Source
id: git-terraform
namespace: company.team
tasks:
- id: git
type: io.kestra.plugin.core.flow.WorkingDirectory
tasks:
- id: clone_repository
type: io.kestra.plugin.git.Clone
url: https://github.com/anna-geller/kestra-ci-cd
branch: main
- id: terraform
type: io.kestra.plugin.scripts.shell.Commands
containerImage: hashicorp/terraform
taskRunner:
type: io.kestra.plugin.scripts.runner.docker.Docker
entryPoint:
- ""
inputFiles:
terraform.tfvars: |
username = "cicd"
password = "{{ secret('CI_CD_PASSWORD') }}"
hostname = "https://demo.kestra.io"
beforeCommands:
- terraform init
commands:
- terraform apply -auto-approve
env:
AWS_ACCESS_KEY_ID: "{{ secret('AWS_ACCESS_KEY_ID') }}"
AWS_SECRET_ACCESS_KEY: "{{ secret('AWS_SECRET_ACCESS_KEY') }}"
AWS_DEFAULT_REGION: "{{ secret('AWS_DEFAULT_REGION') }}"
About this blueprint
Trigger Docker DevOps Git
This flow will clone a Git repository and run Terraform commands to deploy the infrastructure resources defined in code. The repository already specifies a remote S3 backend, so the state will be stored in S3. Check the main.tf file for more details. You can run that flow on schedule to follow GitOps principles:
- id: schedule
type: io.kestra.plugin.core.trigger.Schedule
cron: "*/15 * * * *"
Or you can add a GitHub webhook trigger to run this flow anytime a Pull Request is merged to your repository, effectively implementing CI/CD in Kestra:
- id: github
type: io.kestra.plugin.core.trigger.Webhook
key: "{{ secret('WEBHOOK_KEY') }}"
Note that for a private GitHub repository, you should add a username and password. Also, if your terraform configuration is stored in a different directory within the Git repository, you can add the global -chdir flag to all terraform commands e.g.:
terraform init -chdir=environment/production terraform apply -auto-approve -chdir=environment/production