diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0d762ad8421d511e99523d0f071e3622244b80a1..24ba11c3392434378e62b4599f211061a577b3cd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,6 +5,7 @@ variables: RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/releases/$TERRAFORM_VERSION" TF_ADDRESS: "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$CI_PIPELINE_IID-$STATE_NAME" TFPLANTOOL_VERSION: "v0.1.0" + BASE: "node:alpine" .versions: parallel: @@ -46,7 +47,7 @@ build: - .versions stage: build script: - - docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION . + - docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$BASE --build-arg TERRAFORM_BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION . - docker image push "$BUILD_IMAGE_NAME" .test: @@ -55,6 +56,7 @@ build: - terraform version - gitlab-terraform version - jq --version + - cdktf --version - cd tests cache: key: "$TERRAFORM_VERSION-$CI_COMMIT_REF_SLUG" diff --git a/Dockerfile b/Dockerfile index b45e5ba974d8b316639cacb05025c77ea8547e4a..6135381c96c6924b2ca9fb34b7acb3851089a834 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,25 +1,36 @@ ARG BASE +ARG TERRAFORM_BASE FROM golang:1.14 AS tfplantool ARG BASE +ARG TERRAFORM_BASE ARG TFPLANTOOL WORKDIR /tfplantool RUN git clone --branch $TFPLANTOOL --depth 1 https://gitlab.com/mattkasa/tfplantool.git . -RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$BASE" | sed -e "s/^.*://")/" go.mod +RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$TERRAFORM_BASE" | sed -e "s/^.*://")/" go.mod RUN go get -d -v ./... RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o tfplantool . +FROM $TERRAFORM_BASE AS terraform + +ARG BASE + FROM $BASE -RUN apk add --no-cache jq +RUN apk add --no-cache ca-certificates jq +COPY --from=terraform /bin/terraform /bin/terraform COPY --from=tfplantool /tfplantool/tfplantool /usr/bin/tfplantool COPY src/bin/gitlab-terraform.sh /usr/bin/gitlab-terraform RUN chmod +x /usr/bin/gitlab-terraform -# Override ENTRYPOINT since hashicorp/terraform uses `terraform` -ENTRYPOINT [] +RUN npm install -g cdktf-cli && npm cache clean --force + +COPY src/bin/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/bin/entrypoint.sh b/src/bin/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..2ab89001da4a91327b6c8bfc54a75b11435cfcd5 --- /dev/null +++ b/src/bin/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/sh -e + +# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN +export TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}" + +# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN +if [ -z "${TF_PASSWORD}" ]; then + export TF_USERNAME="gitlab-ci-token" + export TF_PASSWORD="${CI_JOB_TOKEN}" +fi + +# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project +if [ -n "${TF_STATE_NAME}" ]; then + export TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}" +fi + +# Set variables for the HTTP backend to default to TF_* values +export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}" +export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}" +export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}" +export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}" +export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}" +export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}" +export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}" +export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}" + +exec "$@" diff --git a/src/bin/gitlab-terraform.sh b/src/bin/gitlab-terraform.sh index c637ec0cf5e2a2568dc0e0401e96016b1b4cbcb3..4cdba2273e97aab8944f76b5475cec5f6eecaf71 100755 --- a/src/bin/gitlab-terraform.sh +++ b/src/bin/gitlab-terraform.sh @@ -21,30 +21,6 @@ JQ_PLAN=' } ' -# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN -TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}" - -# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN -if [ -z "${TF_PASSWORD}" ]; then - TF_USERNAME="gitlab-ci-token" - TF_PASSWORD="${CI_JOB_TOKEN}" -fi - -# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project -if [ -n "${TF_STATE_NAME}" ]; then - TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}" -fi - -# Set variables for the HTTP backend to default to TF_* values -export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}" -export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}" -export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}" -export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}" -export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}" -export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}" -export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}" -export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}" - apply() { if ! terraform_is_at_least 0.13.2; then tfplantool -f "${plan_cache}" backend set -k password -v "${TF_PASSWORD}"