diff --git a/backports/OpenTofu/Base.gitlab-ci.yml b/backports/OpenTofu/Base.gitlab-ci.yml
deleted file mode 100644
index b08c52531dbdceb073b9fb3b92a483576189bfe1..0000000000000000000000000000000000000000
--- a/backports/OpenTofu/Base.gitlab-ci.yml
+++ /dev/null
@@ -1,171 +0,0 @@
-# This template is a port of the OpenTofu CI/CD component at
-# https://gitlab.com/components/opentofu
-# It is generated with the `make backports` command from that project.
-#
-# Please make sure to use the component when your project is hosted on GitLab.com
-# or when you are willing to mirror the component project into your self-managed
-# instance and use it from there.
-#
-# Attention: This template will be removed in favor of the OpenTofu CI/CD component as soon as components
-# are available for self-managed instances.
-#
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/OpenTofu/Base.gitlab-ci.yml
-
-variables:
- # OpenTofu CI/CD component version, see https://gitlab.com/components/opentofu/-/releases
- VERSION: "latest"
- # Compatible OpenTofu version, see https://gitlab.com/components/opentofu/-/releases
- OPENTOFU_VERSION: "1.6.0"
- # Job Image with `gitlab-tofu`
- GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE: $CI_REGISTRY/components/opentofu
- # The relative path to the root directory of the OpenTofu project
- TF_ROOT: ${CI_PROJECT_DIR}
- # The name of the state file used by the GitLab Managed Terraform state backend
- TF_STATE_NAME: default
-
-.opentofu:use-component-instead-of-template:
- stage: validate
- needs: []
- allow_failure: true
- rules:
- - if: '$CI_SERVER_HOST == "gitlab.com"'
- image: alpine:3.19
- script:
- - |
- echo "You are using the OpenTofu CI/CD template on GitLab.com which is not recommended."
- echo "This template is available for self-managed customers until CI/CD components are available to them and it will be removed asap."
- echo " "
- echo "We recommend that you migrate to the OpenTofu CI/CD component instead."
- echo "The OpenTofu CI/CD component with a default configuration can be included as follows:"
- echo " "
- echo "include:"
- echo " - component: gitlab.com/components/opentofu/full-pipeline@~latest"
- echo " inputs:"
- echo " version: latest"
- echo " opentofu_version: 1.6.0"
- echo ""
- echo "stages: [validate, build, deploy, cleanup]"
- echo " "
- echo "You can read about more about the OpenTofu CI/CD component here:"
- echo "https://gitlab.com/components/opentofu"
- - 'false'
-
-'.opentofu:fmt':
- stage: validate
- needs: []
- rules:
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- - if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
- when: never
- - if: $CI_COMMIT_BRANCH # If there's no open merge request, add it to a *branch* pipeline instead.
- #allow_failure: true
- allow_failure: true
- cache:
- key: "$TF_ROOT"
- paths:
- - $TF_ROOT/.terraform/
- image:
- name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
- script:
- - gitlab-tofu fmt
-
-'.opentofu:validate':
- stage: validate
- rules:
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- - if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
- when: never
- - if: $CI_COMMIT_BRANCH # If there's no open merge request, add it to a *branch* pipeline instead.
- cache:
- key: "$TF_ROOT"
- paths:
- - $TF_ROOT/.terraform/
- image:
- name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
- script:
- - gitlab-tofu validate
-
-'.opentofu:plan':
- stage: build
- environment:
- name: $TF_STATE_NAME
- action: prepare
- resource_group: $TF_STATE_NAME
- artifacts:
- # Terraform's cache files can include secrets which can be accidentally exposed.
- # Please exercise caution when utilizing secrets in your Terraform infrastructure and
- # consider limiting access to artifacts or take other security measures to protect sensitive information.
- #
- # The next line, which disables public access to pipeline artifacts, is not available on GitLab.com.
- # See: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic
- public: false
- paths:
- - $TF_ROOT/plan.cache
- reports:
- terraform: $TF_ROOT/plan.json
- rules:
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- - if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
- when: never
- - if: $CI_COMMIT_BRANCH # If there's no open merge request, add it to a *branch* pipeline instead.
- cache:
- key: "$TF_ROOT"
- paths:
- - $TF_ROOT/.terraform/
- image:
- name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
- script:
- - gitlab-tofu plan
- - gitlab-tofu plan-json
-
-'.opentofu:apply':
- stage: deploy
- environment:
- name: $TF_STATE_NAME
- action: start
- resource_group: $TF_STATE_NAME
- rules:
- - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && "$_TF_AUTO_APPLY" == "true"'
- - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- when: manual
- cache:
- key: "$TF_ROOT"
- paths:
- - $TF_ROOT/.terraform/
- image:
- name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
- script:
- - gitlab-tofu apply
-
-'.opentofu:destroy':
- stage: cleanup
- environment:
- name: $TF_STATE_NAME
- action: stop
- resource_group: $TF_STATE_NAME
- rules:
- - if: '"$TF_CREATE_DESTROY_JOB" != "true"'
- when: never
- - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && "$_TF_AUTO_DESTROY" == "true"'
- - when: manual
- cache:
- key: "$TF_ROOT"
- paths:
- - $TF_ROOT/.terraform/
- image:
- name: '$GITLAB_OPENTOFU_IMAGE_REGISTRY_BASE/gitlab-opentofu:$GITLAB_OPENTOFU_VERSION-opentofu$OPENTOFU_VERSION'
- script:
- - gitlab-tofu destroy
-
-'.opentofu:delete-state':
- stage: cleanup
- resource_group: $TF_STATE_NAME
- image: curlimages/curl:latest
- script:
- - curl --request DELETE -u "gitlab-ci-token:$CI_JOB_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$TF_STATE_NAME"
- rules:
- - if: '"$TF_CREATE_DELETE_STATE_JOB" != "true"'
- when: never
- - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- - when: manual
diff --git a/backports/OpenTofu/Base.latest.gitlab-ci.yml b/backports/OpenTofu/Base.latest.gitlab-ci.yml
index d9df3f05d4dbeabbfea2263268c9108e16111eaf..c3be6789735ea79d310d652c6c7c6902387e8de8 100644
--- a/backports/OpenTofu/Base.latest.gitlab-ci.yml
+++ b/backports/OpenTofu/Base.latest.gitlab-ci.yml
@@ -149,8 +149,6 @@ variables:
action: stop
resource_group: $TF_STATE_NAME
rules:
- - if: '"$TF_CREATE_DESTROY_JOB" != "true"'
- when: never
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && "$_TF_AUTO_DESTROY" == "true"'
- when: manual
cache:
@@ -170,7 +168,5 @@ variables:
script:
- curl --request DELETE -u "gitlab-ci-token:$CI_JOB_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$TF_STATE_NAME"
rules:
- - if: '"$TF_CREATE_DELETE_STATE_JOB" != "true"'
- when: never
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: manual
diff --git a/templates/delete-state.yml b/templates/delete-state.yml
index 300f299724f17e8f7ae56ef02e46dadcb26badbc..c88dc4e9fdda47328727efabd992247c05c4c9f0 100644
--- a/templates/delete-state.yml
+++ b/templates/delete-state.yml
@@ -25,7 +25,5 @@ spec:
script:
- curl --request DELETE -u "gitlab-ci-token:$CI_JOB_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$[[ inputs.state_name ]]"
rules:
- - if: '"$[[ inputs.create_delete_state_job ]]" != "true"'
- when: never
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: manual
diff --git a/templates/destroy.yml b/templates/destroy.yml
index d8547c48fd2839851b9d06fe277f476199b0ab92..267a0d801f36c6395cfbd25b8f5c847619679d03 100644
--- a/templates/destroy.yml
+++ b/templates/destroy.yml
@@ -45,9 +45,6 @@ spec:
auto_destroy:
default: 'false'
description: 'Whether the destroy job is manual or automatically run.'
- create_destroy_job:
- default: 'true'
- description: 'Wheather the destroy job should be created or not.'
---
@@ -58,8 +55,6 @@ spec:
action: stop
resource_group: $[[ inputs.state_name ]]
rules:
- - if: '"$[[ inputs.create_destroy_job ]]" != "true"'
- when: never
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && "$[[ inputs.auto_destroy ]]" == "true"'
- when: manual
cache:
diff --git a/templates/full-pipeline.yml b/templates/full-pipeline.yml
index c26e8704fe9e1e6590060cc93556a0202a007ad8..15835df32c5ea0390277ce08f8fd69c8aee2f88d 100644
--- a/templates/full-pipeline.yml
+++ b/templates/full-pipeline.yml
@@ -55,10 +55,12 @@ spec:
default: 'false'
description: 'Whether the destroy job is manual or automatically run.'
create_destroy_job:
- default: 'false'
+ default: false
+ type: boolean
description: 'Wheather the destroy job should be created or not.'
create_delete_state_job:
- default: 'false'
+ default: false
+ type: boolean
description: 'Wheather the delete-state job should be created or not.'
---
@@ -110,13 +112,19 @@ include:
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_destroy: $[[ inputs.auto_apply ]]
- create_destroy_job: $[[ inputs.create_destroy_job ]]
+ rules:
+ - if: '"$[[ inputs.create_destroy_job ]]" == "true"'
+ when: always
+ - when: never
- local: '/templates/delete-state.yml'
inputs:
as: 'delete-state'
stage: $[[ inputs.stage_cleanup ]]
state_name: $[[ inputs.state_name ]]
- create_delete_state_job: $[[ inputs.create_delete_state_job ]]
+ rules:
+ - if: '"$[[ inputs.create_delete_state_job ]]" == "true"'
+ when: always
+ - when: never
# NOTE: we have to define this `needs` here, because inputs don't support arrays, yet.
delete-state:
diff --git a/tests/integration-tests/BackportTemplates.gitlab-ci.yml b/tests/integration-tests/BackportTemplates.gitlab-ci.yml
index a82318209a55042e3bfe0d16dfe7877540b6655a..dcda86beaa97d98db1944b4b6312c3ccbcd02b91 100644
--- a/tests/integration-tests/BackportTemplates.gitlab-ci.yml
+++ b/tests/integration-tests/BackportTemplates.gitlab-ci.yml
@@ -1,5 +1,5 @@
include:
- - local: /backports/OpenTofu/Base.gitlab-ci.yml
+ - local: /backports/OpenTofu/Base.latest.gitlab-ci.yml
stages: [validate, test, build, deploy, cleanup]
diff --git a/tests/integration-tests/Defaults.gitlab-ci.yml b/tests/integration-tests/Defaults.gitlab-ci.yml
index 4e856f3a4093ed6ce4f91a7aa24b8f32b882cd0c..bff4e509a2583e5faf41dc2875ae80ae11f6e231 100644
--- a/tests/integration-tests/Defaults.gitlab-ci.yml
+++ b/tests/integration-tests/Defaults.gitlab-ci.yml
@@ -6,6 +6,8 @@ include:
opentofu_version: $OPENTOFU_VERSION
root_dir: $TEST_TF_ROOT
state_name: $TEST_TF_STATE_NAME
+ create_destroy_job: true
+ create_delete_state_job: true
stages: [validate, test, build, deploy, cleanup]