forked from dareyio/terraform-aws-pipeline
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathJenkinsfile
More file actions
173 lines (154 loc) · 6.34 KB
/
Jenkinsfile
File metadata and controls
173 lines (154 loc) · 6.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
pipeline {
agent any
environment {
TF_CLI_ARGS = '-no-color'
}
stages {
stage('Checkout') {
steps {
script {
checkout scm
}
}
}
stage('Terraform Plan') {
steps {
script {
withCredentials([aws(credentialsId: 'AWS_CRED', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY')]) {
sh 'terraform init'
sh 'terraform plan -out=tfplan'
}
}
}
}
stage('Terraform Apply') {
when {
expression { env.BRANCH_NAME == 'main' }
expression { currentBuild.rawBuild.getCause(hudson.model.Cause$UserIdCause) != null }
}
steps {
script {
// // Ask for manual confirmation before applying changes
input message: 'Do you want to apply changes?', ok: 'Yes'
withCredentials([aws(credentialsId: 'AWS_CRED', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY')]) {
sh 'terraform init'
sh 'terraform aply -out=tfplan'
}
}
}
}
}
}
########################################
The section below was added by me
########################################
pipeline {
agent any
environment {
TF_CLI_ARGS = '-no-color'
}
stages {
// /* Create a new branch and scan for changes */
// stage('Create Branch and Scan') {
// steps {
// script {
// // Create a new branch named "test_branch" from main
// sh 'git checkout main'
// sh 'git checkout -b test_branch'
// sh 'git push origin test_branch'
// // Scan the Jenkins pipeline for new branches
// build job: 'Jenkins-Pipeline-Scanner', parameters: [string(name: 'BRANCH_NAME', value: 'test_branch')]
// }
// }
// }
/* Checkout the code from the triggered branch */
stage('Checkout') {
steps {
script {
checkout scm
echo 'Checkout stage completed sucessfully'
}
}
}
/* Validate and lint Terraform configuration */
stage('Terraform Validate and Lint') {
steps {
script {
withCredentials([aws(credentialsId: 'AWS-Authentication', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY')]) {
sh 'terraform init'
echo 'Validating Terraform configuration'
sh 'terraform validate'
echo 'Validation completed sucessfully'
echo 'Linting Terraform files'
try {
def fmtOutput = sh(script: 'terraform fmt -check', returnStdout: true).trim()
if(fmtOutput.isEmpty()){
echo 'Lint check completed sucessfully'
}else{
echo "Terraform formatting issues found:\n${fmtOutput}"
currentBuild.result = 'FAILURE'
}
} catch (err) {
currentBuild.result = 'FAILURE'
error("Terraform linting failed: ${err}")
}
}
}
}
}
/* Generate Terraform plan */
stage('Terraform Plan') {
steps {
script {
withCredentials([aws(credentialsId: 'AWS-Authentication', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY')]) {
sh 'terraform init'
sh 'terraform plan -out=tfplan'
echo 'Terraform Plan stage completed sucessfully'
}
}
}
}
/* Apply Terraform plan (only for main branch and manual triggers) */
stage('Terraform Apply') {
when {
expression { env.BRANCH_NAME == 'main' }
expression { currentBuild.rawBuild.getCause(hudson.model.Cause$UserIdCause) != null }
}
steps {
script {
// Define the input step with a default value of 'No'
def userInput = input(
id: 'userInput',
message: 'Do you want to apply changes?',
parameters: [string(defaultValue: 'No', description: 'Enter "Yes" to apply changes', name: 'confirmation')],
submitter: 'auto'
)
// Check if the user input is 'Yes'
if (userInput == 'Yes') {
withCredentials([aws(credentialsId: 'AWS-Authentication', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY')]) {
sh 'terraform init'
sh 'terraform apply -input=false -auto-approve tfplan'
echo 'Terraform apply stage completed successfully. Resources built'
}
} else {
echo 'Skipping Terraform apply stage as user chose not to apply changes.'
}
}
}
}
}
/* Cleanup stage */
post {
always {
script {
withCredentials([aws(credentialsId: 'AWS-Authentication', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY')]) {
echo 'Waiting for 3 minutes before cleanup...'
sleep(time: 3, unit: 'MINUTES') // Delay for 3 minutes
echo 'Cleaning up workspace'
sh 'terraform destroy -auto-approve' // Always destroy applied resources
deleteDir()
}
}
}
}
}