Moved renovate settings and credentials to vault
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 19s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Code Quality & Security Scan / Terraform Validate (push) Failing after 22s
Code Quality & Security Scan / SonarQube Scan (push) Has been skipped
Code Quality & Security Scan / Terraform Plan (push) Has been skipped
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 19s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Code Quality & Security Scan / Terraform Validate (push) Failing after 22s
Code Quality & Security Scan / SonarQube Scan (push) Has been skipped
Code Quality & Security Scan / Terraform Plan (push) Has been skipped
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
This commit is contained in:
parent
eaab76901a
commit
679d2f3286
7
data.tf
7
data.tf
@ -3,7 +3,6 @@ data "vault_generic_secret" "dns" {
|
||||
path = "secret/dns"
|
||||
}
|
||||
|
||||
# Optional: Get Ansible EDA secrets from Vault (uncomment if needed)
|
||||
#data "vault_generic_secret" "ansible_eda" {
|
||||
# path = "secret/ansible-eda"
|
||||
#}
|
||||
data "vault_generic_secret" "renovate" {
|
||||
path = "secret/renovate"
|
||||
}
|
||||
|
||||
6
main.tf
6
main.tf
@ -32,9 +32,9 @@ resource "docker_container" "renovate" {
|
||||
# Environment variables for Renovate
|
||||
env = concat(
|
||||
[
|
||||
"RENOVATE_PLATFORM=${var.renovate_platform}",
|
||||
"RENOVATE_ENDPOINT=${var.renovate_endpoint}",
|
||||
"RENOVATE_TOKEN=${var.renovate_token}",
|
||||
"RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}",
|
||||
"RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}",
|
||||
"RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}",
|
||||
"RENOVATE_GIT_AUTHOR=${var.renovate_git_author}",
|
||||
"RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
|
||||
"LOG_LEVEL=${var.log_level}"
|
||||
|
||||
28
variables.tf
28
variables.tf
@ -52,34 +52,6 @@ variable "create_cname_record" {
|
||||
}
|
||||
|
||||
# Renovate Platform Configuration
|
||||
variable "renovate_platform" {
|
||||
description = "Git platform to use (gitea, github, gitlab, etc.)"
|
||||
type = string
|
||||
default = "gitea"
|
||||
}
|
||||
|
||||
variable "renovate_endpoint" {
|
||||
description = "API endpoint for the git platform (e.g., https://gitea.example.com/api/v1/)"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "renovate_token" {
|
||||
description = "Personal access token for Renovate bot authentication"
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable "renovate_git_author" {
|
||||
description = "Git author for Renovate commits (e.g., 'Renovate Bot <renovate-bot@example.com>')"
|
||||
type = string
|
||||
default = "Renovate Bot <renovate-bot@example.com>"
|
||||
}
|
||||
|
||||
variable "renovate_username" {
|
||||
description = "Username of the Renovate bot account"
|
||||
type = string
|
||||
default = "renovate-bot"
|
||||
}
|
||||
|
||||
variable "renovate_autodiscover" {
|
||||
description = "Enable autodiscovery of repositories"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user