diff --git a/src/gitlab-tofu.sh b/src/gitlab-tofu.sh index c4dc9c8cf91c8866d887d0f4c9244781cabd6ca7..43289e8fb7220391927031d20221b3d8614ad22a 100644 --- a/src/gitlab-tofu.sh +++ b/src/gitlab-tofu.sh @@ -9,56 +9,59 @@ # Detailed information about it is in the README: # https://gitlab.com/components/opentofu # -# Respected Environment Variables: -# -------------------------------- -# GITLAB_TOFU_DEBUG: if set to true will enable xtrace. -# GITLAB_TOFU_SOURCE: forces this script in source-mode. Required when source auto-detection fails. -# GITLAB_TOFU_APPLY_NO_PLAN: if set to true, the apply command does not use a plan cache file. -# GITLAB_TOFU_PLAN_NAME: the name of the plan cache and json files. Defaults to `plan`. -# GITLAB_TOFU_PLAN_CACHE: if set to the full path of the plan cache file. Defaults to `<root>/$GITLAB_TOFU_PLAN_NAME.cache` -# GITLAB_TOFU_PLAN_JSON: if set to the full path of the plan json file. Defaults to `<root>/$GITLAB_TOFU_PLAN_NAME.json` -# GITLAB_TOFU_IMPLICIT_INIT: if set to true will perform an implicit `tofu init` before any command that require it. Defaults to `true`. -# GITLAB_TOFU_IGNORE_INIT_ERRORS: if set to true will ignore errors in the `tofu init` command. -# GITLAB_TOFU_INIT_NO_RECONFIGURE: if set to true will not pass `-reconfigure` to the `tofu init` command. Defaults to `false`. -# GITLAB_TOFU_STATE_NAME: the name of the GitLab-managed Terraform state backend endpoint. -# GITLAB_TOFU_STATE_ADDRESS: the address of the GitLab-managed Terraform state backend. Defaults to `$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$GITLAB_TOFU_STATE_NAME`. -# GITLAB_TOFU_USE_DETAILED_EXITCODE: if set to true, `-detailed-exitcode` is supplied to `tofu plan`. Defaults to `false`. -# GITLAB_TOFU_PLAN_WITH_JSON: if set to true, will directly generate a JSON plan file when running `gitlab-tofu plan`. Defaults to `false`. -# GITLAB_TOFU_VAR_FILE: if set to a path it will pass `-var-file` to all `tofu` commands that support it. +# #### Respected Environment Variables +# +# - `GITLAB_TOFU_DEBUG`: if set to true will enable xtrace. +# - `GITLAB_TOFU_SOURCE`: forces this script in source-mode. Required when source auto-detection fails. +# - `GITLAB_TOFU_APPLY_NO_PLAN`: if set to true, the apply command does not use a plan cache file. +# - `GITLAB_TOFU_PLAN_NAME`: the name of the plan cache and json files. Defaults to `plan`. +# - `GITLAB_TOFU_PLAN_CACHE`: if set to the full path of the plan cache file. Defaults to `<root>/$GITLAB_TOFU_PLAN_NAME.cache` +# - `GITLAB_TOFU_PLAN_JSON`: if set to the full path of the plan json file. Defaults to `<root>/$GITLAB_TOFU_PLAN_NAME.json` +# - `GITLAB_TOFU_IMPLICIT_INIT`: if set to true will perform an implicit `tofu init` before any command that require it. Defaults to `true`. +# - `GITLAB_TOFU_IGNORE_INIT_ERRORS`: if set to true will ignore errors in the `tofu init` command. +# - `GITLAB_TOFU_INIT_NO_RECONFIGURE`: if set to true will not pass `-reconfigure` to the `tofu init` command. Defaults to `false`. +# - `GITLAB_TOFU_STATE_NAME`: the name of the GitLab-managed Terraform state backend endpoint. +# - `GITLAB_TOFU_STATE_ADDRESS`: the address of the GitLab-managed Terraform state backend. Defaults to `$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$GITLAB_TOFU_STATE_NAME`. +# - `GITLAB_TOFU_USE_DETAILED_EXITCODE`: if set to true, `-detailed-exitcode` is supplied to `tofu plan`. Defaults to `false`. +# - `GITLAB_TOFU_PLAN_WITH_JSON`: if set to true, will directly generate a JSON plan file when running `gitlab-tofu plan`. Defaults to `false`. +# - `GITLAB_TOFU_VAR_FILE`: if set to a path it will pass `-var-file` to all `tofu` commands that support it. +# +# #### Respected OpenTofu Environment Variables # -# Respected OpenTofu Environment Variables: # > these are variables that are # > respected if set and avoid using # > the gitlab-tofu values for them. -# ---------------------------------- -# TF_HTTP_USERNAME: username for the HTTP backend. Defaults to `gitlab-ci-token`. -# TF_HTTP_PASSWORD: password for the HTTP backend. Defaults to `$CI_JOB_TOKEN`. -# TF_HTTP_ADDRESS: address for the HTTP backend. Defaults to `$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/<urlencode($GITLAB_TOFU_STATE_NAME)>`. -# TF_HTTP_LOCK_ADDRESS: lock address for the HTTP backend. Defaults to `$TF_HTTP_ADDRESS/lock`. -# TF_HTTP_LOCK_METHOD: lock method for the HTTP backend. Defaults to `POST`. -# TF_HTTP_UNLOCK_ADDRESS: unlock address for the HTTP backend. Defaults to `lock`. -# TF_HTTP_UNLOCK_METHOD: unlock address for the HTTP backend. Defaults to `unlock`. -# TF_HTTP_RETRY_WAIT_MIN: retry minimum waiting time in seconds. Defaults to `5`. -# TF_CLI_CONFIG_FILE: config file path. Defaults to `$HOME/.terraformrc` if it exists. # -# Respected GitLab CI/CD Variables: +# - `TF_HTTP_USERNAME`: username for the HTTP backend. Defaults to `gitlab-ci-token`. +# - `TF_HTTP_PASSWORD`: password for the HTTP backend. Defaults to `$CI_JOB_TOKEN`. +# - `TF_HTTP_ADDRESS`: address for the HTTP backend. Defaults to `$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/<urlencode($GITLAB_TOFU_STATE_NAME)>`. +# - `TF_HTTP_LOCK_ADDRESS`: lock address for the HTTP backend. Defaults to `$TF_HTTP_ADDRESS/lock`. +# - `TF_HTTP_LOCK_METHOD`: lock method for the HTTP backend. Defaults to `POST`. +# - `TF_HTTP_UNLOCK_ADDRESS`: unlock address for the HTTP backend. Defaults to `lock`. +# - `TF_HTTP_UNLOCK_METHOD`: unlock address for the HTTP backend. Defaults to `unlock`. +# - `TF_HTTP_RETRY_WAIT_MIN`: retry minimum waiting time in seconds. Defaults to `5`. +# - `TF_CLI_CONFIG_FILE`: config file path. Defaults to `$HOME/.terraformrc` if it exists. +# +# #### Respected GitLab CI/CD Variables +# # > these are variables exposed by # > GitLab CI/CD and respected by # > the gitlab-tofu script for # > certain configurations. -# CI_JOB_TOKEN: -# - used as default value for TF_HTTP_PASSWORD. -# - used as value for TF_TOKEN_<host> variable. -# CI_PROJECT_DIR: +# +# - `CI_JOB_TOKEN`: +# - used as default value for `TF_HTTP_PASSWORD`. +# - used as value for `TF_TOKEN_<host>` variable. +# - `CI_PROJECT_DIR`: # - used as default value for root directory. -# CI_PROJECT_ID: -# - used as default value in constructing the GITLAB_TOFU_STATE_ADDRESS. -# CI_API_V4_URL: -# - used as default value in constructing the GITLAB_TOFU_STATE_ADDRESS. -# CI_SERVER_HOST: -# - used to construct the TF_TOKEN_<host> variable. -# CI_SERVER_PROTOCOL: -# - used to construct the TF_TOKEN_<host> variable. +# - `CI_PROJECT_ID`: +# - used as default value in constructing the `GITLAB_TOFU_STATE_ADDRESS`. +# - `CI_API_V4_URL`: +# - used as default value in constructing the `GITLAB_TOFU_STATE_ADDRESS`. +# - `CI_SERVER_HOST`: +# - used to construct for `TF_TOKEN_<host>` variable. +# - `CI_SERVER_PROTOCOL`: +# - used to construct for `TF_TOKEN_<host>` variable. # set some shell options set -o errexit