|
|
2a5fb1ebd0
|
fix: Add backend configuration to all pipeline terraform init steps
Code Quality & Security Scan / TFLint (push) Successful in 18s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 39s
Code Quality & Security Scan / Terraform Validate (push) Successful in 34s
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 37s
Code Quality & Security Scan / Terraform Plan (push) Failing after 32s
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Updated all terraform init commands in the pipeline to include backend configuration:
- terraform-plan job: Added backend-config flags
- terraform-apply job: Added backend-config flags
- terraform-destroy job: Added backend-config flags
Backend Configuration:
- Uses secrets for all values (MINIO_ENDPOINT, MINIO_BUCKET)
- State file key: docker/renovate/terraform.tfstate
- Credentials from AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars
- Region: main
- S3-compatible settings for MinIO
Required Secrets (should already be available):
- MINIO_ACCESS_KEY, MINIO_SECRET_KEY
- MINIO_ENDPOINT, MINIO_BUCKET
- VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR
- RENOVATE_ENDPOINT, RENOVATE_TOKEN
- SONARQUBE_HOST, SONARQUBE_TOKEN
Fixes pipeline error: Missing Required Value for bucket, key, and region
|
2025-11-18 02:57:09 +01:00 |
|
|
|
86d9e60dd6
|
feat: Add CI/CD pipeline and SonarQube configuration
Code Quality & Security Scan / TFLint (push) Failing after 18s
Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped
Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped
Code Quality & Security Scan / Terraform Validate (push) Has been skipped
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Code Quality & Security Scan / Terraform Plan (push) Has been skipped
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Added comprehensive Gitea Actions pipeline with:
- TFLint for Terraform linting
- Tfsec for security scanning
- Checkov for policy validation
- Terraform validate for syntax checking
- SonarQube integration for code quality analysis
- Terraform plan/apply workflow with MinIO artifact storage
- Terraform destroy workflow with manual approval
Pipeline Features:
- Runs on push to main and pull requests
- Sequential job execution with proper dependencies
- Secure secrets management for Vault, MinIO, and Renovate
- Plan artifact storage in MinIO for apply jobs
- Production environment protection for apply
- Destroy approval environment for safety
- Support for destroy via PR label
SonarQube Configuration:
- Project metadata and version tracking
- Terraform-specific exclusions
- Proper source encoding
- Documentation links to Gitea repository
Required Secrets:
- VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR
- MINIO_ACCESS_KEY, MINIO_SECRET_KEY, MINIO_ENDPOINT, MINIO_BUCKET
- RENOVATE_ENDPOINT, RENOVATE_TOKEN
- SONARQUBE_HOST, SONARQUBE_TOKEN
|
2025-11-17 08:25:38 +01:00 |
|
