diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..9bcd0e8 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,64 @@ +stages: + - check + - configure + - destroy + +variables: + CONTAINER_URL: "stackspot/runtime-job-destroy:latest" + LOCALEXEC_ENABLED: "false" + +check_runner: + stage: check + script: + - echo "🤖 OS runner is $(uname)" + +configure_aws_credentials: + stage: configure + script: + - if [ -n "$AWS_ROLE_ARN" ]; then + aws sts assume-role --role-arn $AWS_ROLE_ARN --role-session-name gitlab-ci-session > /tmp/creds.json; + export AWS_ACCESS_KEY_ID=$(cat /tmp/creds.json | jq -r '.Credentials.AccessKeyId'); + export AWS_SECRET_ACCESS_KEY=$(cat /tmp/creds.json | jq -r '.Credentials.SecretAccessKey'); + export AWS_SESSION_TOKEN=$(cat /tmp/creds.json | jq -r '.Credentials.SessionToken'); + fi + +run_runtime_action_destroy: + stage: destroy + script: + - | + FLAGS=$(echo "-v $CI_PROJECT_DIR:/app-volume \ + -e FEATURES_LEVEL_LOG=$FEATURES_LEVEL_LOG \ + -e AUTHENTICATE_CLIENT_ID=$CLIENT_ID \ + -e AUTHENTICATE_CLIENT_SECRET=$CLIENT_KEY \ + -e AUTHENTICATE_CLIENT_REALMS=$CLIENT_REALM \ + -e AUTHENTICATE_URL=https://idm.stackspot.com \ + -e REPOSITORY_NAME=$REPOSITORY_NAME \ + -e FEATURES_API_MANAGER=https://runtime-manager.v1.stackspot.com \ + -e FEATURES_BASEPATH_TMP=/tmp/runtime/deploys \ + -e FEATURES_BASEPATH_EBS=/opt/runtime \ + -e FEATURES_TEMPLATES_FILEPATH=/app/ \ + -e FEATURES_BASEPATH_TERRAFORM=/root/.asdf/shims/terraform \ + -e AWS_REGION=$AWS_REGION \ + -e FEATURES_RELEASE_LOCALEXEC=$LOCALEXEC_ENABLED") + + if [ -z "$AWS_ROLE_ARN" ]; then + FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID") + FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY") + FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN") + fi + + if [ -n "$AWS_ROLE_ARN" ]; then + FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID") + FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY") + FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN") + fi + + if [ -n "$TF_LOG_PROVIDER" ]; then + FLAGS=$(echo "$FLAGS -e FEATURES_TERRAFORM_LOGPROVIDER=$TF_LOG_PROVIDER") + fi + + docker run --rm \ + $FLAGS \ + -e FEATURES_TERRAFORM_MODULES='$FEATURES_TERRAFORM_MODULES' \ + --entrypoint=/app/stackspot-runtime-job-destroy \ + $CONTAINER_URL start --run-task-id="$RUN_TASK_ID" \ No newline at end of file diff --git a/README-gitlab.md b/README-gitlab.md new file mode 100644 index 0000000..3919c55 --- /dev/null +++ b/README-gitlab.md @@ -0,0 +1,32 @@ +# GitLab CI/CD Workflow for Runtime Action Destroy + +This GitLab CI/CD workflow runs the Runtime Action Destroy with the specified parameters. + +## Inputs + +The following environment variables must be configured in your GitLab CI/CD settings: + +- `FEATURES_LEVEL_LOG`: Log Level (required) +- `CLIENT_ID`: CLIENT ID (required) +- `CLIENT_KEY`: CLIENT KEY (required) +- `CLIENT_REALM`: CLIENT REALM (required) +- `REPOSITORY_NAME`: Git Repository Name (required) +- `AWS_ACCESS_KEY_ID`: AWS ACCESS KEY ID from console (optional) +- `AWS_SECRET_ACCESS_KEY`: AWS SECRET ACCESS KEY from console (optional) +- `AWS_SESSION_TOKEN`: AWS SESSION TOKEN from console (optional) +- `AWS_REGION`: AWS REGION (required) +- `AWS_ROLE_ARN`: AWS ROLE ARN (optional) +- `RUN_TASK_ID`: Runtime Run Task Id (required) +- `CONTAINER_URL`: Destroy Container URL (optional, default: `stackspot/runtime-job-destroy:latest`) +- `FEATURES_TERRAFORM_MODULES`: Terraform Modules (optional) +- `PATH_TO_MOUNT`: Path to mount inside the docker (optional, default: `$CI_PROJECT_DIR`) +- `LOCALEXEC_ENABLED`: If Runtimes will allow execution of the local-exec command within terraform (optional, default: `false`) +- `TF_LOG_PROVIDER`: Level tf log provider - info, debug, warn or trace (optional) + +## Usage + +To use this workflow, add the above environment variables to your GitLab CI/CD settings and include the `.gitlab-ci.yml` file in your repository. + +```yaml +include: + - local: '.gitlab-ci.yml' \ No newline at end of file