terraform-lawndale-k8s/.drone.yml

---
kind: pipeline
type: kubernetes
name: Terraform root module

environment:
  TF_IN_AUTOMATION: "1"
  GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no -i $${PWD}/id_rsa"
  

steps:
- name: terraform init
  image: hashicorp/terraform:1.1.8
  commands:
    - echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
    - chmod 600 id_rsa
    - terraform init
  environment:
    CI_SSH_KEY:
      from_secret: ci-ssh-key
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key

- name: terraform plan
  image: hashicorp/terraform:1.1.8
  commands:
    - mkdir -p ~/.ssh
    - cp -a id_rsa ~/.ssh/id_rsa
    - terraform plan -out .tfplan
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key
    KUBE_TOKEN:
      from_secret: lawndale-k8s-ci-token
    TF_VAR_lawndale_dns_key_secret:
      from_secret: lawndale-dns-key-secret
    TF_VAR_lawndale_dns_key_algorithm:
      from_secret: lawndale-dns-key-algorithm

- name: terraform apply
  when:
    branch:
    - main
    event:
    - push
  image: hashicorp/terraform:1.1.8
  commands:
    - mkdir -p ~/.ssh
    - cp -a id_rsa ~/.ssh/id_rsa
    - terraform apply .tfplan
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: terraform-aws-key-id
    AWS_SECRET_ACCESS_KEY:
      from_secret: terraform-aws-secret-access-key
    KUBE_TOKEN:
      from_secret: lawndale-k8s-ci-token
    TF_VAR_lawndale_dns_key_secret:
      from_secret: lawndale-dns-key-secret
    TF_VAR_lawndale_dns_key_algorithm:
      from_secret: lawndale-dns-key-algorithm

---
kind: signature
hmac: 290ac82203ef299b26f3ba19e69857990506229301165b94d420459c32f96af1

...