Skip to content

Instantly share code, notes, and snippets.

@johann8384

johann8384/Jenkinsfile

Created April 27, 2021 22:43
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save johann8384/3e3bf47d4535546d180807c00fbb71a7 to your computer and use it in GitHub Desktop.
Save johann8384/3e3bf47d4535546d180807c00fbb71a7 to your computer and use it in GitHub Desktop.
Download ZIP
Puppet Jenkins
Raw
Jenkinsfile
stages{
stage('Linting') {
parallel {
stage('Chekov') {
steps {
script {
dir("${env.WORKSPACE}/terraform"){
sh "checkov --directory terraform/modules -o junitxml > $WORKSPACE/checkov.xml || true"
}
}
}
post {
always {
junit "checkov.xml"
}
}
}
stage('tfsec') {
steps {
script {
dir("${env.WORKSPACE}/terraform"){
sh "tfsec -f junit > $WORKSPACE/tfsec.xml || true"
}
}
}
post {
always {
junit "tfsec.xml"
}
}
}
stage('tf fmt') {
steps {
script {
dir("${env.WORKSPACE}/terraform"){
sh "terraform fmt -check -recursive"
}
}
}
}
}
}
stage('Terraform Init') {
steps {
withAWS(credentials:'terraform-executor') {
dir("${env.WORKSPACE}/terraform/platform"){
sh "terraform workspace show"
sh "terraform init -input=false"
}
}
}
}
stage('Planning') {
parallel {
stage('tflint') {
steps {
script {
dir("${env.WORKSPACE}/terraform/platform"){
sh "tflint -c /etc/tflint.hcl --module -f junit > $WORKSPACE/tflint.xml || true"
}
}
}
post {
always {
junit "tflint.xml"
}
}
}
stage('Terraform Plan') {
steps {
withAWS(credentials:'terraform-executor') {
dir("${env.WORKSPACE}/terraform/platform"){
sh "terraform plan -out=tfplan -input=false"
sh "$WORKSPACE/terraform/bin/plan-report.sh"
}
}
publishHTML (target : [allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'terraform-plan.html',
reportName: 'Terraform Plan Report',
reportTitles: 'Terraform Plan Report']
)
}
}
}
}
stage('Terraform Compliance') {
steps {
withAWS(credentials:'terraform-executor') {
dir("${env.WORKSPACE}/terraform/platform"){
sh "terraform-compliance --features ./features --planfile tfplan --junit-xml=$WORKSPACE/compliance.xml || true"
}
}
}
post {
always {
junit "compliance.xml"
}
}
}
stage('Terraform Apply') {
steps {
withAWS(credentials:'terraform-executor') {
dir("${env.WORKSPACE}/terraform/platform"){
input 'Apply Plan?'
sh "terraform apply -input=false tfplan"
}
}
}
}
stage('Terraform Output') {
steps {
withAWS(credentials:'terraform-executor') {
dir("${env.WORKSPACE}/terraform/platform"){
sh "terraform output --json > $WORKSPACE/terraform.json"
}
}
}
}
stage('AWSpec Tests') {
parallel {
stage('VPC') {
steps {
withAWS(credentials:'terraform-executor') {
dir("${env.WORKSPACE}/terraform/platform"){
sh "mkdir -p $WORKSPACE/terraform/modules/vpc/test/vpc/files && cp $WORKSPACE/terraform.json $WORKSPACE/terraform/modules/vpc/test/vpc/files/terraform.json"
sh "inspec exec $WORKSPACE/terraform/modules/vpc/test/vpc -t aws:// --reporter=junit:$WORKSPACE/inspec-vpc.xml"
}
}
}
post {
always {
junit "inspec-vpc.xml"
}
}
}
stage('AWS Account') {
steps {
withAWS(credentials:'terraform-executor') {
dir("${env.WORKSPACE}/terraform/platform"){
sh "mkdir -p $WORKSPACE/terraform/modules/aws_account/test/aws_account/files && cp $WORKSPACE/terraform.json $WORKSPACE/terraform/modules/aws_account/test/aws_account/files/terraform.json"
sh "inspec exec $WORKSPACE/terraform/modules/aws_account/test/aws_account -t aws:// --reporter=junit:$WORKSPACE/inspec-aws.xml"
}
}
}
post {
always {
junit "inspec-aws.xml"
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment