|
|
@ -54,19 +54,27 @@ pipeline: |
|
|
+ sensitive: true |
|
|
+ sensitive: true |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
Example configuration with state tracked via remote: |
|
|
Example configuration with state tracked via remote. You will need a file |
|
|
|
|
|
that specifies the backend type along with ability to pass options via the `.drone.yml`. |
|
|
|
|
|
|
|
|
|
|
|
`backend.tf` |
|
|
|
|
|
``` |
|
|
|
|
|
terraform { |
|
|
|
|
|
backend "s3" {} |
|
|
|
|
|
} |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
`.drone.yml` |
|
|
```diff |
|
|
```diff |
|
|
pipeline: |
|
|
pipeline: |
|
|
terraform: |
|
|
terraform: |
|
|
image: jmccann/drone-terraform:1 |
|
|
image: jmccann/drone-terraform:1 |
|
|
plan: false |
|
|
plan: false |
|
|
+ remote: |
|
|
+ init_options: |
|
|
+ backend: S3 |
|
|
+ backend-config: |
|
|
+ config: |
|
|
+ - "bucket=my-terraform-config-bucket" |
|
|
+ bucket: my-terraform-config-bucket |
|
|
+ - "key=tf-states/my-project" |
|
|
+ key: tf-states/my-project |
|
|
+ - "region=us-east-1" |
|
|
+ region: us-east-1 |
|
|
|
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
You may want to run terraform against internal resources, like an internal |
|
|
You may want to run terraform against internal resources, like an internal |
|
|
@ -145,12 +153,11 @@ pipeline: |
|
|
dev_terraform: |
|
|
dev_terraform: |
|
|
image: jmccann/drone-terraform:1 |
|
|
image: jmccann/drone-terraform:1 |
|
|
plan: false |
|
|
plan: false |
|
|
remote: |
|
|
init_options: |
|
|
backend: S3 |
|
|
backend_config: |
|
|
config: |
|
|
- "bucket=my-terraform-config-bucket" |
|
|
bucket: my-terraform-config-bucket |
|
|
- "key=tf-states/my-project" |
|
|
key: tf-states/my-project |
|
|
- "region=us-east-1" |
|
|
region: us-east-1 |
|
|
|
|
|
+ secrets: |
|
|
+ secrets: |
|
|
+ AWS_ACCESS_KEY_ID: DEV_AWS_ACCESS_KEY_ID |
|
|
+ AWS_ACCESS_KEY_ID: DEV_AWS_ACCESS_KEY_ID |
|
|
+ AWS_SECRET_ACCESS_KEY: DEV_AWS_SECRET_ACCESS_KEY |
|
|
+ AWS_SECRET_ACCESS_KEY: DEV_AWS_SECRET_ACCESS_KEY |
|
|
@ -158,12 +165,11 @@ pipeline: |
|
|
prod_terraform: |
|
|
prod_terraform: |
|
|
image: jmccann/drone-terraform:1 |
|
|
image: jmccann/drone-terraform:1 |
|
|
plan: false |
|
|
plan: false |
|
|
remote: |
|
|
init_options: |
|
|
backend: S3 |
|
|
backend_config: |
|
|
config: |
|
|
- "bucket=my-terraform-config-bucket" |
|
|
bucket: my-terraform-config-bucket |
|
|
- "key=tf-states/my-project" |
|
|
key: tf-states/my-project |
|
|
- "region=us-east-1" |
|
|
region: us-east-1 |
|
|
|
|
|
+ secrets: |
|
|
+ secrets: |
|
|
+ AWS_ACCESS_KEY_ID: PROD_AWS_ACCESS_KEY_ID |
|
|
+ AWS_ACCESS_KEY_ID: PROD_AWS_ACCESS_KEY_ID |
|
|
+ AWS_SECRET_ACCESS_KEY: PROD_AWS_SECRET_ACCESS_KEY |
|
|
+ AWS_SECRET_ACCESS_KEY: PROD_AWS_SECRET_ACCESS_KEY |
|
|
@ -174,15 +180,19 @@ pipeline: |
|
|
plan |
|
|
plan |
|
|
: if true, calculates a plan but does __NOT__ apply it. |
|
|
: if true, calculates a plan but does __NOT__ apply it. |
|
|
|
|
|
|
|
|
remote |
|
|
init_options |
|
|
: contains the configuration for the Terraform remote state tracking. |
|
|
: contains the configuration for the Terraform backend. |
|
|
|
|
|
|
|
|
|
|
|
init_options.backend-config |
|
|
|
|
|
: This specifies additional configuration to merge for the backend. This can be |
|
|
|
|
|
specified multiple times. Flags specified later in the line override those |
|
|
|
|
|
specified earlier if they conflict. |
|
|
|
|
|
|
|
|
remote.backend |
|
|
init_options.lock |
|
|
: the Terraform remote state backend to use. |
|
|
: Lock the state file when locking is supported. |
|
|
|
|
|
|
|
|
remote.config |
|
|
init_options.lock-timeout |
|
|
: a map of configuration parameters for the remote state backend. |
|
|
: Duration to retry a state lock. |
|
|
Each value is passed as a `-backend-config=<key>=<value>` option. |
|
|
|
|
|
|
|
|
|
|
|
vars |
|
|
vars |
|
|
: a map of variables to pass to the Terraform `plan` and `apply` commands. |
|
|
: a map of variables to pass to the Terraform `plan` and `apply` commands. |
|
|
|
Jacob McCann
8 years ago