Reputation: 668
Migrate .gitlab-ci.yml from Terraform to OpenTofu
I'am using GitLab CI to run a Terraform pipeline. But, as The Terraform CI/CD templates are deprecated since this month (Feb 2024) and will be removed. I want to switch to OpenTofu:
Problem: I followed the documentation to make the conversion but end-up with errors.
In the most basic conversion try (see B]), I end up with this error:
plan job: chosen stage does not exist; available stages are .pre, fmt, validate, plan, apply, .post
When I define the fmt stage as defined here (see C]) , I get:
fmt: unknown keys in
extends(.opentofu:fmt)
Does anyone have an idea on what to do ?
A] original .gitlab-ci.yml:
include:
- template: Terraform/Base.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
- template: Jobs/SAST-IaC.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
variables:
# If not using GitLab's HTTP backend, remove this line and specify TF_HTTP_* variables
TF_STATE_NAME: iam
TF_CACHE_KEY: iam
TF_ROOT: provisioning
stages:
- validate
- test
- build
- deploy
- cleanup
fmt:
extends: .terraform:fmt
needs: []
validate:
extends: .terraform:validate
needs: []
build:
extends: .terraform:build
environment:
name: $TF_STATE_NAME
action: prepare
deploy:
extends: .terraform:deploy
dependencies:
- build
environment:
name: $TF_STATE_NAME
action: start
B] .gitlab-ci.yml conversion try 1:
include:
- component: gitlab.com/components/opentofu/[email protected]
inputs:
version: 0.17.0
opentofu_version: 1.6.1
root_dir: provisioning
state_name: iam
stages: [fmt, validate, plan, apply]
C] .gitlab-ci.yml conversion try 2:
include:
- component: gitlab.com/components/opentofu/[email protected]
inputs:
version: 0.17.0
opentofu_version: 1.6.1
root_dir: provisioning/
state_name: iam
- template: Jobs/SAST-IaC.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
stages: [fmt, validate, plan, apply]
fmt:
extends: [.opentofu:fmt]
...:
extends: ...
NB: The lock file is correctly converted and tofu plan works perfectly.
Upvotes: 5
Views: 2955
Answers (1)
Reputation: 668
Actually, after a few more tries, I realized the stages were not good. It works with:
include:
- component: gitlab.com/components/opentofu/[email protected]
inputs:
version: 0.17.0
opentofu_version: 1.6.1
root_dir: provisioning/
state_name: iam
variables:
TF_STATE_NAME: iam
stages: [validate, build, deploy]
But I still don't find a solution for SAST.
=> - template: Jobs/SAST-IaC.latest.gitlab-ci.yml does not works.
Upvotes: 4
Related Questions
- Use private go module with gitlab ci Auto-DevOps for auto test
- This GitLab CI configuration is invalid:mapping values are not allowed in this context
- Gitlab CI SAST access to gl-sast-report.json artifact in subsequent stage
- Gitlab CI On Prem, Docker Image and ASP.NET Core 7
- gitlab + GKE + AutoDevops auto-deploy deploy fail. error: arguments in resource/name form must have a single resource and name. How to find a mistake?
- Gitlab-CI failure Error: error initializing: Looks like link is not a valid chart repository or cannot be reached:
- How to install and build fomantic-ui in GitLab CI?
- Gitlab CI include is not triggering