Commit 9eadc8e0 authored by elmar's avatar elmar
Browse files

Merge branch 'set-secret-detection-config-1' into 'main'

Configure Secret Detection in `.gitlab-ci.yml`, creating this file if it does not already exist

See merge request homelab/terraform!1
parents cee1b96e 8374489b
Pipeline #677 passed with stages
in 2 minutes and 18 seconds
image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
variables:
TF_ROOT: ${CI_PROJECT_DIR}
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
TF_VAR_PM_PASSWORD: ${CI_PM_API_KEY}
TF_VAR_PM_USER: ${CI_PM_USER}
TF_VAR_PM_IP: ${CI_PM_IP}
TF_VAR_CI_SSH_KEY: ${CI_CI_SSH_KEY}
TF_VAR_CI_USER: ${CI_CI_USER}
TF_ROOT: "${CI_PROJECT_DIR}"
TF_ADDRESS: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}"
TF_VAR_PM_PASSWORD: "${CI_PM_API_KEY}"
TF_VAR_PM_USER: "${CI_PM_USER}"
TF_VAR_PM_IP: "${CI_PM_IP}"
TF_VAR_CI_SSH_KEY: "${CI_CI_SSH_KEY}"
TF_VAR_CI_USER: "${CI_CI_USER}"
TF_VAR_PM_PARALLEL: 2
cache:
key: tf-production
key: tf-production
paths:
- ${TF_ROOT}/.terraform
- "${TF_ROOT}/.terraform"
before_script:
- cd ${TF_ROOT}
- cd ${TF_ROOT}
stages:
- prepare
- validate
- build
- deploy
- secret-analyzer
- prepare
- validate
- build
- deploy
init:
stage: prepare
stage: prepare
script:
- gitlab-terraform init
- gitlab-terraform init
validate:
stage: validate
stage: validate
script:
- gitlab-terraform validate
- gitlab-terraform validate
plan:
stage: build
stage: build
script:
- gitlab-terraform plan
- gitlab-terraform plan-json
- gitlab-terraform plan
- gitlab-terraform plan-json
artifacts:
name: plan
name: plan
paths:
- ${TF_ROOT}/plan.cache
- "${TF_ROOT}/plan.cache"
reports:
terraform: ${TF_ROOT}/plan.json
terraform: "${TF_ROOT}/plan.json"
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
apply:
stage: deploy
stage: deploy
environment:
name: production
name: production
script:
- gitlab-terraform apply
- gitlab-terraform apply
dependencies:
- plan
when: manual
- plan
when: manual
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
.secret-analyzer:
stage: secret-analyzer
include:
- template: Security/Secret-Detection.gitlab-ci.yml
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment