Hi there! I’m trying to set up a pipeline for a repository to begin using Terraform.
Are there any well defined best practices around this process? Specifically, I want to accomplish the following:
- A
terraform initandterraform planas the first step. In mypipeline.ymlfile, I’m switching to the directory and running those two commands (along with validate). I’m using an artifact path of theterraform/directory where all Terraform code is stored for all repositories and providing the-out plan.tfflag toterraform plan.
For a given pull request, I only want these steps to run. When the PR is merged to master, I’d like to run another pipeline that is identical but then adds the terraform apply step - I’d like to use the “apply to production” button at this step to require manual unblocking so that someone has time to review the plan output again prior to the apply step.
Does this require two different pipelines? What’s the best way to handle running the additional step after the PR is merged? My current pipeline as I conceptualize this so far:
steps:
- label: ":terraform: :thinking_face: planning"
commands: |
cd terraform
terraform validate
terraform init
terraform plan -out plan.tf
artifact_paths:
- "terraform/*"
concurrency: 1
concurrency_group: foobar/ops/terraform
Would I simply need another pipeline with the additional step? I guess I’m really just trying to make sure I’m sectioning this off properly and asking for intervention in the right place.
Thanks for any clarification!