Hello,
I have the below code in my Azure DevOps and now I am trying to migrate it to Gitlab CI. The code will look for the string “changes” in the terraform plan output file and if there are any changes found the pipeline will pop up for a manual approval stage. if not skip to the next step. Can somebody help me to migrate it to the Gitlab code?
- task: Bash@3
displayName: Plan changes
name: produceVar
inputs:
targetType: inline
script: >
echo "##vso[task.setvariable variable=TERRAFORM_PLAN_HAS_CHANGES;isOutput=true]$TERRAFORM_PLAN_HAS_CHANGES"
env:
TERRAFORM_PLAN_HAS_CHANGES: variables['TERRAFORM_PLAN_HAS_CHANGES']
- task: Bash@3
name: terraformShowPlan
displayName: Displaying terraform plan
inputs:
targetType: inline
workingDirectory: $(System.DefaultWorkingDirectory)/$(Build.Repository.Name)
failOnStderr: true
script: >
terraform show $(System.DefaultWorkingDirectory)/$(Build.Repository.Name)/tfplan
- task: Bash@3
name: setvar
displayName: Set Variables for next stage
inputs:
targetType: inline
workingDirectory: $(System.DefaultWorkingDirectory)/$(Build.Repository.Name)
failOnStderr: true
script: >
if terraform show $(System.DefaultWorkingDirectory)/$(Build.Repository.Name)/tfplan | grep -q "No changes"; then
echo "##vso[task.logissue type=warning]- No changes, terraform apply will not run
elif terraform show $(System.DefaultWorkingDirectory)/$(Build.Repository.Name)/tfplan | grep -q "0 to change, 0 to destroy"; then
echo "##vso[task.setvariable variable=HAS_CHANGES_ONLY;isOutput=true]true"
echo "##vso[task.logissue type=warning] - Changes with no destroys detected, it is safe for the pipeline to proceed automatically"
else
echo "##vso[task.setvariable variable=HAS_DESTROY_CHANGES;isOutput=true]true"
echo "##vso[task.logissue type=warning] - Changes or Destroy detected, pipeline will require a manual approval to proceed"
fi
- stage: manual_validation
displayName: Manual Validation Phase
condition: and(succeeded(), eq(dependencies.terraform_plan.outputs['terraform_plan_job.setvar.HAS_DESTROY_CHANGES'], 'true'), ne(variables['Build.Reason'], 'PullRequest'))
pool: server
jobs:
- job: manual_validation_test
displayName: Change detected! approve manually
timeoutInMinutes: ${{ parameters.ApprovalTimeoutMinutes }}
steps:
- task: ManualValidation@0
inputs:
notifyUsers: ${{ parameters.PlanApprovers }}
instructions: Look on the plan stage and approve the planned changes to the infrastructure
onTimeout: reject
- stage: terraform_apply
displayName: "Terraform Provisioning: Apply"
variables:
- "${{ if ne(parameters.VariableGroupLabel, '') }}":
- group: ${{ format('{0}_variable_group', parameters.VariableGroupLabel) }}
- "${{ if eq(parameters.VariableGroupLabel, '') }}":
- group: default_tenant_variable_group
condition: and(in(dependencies.manual_validation.result,'Succeeded','Skipped'), eq(dependencies.terraform_plan.outputs['terraform_plan_job.produceVar.TERRAFORM_PLAN_HAS_CHANGES'], 'true'))
pool:
vmImage: ubuntu-latest
jobs:
- job: terraform_apply_job