feat: only run apply when plan detects changes #4
@@ -9,8 +9,7 @@ steps:
|
||||
VAULT_AUTH_METHOD: kubernetes
|
||||
commands:
|
||||
- dnf install vault -y
|
||||
- make plan
|
||||
- make apply
|
||||
- make apply-if-changes
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: terraform-git
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
.PHONY: init plan apply format
|
||||
.PHONY: init plan apply apply-if-changes format pre-commit
|
||||
|
||||
VAULT_AUTH_METHOD ?= approle
|
||||
VAULT_K8S_ROLE ?= woodpecker_terraform_git
|
||||
@@ -25,6 +25,19 @@ plan: init
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 4 --non-interactive plan
|
||||
|
||||
apply-if-changes: init
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 4 --non-interactive plan -- -detailed-exitcode -out=tfplan; \
|
||||
EXIT_CODE=$$?; \
|
||||
if [ $$EXIT_CODE -eq 2 ]; then \
|
||||
$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 2 --non-interactive apply -- tfplan; \
|
||||
elif [ $$EXIT_CODE -eq 0 ]; then \
|
||||
echo "No changes detected, skipping apply."; \
|
||||
else \
|
||||
exit $$EXIT_CODE; \
|
||||
fi
|
||||
|
||||
apply: init
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 2 --non-interactive apply
|
||||
@@ -34,3 +47,6 @@ format:
|
||||
@tofu fmt -recursive .
|
||||
@echo "Formatting Terragrunt files..."
|
||||
@terragrunt hcl fmt
|
||||
|
||||
pre-commit:
|
||||
@uvx pre-commit run --all-files
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
woodpecker: true
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/plan"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -1,5 +1,5 @@
|
||||
description: "manage docker related repositories"
|
||||
permission: write
|
||||
permission: none
|
||||
include_all_repositories: false
|
||||
can_create_repos: false
|
||||
repositories:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
description: "owners of the puppet system"
|
||||
permission: write
|
||||
permission: none
|
||||
include_all_repositories: false
|
||||
can_create_repos: false
|
||||
repositories:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
description: "Python package builers"
|
||||
permission: write
|
||||
permission: none
|
||||
include_all_repositories: false
|
||||
can_create_repos: false
|
||||
repositories:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
description: "manage rpmbuild repos"
|
||||
permission: write
|
||||
permission: none
|
||||
include_all_repositories: false
|
||||
can_create_repos: false
|
||||
repositories:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
description: "terraform job maintainers"
|
||||
permission: write
|
||||
permission: none
|
||||
include_all_repositories: false
|
||||
can_create_repos: false
|
||||
repositories:
|
||||
|
||||
@@ -20,6 +20,5 @@ inputs = {
|
||||
organisation = local.config.organisation
|
||||
repository = local.config.repository
|
||||
branch_protection = local.config.branch_protection
|
||||
deploy_key = local.config.deploy_key
|
||||
team = local.config.team
|
||||
}
|
||||
|
||||
@@ -19,21 +19,6 @@ terraform {
|
||||
lock = true
|
||||
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
|
||||
}
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
gitea = {
|
||||
source = "go-gitea/gitea"
|
||||
version = "0.7.0"
|
||||
}
|
||||
woodpecker = {
|
||||
source = "Kichiyaki/woodpecker"
|
||||
version = "0.5.0"
|
||||
}
|
||||
consul = {
|
||||
source = "hashicorp/consul"
|
||||
version = "2.23.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -217,3 +217,14 @@ import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this
|
||||
id = "unkin/terraform-provider-artifactapi"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
|
||||
id = "144"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-git"].woodpecker_repository.this
|
||||
id = "unkin/terraform-git"
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,13 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
gitea = {
|
||||
source = "go-gitea/gitea"
|
||||
version = "0.7.0"
|
||||
}
|
||||
woodpecker = {
|
||||
source = "Kichiyaki/woodpecker"
|
||||
version = "0.5.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -15,8 +15,8 @@ variable "organisation" {
|
||||
variable "repository" {
|
||||
description = "Map of repositories to create"
|
||||
type = map(object({
|
||||
name = string
|
||||
organisation = string
|
||||
name = string
|
||||
organisation = string
|
||||
description = optional(string)
|
||||
private = optional(bool)
|
||||
default_branch = optional(string)
|
||||
@@ -32,7 +32,7 @@ variable "repository" {
|
||||
repo_template = optional(bool)
|
||||
website = optional(string)
|
||||
autodetect_manual_merge = optional(bool)
|
||||
woodpecker = optional(bool, false)
|
||||
woodpecker = optional(bool, false)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
@@ -64,18 +64,6 @@ variable "branch_protection" {
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "deploy_key" {
|
||||
description = "Map of deploy keys to create"
|
||||
type = map(object({
|
||||
repository = string
|
||||
organisation = string
|
||||
gitea_url = string
|
||||
title = string
|
||||
key = string
|
||||
read_only = optional(bool, true)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "team" {
|
||||
description = "Map of teams to create"
|
||||
|
||||
Reference in New Issue
Block a user