B0yc3y/.gitlab-ci.yml

## .gitlab-ci.yml
# NOTE: A REMOTE BACKEND IS NEEDED FOR TF CI/CD TO WORK

#This file is a template, and might need editing before it works on your project.
# Official image for Hashicorp's Terraform. It uses an image which is Alpine
# based as it is much lighter.
#
# Entrypoint is also needed as image by default set `terraform` binary as an
# entrypoint.
image:
  name: hashicorp/terraform:light
  entrypoint:
    - '/usr/bin/env'
    - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

# Default output file for Terraform plan
variables:
  PLAN: plan.tfplan

before_script:
  - mkdir credentials # Probably a better way to provide credentials, currently using Gitlab ci/cd variables
  - echo "$TF_SVC_ACCOUNT" > credentials/open-mss-poc-terraform.json
  - terraform --version
  - terraform init -var -force-copy .  ## Force copy is there to ensure your state is moved from local to remote.
stages:
  - validate
  - build
  - deploy
  - destroy

validate:
  tags:
    - consultancy
    - shared
  stage: validate
  script:
    - terraform validate

plan:
  tags:
    - consultancy
    - shared
  stage: build
  script:
    - terraform plan -out=$PLAN
  artifacts:
    name: plan
    paths:
      - $PLAN

apply:
  tags:
    - consultancy
    - shared
  stage: deploy
  environment:
    name: stage
  script:
    - terraform apply -input=false $PLAN
  dependencies:
    - plan
  only: # ensure we only deploy from master
    - master

destroy:
  tags:
    - consultancy
    - shared
  stage: destroy
  environment:
    name: stage
  script:
    - terraform destroy --auto-approve # tear everything down. (good for demo/poc envirionments)
  dependencies:
    - plan
  when: manual # Create a button to use manually in the gitlab UI
  only: # Only allow destroy if master
    - master
	# NOTE: A REMOTE BACKEND IS NEEDED FOR TF CI/CD TO WORK

	#This file is a template, and might need editing before it works on your project.
	# Official image for Hashicorp's Terraform. It uses an image which is Alpine
	# based as it is much lighter.
	#
	# Entrypoint is also needed as image by default set `terraform` binary as an
	# entrypoint.
	image:
	name: hashicorp/terraform:light
	entrypoint:
	- '/usr/bin/env'
	- 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

	# Default output file for Terraform plan
	variables:
	PLAN: plan.tfplan

	before_script:
	- mkdir credentials # Probably a better way to provide credentials, currently using Gitlab ci/cd variables
	- echo "$TF_SVC_ACCOUNT" > credentials/open-mss-poc-terraform.json
	- terraform --version
	- terraform init -var -force-copy . ## Force copy is there to ensure your state is moved from local to remote.
	stages:
	- validate
	- build
	- deploy
	- destroy

	validate:
	tags:
	- consultancy
	- shared
	stage: validate
	script:
	- terraform validate

	plan:
	tags:
	- consultancy
	- shared
	stage: build
	script:
	- terraform plan -out=$PLAN
	artifacts:
	name: plan
	paths:
	- $PLAN

	apply:
	tags:
	- consultancy
	- shared
	stage: deploy
	environment:
	name: stage
	script:
	- terraform apply -input=false $PLAN
	dependencies:
	- plan
	only: # ensure we only deploy from master
	- master

	destroy:
	tags:
	- consultancy
	- shared
	stage: destroy
	environment:
	name: stage
	script:
	- terraform destroy --auto-approve # tear everything down. (good for demo/poc envirionments)
	dependencies:
	- plan
	when: manual # Create a button to use manually in the gitlab UI
	only: # Only allow destroy if master
	- master