Merge branch 'feat/add-plan-artifacts-input' into 'main'

Feat/add plan artifacts input See merge request components/opentofu!271

Merge branch 'feat/add-plan-artifacts-input' into 'main'
2340613b · Timo Furrer · 356937d0 · b03da621 · 2340613b · 2340613b
Commit 2340613b authored 3 weeks ago by Timo Furrer
--- a/templates/full-pipeline.yml
+++ b/templates/full-pipeline.yml
@@ -96,6 +96,10 @@ spec:
    plan_artifacts_access:
      default: 'none'
      description: 'Access level for the plan artifact. See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.'
+    plan_extra_artifacts:
+      default: []
+      type: array
+      description: 'Extra artifacts to upload from the plan'
    var_file:
      default: ''
      type: string
@@ -310,6 +314,7 @@ include:
      state_name: $[[ inputs.state_name ]]
      plan_name: $[[ inputs.plan_name ]]
      artifacts_access: $[[ inputs.plan_artifacts_access ]]
+      extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
      var_file: $[[ inputs.var_file ]]
      rules: $[[ inputs.plan_rules ]]
      warning_on_non_empty_plan: $[[ inputs.warning_on_non_empty_plan ]]
@@ -443,6 +448,7 @@ stages:
          state_name: $[[ inputs.state_name]]
          plan_name: $[[ inputs.plan_name ]]
          plan_artifacts_access: $[[ inputs.plan_artifacts_access ]]
+          plan_extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
          var_file: $[[ inputs.var_file ]]
          fmt_allow_failure: $[[ inputs.fmt_allow_failure ]]
          fmt_rules: $[[ inputs.fmt_rules ]]

--- a/templates/plan.yml
+++ b/templates/plan.yml
@@ -74,6 +74,10 @@ spec:
    artifacts_access:
      default: 'none'
      description: 'Access level for the plan artifact. See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.'
+    extra_artifacts:
+      default: []
+      type: array
+      description: 'Extra artifacts to upload from the plan'
    var_file:
      default: ''
      type: string
@@ -197,6 +201,7 @@ include:
    access: '$[[ inputs.artifacts_access ]]'
    paths:
      - $GITLAB_TOFU_ROOT_DIR/$[[ inputs.plan_name ]].cache
+      - '$[[ inputs.extra_artifacts ]]'
    reports:
      terraform: $GITLAB_TOFU_ROOT_DIR/$[[ inputs.plan_name]].json
  rules: $[[ inputs.rules ]]

--- a/templates/validate-plan-apply.yml
+++ b/templates/validate-plan-apply.yml
@@ -83,6 +83,10 @@ spec:
    plan_artifacts_access:
      default: 'none'
      description: 'Access level for the plan artifact. See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.'
+    plan_extra_artifacts:
+      default: []
+      type: array
+      description: 'Extra artifacts to upload from the plan'
    var_file:
      default: ''
      type: string
@@ -248,6 +252,7 @@ include:
      state_name: $[[ inputs.state_name ]]
      plan_name: $[[ inputs.plan_name ]]
      artifacts_access: $[[ inputs.plan_artifacts_access ]]
+      extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
      var_file: $[[ inputs.var_file ]]
      rules: $[[ inputs.plan_rules ]]
      cache_policy: pull
@@ -332,6 +337,7 @@ stages:
          state_name: $[[ inputs.state_name]]
          plan_name: $[[ inputs.plan_name ]]
          plan_artifacts_access: $[[ inputs.plan_artifacts_access ]]
+          plan_extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
          var_file: $[[ inputs.var_file ]]
          fmt_rules: $[[ inputs.fmt_rules ]]
          fmt_allow_failure: $[[ inputs.fmt_allow_failure ]]

--- a/templates/validate-plan-destroy.yml
+++ b/templates/validate-plan-destroy.yml
@@ -76,6 +76,10 @@ spec:
    plan_artifacts_access:
      default: 'none'
      description: 'Access level for the plan artifact. See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.'
+    plan_extra_artifacts:
+      default: []
+      type: array
+      description: 'Extra artifacts to upload from the plan'
    # FIXME: at the moment we cannot support this input
    # because we cannot nest inputs: https://gitlab.com/gitlab-org/gitlab/-/issues/438722
    # If you want to auto destroy, please refer to the `rules` input.
@@ -254,6 +258,7 @@ include:
      state_name: $[[ inputs.state_name ]]
      plan_name: $[[ inputs.plan_name ]]
      artifacts_access: $[[ inputs.plan_artifacts_access ]]
+      extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
      destroy: true
      var_file: $[[ inputs.var_file ]]
      rules: $[[ inputs.plan_rules ]]
@@ -364,6 +369,7 @@ stages:
          state_name: $[[ inputs.state_name]]
          plan_name: $[[ inputs.plan_name ]]
          plan_artifacts_access: $[[ inputs.plan_artifacts_access ]]
+          plan_extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
          var_file: $[[ inputs.var_file ]]
          fmt_allow_failure: $[[ inputs.fmt_allow_failure ]]
          fmt_rules: $[[ inputs.fmt_rules ]]

--- a/templates/validate-plan.yml
+++ b/templates/validate-plan.yml
@@ -73,6 +73,10 @@ spec:
    artifacts_access:
      default: 'none'
      description: 'Access level for the plan artifact. See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.'
+    plan_extra_artifacts:
+      default: []
+      type: array
+      description: 'Extra artifacts to upload from the plan'
    var_file:
      default: ''
      type: string
@@ -232,6 +236,7 @@ include:
      state_name: $[[ inputs.state_name ]]
      plan_name: $[[ inputs.plan_name ]]
      artifacts_access: $[[ inputs.artifacts_access ]]
+      extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
      var_file: $[[ inputs.var_file ]]
      rules: $[[ inputs.plan_rules ]]
      cache_policy: pull
@@ -289,6 +294,7 @@ stages:
          state_name: $[[ inputs.state_name]]
          plan_name: $[[ inputs.plan_name ]]
          artifacts_access: $[[ inputs.artifacts_access ]]
+          plan_extra_artifacts: $[[ inputs.plan_extra_artifacts ]]
          var_file: $[[ inputs.var_file ]]
          fmt_allow_failure: $[[ inputs.fmt_allow_failure ]]
          fmt_rules: $[[ inputs.fmt_rules ]]

--- a/tests/iac-upload-artifacts/backend.tf
+++ b/tests/iac-upload-artifacts/backend.tf
+terraform {
+  backend "http" {}
+}
--- a/tests/iac-upload-artifacts/main.tf
+++ b/tests/iac-upload-artifacts/main.tf
+data "archive_file" "test_artifact" {
+  type        = "zip"
+  output_path = "${path.module}/test-artifact.zip"
+  source {
+    content  = "test artifact inner value"
+    filename = "file-inside-archive.txt"
+  }
+}
+resource "local_file" "test_copy" {
+  source   = data.archive_file.test_artifact.output_path
+  filename = "${path.module}/test-local-file.zip"
+}
--- a/tests/integration-tests/ExtraArtifactsAreIncluded.gitlab-ci.yml
+++ b/tests/integration-tests/ExtraArtifactsAreIncluded.gitlab-ci.yml
+variables:
+  ARTIFACT_FILE_NAME: integration_test_file_artifact
+include:
+  - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/plan@$CI_COMMIT_SHA
+    inputs:
+      image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
+      version: $CI_COMMIT_SHA
+      base_os: $GITLAB_OPENTOFU_BASE_IMAGE_OS
+      opentofu_version: $OPENTOFU_VERSION
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
+      extra_artifacts:
+        - $ARTIFACT_FILE_NAME
+  # For CI Terraform state cleanup
+  - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/delete-state@$CI_COMMIT_SHA
+    inputs:
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
+      rules: [{when: always}]
+stages: [build, cleanup, verify]
+plan:
+  before_script:
+    - touch "$ARTIFACT_FILE_NAME"
+verify:plan-job:uploaded-extra-artifact:
+  stage: verify
+  needs: ['plan']
+  rules: [{when: always}]
+  image: alpine:latest
+  script:
+    - |
+      if [ -f "$ARTIFACT_FILE_NAME" ]; then
+        echo 'Success: the extra artifact was uploaded by the plan job.'
+        exit 0
+      else
+        echo 'Error: the extra artifact was not uploaded by the plan job.'
+        exit 1
+      fi
--- a/tests/integration-tests/UploadArtifacts.gitlab-ci.yml
+++ b/tests/integration-tests/UploadArtifacts.gitlab-ci.yml
+include:
+  - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/validate-plan-apply@$CI_COMMIT_SHA
+    inputs:
+      image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
+      version: $CI_COMMIT_SHA
+      base_os: $GITLAB_OPENTOFU_BASE_IMAGE_OS
+      opentofu_version: $OPENTOFU_VERSION
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
+      fmt_rules: [{when: on_success}]
+      validate_rules: [{when: on_success}]
+      plan_rules: [{when: on_success}]
+      plan_extra_artifacts:
+        - tests/iac-upload-artifacts/
+      apply_rules: [{when: on_success}]
+  # For CI Terraform state cleanup
+  - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/delete-state@$CI_COMMIT_SHA
+    inputs:
+      stage: cleanup
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
+      rules: [{when: always}]
+stages: [validate, build, deploy, cleanup]
--- a/tests/integration.gitlab-ci.yml
+++ b/tests/integration.gitlab-ci.yml
@@ -136,6 +136,7 @@ plan-job-template:
    matrix:
      - PIPELINE_NAME:
          - WarningOnNonEmptyPlan
+          - ExtraArtifactsAreIncluded
        GITLAB_OPENTOFU_BASE_IMAGE_OS:
          - alpine
          - debian
@@ -193,3 +194,20 @@ id-tokens:
          - alpine
          - debian
+upload-artifacts:
+  stage: test-integration
+  variables:
+    OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION
+    TEST_GITLAB_TOFU_STATE_NAME: ci-integration-$CI_JOB_NAME_SLUG-$CI_PIPELINE_IID-$CI_NODE_INDEX
+    TEST_GITLAB_TOFU_ROOT_DIR: tests/iac-upload-artifacts
+  trigger:
+    include: tests/integration-tests/$PIPELINE_NAME.gitlab-ci.yml
+    strategy: depend
+  parallel:
+    matrix:
+      - PIPELINE_NAME:
+          - UploadArtifacts
+        GITLAB_OPENTOFU_BASE_IMAGE_OS:
+          - alpine
+          - debian