-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathJenkinsfile-terraform.gvy
executable file
·73 lines (62 loc) · 2.7 KB
/
Jenkinsfile-terraform.gvy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// Reusable Jenkinsfile for Terraform projects. An Atlas replacement, needs AWS.
//
// # Vars:
// - AWS_CREDS: AWS access key ID and secret access key.
// - DK_RUN_ARGS: Additional arguments for Docker, e.g. "-e FOO=bar".
// - GIT_CREDS: SSH username with private key.
// - GIT_URL:
// - GIT_SUBDIR:
// - TF_REMOTE_ARGS: Arguments to configure Terraform remote state, e.g. "-backend=s3 -backend-config=...".
//
// # Optional Vars
// - TF_VERSION: Version of Terraform. If "full" is used, beware that version of your state file could be updated.
// - TF_CMD_ARGS: Additional arguments for Terraform command, e.g. "-var foo=bar".
// - TF_CMD_SARGS: Additional arguments for Terraform command but with sensitive content.
// - TF_VARS: *.tfvars, an alternative to declaring variables.
node {
def id = "${env.JOB_NAME}-${env.BUILD_ID}"
def td = "/tmp/${id}"
def wd = "${pwd()}/${GIT_SUBDIR}"
def tv = tfVersion("light")
def tfca = tfCmdArgs("")
def tfcs = tfCmdSargs("")
def tfv = tfVars("")
git credentialsId: "${GIT_CREDS}", url: "${GIT_URL}"
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: AWS_CREDS, usernameVariable: 'ak', passwordVariable: 'sk']]) {
def run = "docker run --rm -v ${wd}:${td} -w=${td} -e AWS_ACCESS_KEY_ID=${env.ak} -e AWS_SECRET_ACCESS_KEY=${env.sk}"
def args = "-var aws_access_key=${env.ak} -var aws_secret_key=${env.sk}"
sh "${run} ${tfDockerImage(tv)} init -force-copy"
if (tfcs.trim()) {
withCredentials([[$class: 'StringBinding', credentialsId: TF_CMD_SARGS, variable: 'tfcs']]) {
args = "${args} ${env.tfcs}"
tfExecTfvars(tv, run, args, td, tfv);
}
} else {
tfExecTfvars(tv, run, args, td, tfv);
}
}
}
def tfExec(tv, run, args) {
run = "${run} ${tfDockerImage(tv)}"
stage 'Plan'
sh "${run} plan ${args} -refresh=false"
input 'Apply the plan?'
stage 'Apply'
sh "${run} apply ${args} -refresh=false"
}
def tfExecTfvars(tv, run, args, td, tfv) {
if (tfv.trim()) {
withCredentials([[$class: 'FileBinding', credentialsId: TF_VARS, variable: 'tfv']]) {
run = "${run} -v ${env.tfv}:${td}/terraform.tfvars"
args = "${args} -var-file=${td}/terraform.tfvars"
tfExec(tv, run, args)
}
} else {
tfExec(tv, run, args)
}
}
def tfDockerImage(tv) { return "hashicorp/terraform:${tv}" }
def tfCmdArgs(val) { try { return "$TF_CMD_ARGS" } catch (MissingPropertyException e) { return val } }
def tfCmdSargs(val) { try { return "$TF_CMD_SARGS" } catch (MissingPropertyException e) { return val } }
def tfVars(val) { try { return "$TF_VARS" } catch(MissingPropertyException e) { return val } }
def tfVersion(val) { try { return "$TF_VERSION" } catch (MissingPropertyException e) { return val } }