ewc-tf-module-openstack-security-group/.gitlab-ci.yml at main · ewcloud/ewc-tf-module-openstack-security-group · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
include:
  - project: '$MIRROR_PATH/to-be-continuous/semantic-release'
    ref: '3.14.3'
    file: '/templates/gitlab-ci-semrel.yml'

stages:
  - validate
  - test
  - security
  - release

variables:
  SEMREL_VERSION: 24.2.5
  SEMREL_CHANGELOG_ENABLED: "true"

# Basic validation job using Terraform's built-in fmt and validate commands
terraform:validate:
  stage: validate
  image: "hashicorp/terraform:1.5.7"
  script:
    - echo "Checking Terraform formatting..."
    - terraform fmt -diff -check -recursive
    - echo "Initializing Terraform..."
    # Use -backend=false because this is a module, not a complete configuration
    - terraform init -backend=false
    - echo "Validating Terraform code..."
    - terraform validate
  tags:
    - ewc

# Linting with TFLint
terraform:lint:
  stage: validate
  image: ghcr.io/terraform-linters/tflint:v0.47.0
  script:
    - echo "Running TFLint..."
    - tflint --init
    - tflint --format=compact
  tags:
    - ewc

# Security scanning with tfsec
terraform:security:
  stage: security
  image: aquasec/tfsec:v1.28.1
  script:
    - echo "Running tfsec security scanner..."
    - tfsec . --format=json | tee tfsec_report.xml
  artifacts:
    reports:
      junit: tfsec_report.xml
    paths:
      - tfsec_report.xml
    expire_in: 1 week
  tags:
    - ewc

# Documentation validation
terraform:docs:
  stage: validate
  image: node:18-alpine  # Updated from 16-alpine to 18-alpine
  before_script:
    - apk add --no-cache git
    - npm install -g markdown-link-check
  script:
    - echo "Checking for broken links in documentation..."
    - find . -name "*.md" -exec markdown-link-check {} \;
    - echo "Checking for required documentation files..."
    - test -f README.md || (echo "README.md file missing" && exit 1)
  tags:
    - ewc

# Test with example code (optional; requires setting up mock provider)
terraform:example-test:
  stage: test
  script:
    - echo "Testing with example configuration..."
    - cd examples/basic # Adjust this path if your examples are organized differently
    - terraform init -backend=false
    - terraform validate
  tags:
    - ewc
  allow_failure: true  # Make this optional in case examples directory doesn't exist yet
  when: manual       # Run only when manually triggered

# Automated CHANGELOG.md generation from Conventional Commits history and git tag for release
semantic-release:
  stage: release
  rules:
    - if: $CI_COMMIT_TAG || $CI_COMMIT_TITLE =~ /^chore.*/
      when: never
    - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "merge_request_event"'
      changes:
        - "**/*.yml"
  tags:
    - ewc