A Buildkite plugin for taking the monotony out of writing typical terraform workflow pipelines.
Add the following to your pipeline.yml:
steps:
- label: "Terraform"
plugins:
- dizzzan/simple-terraform#v1.0.0:
path: "my-terraform-directory"
apply: true
block: ":terraform: Confirm Apply"
group: "Test Group"
assume-role: "test-role"
queue: "test-queue"This will yield a pipeline approximately like:
- group: "Terraform"
steps:
- label: ":terraform: Init "
agents:
queue: test-queue
plugins:
- gantry-ml/aws-assume-role-in-current-account:
role: "assumed-role"
duration: "1800"
- docker:
image: "hashicorp/terraform:latest"
propagate-environment: true
propagate-aws-auth-tokens: true
command:
- -chdir=terraform
- init
- artifacts:
compressed: terraform.tgz
upload: [ "terraform/.terraform", "terraform/.terraform.lock.hcl" ]
- wait
- label: ":terraform: Validate "
agents:
queue: test-queue
plugins:
- gantry-ml/aws-assume-role-in-current-account:
role: "assumed-role"
duration: "1800"
- docker:
image: "hashicorp/terraform:latest"
propagate-environment: true
propagate-aws-auth-tokens: true
command:
- -chdir=terraform
- validate
- artifacts:
compressed: terraform.tgz
download: [ "terraform/.terraform", "terraform/.terraform.lock.hcl" ]
- wait
- label: ":terraform: Plan "
agents:
queue: test-queue
plugins:
- gantry-ml/aws-assume-role-in-current-account:
role: "assumed-role"
duration: "1800"
- docker:
image: "hashicorp/terraform:latest"
propagate-environment: true
propagate-aws-auth-tokens: true
command:
- -chdir=terraform
- plan
- -input=false
- -out=plan.tfplan
- artifacts:
compressed: terraform.tgz
download: [ "terraform/.terraform", "terraform/.terraform.lock.hcl" ]
artifact_paths:
- "terraform/plan.tfplan"
- wait
- block: "Confirm Apply "
- label: ":terraform: Apply "
agents:
queue: test-queue
plugins:
- gantry-ml/aws-assume-role-in-current-account:
role: "assumed-role"
duration: "1800"
- docker:
image: "hashicorp/terraform:latest"
propagate-environment: true
propagate-aws-auth-tokens: true
command:
- -chdir=terraform
- apply
- -auto-approve
- -input=false
- plan.tfplan
- artifacts:
compressed: terraform.tgz
download: [ "terraform/.terraform", "terraform/.terraform.lock.hcl" ]
- artifacts:
download: "terraform/plan.tfplan"... which will then be uploaded by the agent via buildkite-agent pipeline upload
Relative path to the terraform configuration
- Use '.' for the build directory
- This directory is mounted as /workdir in the Terraform container
If specified, add all steps to a group using of this name
Default: null
Whether to run a terraform validate step
Default: true
Whether to run a terraform init step
Default: true
Whether to run a terraform plan step
Default: true
Whether to add wait between each (init, validate, plan, apply) step
Default: true
If set, add a block before apply or destroy steps using the specified message.
Default: null
Arguments to pass to terraform init
Default: -input=false
Arguments to pass to terraform validate
Default: null
Arguments to pass to terraform plan
Default: -out=tfplan.out -input=false
Arguments to pass to terraform apply
Default: -auto-approve -input=false tfplan.out
Arguments to pass to terraform destroy
Default: -auto-approve -input=false tfplan.out
Version tag of the terraform docker image to use
Default: latest
Version of the Buildkite docker plugin to use. Leave null to use latest.
Default: null
Use the propagate-aws-auth-tokens flag for the Docker plugin
Default: true
Use the propagate-environment flag for the Docker plugin
Default: true
Tag the queue on the generated docker step
Default: null
Assume a role for the docker terraform step using aws-assume-role plugin
Default: null
Suppress steps: from the pipeline output
Default: false
Instead of uploading the pipeline, it will be printed out only. No steps will be run.
Default: false
Add a tag to generated artifacts and steps. Particularly useful when used in conjuction with gantry-ml/foreach plugin.
Default: null