135 lines
4.1 KiB
Groovy
135 lines
4.1 KiB
Groovy
// Terraform CI/CD Pipeline
|
|
|
|
pipeline {
|
|
agent any
|
|
|
|
parameters {
|
|
choice(name: 'ENVIRONMENT', choices: ['dev', 'staging', 'production'])
|
|
choice(name: 'ACTION', choices: ['plan', 'apply', 'destroy'])
|
|
booleanParam(name: 'AUTO_APPROVE', defaultValue: false)
|
|
}
|
|
|
|
environment {
|
|
AWS_DEFAULT_REGION = 'us-east-1'
|
|
TF_IN_AUTOMATION = 'true'
|
|
TF_VAR_FILE = "environments/${params.ENVIRONMENT}.tfvars"
|
|
}
|
|
|
|
stages {
|
|
stage('Checkout') {
|
|
steps {
|
|
echo "🔄 Checking out code..."
|
|
checkout scm
|
|
}
|
|
}
|
|
|
|
stage('Terraform Init') {
|
|
steps {
|
|
echo "🔧 Initializing Terraform..."
|
|
withCredentials([
|
|
string(credentialsId: 'aws-access-key', variable: 'AWS_ACCESS_KEY_ID'),
|
|
string(credentialsId: 'aws-secret-key', variable: 'AWS_SECRET_ACCESS_KEY')
|
|
]) {
|
|
sh 'terraform init -upgrade'
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Terraform Validate') {
|
|
steps {
|
|
echo "✅ Validating configuration..."
|
|
sh '''
|
|
terraform validate
|
|
terraform fmt -check -recursive
|
|
'''
|
|
}
|
|
}
|
|
|
|
stage('Terraform Plan') {
|
|
when {
|
|
expression { params.ACTION != 'destroy' }
|
|
}
|
|
steps {
|
|
echo "📋 Planning changes..."
|
|
withCredentials([
|
|
string(credentialsId: 'aws-access-key', variable: 'AWS_ACCESS_KEY_ID'),
|
|
string(credentialsId: 'aws-secret-key', variable: 'AWS_SECRET_ACCESS_KEY')
|
|
]) {
|
|
sh """
|
|
terraform plan \
|
|
-var-file=\"${TF_VAR_FILE}\" \
|
|
-out=tfplan
|
|
"""
|
|
}
|
|
archiveArtifacts artifacts: 'tfplan', fingerprint: true
|
|
}
|
|
}
|
|
|
|
stage('Security Scan') {
|
|
steps {
|
|
echo "🔒 Running security scan..."
|
|
sh '''
|
|
docker run --rm -v $(pwd):/src aquasec/tfsec:latest /src \
|
|
--format json --soft-fail > tfsec-report.json || true
|
|
'''
|
|
archiveArtifacts artifacts: 'tfsec-report.json', allowEmptyArchive: true
|
|
}
|
|
}
|
|
|
|
stage('Approval') {
|
|
when {
|
|
allOf {
|
|
expression { params.ACTION == 'apply' }
|
|
expression { params.AUTO_APPROVE == false }
|
|
expression { params.ENVIRONMENT == 'production' }
|
|
}
|
|
}
|
|
steps {
|
|
input message: "Apply changes to ${params.ENVIRONMENT}?", ok: 'Deploy'
|
|
}
|
|
}
|
|
|
|
stage('Terraform Apply') {
|
|
when {
|
|
expression { params.ACTION == 'apply' }
|
|
}
|
|
steps {
|
|
echo "🚀 Applying changes..."
|
|
withCredentials([
|
|
string(credentialsId: 'aws-access-key', variable: 'AWS_ACCESS_KEY_ID'),
|
|
string(credentialsId: 'aws-secret-key', variable: 'AWS_SECRET_ACCESS_KEY')
|
|
]) {
|
|
sh 'terraform apply tfplan'
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Terraform Output') {
|
|
when {
|
|
expression { params.ACTION == 'apply' }
|
|
}
|
|
steps {
|
|
echo "📊 Collecting outputs..."
|
|
sh '''
|
|
terraform output -json > outputs.json
|
|
terraform output
|
|
'''
|
|
archiveArtifacts artifacts: 'outputs.json'
|
|
}
|
|
}
|
|
}
|
|
|
|
post {
|
|
success {
|
|
echo "✅ ${params.ACTION.toUpperCase()} SUCCESSFUL!"
|
|
}
|
|
failure {
|
|
echo "❌ ${params.ACTION.toUpperCase()} FAILED!"
|
|
}
|
|
always {
|
|
sh 'rm -f tfplan'
|
|
cleanWs()
|
|
}
|
|
}
|
|
}
|