diff --git a/.gitlab/release-notes.md.template b/.gitlab/release-notes.md.template
index 6a3da5b59de91634f638799294b6f28f546ff1ef..d9edef9e899ad931f8942051df3bbec09c669194 100644
--- a/.gitlab/release-notes.md.template
+++ b/.gitlab/release-notes.md.template
@@ -52,6 +52,10 @@ cosign verify \
--certificate-oidc-issuer "https://gitlab.com"
```
+The `image_digest` input can be used to strictly pull by the image digest.
+The `image_digest` input value needs to have the format of `@<type>:<hash>`
+where `<type>:<hash>` is the `digest` value from the images list above.
+
> **Note:**
>
> When using the component with the inputs `version` and `opentofu_version`,<br>
diff --git a/templates/apply.yml b/templates/apply.yml
index 8e992063958c257a6aea4a48a06410d75a8d5ec3..ed26796a32845ab5d1fe53dc2ccc4e29edff18fa 100644
--- a/templates/apply.yml
+++ b/templates/apply.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -101,6 +106,6 @@ spec:
TF_APPLY_NO_PLAN: $[[ inputs.no_plan ]]
TF_PLAN_NAME: $[[ inputs.plan_name ]]
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]$[[ inputs.image_digest ]]'
script:
- gitlab-tofu apply
diff --git a/templates/custom-command.yml b/templates/custom-command.yml
index 8d705aba957614e7d2ef7fe9a07cab1d879184da..16ce8d58c4e29cc89a90c52ab5417d4ae8809b78 100644
--- a/templates/custom-command.yml
+++ b/templates/custom-command.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -80,7 +85,7 @@ spec:
__CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
TF_ROOT: $[[ inputs.root_dir ]]
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script:
- gitlab-tofu $[[ inputs.command ]]
diff --git a/templates/destroy.yml b/templates/destroy.yml
index a224964ec478526ea562430b6bbfaaf75c64e67f..d91c49073c0a74c360e86ae8427a0fc5ae19a12c 100644
--- a/templates/destroy.yml
+++ b/templates/destroy.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -100,6 +105,6 @@ spec:
TF_APPLY_NO_PLAN: $[[ inputs.no_plan ]]
TF_PLAN_NAME: $[[ inputs.plan_name ]]
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script:
- gitlab-tofu apply -destroy
diff --git a/templates/fmt.yml b/templates/fmt.yml
index 45219cc325b472a47355d00662ffa710804be5d5..c9ca935dea165021019facaa735e7f460b615e20 100644
--- a/templates/fmt.yml
+++ b/templates/fmt.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -88,6 +93,6 @@ spec:
__CACHE_KEY_HACK: "$[[ inputs.root_dir ]]"
TF_ROOT: $[[ inputs.root_dir ]]
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script:
- gitlab-tofu fmt
diff --git a/templates/full-pipeline.yml b/templates/full-pipeline.yml
index fece43f4514dc7dad952125cf4e74275c4b0605d..4261b77ed0191971a0d14e53a1e6919a9aacaaef 100644
--- a/templates/full-pipeline.yml
+++ b/templates/full-pipeline.yml
@@ -67,6 +67,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -98,6 +103,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
- local: '/templates/validate.yml'
inputs:
@@ -108,6 +114,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/test.yml'
@@ -119,6 +126,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
rules:
@@ -133,6 +141,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
artifacts_access: $[[ inputs.plan_artifacts_access ]]
@@ -145,6 +154,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_apply: $[[ inputs.auto_apply ]]
@@ -157,6 +167,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_destroy: $[[ inputs.auto_destroy ]]
diff --git a/templates/graph.yml b/templates/graph.yml
index fa6c21f390f972c807616421aa1b1816a8a98a70..3ec38af9e15f7df7a552b212c11bc9eceb820c06 100644
--- a/templates/graph.yml
+++ b/templates/graph.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -86,7 +91,7 @@ spec:
TF_ROOT: $[[ inputs.root_dir ]]
TF_STATE_NAME: $[[ inputs.state_name ]]
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script:
- gitlab-tofu graph > "$[[ inputs.graph_file ]]"
artifacts:
diff --git a/templates/job-templates.yml b/templates/job-templates.yml
index 93ced344df0cfe0f40dcdbec26adb8cc04e518e4..8767a31e0af3b595cd5c2d6062ed129f2901daaa 100644
--- a/templates/job-templates.yml
+++ b/templates/job-templates.yml
@@ -67,6 +67,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
job_name_prefix:
default: '.opentofu:'
@@ -98,6 +103,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
- local: '/templates/validate.yml'
inputs:
@@ -108,6 +114,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/graph.yml'
@@ -129,6 +136,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/plan.yml'
@@ -140,6 +148,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/apply.yml'
@@ -151,6 +160,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_apply: $[[ inputs.auto_apply ]]
@@ -163,6 +173,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_destroy: $[[ inputs.auto_destroy ]]
diff --git a/templates/plan.yml b/templates/plan.yml
index a62a5465dbb6cf2f097be34c7099508b5f40a965..3fd49ecac0f3aa403aafeb4e7548939b83bb43a6 100644
--- a/templates/plan.yml
+++ b/templates/plan.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -110,7 +115,7 @@ spec:
TF_STATE_NAME: $[[ inputs.state_name ]]
TF_PLAN_NAME: $[[ inputs.plan_name ]]
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script:
- "args=\"\"\nif [ \"$[[ inputs.destroy ]]\" == \"true\" ]; then \n echo \"Planning for a destroy\"\n args=\"-destroy\"\nfi\n"
- gitlab-tofu plan $args
diff --git a/templates/test.yml b/templates/test.yml
index 37e659a6ec906bff6600278d8c9de35a4c4f1f2f..f11343fc24afdbb1bb251984e0c0eb07a4c3c1f3 100644
--- a/templates/test.yml
+++ b/templates/test.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -86,6 +91,6 @@ spec:
TF_ROOT: $[[ inputs.root_dir ]]
TF_STATE_NAME: $[[ inputs.state_name ]]
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script:
- gitlab-tofu test
diff --git a/templates/validate-plan-apply.yml b/templates/validate-plan-apply.yml
index a48b5522866a6a660d0d4f1aebe16c0999569ab6..75d7a43673e8877c32203b98133d366bd76d39a8 100644
--- a/templates/validate-plan-apply.yml
+++ b/templates/validate-plan-apply.yml
@@ -61,6 +61,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -88,6 +93,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
- local: '/templates/validate.yml'
inputs:
@@ -98,6 +104,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/plan.yml'
@@ -109,6 +116,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
artifacts_access: $[[ inputs.plan_artifacts_access ]]
@@ -121,6 +129,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
auto_apply: $[[ inputs.auto_apply ]]
diff --git a/templates/validate-plan-destroy.yml b/templates/validate-plan-destroy.yml
index ac01f065ade6afd4bef607d2f0ff77c8fd60e9a7..a801d93497ebc8e35c9da69b63678ea5be531369 100644
--- a/templates/validate-plan-destroy.yml
+++ b/templates/validate-plan-destroy.yml
@@ -61,6 +61,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -91,6 +96,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
- local: '/templates/validate.yml'
inputs:
@@ -101,6 +107,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/plan.yml'
@@ -112,6 +119,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
plan_name: $[[ inputs.plan_name ]]
@@ -126,6 +134,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
no_plan: false
diff --git a/templates/validate-plan.yml b/templates/validate-plan.yml
index 69fe8cc9731eea1d11c8edfa4e09192c9e2ecd9f..fd1eb1fd03980d5bf64799041f187bdb5abf7ec4 100644
--- a/templates/validate-plan.yml
+++ b/templates/validate-plan.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -81,6 +86,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
- local: '/templates/validate.yml'
inputs:
@@ -91,6 +97,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
- local: '/templates/plan.yml'
@@ -102,6 +109,7 @@ include:
opentofu_version: $[[ inputs.opentofu_version ]]
image_registry_base: $[[ inputs.image_registry_base ]]
image_name: $[[ inputs.image_name ]]
+ image_digest: $[[ inputs.image_digest ]]
root_dir: $[[ inputs.root_dir ]]
state_name: $[[ inputs.state_name ]]
artifacts_access: $[[ inputs.artifacts_access ]]
diff --git a/templates/validate.yml b/templates/validate.yml
index fb096b2a187719988e8154f3ca9495b624eb0d77..2f0306f3256b8cb08f53b5b74ec3ad38053e5fd3 100644
--- a/templates/validate.yml
+++ b/templates/validate.yml
@@ -58,6 +58,11 @@ spec:
default: 'gitlab-opentofu'
description: 'Image name for the job images. Hosted under `image_registry_base`.'
+ image_digest:
+ default: ''
+ regex: '^(@sha256:[a-z0-9]{64})?$'
+ description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.'
+
# Configuration
root_dir:
default: ${CI_PROJECT_DIR}
@@ -86,6 +91,6 @@ spec:
TF_STATE_NAME: $[[ inputs.state_name ]]
TF_IGNORE_INIT_ERRORS: 'true' # Tofu can report errors which might be the reason init failed.
image:
- name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]'
+ name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script:
- gitlab-tofu validate