Compare commits
12 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b61d7bb9f3 | ||
|
98df0dd8b3 | ||
|
f57fdb2f93 | ||
|
368a45fde8 | ||
|
c733196acf | ||
|
|
1957d56ac2 | ||
|
|
eb0066e3e3 | ||
|
|
7063a9a3b8 | ||
|
|
da28f2e7be | ||
|
|
7567643a39 | ||
|
|
85abda77f0 | ||
|
|
6dc2cf234a |
5 changed files with 24 additions and 16 deletions
|
|
@ -1,6 +1,7 @@
|
||||||
# Source: https://github.com/github/gitignore/blob/main/Terraform.gitignore
|
# Source: https://github.com/github/gitignore/blob/main/Terraform.gitignore
|
||||||
# Local .terraform directories
|
# Local .terraform directories
|
||||||
**/.terraform/*
|
**/.terraform/*
|
||||||
|
**/Docs/*
|
||||||
|
|
||||||
# .tfstate files
|
# .tfstate files
|
||||||
*.tfstate
|
*.tfstate
|
||||||
|
|
@ -11,8 +12,8 @@ crash.log
|
||||||
crash.*.log
|
crash.*.log
|
||||||
|
|
||||||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
||||||
# password, private keys, and other secrets. These should not be part of version
|
# password, private keys, and other secrets. These should not be part of version
|
||||||
# control as they are data points which are potentially sensitive and subject
|
# control as they are data points which are potentially sensitive and subject
|
||||||
# to change depending on the environment.
|
# to change depending on the environment.
|
||||||
*.tfvars
|
*.tfvars
|
||||||
*.tfvars.json
|
*.tfvars.json
|
||||||
|
|
@ -49,4 +50,4 @@ docker-compose.yml
|
||||||
.gitignore-project
|
.gitignore-project
|
||||||
configure.yaml.dist
|
configure.yaml.dist
|
||||||
.env
|
.env
|
||||||
makeplan.mk
|
makeplan.mk
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,10 @@ CICD_RUNNER_TAGS={{ CICD_RUNNER_TAGS | join(',') }}
|
||||||
{% if CICD_ROLE_NAME %}
|
{% if CICD_ROLE_NAME %}
|
||||||
CICD_ROLE_NAME={{ CICD_ROLE_NAME }}
|
CICD_ROLE_NAME={{ CICD_ROLE_NAME }}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% if CICD_ACCOUNT_ID %}
|
||||||
|
CICD_ACCOUNT_ID={{ CICD_ACCOUNT_ID }}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
########################################################################################################################
|
########################################################################################################################
|
||||||
# Docker Compose image tags to use
|
# Docker Compose image tags to use
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ stages:
|
||||||
script: |
|
script: |
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
echo "Getting temporary credentials associated to assume role"
|
echo "Getting temporary credentials associated to assume role"
|
||||||
STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::903534291474:role/Vocalcom-CiCd-CrossAccountRole --role-session-name ${CI_COMMIT_SHA})
|
STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::{{ environ('CICD_ACCOUNT_ID') }}:role/{{ environ('CICD_ROLE_NAME') }} --role-session-name ${CI_COMMIT_SHA})
|
||||||
AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId')
|
AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId')
|
||||||
AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey')
|
AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey')
|
||||||
AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken')
|
AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken')
|
||||||
|
|
|
||||||
|
|
@ -57,14 +57,15 @@ GITLAB_JOBS:
|
||||||
apply_all: True
|
apply_all: True
|
||||||
delete_all: True
|
delete_all: True
|
||||||
|
|
||||||
CICD_ROLE_NAME: Vocalcom-CiCd-CrossAccountRole
|
CICD_ROLE_NAME: XXXXXX-CiCd-CrossAccountRole
|
||||||
|
CICD_ACCOUNT_ID: 123546789123
|
||||||
|
|
||||||
# Run Terraform apply only on main branch
|
# Run Terraform apply only on main branch
|
||||||
TF_APPLY_ONLY_MAIN: True
|
TF_APPLY_ONLY_MAIN: True
|
||||||
|
|
||||||
# Set Terraform Token key and value to access Terraform Module stored onGitLab
|
# Set Terraform Token key and value to access Terraform Module stored onGitLab
|
||||||
TF_TOKEN_MODULE_ACCESS: False
|
TF_TOKEN_MODULE_ACCESS: False
|
||||||
TF_TOKEN_MODULE_ACCESS_KEY:
|
TF_TOKEN_MODULE_ACCESS_KEY:
|
||||||
TF_TOKEN_MODULE_ACCESS_VALUE:
|
TF_TOKEN_MODULE_ACCESS_VALUE:
|
||||||
|
|
||||||
########################################################################################################################
|
########################################################################################################################
|
||||||
|
|
@ -82,7 +83,7 @@ TF_VAR_backend_dynamodb_table: tfstate-terraformstarterkit-lock
|
||||||
TF_VAR_backend_bucket_access_role: arn:aws:iam::538728450418:role/vcl-platformadmin-role
|
TF_VAR_backend_bucket_access_role: arn:aws:iam::538728450418:role/vcl-platformadmin-role
|
||||||
|
|
||||||
########################################################################################################################
|
########################################################################################################################
|
||||||
# LOCAL DEVELOPMENT
|
# LOCAL DEVELOPMENT
|
||||||
########################################################################################################################
|
########################################################################################################################
|
||||||
LOCAL_ROLE_NAME: vcl-platformadmin-role
|
LOCAL_ROLE_NAME: vcl-platformadmin-role
|
||||||
TF_VAR_assume_role: vcl-platformadmin-role
|
TF_VAR_assume_role: vcl-platformadmin-role
|
||||||
|
|
|
||||||
|
|
@ -14,13 +14,15 @@
|
||||||
set -o errexit -o nounset -o pipefail
|
set -o errexit -o nounset -o pipefail
|
||||||
|
|
||||||
# Set Starterkit version
|
# Set Starterkit version
|
||||||
STARTER_KIT_VERSION="v0.0.1"
|
STARTER_KIT_VERSION="${1:-latest}"
|
||||||
|
STARTER_KIT_PROJECT="${2:-Orange-OpenSource/AWSTerraformStarterKit}"
|
||||||
|
|
||||||
curl -L\
|
STARTER_KIT_FORMAT="tar"
|
||||||
"https://github.com/Orange-OpenSource/AWSTerraformStarterKit/archive/refs/tags/${STARTER_KIT_VERSION}.zip" \
|
STARTER_KIT_URL="https://api.github.com/repos/${STARTER_KIT_PROJECT}"
|
||||||
-o /tmp/archive.zip
|
STARTER_KIT_LOCATION="${STARTER_KIT_URL}/${STARTER_KIT_FORMAT}ball/${STARTER_KIT_VERSION}"
|
||||||
|
|
||||||
unzip /tmp/archive.zip -d .
|
if [ "$STARTER_KIT_VERSION" == "latest" ]; then
|
||||||
cp -r AWSTerraformStarterKit-*/. .
|
STARTER_KIT_LOCATION=$(curl -s ${STARTER_KIT_URL}/releases/latest | jq -r ".${STARTER_KIT_FORMAT}ball_url")
|
||||||
rm -rf AWSTerraformStarterKit-*
|
fi
|
||||||
rm /tmp/archive.zip
|
|
||||||
|
curl --fail -L "${STARTER_KIT_LOCATION}" | tar -xz --strip-components 1
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue