ben/cluster-state
1
0
Fork 0
Code Issues 1 Pull requests Activity Actions

chore(cicd): complete refactor of CICD
Some checks failed
Terraform CI/CD / Terraform Format, Validate, Lint, Scan (push) Failing after 5m27s
Details
Terraform CI/CD / Terraform Plan (push) Has been skipped
Details
Terraform CI/CD / Terraform Apply (push) Has been skipped
Details

Browse source 
- add tfsec and tflint
This commit is contained in:
Ben Martin 2025-04-20 10:11:26 +00:00
parent 985fb831e6
commit c9cbfc7979
Signed by: ben
GPG key ID: 859A655FCD290E4A
3 changed files with 132 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

132
.gitea/workflows/cicd.yaml Normal file
View file

@ -0,0 +1,132 @@
name: Terraform CI/CD
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
NOMAD_ADDR: "${{ vars.NOMAD_ADDR }}"
NOMAD_TOKEN: "${{ secrets.NOMAD_TOKEN }}"
PG_CONN_STR: "${{ secrets.PG_CONN_STR }}"
TF_CLI_ARGS: "-no-color"
TF_IN_AUTOMATION: true
TF_PLUGIN_CACHE_DIR: ${{ gitea.workspace }}/.terraform.d/plugin-cache
jobs:
terraform-ci:
name: Terraform Format, Validate, Lint, Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Setup Nomad
uses: hashicorp/setup-nomad@main
- name: Terraform Format Check
run: terraform fmt -check -recursive
- name: Nomad fmt
run: nomad fmt -recursive -check
- name: Create Terraform Plugin Cache Dir
run: mkdir -v -p $TF_PLUGIN_CACHE_DIR
- name: Cache Terraform Plugin Dir
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-plugins-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-plugins-
- name: Cache TFLint Dir
uses: actions/cache@v4
with:
path: ~/.tflint.d/plugins
key: ${{ runner.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
restore-keys: |
${{ runner.os }}-tflint-
- name: Terraform Init
run: terraform init
- name: Terraform Validate
run: terraform validate
- name: TFLint
uses: terraform-linters/setup-tflint@v4
- run: |
tflint --init
tflint
- name: tfsec
uses: aquasecurity/tfsec-action@v1.0.0
with:
soft_fail: true
terraform-plan:
name: Terraform Plan
runs-on: ubuntu-latest
needs: terraform-ci
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- uses: hashicorp/setup-nomad@main
- name: Create Terraform Plugin Cache Dir
run: mkdir -v -p $TF_PLUGIN_CACHE_DIR
- name: Cache Terraform Plugin Dir
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-plugins-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-plugins-
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan -out=tfplan
- name: Upload Terraform Plan
uses: actions/upload-artifact@v4
with:
name: tfplan
path: tfplan
terraform-apply:
name: Terraform Apply
runs-on: ubuntu-latest
needs: terraform-ci
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- uses: hashicorp/setup-nomad@main
- name: Create Terraform Plugin Cache Dir
run: mkdir -v -p $TF_PLUGIN_CACHE_DIR
- name: Cache Terraform Plugin Dir
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-plugins-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-plugins-
- name: Terraform Init
run: terraform init
- name: Terraform Apply
run: terraform apply -auto-approve

30
.gitea/workflows/lint.yaml
View file

@ -1,30 +0,0 @@
name: Lint
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
TF_IN_AUTOMATION: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Setup Nomad
uses: hashicorp/setup-nomad@main
- name: Terraform fmt
run: terraform fmt -recursive -check
- name: Nomad fmt
run: nomad fmt -recursive -check

51
.gitea/workflows/plan-and-apply.yaml
View file

@ -1,51 +0,0 @@
name: Terraform Plan and Apply
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
TF_PLUGIN_CACHE_DIR: ${{ gitea.workspace }}/.terraform.d/plugin-cache
TF_IN_AUTOMATION: true
TF_CLI_ARGS: "-no-color"
NOMAD_ADDR: "${{ vars.NOMAD_ADDR }}"
NOMAD_TOKEN: "${{ secrets.NOMAD_TOKEN }}"
PG_CONN_STR: "${{ secrets.PG_CONN_STR }}"
jobs:
cicd:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Create Terraform Plugin Cache Dir
run: mkdir -v -p $TF_PLUGIN_CACHE_DIR
- name: Cache Terraform Plugins
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
- name: Terraform Init
id: init
run: terraform init -input=false
- name: Terraform Validate
id: validate
run: terraform validate
- name: Terraform Plan
id: plan
run: terraform plan -out=tfplan
- name: Terraform Apply
if: github.ref == 'refs/heads/main'
run: terraform apply -auto-approve tfplan