---
kind: pipeline
type: kubernetes
name: Terraform root module

environment:
  TF_IN_AUTOMATION: "1"
  GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no -i $${PWD}/id_rsa"
  

steps:
- name: terraform init
  image: hashicorp/terraform:1.1.8
  commands:
    - echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
    - chmod 600 id_rsa
    - terraform init
  environment:
    CI_SSH_KEY:
      from_secret: ci-ssh-key
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key

- name: terraform plan
  image: hashicorp/terraform:1.1.8
  commands:
  - ssh-add id_rsa
  - terraform plan -out .tfplan
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key
    KUBE_TOKEN:
      from_secret: lawndale-k8s-ci-token
    TF_VAR_lawdnale_dns_key_secret:
      from_secret: lawndale-dns-key-secret
    TF_VAR_lawndale_dns_key_algorithm:
      from_secret: lawndale-dns-key-algorithm

- name: terraform apply
  when:
    branch:
    - main
    event:
    - push
  image: hashicorp/terraform:1.1.8
  commands:
    - ssh_add id_rsa
    - terraform apply .tfplan
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key
    KUBE_TOKEN:
      from_secret: lawndale-k8s-ci-token
    TF_VAR_lawdnale_dns_key_secret:
      from_secret: lawndale-dns-key-secret
    TF_VAR_lawndale_dns_key_algorithm:
      from_secret: lawndale-dns-key-algorithm

---
kind: signature
hmac: e3f1e9866e05c63c47e9b726b95813444f6dcad2a02bba21e4dbdffa9f3a15f1

...