.gitlab-ci.yml

image:
  name: hashicorp/terraform:1.3.4
  entrypoint:
    - '/usr/bin/env'
    - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

variables:
  TF_ROOT: ${CI_PROJECT_DIR}/application
  PLAN: ${CI_PROJECT_DIR}/application/plan.tfplan
  TF_OUTPUT: ${CI_PROJECT_DIR}/application/output.json
  TF_INIT: ${CI_PROJECT_DIR}/application/.terraform
  #DOCKER_HOST: tcp://docker:2375/


.base-terraform:
  image:
    name: hashicorp/terraform:1.3.4
    entrypoint:
      - '/usr/bin/env'
      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
      variables:                              # Override DEPLOY_VARIABLE defined
        DEPLOY_VARIABLE: "deploy-production"  # at the job level.
        ENV: master
#    - if: $CI_COMMIT_REF_NAME =~ /feature/
#      variables:
#        IS_A_FEATURE: "true"
  variables:
    TF_IN_AUTOMATION: "true"
    TF_INPUT: "false"
  #    TF_CLI_ARGS: "-input=false"
  before_script:
    - terraform --version
    - apk add --no-cache make
    #- echo terraform -chdir=${TF_ROOT} init -backend-config=conf/beta-init.tfvars --reconfigure

    #- terraform -chdir=${TF_ROOT} init -backend-config=conf/beta-init.tfvars --reconfigure

  cache:
    key: "${TF_ROOT}"
    paths:
      - ${TF_ROOT}/.terraform/plugins
      - ${TF_ROOT}/.terraform/providers


cache:
  key: "${TF_ROOT}"
  paths:
    - ${TF_ROOT}/.terraform/plugins
    - ${TF_ROOT}/.terraform/providers

stages:
  - validate
  - plan
  - apply
  - ecr

validate:
  stage: validate
  script:

    - terraform validate

plan:
  stage: plan
  extends: .base-terraform
  script:

    - make pipeline-generate-plan

  dependencies:
    - validate
  artifacts:
    name: plan
    paths:
      - $PLAN # bring the plan as an artifact
      - $TF_INIT # bring the .terraform folder as an artifact
      - ${CI_PROJECT_DIR}/application/.terraform.lock.hcl # the lock file where the init and plan comes must be present during the apply

apply:
  stage: apply
  extends: .base-terraform
  script:
    - make pipeline-apply-plan
#    - terraform -chdir=${TF_ROOT} apply $PLAN
#    - terraform -chdir=${TF_ROOT} output -json > $TF_OUTPUT
  dependencies:
    - plan
  artifacts:
    paths:
      - $TF_OUTPUT
    expire_in: 1 week
  #when: manual


# here you can use parameters or TF Outputs to get the value of the ecr uri
ecr:
  stage: ecr
  image: docker:19.03.12
  services:
    - docker:19.03.12-dind
  before_script:
    - apk add --no-cache curl jq wget unzip python3 py-pip
    - pip install awscli
    - aws --version
    - docker --version
    - cd application
  script:
    - echo getting REPOSITORY_URI from AWS SSM
    - export namespace=$(jq -r .namespace.value $TF_OUTPUT)
#    - REPOSITORY_URI=$(aws ssm get-parameter --name "/${DEV_NAMESPACE}/ecr/uri" --query Parameter.Value --output text)
    - export REPOSITORY_URI=$(jq -r .repo_uri.value $TF_OUTPUT)
    - echo REPOSITORY_URI $REPOSITORY_URI
    - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $REPOSITORY_URI
    - docker build -t $REPOSITORY_URI:2048 .
    - docker tag $REPOSITORY_URI:2048 $REPOSITORY_URI:$CI_COMMIT_SHORT_SHA
    - docker push $REPOSITORY_URI:2048
    - docker push $REPOSITORY_URI:$CI_COMMIT_SHORT_SHA
    - export CLUSTER=$(jq -r .cluster.value $TF_OUTPUT)
    - export SERVICE=$(jq -r .service.value $TF_OUTPUT)
    - echo SERVICE $SERVICE CLUSTER $CLUSTER
    - aws ecs update-service --cluster $CLUSTER --service $SERVICE
    - aws ecs wait services-stable --cluster $CLUSTER --service $SERVICE

    #- aws ecs update-service --cluster $(terraform output -json | jq -r .cluster.value) --service $(terraform output -json | jq -r .service.value)
  dependencies:
    - apply
  artifacts:
    name: TF_OUTPUT
    paths:
      - $TF_OUTPUT