Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
spec:
inputs:
# Stages
stage_validate:
default: 'validate'
description: 'Defines the validate stage. This stage includes the `fmt` and `validate` jobs.'
stage_build:
default: 'build'
description: 'Defines the build stage. This stage includes the `plan` job.'
stage_cleanup:
default: 'cleanup'
description: 'Defines the cleanup stage. This stage includes the `destroy` and `delete-state` jobs.'
# Versions
# This version is only required, because we cannot access the context of the component,
# see https://gitlab.com/gitlab-org/gitlab/-/issues/438275
version:
default: 'latest'
description: 'Version of this component. Has to be the same as the one in the component include entry.'
opentofu_version:
default: '1.7.1'
options:
- '$OPENTOFU_VERSION'
- '1.7.1'
- '1.7.0'
- '1.7.0-alpha1'
- '1.6.2'
- '1.6.1'
- '1.6.0'
description: 'OpenTofu version that should be used.'
# Images
image_registry_base:
default: '$CI_REGISTRY/components/opentofu'
description: 'Host URI to the job images. Will be combined with `image_name` to construct the actual image URI.'
# FIXME: not yet possible because of https://gitlab.com/gitlab-org/gitlab/-/issues/438722
# gitlab_opentofu_image:
# # FIXME: This should reference the component tag that is used.
# # Currently, blocked by https://gitlab.com/gitlab-org/gitlab/-/issues/438275
# # default: '$CI_REGISTRY/components/opentofu/gitlab-opentofu:$[[ inputs.opentofu_version ]]'
# default: '$CI_REGISTRY/components/opentofu/gitlab-opentofu:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]'
# description: 'Tag of the gitlab-opentofu image.'
image_name:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
description: 'Root directory for the OpenTofu project.'
state_name:
default: default
description: 'Remote OpenTofu state name.'
plan_name:
default: 'destroy-plan'
description: 'Destroy plan file name.'
plan_artifacts_access:
default: 'none'
description: 'Access level for the plan artifact. See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.'
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
auto_destroy:
default: false
type: boolean
description: 'Whether the destroy job is manual or automatically run.'
---
include:
- local: '/templates/fmt.yml'
inputs:
as: 'fmt'
stage: $[[ inputs.stage_validate ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
- local: '/templates/validate.yml'
inputs:
as: 'validate'
stage: $[[ inputs.stage_validate ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/plan.yml'
inputs:
as: 'plan'
stage: $[[ inputs.stage_build ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
artifacts_access: $[[ inputs.plan_artifacts_access ]]
destroy: true
- local: '/templates/destroy.yml'
inputs:
as: 'destroy'
stage: $[[ inputs.stage_cleanup ]]
version: $[[ inputs.version ]]
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_destroy: $[[ inputs.auto_destroy ]]
- local: '/templates/delete-state.yml'
inputs:
as: 'delete-state'
stage: $[[ inputs.stage_cleanup ]]
state_name: $[[ inputs.state_name ]]
# NOTE: we have to define this `needs` here, because inputs don't support arrays, yet.
delete-state:
needs: [destroy]