terraform-docker-renovate

Author	SHA1	Message	Date
Patrick de Ruiter	89f0029d67	fix: Add DNS server configuration to all pipeline stages All checks were successful Code Quality & Security Scan / TFLint (push) Successful in 21s Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 26s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 39s Details Code Quality & Security Scan / Terraform Validate (push) Successful in 39s Details Code Quality & Security Scan / SonarQube Scan (push) Successful in 37s Details Code Quality & Security Scan / Terraform Plan (push) Successful in 1m21s Details Code Quality & Security Scan / Terraform Apply (push) Successful in 1m42s Details Added TF_VAR_dns_servers to all pipeline stages to configure the Renovate container to use internal DNS server for hostname resolution. Changes: - Added TF_VAR_dns_servers: '["192.168.2.2"]' to all pipeline env blocks - Applied to: terraform-plan (init and plan) - Applied to: terraform-apply (init and apply) - Applied to: terraform-destroy (init, plan, execute) This configures the Renovate container to use 192.168.2.2 as its DNS server, allowing it to resolve internal hostnames like gitea.bsdserver.nl. Fixes the ENOTFOUND DNS error: getaddrinfo ENOTFOUND gitea.bsdserver.nl The DNS configuration is passed as a Terraform variable in JSON array format: '["192.168.2.2"]'	2025-11-19 14:49:15 +01:00
Patrick de Ruiter	1cca7c9267	fix: Remove unused TF_VAR_renovate_* variables from pipeline All checks were successful Code Quality & Security Scan / TFLint (push) Successful in 23s Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 31s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 33s Details Code Quality & Security Scan / Terraform Validate (push) Successful in 35s Details Code Quality & Security Scan / SonarQube Scan (push) Successful in 45s Details Code Quality & Security Scan / Terraform Plan (push) Successful in 1m16s Details Code Quality & Security Scan / Terraform Apply (push) Successful in 1m35s Details The renovate_endpoint and renovate_token values are retrieved from Vault (secret/renovate) via data sources in the Terraform code, not passed as Terraform variables. Changes: - Commented out TF_VAR_renovate_endpoint in all pipeline stages - Commented out TF_VAR_renovate_token in all pipeline stages - These values are properly sourced from Vault data sources This fixes the container restart issue where Renovate couldn't find the Gitea personal access token because the environment variable wasn't being set correctly from Vault data. Affected stages: - terraform-validate (init and validate steps) - terraform-plan (init and plan steps) - terraform-apply (init and apply steps) - terraform-destroy (init, plan, and execute steps)	2025-11-19 13:32:59 +01:00
Patrick de Ruiter	899fac55bb	feat: Replace pipeline with working configuration from EDA module Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 20s Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 30s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s Details Code Quality & Security Scan / Terraform Validate (push) Failing after 31s Details Code Quality & Security Scan / SonarQube Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Plan (push) Has been skipped Details Code Quality & Security Scan / Terraform Apply (push) Has been skipped Details Added working pipeline based on terraform-docker-eda module: - Added pipeline.yaml with complete CI/CD workflow including Vault CLI setup - Added setup-ssh.sh for Docker provider SSH key authentication - Added .tflint.hcl for Terraform linting configuration - Removed old sonarqube.yaml pipeline file Pipeline now includes: - Vault CLI installation and SSH key setup via script - Proper backend configuration with -backend-config flags - All security scans: TFLint, Tfsec, Checkov - SonarQube integration - Terraform plan/apply with MinIO artifact storage - Terraform destroy workflow with manual approval This pipeline configuration has been proven to work with Vault, MinIO, and Docker providers using self-signed certificates.	2025-11-18 03:09:53 +01:00
Patrick de Ruiter	2a5fb1ebd0	fix: Add backend configuration to all pipeline terraform init steps Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 18s Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 39s Details Code Quality & Security Scan / Terraform Validate (push) Successful in 34s Details Code Quality & Security Scan / SonarQube Trigger (push) Successful in 37s Details Code Quality & Security Scan / Terraform Plan (push) Failing after 32s Details Code Quality & Security Scan / Terraform Apply (push) Has been skipped Details Updated all terraform init commands in the pipeline to include backend configuration: - terraform-plan job: Added backend-config flags - terraform-apply job: Added backend-config flags - terraform-destroy job: Added backend-config flags Backend Configuration: - Uses secrets for all values (MINIO_ENDPOINT, MINIO_BUCKET) - State file key: docker/renovate/terraform.tfstate - Credentials from AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars - Region: main - S3-compatible settings for MinIO Required Secrets (should already be available): - MINIO_ACCESS_KEY, MINIO_SECRET_KEY - MINIO_ENDPOINT, MINIO_BUCKET - VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR - RENOVATE_ENDPOINT, RENOVATE_TOKEN - SONARQUBE_HOST, SONARQUBE_TOKEN Fixes pipeline error: Missing Required Value for bucket, key, and region	2025-11-18 02:57:09 +01:00
Patrick de Ruiter	86d9e60dd6	feat: Add CI/CD pipeline and SonarQube configuration Some checks failed Code Quality & Security Scan / TFLint (push) Failing after 18s Details Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details Code Quality & Security Scan / Terraform Plan (push) Has been skipped Details Code Quality & Security Scan / Terraform Apply (push) Has been skipped Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Added comprehensive Gitea Actions pipeline with: - TFLint for Terraform linting - Tfsec for security scanning - Checkov for policy validation - Terraform validate for syntax checking - SonarQube integration for code quality analysis - Terraform plan/apply workflow with MinIO artifact storage - Terraform destroy workflow with manual approval Pipeline Features: - Runs on push to main and pull requests - Sequential job execution with proper dependencies - Secure secrets management for Vault, MinIO, and Renovate - Plan artifact storage in MinIO for apply jobs - Production environment protection for apply - Destroy approval environment for safety - Support for destroy via PR label SonarQube Configuration: - Project metadata and version tracking - Terraform-specific exclusions - Proper source encoding - Documentation links to Gitea repository Required Secrets: - VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR - MINIO_ACCESS_KEY, MINIO_SECRET_KEY, MINIO_ENDPOINT, MINIO_BUCKET - RENOVATE_ENDPOINT, RENOVATE_TOKEN - SONARQUBE_HOST, SONARQUBE_TOKEN	2025-11-17 08:25:38 +01:00

5 Commits