Infix backports with latest

30e9d3b1 · Timo Furrer · a01917dd · 30e9d3b1 · 30e9d3b1 · 30e9d3b1
Unverified Commit 30e9d3b1 authored 1 year ago by Timo Furrer
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ docs:
 BACKPORTS_DIR := backports
 BACKPORTS_BASE_DIR := $(BACKPORTS_DIR)/OpenTofu
-BACKPORTS_BASE_FILE := $(BACKPORTS_BASE_DIR)/Base.gitlab-ci.yml
+BACKPORTS_BASE_FILE := $(BACKPORTS_BASE_DIR)/Base.latest.gitlab-ci.yml
 .PHONY: backports
@@ -28,7 +28,7 @@ BACKPORTS_BASE_FILE := $(BACKPORTS_BASE_DIR)/Base.gitlab-ci.yml
 backports:
 	@echo "Generating $(BACKPORTS_BASE_FILE) ..."
 	@mkdir -p $(BACKPORTS_BASE_DIR)
-	@cp $(BACKPORTS_DIR)/.Base.gitlab-ci.yml $(BACKPORTS_BASE_FILE)
+	@cp $(BACKPORTS_DIR)/.Base.latest.gitlab-ci.yml $(BACKPORTS_BASE_FILE)
 	@sed '1,/^---$$/d' templates/fmt.yml | sed -e 's/$$\[\[ inputs.as \]\]/.opentofu:fmt/' | sed -e 's/$$\[\[ inputs.stage \]\]/validate/' | sed -e 's/$$\[\[ inputs.allow_failure \]\]/true/' >> $(BACKPORTS_BASE_FILE)
 	@sed '1,/^---$$/d' templates/validate.yml | sed -e 's/$$\[\[ inputs.as \]\]/.opentofu:validate/' | sed -e 's/$$\[\[ inputs.stage \]\]/validate/' >> $(BACKPORTS_BASE_FILE)
 	@sed '1,/^---$$/d' templates/plan.yml | sed -e 's/$$\[\[ inputs.as \]\]/.opentofu:plan/' | sed -e 's/$$\[\[ inputs.stage \]\]/build/' >> $(BACKPORTS_BASE_FILE)

--- a/backports/.Base.gitlab-ci.yml
+++ b/backports/.Base.gitlab-ci.yml
--- a/backports/OpenTofu.gitlab-ci.yml
+++ b/backports/OpenTofu.gitlab-ci.yml
@@ -13,7 +13,7 @@
 # https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/OpenTofu.gitlab-ci.yml
 include:
-  - template: OpenTofu/Base.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/OpenTofu/Base.gitlab-ci.yml
+  - template: OpenTofu/Base.latest.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/OpenTofu/Base.latest.gitlab-ci.yml
 stages: [validate, build, deploy]

--- a/backports/OpenTofu/Base.latest.gitlab-ci.yml
+++ b/backports/OpenTofu/Base.latest.gitlab-ci.yml
+# This template is a port of the OpenTofu CI/CD component at
+# https://gitlab.com/components/opentofu
+# It is generated with the `make backports` command from that project.
+#
+# Please make sure to use the component when your project is hosted on GitLab.com
+# or when you are willing to mirror the component project into your self-managed
+# instance and use it from there.
+#
+# Attention: This template will be removed in favor of the OpenTofu CI/CD component as soon as components
+#            are available for self-managed instances.
+#
+# This specific template is located at:
+# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/OpenTofu/Base.gitlab-ci.yml
+variables:
+  # OpenTofu CI/CD component version, see https://gitlab.com/components/opentofu/-/releases
+  VERSION: "latest"
+  # Compatible OpenTofu version, see https://gitlab.com/components/opentofu/-/releases
+  OPENTOFU_VERSION: "1.6.0"
+  # Job Image with `gitlab-tofu`
+  GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE: $CI_REGISTRY/components/opentofu
+  # The relative path to the root directory of the OpenTofu project
+  TF_ROOT: ${CI_PROJECT_DIR}
+  # The name of the state file used by the GitLab Managed Terraform state backend
+  TF_STATE_NAME: default
+.opentofu:use-component-instead-of-template:
+  stage: validate
+  needs: []
+  allow_failure: true
+  rules:
+    - if: '$CI_SERVER_HOST == "gitlab.com"'
+  image: alpine:3.19
+  script:
+    - |
+      echo "You are using the OpenTofu CI/CD template on GitLab.com which is not recommended."
+      echo "This template is available for self-managed customers until CI/CD components are available to them and it will be removed asap."
+      echo " "
+      echo "We recommend that you migrate to the OpenTofu CI/CD component instead."
+      echo "The OpenTofu CI/CD component with a default configuration can be included as follows:"
+      echo " "
+      echo "include:"
+      echo "  - component: gitlab.com/components/opentofu/full-pipeline@~latest"
+      echo "    inputs:"
+      echo "      version: latest"
+      echo "      opentofu_version: 1.6.0"
+      echo ""
+      echo "stages: [validate, build, deploy, cleanup]"
+      echo " "
+      echo "You can read about more about the OpenTofu CI/CD component here:"
+      echo "https://gitlab.com/components/opentofu"
+    - 'false'
+'.opentofu:fmt':
+  stage: validate
+  needs: []
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
+      when: never
+    - if: $CI_COMMIT_BRANCH        # If there's no open merge request, add it to a *branch* pipeline instead.
+  #allow_failure: true
+  allow_failure: true
+  cache:
+    key: "$TF_ROOT"
+    paths:
+      - $TF_ROOT/.terraform/
+  variables:
+  image:
+    name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
+  script:
+    - gitlab-tofu fmt
+'.opentofu:validate':
+  stage: validate
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
+      when: never
+    - if: $CI_COMMIT_BRANCH        # If there's no open merge request, add it to a *branch* pipeline instead.
+  cache:
+    key: "$TF_ROOT"
+    paths:
+      - $TF_ROOT/.terraform/
+  variables:
+  image:
+    name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
+  script:
+    - gitlab-tofu validate
+'.opentofu:plan':
+  stage: build
+  environment: 
+    name: $TF_STATE_NAME
+    action: prepare
+  resource_group: $TF_STATE_NAME
+  artifacts:
+    # Terraform's cache files can include secrets which can be accidentally exposed.
+    # Please exercise caution when utilizing secrets in your Terraform infrastructure and
+    # consider limiting access to artifacts or take other security measures to protect sensitive information.
+    #
+    # The next line, which disables public access to pipeline artifacts, is not available on GitLab.com.
+    # See: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic
+    public: false
+    paths:
+      - $TF_ROOT/plan.cache
+    reports:
+      terraform: $TF_ROOT/plan.json
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
+      when: never
+    - if: $CI_COMMIT_BRANCH        # If there's no open merge request, add it to a *branch* pipeline instead.
+  cache:
+    key: "$TF_ROOT"
+    paths:
+      - $TF_ROOT/.terraform/
+  variables:
+  image:
+    name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
+  script:
+    - gitlab-tofu plan
+    - gitlab-tofu plan-json
+'.opentofu:apply':
+  stage: deploy
+  environment:
+    name: $TF_STATE_NAME
+    action: start
+  resource_group: $TF_STATE_NAME
+  rules:
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && "$_TF_AUTO_APPLY" == "true"'
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: manual
+  cache:
+    key: "$TF_ROOT"
+    paths:
+      - $TF_ROOT/.terraform/
+  variables:
+  image:
+    name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
+  script:
+    - gitlab-tofu apply
+'.opentofu:destroy':
+  stage: cleanup
+  environment:
+    name: $TF_STATE_NAME
+    action: stop
+  resource_group: $TF_STATE_NAME
+  rules:
+    - if: '"$TF_CREATE_DESTROY_JOB" != "true"'
+      when: never
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && "$_TF_AUTO_DESTROY" == "true"'
+    - when: manual
+  cache:
+    key: "$TF_ROOT"
+    paths:
+      - $TF_ROOT/.terraform/
+  variables:
+  image:
+    name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
+  script:
+    - gitlab-tofu destroy
+'.opentofu:delete-state':
+  stage: cleanup
+  resource_group: $TF_STATE_NAME
+  image: curlimages/curl:latest
+  script:
+    - curl --request DELETE -u "gitlab-ci-token:$CI_JOB_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$TF_STATE_NAME"
+  rules:
+    - if: '"$TF_CREATE_DELETE_STATE_JOB" != "true"'
+      when: never
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: manual