将 .gitlab-ci.yml 从 Terraform 迁移到 OpenTofu

问题描述 投票:0回答:1

我正在使用 GitLab CI 来运行 Terraform 管道。但是,由于 Terraform CI/CD 模板自本月(2024 年 2 月)起已弃用,并将被删除。我想换成OpenTofu:

问题:我按照文档进行转换,但最终出现错误。

在最基本的转换尝试中(参见B]),我最终遇到了这个错误:

计划作业:选择的阶段不存在;可用阶段有 .pre、fmt、 验证、计划、应用、.post

当我按照

here
定义fmt阶段时(参见C]),我得到:

fmt:

extends
(.opentofu:fmt)中的未知键

有人知道该怎么做吗?

A]原版

.gitlab-ci.yml

include:
  - template: Terraform/Base.latest.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
  - template: Jobs/SAST-IaC.latest.gitlab-ci.yml   # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml

variables:
  # If not using GitLab's HTTP backend, remove this line and specify TF_HTTP_* variables
  TF_STATE_NAME: iam
  TF_CACHE_KEY: iam
  TF_ROOT: provisioning

stages:
  - validate
  - test
  - build
  - deploy
  - cleanup

fmt:
  extends: .terraform:fmt
  needs: []

validate:
  extends: .terraform:validate
  needs: []

build:
  extends: .terraform:build
  environment:
    name: $TF_STATE_NAME
    action: prepare

deploy:
  extends: .terraform:deploy
  dependencies:
    - build
  environment:
    name: $TF_STATE_NAME
    action: start

B] 

.gitlab-ci.yml
转换尝试 1:

include:
  - component: gitlab.com/components/opentofu/[email protected]
    inputs:
      version: 0.17.0
      opentofu_version: 1.6.1
      root_dir: provisioning
      state_name: iam

stages: [fmt, validate, plan, apply]

C] 

.gitlab-ci.yml
转换尝试2:

include:
  - component: gitlab.com/components/opentofu/[email protected]
    inputs:
      version: 0.17.0
      opentofu_version: 1.6.1
      root_dir: provisioning/
      state_name: iam
  - template: Jobs/SAST-IaC.latest.gitlab-ci.yml   # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml

stages: [fmt, validate, plan, apply]

fmt:
  extends: [.opentofu:fmt]

...:
  extends: ...

注意: 锁定文件已正确转换并且 

tofu plan
工作完美。

terraform gitlab-ci opentofu
1个回答
0
投票

其实,尝试了几次之后,我发现舞台并不好。它适用于:

include:
  - component: gitlab.com/components/opentofu/[email protected]
    inputs:
      version: 0.17.0
      opentofu_version: 1.6.1
      root_dir: provisioning/
      state_name: iam

stages: [validate, build, deploy]

但是我仍然没有找到SAST的解决方案。 

- template: Jobs/SAST-IaC.latest.gitlab-ci.yml
不起作用。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.