# Official image for Hashicorp's Terraform. It uses light image which is Alpine

1. # Official image for Hashicorp's Terraform. It uses light image which is Alpine
2. # based as it is much lighter.
3.  
4. # Entrypoint is also needed as image by default set `terraform` binary as an
5. # entrypoint.
6. image:
7. name: hashicorp/terraform:light
8. entrypoint:
9. - '/usr/bin/env'
10. - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
11.  
12. # Default output file for Terraform plan
13. variables:
14. GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
15. PLAN: plan.tfplan
16. PLAN_JSON: tfplan.json
17. TF_ROOT: ${CI_PROJECT_DIR}
18. GITLAB_TF_PASSWORD: ${CI_JOB_TOKEN}
19.  
20. cache:
21. paths:
22. - .terraform
23.  
24. before_script:
25. - apk --no-cache add jq
26. - alias convert_report="jq -r '([.resource_changes[]?.change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
27. - cd ${TF_ROOT}
28. - terraform --version
29. - echo ${GITLAB_TF_ADDRESS}
30. - terraform init -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=${MY_GITLAB_USERNAME}" -backend-config="password=${MY_GITLAB_ACCESS_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"
31. stages:
32. - validate
33. - build
34. - test
35. - deploy
36. - app_deploy
37.  
38. validate:
39. stage: validate
40. script:
41. - terraform validate
42.  
43. plan:
44. stage: build
45. script:
46. - terraform plan -out=$PLAN
47. - terraform show --json $PLAN | convert_report > $PLAN_JSON
48. artifacts:
49. name: plan
50. paths:
51. - ${TF_ROOT}/plan.tfplan
52. reports:
53. terraform: ${TF_ROOT}/tfplan.json
54.  
55. # Separate apply job for manual launching Terraform as it can be destructive
56. # action.
57. apply:
58. stage: deploy
59. environment:
60. name: production
61. script:
62. - terraform apply -input=false $PLAN
63. dependencies:
64. - plan
65. when: manual
66. only:
67. - master
68.  
69. build_backend:
70. stage: build
71. image:
72. name: gcr.io/kaniko-project/executor:debug
73. entrypoint: [""]
74. before_script:
75. - echo 1
76. script:
77. - echo "{\"auths\":{\"https://gitlab.amixr.io:4567\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_JOB_TOKEN\"}}}" > /kaniko/.docker/config.json
78. - /kaniko/executor --cache=true --context ./djangoapp --dockerfile ./djangoapp/Dockerfile --destination $CONTAINER_IMAGE:$CI_COMMIT_REF_NAME
79.  
80. # https://github.com/GoogleContainerTools/kaniko#pushing-to-google-gcr
81. build_djangoapp:
82. stage: build
83. image:
84. name: gcr.io/kaniko-project/executor:debug
85. entrypoint: [""]
86. before_script:
87. - echo 1
88. script:
89. - export GOOGLE_APPLICATION_CREDENTIALS=$TF_VAR_gcp_creds_file
90. - /kaniko/executor --cache=true --context ./djangoapp --dockerfile ./djangoapp/Dockerfile --destination gcr.io/{TF_VAR_gcp_project_name}/djangoapp:$CI_COMMIT_REF_NAME
91. when: manual
92. only:
93. - master
94. needs: []
95.  
96. app_deploy:
97. image: google/cloud-sdk
98. stage: app_deploy
99. before_script:
100. - echo 1
101. environment:
102. name: production
103. script:
104. - gcloud auth activate-service-account --key-file=${TF_VAR_gcp_creds_file}
105. - gcloud container clusters get-credentials my-cluster --region us-central1 --project ${TF_VAR_gcp_project_name}
106. - kubectl apply -f hello-kubernetes.yaml
107. when: manual
108. only:
109. - master
110. needs: []