Patrick de Ruiter
899fac55bb
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 30s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Code Quality & Security Scan / Terraform Validate (push) Failing after 31s
Code Quality & Security Scan / SonarQube Scan (push) Has been skipped
Code Quality & Security Scan / Terraform Plan (push) Has been skipped
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Added working pipeline based on terraform-docker-eda module: - Added pipeline.yaml with complete CI/CD workflow including Vault CLI setup - Added setup-ssh.sh for Docker provider SSH key authentication - Added .tflint.hcl for Terraform linting configuration - Removed old sonarqube.yaml pipeline file Pipeline now includes: - Vault CLI installation and SSH key setup via script - Proper backend configuration with -backend-config flags - All security scans: TFLint, Tfsec, Checkov - SonarQube integration - Terraform plan/apply with MinIO artifact storage - Terraform destroy workflow with manual approval This pipeline configuration has been proven to work with Vault, MinIO, and Docker providers using self-signed certificates.
35 lines
1004 B
Bash
Executable File
35 lines
1004 B
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# This script sets up the SSH key for Docker provider authentication
|
|
# It should be run before terraform init/plan/apply
|
|
|
|
echo "Setting up SSH key for Docker provider..."
|
|
|
|
# Skip TLS verification for self-signed certificates
|
|
export VAULT_SKIP_VERIFY=1
|
|
|
|
# Login to Vault using AppRole
|
|
echo "Authenticating to Vault with AppRole..."
|
|
VAULT_TOKEN=$(vault write -field=token auth/approle/login \
|
|
role_id="${VAULT_ROLE_ID}" \
|
|
secret_id="${VAULT_SECRET_ID}")
|
|
export VAULT_TOKEN
|
|
|
|
# Create .ssh directory if it doesn't exist
|
|
mkdir -p .ssh
|
|
|
|
# Fetch SSH private key from Vault and write to file
|
|
# Use -format=json to get raw value and preserve newlines
|
|
vault kv get -format=json secret/docker-ssh | jq -r '.data.data["private-key"]' > .ssh/id_rsa
|
|
|
|
# Ensure the key ends with a newline
|
|
echo "" >> .ssh/id_rsa
|
|
|
|
# Set correct permissions
|
|
chmod 600 .ssh/id_rsa
|
|
|
|
echo "SSH key setup complete"
|
|
echo "Key file size: $(wc -c < .ssh/id_rsa) bytes"
|
|
echo "Key file lines: $(wc -l < .ssh/id_rsa) lines"
|