Merge branch 'refactor/variables' into 'main'

Refactor environment variable handling in gitlab-tofu

See merge request components/opentofu!189

.gitlab/README.md.template

@@ -210,8 +210,8 @@ plan:
   extends: [.opentofu:plan]
   parallel:
     matrix:
-      - TF_ROOT: test/
-      - TF_ROOT: prod/
+      - GITLAB_TOFU_ROOT_DIR: test/
+      - GITLAB_TOFU_ROOT_DIR: prod/
 ```
 
 Have a look at the [`full-pipeline`](templates/job-templates.yml) for how it's constructed.
@@ -238,13 +238,6 @@ beautifully renders the inputs for each templates - check it out!
 
 <RENDER>
 
-### Variables
-
-(🚧 *This section is work in progress*)
-
-Have a look at the [`src/gitlab-tofu.sh`](src/gitlab-tofu.sh) script and how the `TF_`-prefixed
-variables are being used. You may set them according to your needs.
-
 ### Auto-forwarded predefined CI variables
 
 The `gitlab-tofu` script auto-forwards some "popular"
@@ -328,7 +321,7 @@ we may make it the default behavior if possible.
 #### Lockfile Handling
 
 If you commit the Lockfile (`.terraform.lock.hcl`) to your repository
-we recommend setting either the `TF_INIT_FLAGS` (handled by this component)
+we recommend setting either the `GITLAB_TOFU_INIT_FLAGS` (handled by this component)
 or `TF_CLI_ARGS_init` (handled by OpenTofu directly) to `-lockfile=readonly`
 to prevent any changes to the lockfile during the pipeline job and with
 that ensuring that OpenTofu really uses the locked dependencies.
@@ -516,8 +509,10 @@ When migrating from the GitLab Terraform CI/CD templates you can use the followi
     - `deploy` -> `apply`
 - Migrate the `TF_ROOT` variable to the `root_dir` input.
     - Although the `TF_ROOT` variable is still used and maybe overwritten after the import on individual jobs.
+    - Note that this component deprecated the `TF_ROOT` variable and uses `GITLAB_TOFU_ROOT_DIR` instead.
 - Migrate the `TF_STATE_NAME` variable to the `state_name` input.
     - Although the `TF_STATE_NAME` variable is still used and maybe overwritten after the import on individual jobs.
+    - Note that this component deprecated the `TF_STATE_NAME` variable and uses `GITLAB_TOFU_STATE_NAME` instead.
 - Migrate the `TF_AUTO_DEPLOY` variable to custom `rules` inputs.
 - Used other variables -> Use the same variables with this component.
 

.gitlab/scripts/generate-readme.sh

@@ -3,6 +3,7 @@
 set -o errexit
 
 script_dir=$(dirname "$0")
+project_root_dir="$(dirname "$0")/../.."
 
 csplit -sf readme -n 1 "${script_dir}/../README.md.template" '/<RENDER>/'
 
@@ -17,6 +18,13 @@ csplit -sf readme -n 1 "${script_dir}/../README.md.template" '/<RENDER>/'
   echo 'The following OpenTofu versions are available with this component via the `opentofu_version` input:'
   echo
   yq '.".data".supported_versions | .[] | "- [`" + . + "`](https://github.com/opentofu/opentofu/releases/tag/v" + . + ")"' "${script_dir}/../../opentofu_versions.yaml"
+  echo
+  echo '### Environment Variables'
+  echo
+  echo 'The following environment variables are respected by the `gitlab-tofu` script:'
+  echo
+  awk '/^# %%%%/{i++} i==1 && NR>1' "${project_root_dir}/src/gitlab-tofu.sh" | tail -n+3 | cut -d'#' -f2- | cut -d' ' -f2-
+  echo
   tail -n+2 readme1
 } > "${script_dir}/../../README.md"
 

README.md

@@ -212,8 +212,8 @@ plan:
   extends: [.opentofu:plan]
   parallel:
     matrix:
-      - TF_ROOT: test/
-      - TF_ROOT: prod/
+      - GITLAB_TOFU_ROOT_DIR: test/
+      - GITLAB_TOFU_ROOT_DIR: prod/
 ```
 
 Have a look at the [`full-pipeline`](templates/job-templates.yml) for how it's constructed.
@@ -253,12 +253,65 @@ The following OpenTofu versions are available with this component via the `opent
 - [`1.7.3`](https://github.com/opentofu/opentofu/releases/tag/v1.7.3)
 - [`1.6.2`](https://github.com/opentofu/opentofu/releases/tag/v1.6.2)
 
-### Variables
+### Environment Variables
+
+The following environment variables are respected by the `gitlab-tofu` script:
+
+#### Respected Environment Variables
+
+- `GITLAB_TOFU_DEBUG`: if set to true will enable xtrace.
+- `GITLAB_TOFU_SOURCE`: forces this script in source-mode. Required when source auto-detection fails.
+- `GITLAB_TOFU_APPLY_NO_PLAN`: if set to true, the apply command does not use a plan cache file.
+- `GITLAB_TOFU_PLAN_NAME`: the name of the plan cache and json files. Defaults to `plan`.
+- `GITLAB_TOFU_PLAN_CACHE`: if set to the full path of the plan cache file. Defaults to `<root>/$GITLAB_TOFU_PLAN_NAME.cache`
+- `GITLAB_TOFU_PLAN_JSON`: if set to the full path of the plan json file. Defaults to `<root>/$GITLAB_TOFU_PLAN_NAME.json`
+- `GITLAB_TOFU_IMPLICIT_INIT`: if set to true will perform an implicit `tofu init` before any command that require it. Defaults to `true`.
+- `GITLAB_TOFU_IGNORE_INIT_ERRORS`: if set to true will ignore errors in the `tofu init` command.
+- `GITLAB_TOFU_INIT_NO_RECONFIGURE`: if set to true will not pass `-reconfigure` to the `tofu init` command. Defaults to `false`.
+- `GITLAB_TOFU_STATE_NAME`: the name of the GitLab-managed Terraform state backend endpoint.
+- `GITLAB_TOFU_STATE_ADDRESS`: the address of the GitLab-managed Terraform state backend. Defaults to `$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$GITLAB_TOFU_STATE_NAME`.
+- `GITLAB_TOFU_USE_DETAILED_EXITCODE`: if set to true, `-detailed-exitcode` is supplied to `tofu plan`. Defaults to `false`.
+- `GITLAB_TOFU_PLAN_WITH_JSON`: if set to true, will directly generate a JSON plan file when running `gitlab-tofu plan`. Defaults to `false`.
+- `GITLAB_TOFU_VAR_FILE`: if set to a path it will pass `-var-file` to all `tofu` commands that support it.
+
+#### Respected OpenTofu Environment Variables
+
+> these are variables that are
+> respected if set and avoid using
+> the gitlab-tofu values for them.
+
+- `TF_HTTP_USERNAME`: username for the HTTP backend. Defaults to `gitlab-ci-token`.
+- `TF_HTTP_PASSWORD`: password for the HTTP backend. Defaults to `$CI_JOB_TOKEN`.
+- `TF_HTTP_ADDRESS`: address for the HTTP backend. Defaults to `$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/<urlencode($GITLAB_TOFU_STATE_NAME)>`.
+- `TF_HTTP_LOCK_ADDRESS`: lock address for the HTTP backend. Defaults to `$TF_HTTP_ADDRESS/lock`.
+- `TF_HTTP_LOCK_METHOD`: lock method for the HTTP backend. Defaults to `POST`.
+- `TF_HTTP_UNLOCK_ADDRESS`: unlock address for the HTTP backend. Defaults to `lock`.
+- `TF_HTTP_UNLOCK_METHOD`: unlock address for the HTTP backend. Defaults to `unlock`.
+- `TF_HTTP_RETRY_WAIT_MIN`: retry minimum waiting time in seconds. Defaults to `5`.
+- `TF_CLI_CONFIG_FILE`: config file path. Defaults to `$HOME/.terraformrc` if it exists.
+
+#### Respected GitLab CI/CD Variables
+
+> these are variables exposed by
+> GitLab CI/CD and respected by
+> the gitlab-tofu script for
+> certain configurations.
+
+- `CI_JOB_TOKEN`:
+  - used as default value for `TF_HTTP_PASSWORD`.
+  - used as value for `TF_TOKEN_<host>` variable.
+- `CI_PROJECT_DIR`:
+  - used as default value for root directory.
+- `CI_PROJECT_ID`:
+  - used as default value in constructing the `GITLAB_TOFU_STATE_ADDRESS`.
+- `CI_API_V4_URL`:
+  - used as default value in constructing the `GITLAB_TOFU_STATE_ADDRESS`.
+- `CI_SERVER_HOST`:
+  - used to construct for `TF_TOKEN_<host>` variable.
+- `CI_SERVER_PROTOCOL`:
+  - used to construct for `TF_TOKEN_<host>` variable.
 
-(🚧 *This section is work in progress*)
 
-Have a look at the [`src/gitlab-tofu.sh`](src/gitlab-tofu.sh) script and how the `TF_`-prefixed
-variables are being used. You may set them according to your needs.
 
 ### Auto-forwarded predefined CI variables
 
@@ -343,7 +396,7 @@ we may make it the default behavior if possible.
 #### Lockfile Handling
 
 If you commit the Lockfile (`.terraform.lock.hcl`) to your repository
-we recommend setting either the `TF_INIT_FLAGS` (handled by this component)
+we recommend setting either the `GITLAB_TOFU_INIT_FLAGS` (handled by this component)
 or `TF_CLI_ARGS_init` (handled by OpenTofu directly) to `-lockfile=readonly`
 to prevent any changes to the lockfile during the pipeline job and with
 that ensuring that OpenTofu really uses the locked dependencies.
@@ -531,8 +584,10 @@ When migrating from the GitLab Terraform CI/CD templates you can use the followi
     - `deploy` -> `apply`
 - Migrate the `TF_ROOT` variable to the `root_dir` input.
     - Although the `TF_ROOT` variable is still used and maybe overwritten after the import on individual jobs.
+    - Note that this component deprecated the `TF_ROOT` variable and uses `GITLAB_TOFU_ROOT_DIR` instead.
 - Migrate the `TF_STATE_NAME` variable to the `state_name` input.
     - Although the `TF_STATE_NAME` variable is still used and maybe overwritten after the import on individual jobs.
+    - Note that this component deprecated the `TF_STATE_NAME` variable and uses `GITLAB_TOFU_STATE_NAME` instead.
 - Migrate the `TF_AUTO_DEPLOY` variable to custom `rules` inputs.
 - Used other variables -> Use the same variables with this component.
 

templates/apply.yml

@@ -75,7 +75,7 @@ spec:
       description: 'Whether a plan file should be used.'
     plan_name:
       default: 'plan'
-      description: 'The name of the plan file to use. Will be used for TF_PLAN_CACHE and TF_PLAN_JSON.'
+      description: 'The name of the plan file to use. Will be used for plan cache and json files.'
     var_file:
       default: ''
       type: string
@@ -97,22 +97,22 @@ spec:
 '$[[ inputs.as ]]':
   stage: $[[ inputs.stage ]]
   environment:
-    name: $TF_STATE_NAME
+    name: $GITLAB_TOFU_STATE_NAME
     action: start
-  resource_group: $TF_STATE_NAME
+  resource_group: $GITLAB_TOFU_STATE_NAME
   rules: $[[ inputs.rules ]]
   cache:
     key: "$__CACHE_KEY_HACK"
     policy: $[[ inputs.cache_policy ]]
     paths:
-      - $TF_ROOT/.terraform/
+      - $GITLAB_TOFU_ROOT_DIR/.terraform/
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
-    TF_STATE_NAME: $[[ inputs.state_name ]]
-    TF_APPLY_NO_PLAN: $[[ inputs.no_plan ]]
-    TF_PLAN_NAME: $[[ inputs.plan_name ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_STATE_NAME: $[[ inputs.state_name ]]
+    GITLAB_TOFU_APPLY_NO_PLAN: $[[ inputs.no_plan ]]
+    GITLAB_TOFU_PLAN_NAME: $[[ inputs.plan_name ]]
     GITLAB_TOFU_VAR_FILE: '$[[ inputs.var_file ]]'
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'

templates/custom-command.yml

@@ -92,11 +92,11 @@ spec:
     key: "$__CACHE_KEY_HACK"
     policy: $[[ inputs.cache_policy ]]
     paths:
-      - $TF_ROOT/.terraform/
+      - $GITLAB_TOFU_ROOT_DIR/.terraform/
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
   script:

templates/delete-state.yml

@@ -27,10 +27,10 @@ spec:
 
 '$[[ inputs.as ]]':
   stage: $[[ inputs.stage ]]
-  resource_group: $TF_STATE_NAME
+  resource_group: $GITLAB_TOFU_STATE_NAME
   image: curlimages/curl:latest
   variables:
-    TF_STATE_NAME: $[[ inputs.state_name ]]
+    GITLAB_TOFU_STATE_NAME: $[[ inputs.state_name ]]
   script:
-    - curl --request DELETE -u "gitlab-ci-token:$CI_JOB_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$TF_STATE_NAME"
+    - curl --request DELETE -u "gitlab-ci-token:$CI_JOB_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$GITLAB_TOFU_STATE_NAME"
   rules: $[[ inputs.rules ]]

templates/destroy.yml

@@ -75,7 +75,7 @@ spec:
       description: 'Whether a plan file should be used.'
     plan_name:
       default: 'destroy-plan'
-      description: 'The name of the plan file to use. Will be used for TF_PLAN_CACHE and TF_PLAN_JSON.'
+      description: 'The name of the plan file to use. Will be used for the cache and json file.'
     var_file:
       default: ''
       type: string
@@ -97,22 +97,22 @@ spec:
 '$[[ inputs.as ]]':
   stage: $[[ inputs.stage ]]
   environment:
-    name: $TF_STATE_NAME
+    name: $GITLAB_TOFU_STATE_NAME
     action: stop
-  resource_group: $TF_STATE_NAME
+  resource_group: $GITLAB_TOFU_STATE_NAME
   rules: $[[ inputs.rules ]]
   cache:
     key: "$__CACHE_KEY_HACK"
     policy: $[[ inputs.cache_policy ]]
     paths:
-      - $TF_ROOT/.terraform/
+      - $GITLAB_TOFU_ROOT_DIR/.terraform/
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
-    TF_STATE_NAME: $[[ inputs.state_name ]]
-    TF_APPLY_NO_PLAN: $[[ inputs.no_plan ]]
-    TF_PLAN_NAME: $[[ inputs.plan_name ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_STATE_NAME: $[[ inputs.state_name ]]
+    GITLAB_TOFU_APPLY_NO_PLAN: $[[ inputs.no_plan ]]
+    GITLAB_TOFU_PLAN_NAME: $[[ inputs.plan_name ]]
     GITLAB_TOFU_VAR_FILE: '$[[ inputs.var_file ]]'
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'

templates/fmt.yml

@@ -98,7 +98,7 @@ spec:
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
   script:

templates/graph.yml

@@ -99,12 +99,12 @@ spec:
     key: "$__CACHE_KEY_HACK"
     policy: $[[ inputs.cache_policy ]]
     paths:
-      - $TF_ROOT/.terraform/
+      - $GITLAB_TOFU_ROOT_DIR/.terraform/
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
-    TF_STATE_NAME: $[[ inputs.state_name ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_STATE_NAME: $[[ inputs.state_name ]]
     GITLAB_TOFU_VAR_FILE: '$[[ inputs.var_file ]]'
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'

templates/module-release.yml

@@ -23,7 +23,7 @@ spec:
       description: |
         System that this module can be used with.
         e.g. 'local' or 'azurerm'
-    
+
     module_version:
       description: |
         Version of the module that should be published.
@@ -37,13 +37,13 @@ spec:
   image: curlimages/curl:8.8.0
   variables:
     TAR_FILENAME: /tmp/${CI_PROJECT_NAME}-${CI_COMMIT_SHA}.tgz
-    TF_ROOT: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
     UPLOAD_URL:
       ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/$[[ inputs.module_name ]]/$[[ inputs.module_system ]]/$[[ inputs.module_version ]]/file
   script:
     - >-
       tar -vczf "$TAR_FILENAME"
-      -C "$TF_ROOT"
+      -C "$GITLAB_TOFU_ROOT_DIR"
       --exclude=./.git
       --exclude=./.terraform*
       .

templates/plan.yml

@@ -143,21 +143,21 @@ spec:
     # See https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess for possible values.
     access: '$[[ inputs.artifacts_access ]]'
     paths:
-      - $TF_ROOT/$[[ inputs.plan_name ]].cache
+      - $GITLAB_TOFU_ROOT_DIR/$[[ inputs.plan_name ]].cache
     reports:
-      terraform: $TF_ROOT/$[[ inputs.plan_name]].json
+      terraform: $GITLAB_TOFU_ROOT_DIR/$[[ inputs.plan_name]].json
   rules: $[[ inputs.rules ]]
   cache:
     key: "$__CACHE_KEY_HACK"
     policy: $[[ inputs.cache_policy ]]
     paths:
-      - $TF_ROOT/.terraform/
+      - $GITLAB_TOFU_ROOT_DIR/.terraform/
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
-    TF_STATE_NAME: $[[ inputs.state_name ]]
-    TF_PLAN_NAME: $[[ inputs.plan_name ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_STATE_NAME: $[[ inputs.state_name ]]
+    GITLAB_TOFU_PLAN_NAME: $[[ inputs.plan_name ]]
     GITLAB_TOFU_PLAN_WITH_JSON: true
     GITLAB_TOFU_VAR_FILE: '$[[ inputs.var_file ]]'
   image:

templates/test.yml

@@ -102,12 +102,12 @@ spec:
     key: "$__CACHE_KEY_HACK"
     policy: $[[ inputs.cache_policy ]]
     paths:
-      - $TF_ROOT/.terraform/
+      - $GITLAB_TOFU_ROOT_DIR/.terraform/
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
-    TF_STATE_NAME: $[[ inputs.state_name ]]
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_STATE_NAME: $[[ inputs.state_name ]]
     GITLAB_TOFU_VAR_FILE: '$[[ inputs.var_file ]]'
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'

templates/validate.yml

@@ -98,13 +98,13 @@ spec:
     key: "$__CACHE_KEY_HACK"
     policy: $[[ inputs.cache_policy ]]
     paths:
-      - $TF_ROOT/.terraform/
+      - $GITLAB_TOFU_ROOT_DIR/.terraform/
   variables:
     # FIXME: work around to make slashes work in `cache:key`. see https://gitlab.com/gitlab-org/gitlab/-/issues/439898
     __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
-    TF_ROOT: $[[ inputs.root_dir ]]
-    TF_STATE_NAME: $[[ inputs.state_name ]]
-    TF_IGNORE_INIT_ERRORS: 'true' # Tofu can report errors which might be the reason init failed.
+    GITLAB_TOFU_ROOT_DIR: $[[ inputs.root_dir ]]
+    GITLAB_TOFU_STATE_NAME: $[[ inputs.state_name ]]
+    GITLAB_TOFU_IGNORE_INIT_ERRORS: 'true' # Tofu can report errors which might be the reason init failed.
     GITLAB_TOFU_VAR_FILE: '$[[ inputs.var_file ]]'
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'

tests/integration-tests/Defaults.gitlab-ci.yml

@@ -5,8 +5,8 @@ include:
       version: $CI_COMMIT_SHA
       base_os: $GITLAB_OPENTOFU_BASE_IMAGE_OS
       opentofu_version: $OPENTOFU_VERSION
-      root_dir: $TEST_TF_ROOT
-      state_name: $TEST_TF_STATE_NAME
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
       # Required to run everything immediately, instead of manually.
       fmt_rules: [{when: always}]
       validate_rules: [{when: always}]

tests/integration-tests/Destroy.gitlab-ci.yml

@@ -6,8 +6,8 @@ include:
       opentofu_version: $OPENTOFU_VERSION
       as: 'setup:apply'
       stage: setup
-      root_dir: $TEST_TF_ROOT
-      state_name: $TEST_TF_STATE_NAME
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
       no_plan: true
       # Required to run everything immediately, instead of manually.
       rules: [{when: always}]
@@ -17,8 +17,8 @@ include:
       image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
       version: $CI_COMMIT_SHA
       opentofu_version: $OPENTOFU_VERSION
-      root_dir: $TEST_TF_ROOT
-      state_name: $TEST_TF_STATE_NAME
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
       # Required to run everything immediately, instead of manually.
       fmt_rules: [{when: always}]
       validate_rules: [{when: always}]

tests/integration-tests/FullPipelineTriggerInChildPipeline.gitlab-ci.yml

@@ -5,8 +5,8 @@ include:
       version: $CI_COMMIT_SHA
       base_os: $GITLAB_OPENTOFU_BASE_IMAGE_OS
       opentofu_version: $OPENTOFU_VERSION
-      root_dir: $TEST_TF_ROOT
-      state_name: $TEST_TF_STATE_NAME
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
       # Required to run everything immediately, instead of manually.
       fmt_rules: [{when: always}]
       validate_rules: [{when: always}]

tests/integration-tests/JobTemplates.gitlab-ci.yml

@@ -4,8 +4,8 @@ include:
       image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
       version: $CI_COMMIT_SHA
       opentofu_version: $OPENTOFU_VERSION
-      root_dir: $TEST_TF_ROOT
-      state_name: $TEST_TF_STATE_NAME
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
 
 stages: [validate, build, deploy, cleanup]
 

tests/integration-tests/ModuleRelease.gitlab-ci.yml

@@ -5,7 +5,7 @@ variables:
 include:
   - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/module-release@$CI_COMMIT_SHA
     inputs:
-      root_dir: $TEST_TF_ROOT/modules/random-pet
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR/modules/random-pet
       module_system: $MODULE_SYSTEM
       module_version: $MODULE_VERSION
 

tests/integration-tests/TestJob.gitlab-ci.yml

@@ -4,8 +4,8 @@ include:
       image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
       version: $CI_COMMIT_SHA
       opentofu_version: $OPENTOFU_VERSION
-      root_dir: $TEST_TF_ROOT
-      state_name: $TEST_TF_STATE_NAME
+      root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
+      state_name: $TEST_GITLAB_TOFU_STATE_NAME
       # Required to run everything immediately, instead of manually.
       rules: [{when: always}]