gitlab-ci.yml

image:
  name: hashicorp/terraform:light
  entrypoint:
    - '/usr/bin/env'
    - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
    - 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}' 
    - 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}' 
    - 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'

variables:
  PLAN: plan.tfplan

cache:
  paths:
    - .terraform

before_script:
  - terraform --version
  - terraform init

stages:
  - validate
  - plan
  - apply
  - destroy

validate:
  stage: validate
  script:
    - terraform validate
  only:
    - branches

plan:
  stage: plan
  script:
    - terraform plan -out=$PLAN
    - echo \`\`\`diff > plan.txt
    - terraform show -no-color ${PLAN} | tee -a plan.txt
    - echo \`\`\` >> plan.txt
    - sed -i -e 's/  +/+/g' plan.txt
    - sed -i -e 's/  ~/~/g' plan.txt
    - sed -i -e 's/  -/-/g' plan.txt
    - MESSAGE=$(cat plan.txt)
    - >-
      curl -X POST -g -H "PRIVATE-TOKEN: ${GITLAB_ACCESS_TOKEN}" 
      --data-urlencode "body=${MESSAGE}" 
      "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests/${CI_MERGE_REQUEST_IID}/discussions"
  artifacts:
    name: plan
    paths:
      - $PLAN
  only:
    - merge_requests

build:
  stage: plan
  script:
    - terraform plan -out=$PLAN
  artifacts:
    name: plan
    paths:
      - $PLAN
  only:
    - master

apply:
  stage: apply
  script:
    - terraform apply -input=false $PLAN
  dependencies:
    - build
  when: manual
  only:
    - master

destroy:
  stage: destroy
  script:
    - echo "Destroying resources"
    - terraform destroy -state=$STATE --auto-approve
  dependencies:
    - apply  
  when: manual
  only:
    refs:
      - master