Skip to content
Snippets Groups Projects
Commit fa5e8eac authored by Matt Kasa's avatar Matt Kasa
Browse files

feat: add cdktf cli

- changes base image to `node:alpine`
- moves `TF_HTTP_*` exports to entrypoint

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/262100
parent 1716ab1f
No related branches found
No related tags found
No related merge requests found
...@@ -5,6 +5,7 @@ variables: ...@@ -5,6 +5,7 @@ variables:
RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/releases/$TERRAFORM_VERSION" RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/releases/$TERRAFORM_VERSION"
TF_ADDRESS: "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$CI_PIPELINE_IID-$STATE_NAME" TF_ADDRESS: "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$CI_PIPELINE_IID-$STATE_NAME"
TFPLANTOOL_VERSION: "v0.1.0" TFPLANTOOL_VERSION: "v0.1.0"
BASE: "node:alpine"
.versions: .versions:
parallel: parallel:
...@@ -46,7 +47,7 @@ build: ...@@ -46,7 +47,7 @@ build:
- .versions - .versions
stage: build stage: build
script: script:
- docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION . - docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$BASE --build-arg TERRAFORM_BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION .
- docker image push "$BUILD_IMAGE_NAME" - docker image push "$BUILD_IMAGE_NAME"
.test: .test:
...@@ -55,6 +56,7 @@ build: ...@@ -55,6 +56,7 @@ build:
- terraform version - terraform version
- gitlab-terraform version - gitlab-terraform version
- jq --version - jq --version
- cdktf --version
- cd tests - cd tests
cache: cache:
key: "$TERRAFORM_VERSION-$CI_COMMIT_REF_SLUG" key: "$TERRAFORM_VERSION-$CI_COMMIT_REF_SLUG"
......
ARG BASE ARG BASE
ARG TERRAFORM_BASE
FROM golang:1.14 AS tfplantool FROM golang:1.14 AS tfplantool
ARG BASE ARG BASE
ARG TERRAFORM_BASE
ARG TFPLANTOOL ARG TFPLANTOOL
WORKDIR /tfplantool WORKDIR /tfplantool
RUN git clone --branch $TFPLANTOOL --depth 1 https://gitlab.com/mattkasa/tfplantool.git . RUN git clone --branch $TFPLANTOOL --depth 1 https://gitlab.com/mattkasa/tfplantool.git .
RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$BASE" | sed -e "s/^.*://")/" go.mod RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$TERRAFORM_BASE" | sed -e "s/^.*://")/" go.mod
RUN go get -d -v ./... RUN go get -d -v ./...
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o tfplantool . RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o tfplantool .
FROM $TERRAFORM_BASE AS terraform
ARG BASE
FROM $BASE FROM $BASE
RUN apk add --no-cache jq RUN apk add --no-cache ca-certificates jq
COPY --from=terraform /bin/terraform /bin/terraform
COPY --from=tfplantool /tfplantool/tfplantool /usr/bin/tfplantool COPY --from=tfplantool /tfplantool/tfplantool /usr/bin/tfplantool
COPY src/bin/gitlab-terraform.sh /usr/bin/gitlab-terraform COPY src/bin/gitlab-terraform.sh /usr/bin/gitlab-terraform
RUN chmod +x /usr/bin/gitlab-terraform RUN chmod +x /usr/bin/gitlab-terraform
# Override ENTRYPOINT since hashicorp/terraform uses `terraform` RUN npm install -g cdktf-cli && npm cache clean --force
ENTRYPOINT []
COPY src/bin/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
#!/bin/sh -e
# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN
export TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}"
# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN
if [ -z "${TF_PASSWORD}" ]; then
export TF_USERNAME="gitlab-ci-token"
export TF_PASSWORD="${CI_JOB_TOKEN}"
fi
# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project
if [ -n "${TF_STATE_NAME}" ]; then
export TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}"
fi
# Set variables for the HTTP backend to default to TF_* values
export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}"
export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}"
export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}"
export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}"
export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}"
export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}"
export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}"
export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}"
exec "$@"
...@@ -21,30 +21,6 @@ JQ_PLAN=' ...@@ -21,30 +21,6 @@ JQ_PLAN='
} }
' '
# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN
TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}"
# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN
if [ -z "${TF_PASSWORD}" ]; then
TF_USERNAME="gitlab-ci-token"
TF_PASSWORD="${CI_JOB_TOKEN}"
fi
# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project
if [ -n "${TF_STATE_NAME}" ]; then
TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}"
fi
# Set variables for the HTTP backend to default to TF_* values
export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}"
export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}"
export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}"
export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}"
export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}"
export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}"
export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}"
export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}"
apply() { apply() {
if ! terraform_is_at_least 0.13.2; then if ! terraform_is_at_least 0.13.2; then
tfplantool -f "${plan_cache}" backend set -k password -v "${TF_PASSWORD}" tfplantool -f "${plan_cache}" backend set -k password -v "${TF_PASSWORD}"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment