variables: TEST_PROJECT_DIR: 'tests/iac' .gitlab-tofu-test-base: image: "$GITLAB_OPENTOFU_IMAGE_NAME" variables: TF_STATE_NAME: ci-unit-$CI_JOB_ID cache: key: "$OPENTOFU_VERSION-$CI_COMMIT_REF_SLUG" paths: - $TEST_PROJECT_DIR/.terraform/ before_script: - gitlab-tofu version - jq --version after_script: - curl --request DELETE -u "gitlab-ci-token:$CI_JOB_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$TF_STATE_NAME" .gitlab-tofu-test: extends: - .gitlab-tofu-test-base before_script: - !reference [.gitlab-tofu-test-base, before_script] - cd $TEST_PROJECT_DIR .test-gitlab-tofu-root: extends: - .gitlab-tofu-test-base variables: TF_ROOT: $TEST_PROJECT_DIR gitlab-tofu-init: extends: - .gitlab-tofu-test - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - gitlab-tofu init gitlab-tofu-init-with-args: extends: - .gitlab-tofu-test - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - gitlab-tofu init -get=true -no-color gitlab-tofu-init-with-flags: extends: - .gitlab-tofu-test - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - export TF_INIT_FLAGS="-get=true -no-color" - gitlab-tofu init gitlab-tofu-init-with-flags-and-args: extends: - .gitlab-tofu-test - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - export TF_INIT_FLAGS="-get=true" - gitlab-tofu init -no-color gitlab-tofu-init-tf-root: extends: - .test-gitlab-tofu-root - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - gitlab-tofu init gitlab-tofu-init-tf-root-with-cd: extends: - .test-gitlab-tofu-root - .opentofu-versions stage: test script: - cd $TEST_PROJECT_DIR - export DEBUG_OUTPUT=true - gitlab-tofu init gitlab-tofu-init-tf-root-with-args: extends: - .test-gitlab-tofu-root - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - gitlab-tofu init -get=true -no-color gitlab-tofu-init-tf-root-with-flags: extends: - .test-gitlab-tofu-root - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - export TF_INIT_FLAGS="-get=true -no-color" - gitlab-tofu init gitlab-tofu-init-tf-root-with-flags-and-args: extends: - .test-gitlab-tofu-root - .opentofu-versions stage: test script: - export DEBUG_OUTPUT=true - export TF_INIT_FLAGS="-get=true" - gitlab-tofu init -no-color gitlab-tofu-init-without-reconfigure: extends: - .test-gitlab-tofu-root - .opentofu-versions stage: test script: - gitlab-tofu init - | cat < $TF_ROOT/backend_override.tf terraform { backend "local" {} } EOF - export TF_INIT_NO_RECONFIGURE=true - FAILED=false - gitlab-tofu init -no-color >/tmp/output.txt 2>&1 || FAILED=true - cat /tmp/output.txt - test $FAILED = true - 'grep "Error: Backend configuration changed" /tmp/output.txt' gitlab-tofu-init-with-reconfigure: extends: - .test-gitlab-tofu-root - .opentofu-versions stage: test script: - gitlab-tofu init - | cat < $TF_ROOT/backend_override.tf terraform { backend "local" {} } EOF - gitlab-tofu init gitlab-tofu-init-with-prepared-registry-token: extends: - .gitlab-tofu-test stage: test variables: OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION script: - apk add --update $PKG - | cat <<'EOF' > test.sh set -x # NOTE: as part of the tst fixture, we need to overwrite the CI_SERVER_HOST, # so that this test also properly works on GitLab self-managed. export CI_SERVER_HOST=gitlab.example.com export TF_TOKEN_gitlab_example_com=mysecrettoken . $(which gitlab-tofu) terraform_authenticate_private_registry test "$TF_TOKEN_gitlab_example_com" = "mysecrettoken" EOF - $SHELL test.sh parallel: matrix: - SHELL: "bash" PKG: "bash" - SHELL: "zsh" PKG: "zsh" - SHELL: "ksh" PKG: "loksh" gitlab-tofu-init-without-prepared-registry-token: extends: - .gitlab-tofu-test stage: test variables: OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION script: - apk add --update $PKG - | cat <<'EOF' > test.sh set -x # NOTE: as part of the tst fixture, we need to overwrite the CI_SERVER_HOST, # so that this test also properly works on GitLab self-managed. export CI_SERVER_HOST=gitlab.example.com . $(which gitlab-tofu) terraform_authenticate_private_registry test -n "$TF_TOKEN_gitlab_example_com" EOF - $SHELL test.sh parallel: matrix: - SHELL: "bash" PKG: "bash" - SHELL: "zsh" PKG: "zsh" - SHELL: "ksh" PKG: "loksh" gitlab-tofu-fmt: extends: - .gitlab-tofu-test - .opentofu-versions stage: test script: - gitlab-tofu fmt gitlab-tofu-validate: extends: - .gitlab-tofu-test - .opentofu-versions stage: test script: - gitlab-tofu validate gitlab-tofu-plan: extends: - .gitlab-tofu-test - .opentofu-versions stage: test variables: TF_PLAN_CACHE: $OPENTOFU_VERSION-plan.cache script: - gitlab-tofu plan - if [[ ! -f "$OPENTOFU_VERSION-plan.cache" ]]; then echo "expected to find a plan.cache file"; exit 1; fi - gitlab-tofu plan-json - if [[ ! -f "plan.json" ]]; then echo "expected to find a plan.json file"; exit 1; fi artifacts: paths: - "$TEST_PROJECT_DIR/*-plan.cache" gitlab-tofu-apply: extends: - .gitlab-tofu-test - .opentofu-versions stage: test variables: TF_PLAN_CACHE: $OPENTOFU_VERSION-plan.cache before_script: - !reference [.gitlab-tofu-test, before_script] - gitlab-tofu plan script: - gitlab-tofu apply gitlab-tofu-destroy: extends: - .gitlab-tofu-test - .opentofu-versions stage: test before_script: - !reference [.gitlab-tofu-test, before_script] - gitlab-tofu plan - gitlab-tofu apply script: - gitlab-tofu destroy gitlab-tofu-source-script: extends: - .gitlab-tofu-test stage: test variables: OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION before_script: - !reference [.gitlab-tofu-test-base, before_script] - apk add --update $PKG script: - | cat <<'EOF' > test.sh set -x test -z "$TF_GITLAB_SOURCED" . $(which gitlab-tofu) test $TF_GITLAB_SOURCED EOF - | mkdir /usr/local/sbin cat <<'EOF' > /usr/local/sbin/terraform #/!usr/bin/env sh -e echo "Called Terraform, but shouldn't have!!" false EOF chmod +x /usr/local/sbin/terraform - $SHELL test.sh parallel: matrix: - SHELL: "bash" PKG: "bash" - SHELL: "zsh" PKG: "zsh" - SHELL: "ksh" PKG: "loksh" gitlab-tofu-without-implicit-init: extends: - .gitlab-tofu-test stage: test cache: variables: OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION STATE_NAME: $CI_JOB_NAME script: - export TF_IMPLICIT_INIT=false - FAILED=false - gitlab-tofu $CMD -no-color >/tmp/output.txt 2>&1 || FAILED=true - cat /tmp/output.txt - test $FAILED = true - 'grep "$ERROR" /tmp/output.txt' parallel: matrix: - CMD: apply ERROR: 'Error: Failed to load "plan.cache" as a plan' - CMD: destroy ERROR: 'Error: Backend initialization required, please run "tofu init"' - CMD: plan ERROR: 'Error: Backend initialization required, please run "tofu init"' - CMD: validate ERROR: 'This module is not yet installed. Run "tofu init" to install all modules' gitlab-tofu-no-wrapper: extends: - .gitlab-tofu-test stage: test cache: variables: OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION STATE_NAME: $CI_JOB_NAME script: # NOTE: running `gitlab-tofu apply` wouldn't fail # because of the implicit `terraform init`. - FAILED=false - gitlab-tofu -- apply -no-color >/tmp/output.txt 2>&1 || FAILED=true - cat /tmp/output.txt - test $FAILED = true - 'grep "Error: Backend initialization required, please run \"tofu init\"" /tmp/output.txt'