feat: only run apply when plan detects changes #4

Merged
benvin merged 6 commits from feat/conditional-apply into main 2026-06-11 23:32:02 +10:00
13 changed files with 64 additions and 39 deletions
+1 -2
View File
@@ -9,8 +9,7 @@ steps:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
- make apply
- make apply-if-changes
backend_options:
kubernetes:
serviceAccountName: terraform-git
+17 -1
View File
@@ -1,4 +1,4 @@
.PHONY: init plan apply format
.PHONY: init plan apply apply-if-changes format pre-commit
VAULT_AUTH_METHOD ?= approle
VAULT_K8S_ROLE ?= woodpecker_terraform_git
@@ -25,6 +25,19 @@ plan: init
@$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan
apply-if-changes: init
@$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan -- -detailed-exitcode -out=tfplan; \
EXIT_CODE=$$?; \
if [ $$EXIT_CODE -eq 2 ]; then \
$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply -- tfplan; \
elif [ $$EXIT_CODE -eq 0 ]; then \
echo "No changes detected, skipping apply."; \
else \
exit $$EXIT_CODE; \
fi
apply: init
@$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply
@@ -34,3 +47,6 @@ format:
@tofu fmt -recursive .
@echo "Formatting Terragrunt files..."
@terragrunt hcl fmt
pre-commit:
@uvx pre-commit run --all-files
@@ -0,0 +1,14 @@
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
private: false
default_branch: "main"
woodpecker: true
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/plan"
approval_whitelist_users:
- "unkinben"
approval_whitelist_teams:
- "Owners"
+1 -1
View File
@@ -1,5 +1,5 @@
description: "manage docker related repositories"
permission: write
permission: none
include_all_repositories: false
can_create_repos: false
repositories:
+1 -1
View File
@@ -1,5 +1,5 @@
description: "owners of the puppet system"
permission: write
permission: none
include_all_repositories: false
can_create_repos: false
repositories:
+1 -1
View File
@@ -1,5 +1,5 @@
description: "Python package builers"
permission: write
permission: none
include_all_repositories: false
can_create_repos: false
repositories:
@@ -1,5 +1,5 @@
description: "manage rpmbuild repos"
permission: write
permission: none
include_all_repositories: false
can_create_repos: false
repositories:
@@ -1,5 +1,5 @@
description: "terraform job maintainers"
permission: write
permission: none
include_all_repositories: false
can_create_repos: false
repositories:
-1
View File
@@ -20,6 +20,5 @@ inputs = {
organisation = local.config.organisation
repository = local.config.repository
branch_protection = local.config.branch_protection
deploy_key = local.config.deploy_key
team = local.config.team
}
-15
View File
@@ -19,21 +19,6 @@ terraform {
lock = true
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
required_version = ">= 1.10"
required_providers {
gitea = {
source = "go-gitea/gitea"
version = "0.7.0"
}
woodpecker = {
source = "Kichiyaki/woodpecker"
version = "0.5.0"
}
consul = {
source = "hashicorp/consul"
version = "2.23.0"
}
}
}
EOF
}
+11
View File
@@ -217,3 +217,14 @@ import {
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this
id = "unkin/terraform-provider-artifactapi"
}
import {
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
id = "144"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-git"].woodpecker_repository.this
id = "unkin/terraform-git"
}
+13
View File
@@ -0,0 +1,13 @@
terraform {
required_version = ">= 1.10"
required_providers {
gitea = {
source = "go-gitea/gitea"
version = "0.7.0"
}
woodpecker = {
source = "Kichiyaki/woodpecker"
version = "0.5.0"
}
}
}
+3 -15
View File
@@ -15,8 +15,8 @@ variable "organisation" {
variable "repository" {
description = "Map of repositories to create"
type = map(object({
name = string
organisation = string
name = string
organisation = string
description = optional(string)
private = optional(bool)
default_branch = optional(string)
@@ -32,7 +32,7 @@ variable "repository" {
repo_template = optional(bool)
website = optional(string)
autodetect_manual_merge = optional(bool)
woodpecker = optional(bool, false)
woodpecker = optional(bool, false)
}))
default = {}
}
@@ -64,18 +64,6 @@ variable "branch_protection" {
default = {}
}
variable "deploy_key" {
description = "Map of deploy keys to create"
type = map(object({
repository = string
organisation = string
gitea_url = string
title = string
key = string
read_only = optional(bool, true)
}))
default = {}
}
variable "team" {
description = "Map of teams to create"