terraform-docker-renovate

wbyc/terraform-docker-renovate

Fork 0

Commit Graph

Author	SHA1	Message	Date
Patrick de Ruiter	899fac55bb	feat: Replace pipeline with working configuration from EDA module Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 20s Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 30s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s Details Code Quality & Security Scan / Terraform Validate (push) Failing after 31s Details Code Quality & Security Scan / SonarQube Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Plan (push) Has been skipped Details Code Quality & Security Scan / Terraform Apply (push) Has been skipped Details Added working pipeline based on terraform-docker-eda module: - Added pipeline.yaml with complete CI/CD workflow including Vault CLI setup - Added setup-ssh.sh for Docker provider SSH key authentication - Added .tflint.hcl for Terraform linting configuration - Removed old sonarqube.yaml pipeline file Pipeline now includes: - Vault CLI installation and SSH key setup via script - Proper backend configuration with -backend-config flags - All security scans: TFLint, Tfsec, Checkov - SonarQube integration - Terraform plan/apply with MinIO artifact storage - Terraform destroy workflow with manual approval This pipeline configuration has been proven to work with Vault, MinIO, and Docker providers using self-signed certificates.	2025-11-18 03:09:53 +01:00
Patrick de Ruiter	2a5fb1ebd0	fix: Add backend configuration to all pipeline terraform init steps Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 18s Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 39s Details Code Quality & Security Scan / Terraform Validate (push) Successful in 34s Details Code Quality & Security Scan / SonarQube Trigger (push) Successful in 37s Details Code Quality & Security Scan / Terraform Plan (push) Failing after 32s Details Code Quality & Security Scan / Terraform Apply (push) Has been skipped Details Updated all terraform init commands in the pipeline to include backend configuration: - terraform-plan job: Added backend-config flags - terraform-apply job: Added backend-config flags - terraform-destroy job: Added backend-config flags Backend Configuration: - Uses secrets for all values (MINIO_ENDPOINT, MINIO_BUCKET) - State file key: docker/renovate/terraform.tfstate - Credentials from AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars - Region: main - S3-compatible settings for MinIO Required Secrets (should already be available): - MINIO_ACCESS_KEY, MINIO_SECRET_KEY - MINIO_ENDPOINT, MINIO_BUCKET - VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR - RENOVATE_ENDPOINT, RENOVATE_TOKEN - SONARQUBE_HOST, SONARQUBE_TOKEN Fixes pipeline error: Missing Required Value for bucket, key, and region	2025-11-18 02:57:09 +01:00
Patrick de Ruiter	86d9e60dd6	feat: Add CI/CD pipeline and SonarQube configuration Some checks failed Code Quality & Security Scan / TFLint (push) Failing after 18s Details Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details Code Quality & Security Scan / Terraform Plan (push) Has been skipped Details Code Quality & Security Scan / Terraform Apply (push) Has been skipped Details Code Quality & Security Scan / Terraform Destroy (push) Has been skipped Details Added comprehensive Gitea Actions pipeline with: - TFLint for Terraform linting - Tfsec for security scanning - Checkov for policy validation - Terraform validate for syntax checking - SonarQube integration for code quality analysis - Terraform plan/apply workflow with MinIO artifact storage - Terraform destroy workflow with manual approval Pipeline Features: - Runs on push to main and pull requests - Sequential job execution with proper dependencies - Secure secrets management for Vault, MinIO, and Renovate - Plan artifact storage in MinIO for apply jobs - Production environment protection for apply - Destroy approval environment for safety - Support for destroy via PR label SonarQube Configuration: - Project metadata and version tracking - Terraform-specific exclusions - Proper source encoding - Documentation links to Gitea repository Required Secrets: - VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR - MINIO_ACCESS_KEY, MINIO_SECRET_KEY, MINIO_ENDPOINT, MINIO_BUCKET - RENOVATE_ENDPOINT, RENOVATE_TOKEN - SONARQUBE_HOST, SONARQUBE_TOKEN	2025-11-17 08:25:38 +01:00

Author

SHA1

Message

Date

Patrick de Ruiter

899fac55bb

feat: Replace pipeline with working configuration from EDA module

Code Quality & Security Scan / TFLint (push) Successful in 20s

Details

Code Quality & Security Scan / Terraform Destroy (push) Has been skipped

Details

Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 30s

Details

Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s

Details

Code Quality & Security Scan / Terraform Validate (push) Failing after 31s

Details

Code Quality & Security Scan / SonarQube Scan (push) Has been skipped

Details

Code Quality & Security Scan / Terraform Plan (push) Has been skipped

Details

Code Quality & Security Scan / Terraform Apply (push) Has been skipped

Details

Added working pipeline based on terraform-docker-eda module:
- Added pipeline.yaml with complete CI/CD workflow including Vault CLI setup
- Added setup-ssh.sh for Docker provider SSH key authentication
- Added .tflint.hcl for Terraform linting configuration
- Removed old sonarqube.yaml pipeline file

Pipeline now includes:
- Vault CLI installation and SSH key setup via script
- Proper backend configuration with -backend-config flags
- All security scans: TFLint, Tfsec, Checkov
- SonarQube integration
- Terraform plan/apply with MinIO artifact storage
- Terraform destroy workflow with manual approval

This pipeline configuration has been proven to work with Vault, MinIO,
and Docker providers using self-signed certificates.

2025-11-18 03:09:53 +01:00

Patrick de Ruiter

2a5fb1ebd0

fix: Add backend configuration to all pipeline terraform init steps

Code Quality & Security Scan / TFLint (push) Successful in 18s

Details

Code Quality & Security Scan / Terraform Destroy (push) Has been skipped

Details

Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s

Details

Code Quality & Security Scan / Checkov Security Scan (push) Successful in 39s

Details

Code Quality & Security Scan / Terraform Validate (push) Successful in 34s

Details

Code Quality & Security Scan / SonarQube Trigger (push) Successful in 37s

Details

Code Quality & Security Scan / Terraform Plan (push) Failing after 32s

Details

Code Quality & Security Scan / Terraform Apply (push) Has been skipped

Details

Updated all terraform init commands in the pipeline to include backend configuration:
- terraform-plan job: Added backend-config flags
- terraform-apply job: Added backend-config flags
- terraform-destroy job: Added backend-config flags

Backend Configuration:
- Uses secrets for all values (MINIO_ENDPOINT, MINIO_BUCKET)
- State file key: docker/renovate/terraform.tfstate
- Credentials from AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars
- Region: main
- S3-compatible settings for MinIO

Required Secrets (should already be available):
- MINIO_ACCESS_KEY, MINIO_SECRET_KEY
- MINIO_ENDPOINT, MINIO_BUCKET
- VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR
- RENOVATE_ENDPOINT, RENOVATE_TOKEN
- SONARQUBE_HOST, SONARQUBE_TOKEN

Fixes pipeline error: Missing Required Value for bucket, key, and region

2025-11-18 02:57:09 +01:00

Patrick de Ruiter

86d9e60dd6

feat: Add CI/CD pipeline and SonarQube configuration

Code Quality & Security Scan / TFLint (push) Failing after 18s

Details

Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped

Details

Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped

Details

Code Quality & Security Scan / Terraform Validate (push) Has been skipped

Details

Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped

Details

Code Quality & Security Scan / Terraform Plan (push) Has been skipped

Details

Code Quality & Security Scan / Terraform Apply (push) Has been skipped

Details

Code Quality & Security Scan / Terraform Destroy (push) Has been skipped

Details

Added comprehensive Gitea Actions pipeline with:
- TFLint for Terraform linting
- Tfsec for security scanning
- Checkov for policy validation
- Terraform validate for syntax checking
- SonarQube integration for code quality analysis
- Terraform plan/apply workflow with MinIO artifact storage
- Terraform destroy workflow with manual approval

Pipeline Features:
- Runs on push to main and pull requests
- Sequential job execution with proper dependencies
- Secure secrets management for Vault, MinIO, and Renovate
- Plan artifact storage in MinIO for apply jobs
- Production environment protection for apply
- Destroy approval environment for safety
- Support for destroy via PR label

SonarQube Configuration:
- Project metadata and version tracking
- Terraform-specific exclusions
- Proper source encoding
- Documentation links to Gitea repository

Required Secrets:
- VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR
- MINIO_ACCESS_KEY, MINIO_SECRET_KEY, MINIO_ENDPOINT, MINIO_BUCKET
- RENOVATE_ENDPOINT, RENOVATE_TOKEN
- SONARQUBE_HOST, SONARQUBE_TOKEN

2025-11-17 08:25:38 +01:00

3 Commits