diff --git a/terraform/aws-infrastructure/Jenkinsfile b/terraform/aws-infrastructure/Jenkinsfile new file mode 100644 index 0000000..edb68d9 --- /dev/null +++ b/terraform/aws-infrastructure/Jenkinsfile @@ -0,0 +1,134 @@ +// Terraform CI/CD Pipeline + +pipeline { + agent any + + parameters { + choice(name: 'ENVIRONMENT', choices: ['dev', 'staging', 'production']) + choice(name: 'ACTION', choices: ['plan', 'apply', 'destroy']) + booleanParam(name: 'AUTO_APPROVE', defaultValue: false) + } + + environment { + AWS_DEFAULT_REGION = 'us-east-1' + TF_IN_AUTOMATION = 'true' + TF_VAR_FILE = "environments/${params.ENVIRONMENT}.tfvars" + } + + stages { + stage('Checkout') { + steps { + echo "🔄 Checking out code..." + checkout scm + } + } + + stage('Terraform Init') { + steps { + echo "🔧 Initializing Terraform..." + withCredentials([ + string(credentialsId: 'aws-access-key', variable: 'AWS_ACCESS_KEY_ID'), + string(credentialsId: 'aws-secret-key', variable: 'AWS_SECRET_ACCESS_KEY') + ]) { + sh 'terraform init -upgrade' + } + } + } + + stage('Terraform Validate') { + steps { + echo "✅ Validating configuration..." + sh ''' + terraform validate + terraform fmt -check -recursive + ''' + } + } + + stage('Terraform Plan') { + when { + expression { params.ACTION != 'destroy' } + } + steps { + echo "📋 Planning changes..." + withCredentials([ + string(credentialsId: 'aws-access-key', variable: 'AWS_ACCESS_KEY_ID'), + string(credentialsId: 'aws-secret-key', variable: 'AWS_SECRET_ACCESS_KEY') + ]) { + sh """ + terraform plan \ + -var-file=\"${TF_VAR_FILE}\" \ + -out=tfplan + """ + } + archiveArtifacts artifacts: 'tfplan', fingerprint: true + } + } + + stage('Security Scan') { + steps { + echo "🔒 Running security scan..." + sh ''' + docker run --rm -v $(pwd):/src aquasec/tfsec:latest /src \ + --format json --soft-fail > tfsec-report.json || true + ''' + archiveArtifacts artifacts: 'tfsec-report.json', allowEmptyArchive: true + } + } + + stage('Approval') { + when { + allOf { + expression { params.ACTION == 'apply' } + expression { params.AUTO_APPROVE == false } + expression { params.ENVIRONMENT == 'production' } + } + } + steps { + input message: "Apply changes to ${params.ENVIRONMENT}?", ok: 'Deploy' + } + } + + stage('Terraform Apply') { + when { + expression { params.ACTION == 'apply' } + } + steps { + echo "🚀 Applying changes..." + withCredentials([ + string(credentialsId: 'aws-access-key', variable: 'AWS_ACCESS_KEY_ID'), + string(credentialsId: 'aws-secret-key', variable: 'AWS_SECRET_ACCESS_KEY') + ]) { + sh 'terraform apply tfplan' + } + } + } + + stage('Terraform Output') { + when { + expression { params.ACTION == 'apply' } + } + steps { + echo "📊 Collecting outputs..." + sh ''' + terraform output -json > outputs.json + terraform output + ''' + archiveArtifacts artifacts: 'outputs.json' + } + } + } + + post { + success { + echo "✅ ${params.ACTION.toUpperCase()} SUCCESSFUL!" + } + failure { + echo "❌ ${params.ACTION.toUpperCase()} FAILED!" + } + always { + sh 'rm -f tfplan' + cleanWs() + } + } +}