diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 304b8696acdc70b4b973441552b1b4ca8ecacb8a..731ed2ac33301487da14857e09220ef8894278e5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,6 @@ workflow:
include:
- local: .gitlab/terraform-test.gitlab-ci.yml
- - local: .gitlab/tofu-test.gitlab-ci.yml
- project: "gitlab-org/quality/pipeline-common"
file:
- "/ci/danger-review.yml"
@@ -15,13 +14,11 @@ include:
variables:
BASE_IMAGE: "alpine:3.18.4"
TERRAFORM_IMAGE_NAME: "$CI_REGISTRY_IMAGE/branches/$CI_COMMIT_REF_SLUG-$TERRAFORM_VERSION:$CI_COMMIT_SHA"
- TOFU_IMAGE_NAME: "$CI_REGISTRY_IMAGE/branches/$CI_COMMIT_REF_SLUG-$TOFU_VERSION:$CI_COMMIT_SHA"
DOCKER_DIND_IMAGE: "docker:24.0.7-dind"
NODE_IMAGE: "node:lts-slim"
PLATFORMS: linux/amd64,linux/arm64
STABLE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/stable:latest"
STABLE_VERSION: "1.5"
- STABLE_TOFU_VERSION: "1.6"
TF_STATE_NAME: ci-$CI_JOB_ID
.terraform-versions:
@@ -38,13 +35,6 @@ variables:
- TERRAFORM_BINARY_VERSION: "1.1.9"
TERRAFORM_VERSION: "1.1"
-.tofu-versions:
- parallel:
- matrix:
- # latest version from https://pkgs.alpinelinux.org/packages?name=opentofu
- - TOFU_BINARY_VERSION: "1.6.0-r0"
- TOFU_VERSION: "1.6"
-
stages:
- lint
- build
@@ -95,7 +85,6 @@ dockerfile check:
parallel:
matrix:
- FILE: Dockerfile.terraform
- - FILE: Dockerfile.tofu
before_script:
- hadolint --version
@@ -135,34 +124,6 @@ build terraform:
--push
.
-build tofu:
- extends: .tofu-versions
- stage: build
- services:
- - "$DOCKER_DIND_IMAGE"
- image: "$DOCKER_DIND_IMAGE"
- before_script:
- # See note on the `build terraform` job about this image
- - docker run --rm --privileged tonistiigi/binfmt
- # Registry auth
- - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- script:
- - docker buildx create --use
- # NOTE: we disable provenance for now
- # because it causes troubles with the registry and older clients.
- # See
- # - https://gitlab.com/gitlab-org/terraform-images/-/issues/104
- # - https://gitlab.com/gitlab-org/terraform-images/-/merge_requests/184#note_1328485943
- - docker buildx build
- --platform "$PLATFORMS"
- --build-arg BASE_IMAGE=$BASE_IMAGE
- --build-arg TOFU_BINARY_VERSION=$TOFU_BINARY_VERSION
- --file Dockerfile.tofu
- --tag "$TOFU_IMAGE_NAME"
- --provenance=false
- --push
- .
-
upload:
stage: upload-test-module
script:
@@ -193,24 +154,6 @@ release-terraform:
rules:
- if: $CI_COMMIT_TAG
-release-tofu:
- extends: .tofu-versions
- stage: release
- image:
- name: gcr.io/go-containerregistry/crane:debug
- entrypoint: [""]
- variables:
- RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/releases-tofu/$TOFU_VERSION"
- script:
- # https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane_copy.md
- - crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- - crane copy "$TOFU_IMAGE_NAME" "$RELEASE_IMAGE_NAME:latest"
- - crane copy "$TOFU_IMAGE_NAME" "$CI_REGISTRY_IMAGE/releases-tofu:$TOFU_BINARY_VERSION"
- - crane copy "$TOFU_IMAGE_NAME" "$RELEASE_IMAGE_NAME:$CI_COMMIT_TAG"
- # Removed the "stable" release for now, since tofu is still in beta itself
- rules:
- - if: $CI_COMMIT_TAG
-
.semantic-release:
image: "$NODE_IMAGE"
stage: prepare-release
diff --git a/.gitlab/tofu-test.gitlab-ci.yml b/.gitlab/tofu-test.gitlab-ci.yml
deleted file mode 100644
index 3e9b2ae17b6c2887d678fa0dd2617e13c2d76909..0000000000000000000000000000000000000000
--- a/.gitlab/tofu-test.gitlab-ci.yml
+++ /dev/null
@@ -1,343 +0,0 @@
-.tofu-test-base:
- image: "$TOFU_IMAGE_NAME"
- before_script:
- - gitlab-terraform version
- - jq --version
- cache:
- key: "$TOFU_VERSION-$CI_COMMIT_REF_SLUG"
- paths:
- - tests/.terraform/
-
-.tofu-test:
- extends:
- - .tofu-test-base
- before_script:
- - !reference [.tofu-test-base, before_script]
- - cd tests
-
-.test-tofu-root:
- extends:
- - .tofu-test-base
- variables:
- TF_ROOT: tests
-
-tofu-test-init:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - gitlab-terraform init
-
-tofu-test-init-with-args:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - gitlab-terraform init -get=true -no-color
-
-tofu-test-init-with-flags:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - export TF_INIT_FLAGS="-get=true -no-color"
- - gitlab-terraform init
-
-tofu-test-init-with-flags-and-args:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - export TF_INIT_FLAGS="-get=true"
- - gitlab-terraform init -no-color
-
-tofu-test-init-tf-root:
- extends:
- - .test-tofu-root
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - gitlab-terraform init
-
-tofu-test-init-tf-root-with-cd:
- extends:
- - .test-tofu-root
- - .tofu-versions
- stage: test-init
- script:
- - cd tests
- - export DEBUG_OUTPUT=true
- - gitlab-terraform init
-
-tofu-test-init-tf-root-with-args:
- extends:
- - .test-tofu-root
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - gitlab-terraform init -get=true -no-color
-
-tofu-test-init-tf-root-with-flags:
- extends:
- - .test-tofu-root
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - export TF_INIT_FLAGS="-get=true -no-color"
- - gitlab-terraform init
-
-tofu-test-init-tf-root-with-flags-and-args:
- extends:
- - .test-tofu-root
- - .tofu-versions
- stage: test-init
- script:
- - export DEBUG_OUTPUT=true
- - export TF_INIT_FLAGS="-get=true"
- - gitlab-terraform init -no-color
-
-tofu-test-init-without-reconfigure:
- extends:
- - .test-tofu-root
- - .tofu-versions
- stage: test-init
- script:
- - gitlab-terraform init
- - |
- cat <<EOF > $TF_ROOT/backend_override.tf
- terraform {
- backend "local" {}
- }
- EOF
- - export TF_INIT_NO_RECONFIGURE=true
- - FAILED=false
- - gitlab-terraform init -no-color >/tmp/output.txt 2>&1 || FAILED=true
- - cat /tmp/output.txt
- - test $FAILED = true
- - 'cat /tmp/output.txt | grep "Error: Backend configuration changed"'
-
-tofu-test-init-with-reconfigure:
- extends:
- - .test-tofu-root
- - .tofu-versions
- stage: test-init
- script:
- - gitlab-terraform init
- - |
- cat <<EOF > $TF_ROOT/backend_override.tf
- terraform {
- backend "local" {}
- }
- EOF
- - gitlab-terraform init
-
-tofu-test-init-with-prepared-registry-token:
- extends:
- - .tofu-test
- stage: test-init
- variables:
- TOFU_VERSION: $STABLE_TOFU_VERSION
- script:
- - apk add --update $PKG
- - |
- cat <<'EOF' > test.sh
- set -x
- export TF_TOKEN_gitlab_com=mysecrettoken
- . $(which gitlab-terraform)
- terraform_authenticate_private_registry
- test "$TF_TOKEN_gitlab_com" = "mysecrettoken"
- EOF
- - $SHELL test.sh
- parallel:
- matrix:
- - SHELL: "bash"
- PKG: "bash"
- - SHELL: "zsh"
- PKG: "zsh"
- - SHELL: "ksh"
- PKG: "loksh"
-
-tofu-test-init-without-prepared-registry-token:
- extends:
- - .tofu-test
- stage: test-init
- variables:
- TOFU_VERSION: $STABLE_TOFU_VERSION
- script:
- - apk add --update $PKG
- - |
- cat <<'EOF' > test.sh
- set -x
- . $(which gitlab-terraform)
- terraform_authenticate_private_registry
- test -n "$TF_TOKEN_gitlab_com"
- EOF
- - $SHELL test.sh
- parallel:
- matrix:
- - SHELL: "bash"
- PKG: "bash"
- - SHELL: "zsh"
- PKG: "zsh"
- - SHELL: "ksh"
- PKG: "loksh"
-
-tofu-test-fmt:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-fmt
- script:
- - gitlab-terraform fmt
-
-tofu-test-validate:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-validate
- script:
- - gitlab-terraform validate
-
-tofu-test-plan:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-plan
- variables:
- TF_PLAN_CACHE: $TOFU_VERSION-plan.cache
- script:
- - gitlab-terraform plan
- - if [[ ! -f "$TOFU_VERSION-plan.cache" ]]; then echo "expected to find a plan.cache file"; exit 1; fi
- - gitlab-terraform plan-json
- - if [[ ! -f "plan.json" ]]; then echo "expected to find a plan.json file"; exit 1; fi
- artifacts:
- paths:
- - "tests/*-plan.cache"
-
-tofu-test-apply:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-apply
- variables:
- TF_PLAN_CACHE: $TOFU_VERSION-plan.cache
- script:
- - gitlab-terraform apply
-
-tofu-test-destroy:
- extends:
- - .tofu-test
- - .tofu-versions
- stage: test-destroy
- script:
- - gitlab-terraform destroy
-
-tofu-test-source-script:
- extends:
- - .tofu-test
- stage: test-misc
- needs: [build tofu]
- variables:
- TOFU_VERSION: $STABLE_TOFU_VERSION
- before_script:
- - !reference [.tofu-test-base, before_script]
- - apk add --update $PKG
- script:
- - |
- cat <<'EOF' > test.sh
- set -x
- test -z "$TF_GITLAB_SOURCED"
- . $(which gitlab-terraform)
- test $TF_GITLAB_SOURCED
- EOF
- - |
- mkdir /usr/local/sbin
- cat <<'EOF' > /usr/local/sbin/terraform
- #/!usr/bin/env sh -e
- echo "Called Terraform, but shouldn't have!!"
- false
- EOF
- chmod +x /usr/local/sbin/terraform
- - $SHELL test.sh
- parallel:
- matrix:
- - SHELL: "bash"
- PKG: "bash"
- - SHELL: "zsh"
- PKG: "zsh"
- - SHELL: "ksh"
- PKG: "loksh"
-
-tofu-test-without-implicit-init:
- extends:
- - .tofu-test
- stage: test-misc
- needs: [build tofu]
- cache:
- variables:
- TOFU_VERSION: $STABLE_TOFU_VERSION
- STATE_NAME: $CI_JOB_NAME
- script:
- - export TF_IMPLICIT_INIT=false
- - FAILED=false
- - gitlab-terraform $CMD -no-color >/tmp/output.txt 2>&1 || FAILED=true
- - cat /tmp/output.txt
- - test $FAILED = true
- - 'cat /tmp/output.txt | grep "$ERROR"'
- parallel:
- matrix:
- - CMD: apply
- ERROR: 'Error: Failed to load "plan.cache" as a plan'
- - CMD: destroy
- ERROR: 'Error: Backend initialization required, please run "tofu init"'
- - CMD: plan
- ERROR: 'Error: Backend initialization required, please run "tofu init"'
- - CMD: validate
- ERROR: 'Run "tofu init" to install all modules'
-
-tofu-test-no-wrapper:
- extends:
- - .tofu-test
- stage: test-misc
- needs: [build tofu]
- cache:
- variables:
- TOFU_VERSION: $STABLE_TOFU_VERSION
- STATE_NAME: $CI_JOB_NAME
- script:
- # NOTE: running `gitlab-terraform apply` wouldn't fail
- # because of the implicit `terraform init`.
- - FAILED=false
- - gitlab-terraform -- apply -no-color >/tmp/output.txt 2>&1 || FAILED=true
- - cat /tmp/output.txt
- - test $FAILED = true
- - 'cat /tmp/output.txt | grep "Error: Backend initialization required, please run \"tofu init\""'
-
-tofu-integration-test-template:
- stage: test-integration
- variables:
- IMAGE: $TOFU_IMAGE_NAME
- # Hard-coded for now since there's no tofu stable version yet
- TOFU_VERSION: "1.6"
- TF_STATE_NAME: ci-tofu-integration-test-template-$CI_PIPELINE_IID-$CI_NODE_INDEX
- TF_ROOT: tests
- trigger:
- include: .gitlab/integration-test/Test-$TEMPLATE
- strategy: depend
- rules:
- - if: '$CI_PROJECT_PATH == "gitlab-org/terraform-images"'
- - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"'
- parallel:
- matrix:
- - TEMPLATE: [Terraform.gitlab-ci.yml, Terraform.latest.gitlab-ci.yml]
diff --git a/Dockerfile.tofu b/Dockerfile.tofu
deleted file mode 100644
index ae7943cdba348fe0293d030b43f7f880c2a98175..0000000000000000000000000000000000000000
--- a/Dockerfile.tofu
+++ /dev/null
@@ -1,28 +0,0 @@
-ARG BASE_IMAGE
-
-FROM $BASE_IMAGE
-
-ARG TOFU_BINARY_VERSION
-
-RUN apk add --no-cache \
- curl \
- gcompat \
- git \
- idn2-utils \
- jq \
- openssh
-
-
-# Install tofu from the alpine registry and symlink to terraform (for the utility script)
-RUN apk add --no-cache opentofu=$TOFU_BINARY_VERSION --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing/ && \
- ln -s "$(which tofu)" /usr/local/bin/terraform && \
- terraform --version && \
- tofu --version
-
-WORKDIR /
-
-COPY src/bin/gitlab-terraform.sh /usr/bin/gitlab-terraform
-RUN chmod +x /usr/bin/gitlab-terraform
-
-# Override ENTRYPOINT
-ENTRYPOINT []
diff --git a/README.md b/README.md
index b3f2423656e3d6f95029923bf94ad24079dbdf35..e8a61637f1dcc9ce14ec2249bbb6e92cebfd1420 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,15 @@
# Terraform Images
-> 🚨 This repository won't upgrade to any new Terraform releases with the BSL license for now.
+> 🚨 This repository won't upgrade to any new Terraform releases with the BSL license.
> Please follow [this issue](https://gitlab.com/gitlab-org/terraform-images/-/issues/114) for updates.
>
> We'd like to advise you to use the new [**OpenTofu CI/CD component**](https://gitlab.com/components/opentofu).
>
> Alternatively, you may build this project with the latest Terraform release yourself and
> host it in your own registry.
+>
+> The OpenTofu support in this repository has been removed in favor of the
+> aforementioned new [OpenTofu CI/CD component](https://gitlab.com/components/opentofu).
This repository provides a docker image which contains the `gitlab-terraform` shell script. This script is a thin wrapper around the `terraform` binary. Its main purpose is to serve the [Infrastructure as code with Terraform and GitLab
diff --git a/src/bin/gitlab-terraform.sh b/src/bin/gitlab-terraform.sh
index 380e561f1131f2d05196da29728489d63fcb397d..b00820b1a403641002f3e18f0142ebd84c3d894d 100755
--- a/src/bin/gitlab-terraform.sh
+++ b/src/bin/gitlab-terraform.sh
@@ -11,14 +11,6 @@ terraform_is_at_least() {
return $?
}
-# Check if the script is using OpenTofu or Terraform, returns 0
-# if tofu is present, 1 if it's not
-using_open_tofu() {
- # If tofu is on the path, we're using tofu, not terraform.
- [ "$(which tofu)" ]
- return $?
-}
-
# Evaluate if this script is being sourced or executed directly.
# See https://stackoverflow.com/a/28776166
sourced=0
@@ -112,8 +104,8 @@ fi
terraform_authenticate_private_registry() {
- if terraform_is_at_least 1.2.0 || using_open_tofu ; then
- # From Terraform 1.2.0 and later (or all versions of OpenTofu), we can use TF_TOKEN_your_domain_name to authenticate to registry.
+ if terraform_is_at_least 1.2.0; then
+ # From Terraform 1.2.0 and later, we can use TF_TOKEN_your_domain_name to authenticate to registry.
# The credential environment variable has the following requirements:
# - Domain names containing non-ASCII characters are converted to their punycode equivalent with an ACE prefix
# - Periods are encoded as underscores