Newer
Older
spec:
inputs:
# Stages
stage_validate:
default: 'validate'
description: 'Defines the validate stage. This stage includes the `fmt` and `validate` jobs.'
stage_build:
default: 'build'
description: 'Defines the build stage. This stage includes the `plan` job.'
stage_cleanup:
default: 'cleanup'
description: 'Defines the cleanup stage. This stage includes the `destroy` and `delete-state` jobs.'
# Versions
# This version is only required, because we cannot access the context of the component,
# see https://gitlab.com/gitlab-org/gitlab/-/issues/438275
version:
default: 'latest'
description: 'Version of this component. Has to be the same as the one in the component include entry.'
base_os:
default: 'alpine'
options:
- 'alpine'
- 'debian'
- '$GITLAB_OPENTOFU_BASE_IMAGE_OS'
description: 'Base OS of GitLab OpenTofu image.'
- '1.8.4'
- '1.8.3'
- '1.8.2'
- '1.8.1'
- '1.8.0'
- '1.7.3'
- '1.7.2'
- '1.7.1'
- '1.7.0'
- '1.7.0-alpha1'
- '1.6.2'
- '1.6.1'
- '1.6.0'
description: 'OpenTofu version that should be used.'
# Images
image_registry_base:
Thomas de Grenier de Latour
committed
default: '$CI_TEMPLATE_REGISTRY_HOST/components/opentofu'
description: 'Host URI to the job images. Will be combined with `image_name` to construct the actual image URI.'
# FIXME: not yet possible because of https://gitlab.com/gitlab-org/gitlab/-/issues/438722
# gitlab_opentofu_image:
# # FIXME: This should reference the component tag that is used.
# # Currently, blocked by https://gitlab.com/gitlab-org/gitlab/-/issues/438275
Thomas de Grenier de Latour
committed
# # default: '$CI_TEMPLATE_REGISTRY_HOST/components/opentofu/gitlab-opentofu:$[[ inputs.opentofu_version ]]'
# default: '$CI_TEMPLATE_REGISTRY_HOST/components/opentofu/gitlab-opentofu:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]'
# description: 'Tag of the gitlab-opentofu image.'
image_name:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
# FIXME: we cannot use regex yet because of a bug that rejects
# empty strings from ever being checked against the regex.
# see https://gitlab.com/gitlab-org/gitlab/-/issues/477707
# regex: '^(@sha256:[a-z0-9]{64})?$'
description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
job_name_prefix:
default: ''
description: 'Prefix for all job names. Jobs will be hidden if leading with a dot `.`.'
root_dir:
default: ${CI_PROJECT_DIR}
description: 'Root directory for the OpenTofu project.'
state_name:
default: default
description: 'Remote OpenTofu state name.'
plan_name:
default: 'destroy-plan'
description: 'Destroy plan file name.'
plan_artifacts_access:
default: 'none'
description: 'Access level for the plan artifact. See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.'
auto_destroy:
default: false
type: boolean
description: 'Whether the destroy job is manual or automatically run.'
var_file:
default: ''
type: string
description: 'Path to a variables files relative to root_dir.'
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
fmt_rules:
default:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
when: never
- if: $CI_COMMIT_BRANCH # If there's no open merge request, add it to a *branch* pipeline instead.
type: array
description: 'Defines the `rules` of the `fmt` job.'
validate_rules:
default:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
when: never
- if: $CI_COMMIT_BRANCH # If there's no open merge request, add it to a *branch* pipeline instead.
type: array
description: 'Defines the `rules` of the `validate` job.'
plan_rules:
default:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
when: never
- if: $CI_COMMIT_BRANCH # If there's no open merge request, add it to a *branch* pipeline instead.
type: array
description: 'Defines the `rules` of the `plan` job.'
destroy_rules:
default:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && "$[[ inputs.auto_destroy ]]" == "true"'
- when: manual
type: array
description: 'Defines the `rules` of the `destroy` job.'
delete_state_rules:
default:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: manual
type: array
description: 'Defines the `rules` of the `delete-state` job.'
---
include:
- local: '/templates/fmt.yml'
inputs:
as: '$[[ inputs.job_name_prefix ]]fmt'
stage: $[[ inputs.stage_validate ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
rules: $[[ inputs.fmt_rules ]]
- local: '/templates/validate.yml'
inputs:
as: '$[[ inputs.job_name_prefix ]]validate'
stage: $[[ inputs.stage_validate ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
rules: $[[ inputs.validate_rules ]]
- local: '/templates/plan.yml'
inputs:
as: '$[[ inputs.job_name_prefix ]]plan'
stage: $[[ inputs.stage_build ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
artifacts_access: $[[ inputs.plan_artifacts_access ]]
rules: $[[ inputs.plan_rules ]]
- local: '/templates/destroy.yml'
inputs:
as: '$[[ inputs.job_name_prefix ]]destroy'
stage: $[[ inputs.stage_cleanup ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_destroy: $[[ inputs.auto_destroy ]]
rules: $[[ inputs.destroy_rules ]]
- local: '/templates/delete-state.yml'
inputs:
as: '$[[ inputs.job_name_prefix ]]delete-state'
stage: $[[ inputs.stage_cleanup ]]
state_name: $[[ inputs.state_name ]]
rules: $[[ inputs.delete_state_rules ]]
# FIXME: eventually, we'll have a `needs` input on the `delete-state`
# job template, but the issue is that we cannot default it to something
# meaningful other than `null` - but `null` is also not yet supported, see
# https://gitlab.com/gitlab-org/gitlab/-/issues/440468
$[[ inputs.job_name_prefix ]]delete-state:
needs: ['$[[ inputs.job_name_prefix ]]destroy']