Newer
Older
- local: tests/unit.gitlab-ci.yml
- local: tests/integration.gitlab-ci.yml
stages:
- build
parallel:
matrix:
- OPENTOFU_VERSION: '1.6.0-rc1'
variables:
# OpenTofu image build variables:
DOCKER_DIND_IMAGE: "docker:24.0.7-dind"
PLATFORMS: linux/amd64,linux/arm64
BASE_IMAGE: "alpine:3.18.4"
GITLAB_OPENTOFU_IMAGE_NAME: "$CI_REGISTRY_IMAGE/internal/gitlab-opentofu-$OPENTOFU_VERSION:$CI_COMMIT_SHA"
stage: build
services:
- "$DOCKER_DIND_IMAGE"
image: "$DOCKER_DIND_IMAGE"
before_script:
# See note on the `build terraform` job about this image
- docker run --rm --privileged tonistiigi/binfmt
# Registry auth
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
script:
- docker buildx create --use
# NOTE: we disable provenance for now
# because it causes troubles with the registry and older clients.
# See
# - https://gitlab.com/gitlab-org/terraform-images/-/issues/104
# - https://gitlab.com/gitlab-org/terraform-images/-/merge_requests/184#note_1328485943
- docker buildx build
--platform "$PLATFORMS"
--build-arg BASE_IMAGE=$BASE_IMAGE
--build-arg OPENTOFU_VERSION=$OPENTOFU_VERSION
--file Dockerfile
--tag "$GITLAB_OPENTOFU_IMAGE_NAME"
--provenance=false
--push
.
gitlab-opentofu-image:deploy:
extends: .opentofu-versions
stage: deploy
image:
name: gcr.io/go-containerregistry/crane:debug
entrypoint: [""]
variables:
RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/gitlab-opentofu"
# OCI image tags are not compatible with semver, specifically the build metadata part
# indicated with a `+` sign, see https://github.com/distribution/distribution/issues/1201
# We use a dash `-` here, instead of the `+`.
# This may be problematic, because it indicates a semver prerelease.
RELEASE_SEMVER: "${CI_COMMIT_TAG}-opentofu${OPENTOFU_VERSION}"
before_script:
- crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
script:
- crane copy "$GITLAB_OPENTOFU_IMAGE_NAME" "$RELEASE_IMAGE_NAME:$RELEASE_SEMVER"
rules:
- if: $CI_COMMIT_TAG
gitlab-opentofu-image:latest:deploy:
stage: deploy
image:
name: gcr.io/go-containerregistry/crane:debug
entrypoint: [""]
variables:
OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION
RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/gitlab-opentofu"
before_script:
- crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
script:
- crane copy "$GITLAB_OPENTOFU_IMAGE_NAME" "$RELEASE_IMAGE_NAME:$RELEASE_SEMVER"
- crane copy "$GITLAB_OPENTOFU_IMAGE_NAME" "$RELEASE_IMAGE_NAME:$CI_COMMIT_TAG"
- crane copy "$GITLAB_OPENTOFU_IMAGE_NAME" "$RELEASE_IMAGE_NAME:latest"
rules:
- if: $CI_COMMIT_TAG
# If the pipeline is for a new tag with a semantic version, and all previous jobs succeed,
# create the release.
create-release:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules:
- if: $CI_COMMIT_TAG =~ /\d+/
script: echo "Creating release $CI_COMMIT_TAG"
release:
tag_name: $CI_COMMIT_TAG
description: "Release $CI_COMMIT_TAG of components repository $CI_PROJECT_PATH"
old-states:
image: alpine:latest
stage: cleanup
variables:
REMOVE_STATES_UNTIL: 1 week ago
GITLAB_TOKEN: $GITLAB_STATE_CLEANER_TOKEN
before_script:
- apk add --update coreutils curl jq
- export FETCH_OLDER_THAN=$(date '+%Y-%m-%dT%H:%M:%SZ' -d "${REMOVE_STATES_UNTIL}")
script:
- echo "Going to remove Terraform States older than '$FETCH_OLDER_THAN'"
- ./.gitlab/scripts/fetch-states.sh | sed -n '1d;p' | ./.gitlab/scripts/remove-states.sh
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $STATE_CLEANER == "true"'