENT_NAME: infra
allow_failure: false
extends: .tf-init
script:
- apk add --update curl jq
- alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
- tofu plan -out=$PLAN $ARGUMENTS
- tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE
artifacts:
reports:
terraform: $WORKDIR/$JSON_PLAN_FILE
needs: ["validate","format"]
rules:
- changes:
- "infra/terraform/*.tf"
apply-infrastructure:
stage: apply
variables:
ENVIRONMENT_NAME: infra
allow_failure: false
extends: .tf-init
script:
- tofu apply -auto-approve $ARGUMENTS
rules:
- changes:
- "infra/terraform/*.tf"
when: manual
needs: ["plan-infrastructure"]
destroy-infrastructure:
stage: destroy
variables:
ENVIRONMENT_NAME: infra
allow_failure: false
extends: .tf-init
script:
- tofu destroy -auto-approve $ARGUMENTS
rules:
- changes:
- "infra/terraform/*.tf"
when: manual
needs: ["plan-infrastructure"]

95
prd/.gitlab/.gitlab-ci.yml Normal file
View file

@ -0,0 +1,95 @@
stages:
- plan
- apply
- destroy
variables:
WORKDIR: $CI_PROJECT_DIR/prd/terraform
GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/prd
image:
name: registry.durp.info/opentofu/opentofu:latest
entrypoint: [""]
.tf-init:
before_script:
- cd $WORKDIR
- tofu init
-reconfigure
-backend-config="address=${GITLAB_TF_ADDRESS}"
-backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock"
-backend-config="username=gitlab-ci-token"
-backend-config="password=${CI_JOB_TOKEN}"
-backend-config="lock_method=POST"
-backend-config="unlock_method=DELETE"
-backend-config="retry_wait_min=5"
format:
stage: .pre
allow_failure: false
script:
- cd $WORKDIR
- tofu fmt -diff -check -write=false
rules:
- changes:
- "prd/terraform/*.tf"
validate:
stage: .pre
allow_failure: false
extends: .tf-init
script:
- tofu validate
rules:
- changes:
- "prd/terraform/*.tf"
plan-prd-infrastructure:
stage: plan
variables:
PLAN: plan.tfplan
JSON_PLAN_FILE: tfplan.json
ENVIRONMENT_NAME: prd
allow_failure: false
extends: .tf-init
script:
- apk add --update curl jq
- alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
- tofu plan -out=$PLAN $ARGUMENTS
- tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE
artifacts:
reports:
terraform: $WORKDIR/$JSON_PLAN_FILE
needs: ["validate","format"]
rules:
- changes:
- "prd/terraform/*.tf"
apply-prd-infrastructure:
stage: apply
variables:
ENVIRONMENT_NAME: prd
allow_failure: false
extends: .tf-init
script:
- tofu apply -auto-approve $ARGUMENTS
rules:
- changes:
- "prd/terraform/*.tf"
when: manual
needs: ["plan-prd-infrastructure"]
destroy-prd-infrastructure:
stage: destroy
variables:
ENVIRONMENT_NAME: prd
allow_failure: false
extends: .tf-init
script:
- tofu destroy -auto-approve $ARGUMENTS
rules:
- changes:
- "prd/terraform/*.tf"
when: manual
needs: ["plan-prd-infrastructure"]