terraform-app-gitea/.drone.yml

---
kind: pipeline
type: kubernetes
name: Terraform root module

environment:
  TF_IN_AUTOMATION: "1"
  GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no -i $${PWD}/id_rsa"
  AWS_REGION: eu-central-1

trigger:
  ref:
    - refs/heads/main
    - refs/pull/*/head

steps:
- name: terraform init
  image: hashicorp/terraform:1.3.5
  commands:
    - echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
    - chmod 600 id_rsa
    - terraform init
  environment:
    CI_SSH_KEY:
      from_secret: ci-ssh-key
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key

- name: terraform plan
  image: hashicorp/terraform:1.3.5
  commands:
    - terraform plan $([[ $${DRONE_BUILD_EVENT} = cron ]] && echo "-detailed-exitcode") -out .tfplan
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key
    KUBE_TOKEN:
      from_secret: lawndale-k8s-ci-token

- name: terraform apply
  when:
    branch:
    - main
    event:
    - push
  image: hashicorp/terraform:1.3.5
  commands:
    - terraform apply .tfplan
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key
    KUBE_TOKEN:
      from_secret: lawndale-k8s-ci-token

---
kind: pipeline
type: kubernetes
name: Check docs and format

environment:
  TF_IN_AUTOMATION: "1"

trigger:
  ref:
    - refs/pull/*/head

steps:
- name: format and generate docs
  image: hashicorp/terraform:1.3.5
  commands:
    - apk add bash wget 
    - wget -q https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
    - terraform fmt
    - terraform-docs .
    - git diff --exit-code

---
kind: signature
hmac: aa6fd4b3cac36e71753a8fda8188a91a9bb977788d857f5756596c1798d27367

...