50 lines
1.5 KiB
Markdown
50 lines
1.5 KiB
Markdown
# Terraform Template Repository
|
|
|
|
Template repository for Terraform projects with CI/CD pipeline.
|
|
|
|
## Pipeline Stages
|
|
|
|
1. **Lint & Validate** - Format check and syntax validation
|
|
2. **Security Scan** - Checkov and tfsec security scanning
|
|
3. **Plan** - Terraform init and plan with artifact upload
|
|
4. **Apply** - Apply with manual approval (production environment)
|
|
5. **Destroy** - Manual destroy with special approval (production-destroy environment)
|
|
|
|
## Setup
|
|
|
|
1. **Update workflow variables** (`.gitea/workflows/terraform.yml`):
|
|
- Line 23: `TF_VERSION` - Your Terraform version
|
|
- Line 24: `WORKING_DIR` - Path to your Terraform code
|
|
|
|
2. **Configure provider credentials** (lines 103-113):
|
|
- Uncomment your cloud provider (AWS/Azure/GCP)
|
|
- Add secrets to repository: Settings → Secrets → Actions
|
|
|
|
3. **Create environments** (Settings → Environments):
|
|
- `production` - For apply operations (add reviewers)
|
|
- `production-destroy` - For destroy operations (add senior reviewers)
|
|
|
|
4. **Add your Terraform code** to `./terraform/` directory
|
|
|
|
## Required Secrets
|
|
|
|
**AWS:**
|
|
- `AWS_ACCESS_KEY_ID`
|
|
- `AWS_SECRET_ACCESS_KEY`
|
|
|
|
**Azure:**
|
|
- `ARM_CLIENT_ID`
|
|
- `ARM_CLIENT_SECRET`
|
|
- `ARM_SUBSCRIPTION_ID`
|
|
- `ARM_TENANT_ID`
|
|
|
|
**Backend (optional):**
|
|
- `BACKEND_ACCESS_KEY`
|
|
- `BACKEND_SECRET_KEY`
|
|
|
|
## Usage
|
|
|
|
- **Push to main/develop** → Runs lint, security, plan
|
|
- **Create PR to main** → Runs full pipeline, posts plan as comment
|
|
- **Manual trigger** → Actions tab → Run workflow → Select action (plan/apply/destroy)
|