Experiment with using the GitLab terraform registry
Description
The GitLab terraform registry allows us to publish modules in a way which allows terraform to understand the module's versions. Currently we just use git tags which means we won't get compatible bug fixes in deployments which use the module.
Experiment with a CI job which packages the module and publishes it to the terraform registry.
Further details
Arose from !58 (comment 482297).
We probably want the following features:
- Runs automatically on tags which look like
{semver}. - Uploads to terraform registry.
- See if we can use the included GitLab CI template which is the recommended approach.
A nice-to-have would be a check that if the tag is {semver} then {semver} appears in CHANGELOG.md.
As a quick test, I enabled the built-in GitLab terraform module template with the following .gitlab-ci.yml:
include:
- template: Terraform-Module.gitlab-ci.yml
variables:
TERRAFORM_MODULE_SYSTEM: googleTagging the branch as 0.0.0-dev1 caused:
- A commit pipeline running
fmtand doing soe security scanning - A tag pipeline which published the module to the terraform registry.
To use the module, one needs to do the following:
module "my_module_name" {
source = "gitlab.developers.cam.ac.uk/uis/gcp-cloud-run-app/google"
version = "0.0.1-dev1"
// ...
}(We don't need a GitLab token since this repo is public.)
Note that terraform modules need to live in the uis/ namespace which is an unfortunate technical requirement. Maybe we could (ab-)use devops as the terraform "system" instead of google?
It strikes me that it should be easy to make our own CI template which runs the additional linting jobs we have in our exiting terraform pipeline template.