Create a common-ci-task for consistently publishing GitLab Infrastructure Terraform Modules
We're publishing more and more Terraform modules, but don't have a consistent template for doing this. We should introduce a template for doing this consistently.
Over time we can add value adds to this module, such as signing, etc. Starting with a publish to the GitLab Terraform module registry is a good initial step.
Implementation
CI Component
Create a terraform-publish CI component that publishes Terraform modules to the GitLab Terraform Module Registry. The job will run on tag pipelines by default.
The following inputs should be configurable with the provided defaults:
| Input | Default |
|---|---|
TERRAFORM_MODULE_DIR |
${CI_PROJECT_DIR} |
TERRAFORM_MODULE_NAME |
${CI_PROJECT_NAME} |
TERRAFORM_MODULE_SYSTEM |
local |
TERRAFORM_MODULE_VERSION |
${CI_COMMIT_TAG} |
Template Copier Integration
A new template should be added to common-template-copier that, upon initialization, asks whether the project is a Terraform module. If so, it includes the publishing template created above.
This allows teams to easily start creating Terraform modules and hook them up in our config-mgmt monorepo on ops.gitlab.net, avoiding the need to copy-paste resources across environments and introducing drift.
Updating of Terraform module versions in config-mgmt will be automated using Renovate.
Out of Scope (Future Work)
- Facilitating dev/test environments for Terraform modules that allow developers to run the module with provided variables (or defaults).
cc some Terraform module stakeholders: @abrandl @pguinoiseau @rocketgirl @cmiskell @stejacks-gitlab