Commit b77e731d authored by elmar's avatar elmar
Browse files

Configure Secret Detection in `.gitlab-ci.yml`, creating this file if it does not already exist

parent cee1b96e
Pipeline #672 failed
image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
variables:
TF_ROOT: ${CI_PROJECT_DIR}
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
TF_VAR_PM_PASSWORD: ${CI_PM_API_KEY}
TF_VAR_PM_USER: ${CI_PM_USER}
TF_VAR_PM_IP: ${CI_PM_IP}
TF_VAR_CI_SSH_KEY: ${CI_CI_SSH_KEY}
TF_VAR_CI_USER: ${CI_CI_USER}
TF_ROOT: "${CI_PROJECT_DIR}"
TF_ADDRESS: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}"
TF_VAR_PM_PASSWORD: "${CI_PM_API_KEY}"
TF_VAR_PM_USER: "${CI_PM_USER}"
TF_VAR_PM_IP: "${CI_PM_IP}"
TF_VAR_CI_SSH_KEY: "${CI_CI_SSH_KEY}"
TF_VAR_CI_USER: "${CI_CI_USER}"
TF_VAR_PM_PARALLEL: 2
cache:
key: tf-production
key: tf-production
paths:
- ${TF_ROOT}/.terraform
- "${TF_ROOT}/.terraform"
before_script:
- cd ${TF_ROOT}
- cd ${TF_ROOT}
stages:
- prepare
- validate
- build
- deploy
- prepare
- validate
- build
- deploy
init:
stage: prepare
stage: prepare
script:
- gitlab-terraform init
- gitlab-terraform init
validate:
stage: validate
stage: validate
script:
- gitlab-terraform validate
- gitlab-terraform validate
plan:
stage: build
stage: build
script:
- gitlab-terraform plan
- gitlab-terraform plan-json
- gitlab-terraform plan
- gitlab-terraform plan-json
artifacts:
name: plan
name: plan
paths:
- ${TF_ROOT}/plan.cache
- "${TF_ROOT}/plan.cache"
reports:
terraform: ${TF_ROOT}/plan.json
terraform: "${TF_ROOT}/plan.json"
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
apply:
stage: deploy
stage: deploy
environment:
name: production
name: production
script:
- gitlab-terraform apply
- gitlab-terraform apply
dependencies:
- plan
when: manual
- plan
when: manual
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
include:
- template: Security/Secret-Detection.gitlab-ci.yml
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment