-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
116 lines (114 loc) · 3.16 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
pipeline {
agent {
label "gcp-agent"
}
environment {
_POLICY_REPO="policy-library"
_TF_SA_EMAIL="TERRAFORM_SA_EMAIL"
_STATE_BUCKET_NAME="BACKEND_STATE_BUCKET_NAME"
_PROJECT_ID="CICD_PROJECT_ID"
}
stages {
stage('setup') {
steps {
sh '''
echo "Setting up gcloud for impersonation"
gcloud config set auth/impersonate_service_account ${_TF_SA_EMAIL}
echo "Adding bucket information to backends"
for i in `find . -name 'backend.tf'`; do sed -r -i "s/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/" $i; done
'''
}
}
stage('TF plan validate all') {
when {
not {
anyOf {
branch 'development'
branch 'production'
branch 'nonproduction'
}
}
}
steps {
sh '''
export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=${_TF_SA_EMAIL}
./tf-wrapper.sh plan_validate_all ${BRANCH_NAME} ${WORKSPACE}/${_POLICY_REPO} ${_PROJECT_ID}
'''
}
}
stage('TF init') {
when {
anyOf {
branch 'development'
branch 'production'
branch 'nonproduction'
}
}
steps {
sh '''
export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=${_TF_SA_EMAIL}
./tf-wrapper.sh init $BRANCH_NAME
'''
}
}
stage('TF plan') {
when {
anyOf {
branch 'development'
branch 'production'
branch 'nonproduction'
}
}
steps {
sh '''
export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=${_TF_SA_EMAIL}
./tf-wrapper.sh plan $BRANCH_NAME
'''
}
}
stage('TF validate') {
when {
anyOf {
branch 'development'
branch 'production'
branch 'nonproduction'
}
}
steps {
sh '''
export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=${_TF_SA_EMAIL}
./tf-wrapper.sh validate ${BRANCH_NAME} ${WORKSPACE}/${_POLICY_REPO} ${_PROJECT_ID}
'''
}
}
// stage('TF wait for approval') {
// when {
// anyOf {
// branch 'development'
// branch 'production'
// branch 'nonproduction'
// }
// }
// steps {
// script {
// def userInput = input(id: 'confirm', message: 'Apply Terraform?', parameters: [ [$class: 'BooleanParameterDefinition', defaultValue: false, description: 'Apply terraform', name: 'confirm'] ])
// }
// }
// }
stage('TF apply') {
when {
anyOf {
branch 'development'
branch 'production'
branch 'nonproduction'
}
}
steps {
sh '''
export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=${_TF_SA_EMAIL}
./tf-wrapper.sh apply $BRANCH_NAME
'''
}
}
}
}