Skip to content

Commit

Permalink
feat: add GitLab support (#502)
Browse files Browse the repository at this point in the history
  • Loading branch information
@huayuenh
huayuenh authored Oct 24, 2024
1 parent a1e8fef commit 4b9255d
Show file tree
Hide file tree
Showing 16 changed files with 1,003 additions and 178 deletions.
39 changes: 28 additions & 11 deletions README.md
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion examples/default/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "terraform_devsecops_alm" {
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm?ref=v2.2.0"
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm?ref=v2.3.0"
ibmcloud_api_key = var.ibmcloud_api_key
toolchain_resource_group = var.toolchain_resource_group
toolchain_region = var.toolchain_region
Expand Down
2 changes: 1 addition & 1 deletion examples/default/version.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
# Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
ibm = {
source = "IBM-Cloud/ibm"
version = "= 1.67.1"
version = "= 1.70.0"
}
}
}
2 changes: 1 addition & 1 deletion examples/devsecops-ci-toolchain-bring-your-own-app/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "terraform_devsecops_alm" {
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm?ref=v2.2.0"
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm?ref=v2.3.0"
ibmcloud_api_key = var.ibmcloud_api_key
toolchain_resource_group = var.toolchain_resource_group
toolchain_region = var.toolchain_region
Expand Down
2 changes: 1 addition & 1 deletion examples/devsecops-ci-toolchain-bring-your-own-app/version.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
# Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
ibm = {
source = "IBM-Cloud/ibm"
version = "= 1.67.1"
version = "= 1.70.0"
}
}
}
2 changes: 1 addition & 1 deletion examples/devsecops-ci-toolchain-with-key-protect/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "terraform_devsecops_alm" {
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm?ref=v2.2.0"
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm?ref=v2.3.0"
ibmcloud_api_key = var.ibmcloud_api_key
toolchain_resource_group = var.toolchain_resource_group
toolchain_region = var.toolchain_region
Expand Down
2 changes: 1 addition & 1 deletion examples/devsecops-ci-toolchain-with-key-protect/version.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
# Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
ibm = {
source = "IBM-Cloud/ibm"
version = "= 1.67.1"
version = "= 1.70.0"
}
}
}
314 changes: 276 additions & 38 deletions ibm_catalog.json
View file

Large diffs are not rendered by default.

268 changes: 198 additions & 70 deletions main.tf
View file

Large diffs are not rendered by default.

29 changes: 23 additions & 6 deletions solutions/code-engine/README.md
View file

Large diffs are not rendered by default.

17 changes: 17 additions & 0 deletions solutions/code-engine/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ module "devsecops_da" {
add_code_engine_prefix = var.add_code_engine_prefix
add_container_name_suffix = var.add_container_name_suffix
app_group = var.app_group
add_pipeline_definitions = var.add_pipeline_definitions
app_repo_auth_type = var.app_repo_auth_type
app_repo_branch = var.app_repo_branch
app_repo_clone_from_url = var.app_repo_clone_from_url
Expand All @@ -17,14 +18,20 @@ module "devsecops_da" {
app_repo_secret_group = var.app_repo_secret_group
authorization_policy_creation = var.authorization_policy_creation
autostart = var.autostart
change_management_existing_url = var.change_management_existing_url
change_management_repo_git_id = var.change_management_repo_git_id
cluster_name = var.cluster_name
code_engine_project = var.code_engine_project
compliance_pipeline_branch = var.compliance_pipeline_branch
compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url
compliance_pipeline_group = var.compliance_pipeline_group
compliance_pipeline_repo_auth_type = var.compliance_pipeline_repo_auth_type
compliance_pipeline_repo_git_id = var.compliance_pipeline_repo_git_id
compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider
compliance_pipeline_repo_git_token_secret_crn = var.compliance_pipeline_repo_git_token_secret_crn
compliance_pipeline_repo_git_token_secret_name = var.compliance_pipeline_repo_git_token_secret_name
compliance_pipeline_repo_secret_group = var.compliance_pipeline_repo_secret_group
compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url
cos_api_key_secret_crn = var.cos_api_key_secret_crn
cos_api_key_secret_group = var.cos_api_key_secret_group
cos_api_key_secret_name = var.cos_api_key_secret_name
Expand All @@ -42,6 +49,8 @@ module "devsecops_da" {
create_kubernetes_access_policy = var.create_kubernetes_access_policy
create_secret_group = var.create_secret_group
create_signing_key = var.create_signing_key
create_triggers = var.create_triggers
create_git_triggers = var.create_git_triggers
enable_key_protect = var.enable_key_protect
enable_pipeline_notifications = var.enable_pipeline_notifications
enable_secrets_manager = var.enable_secrets_manager
Expand Down Expand Up @@ -90,6 +99,8 @@ module "devsecops_da" {
pipeline_config_repo_branch = var.pipeline_config_repo_branch
pipeline_config_repo_clone_from_url = var.pipeline_config_repo_clone_from_url
pipeline_config_repo_existing_url = var.pipeline_config_repo_existing_url
pipeline_config_repo_git_id = var.pipeline_config_repo_git_id
pipeline_config_repo_git_provider = var.pipeline_config_repo_git_provider
pipeline_config_repo_git_token_secret_crn = var.pipeline_config_repo_git_token_secret_crn
pipeline_config_repo_git_token_secret_name = var.pipeline_config_repo_git_token_secret_name
pipeline_config_repo_secret_group = var.pipeline_config_repo_secret_group
Expand All @@ -102,11 +113,16 @@ module "devsecops_da" {
pipeline_ibmcloud_api_key_secret_name = var.pipeline_ibmcloud_api_key_secret_name
prefix = var.prefix
registry_namespace = var.registry_namespace
repo_blind_connection = var.repo_blind_connection
repo_git_id = var.repo_git_id
repo_git_provider = var.repo_git_provider
repo_git_token_secret_crn = var.repo_git_token_secret_crn
repo_git_token_secret_name = var.repo_git_token_secret_name
repo_git_token_secret_value = var.repo_git_token_secret_value
repo_group = var.repo_group
repo_root_url = var.repo_root_url
repo_secret_group = var.repo_secret_group
repo_title = var.repo_title
repositories_prefix = var.repositories_prefix
rotation_period = var.rotation_period
rotate_signing_key = var.rotate_signing_key
Expand Down Expand Up @@ -256,6 +272,7 @@ module "devsecops_da" {
cd_change_management_group = var.cd_change_management_group
cd_change_management_repo_auth_type = var.cd_change_management_repo_auth_type
cd_change_management_repo_git_token_secret_crn = var.cd_change_management_repo_git_token_secret_crn
cd_change_management_repo_git_provider = var.cd_change_management_repo_git_provider
cd_change_management_repo_git_token_secret_name = var.cd_change_management_repo_git_token_secret_name
cd_change_management_repo_secret_group = var.cd_change_management_repo_secret_group
cd_change_repo_clone_from_url = var.cd_change_repo_clone_from_url
Expand Down
150 changes: 136 additions & 14 deletions solutions/code-engine/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,12 @@ variable "compliance_pipeline_branch" {
default = "open-v10"
}

variable "compliance_pipeline_existing_repo_url" {
type = string
default = ""
description = "The URL of an existing compliance pipelines repository."
}

variable "compliance_pipeline_group" {
type = string
description = "Specify user or group for compliance pipline repository."
Expand All @@ -135,6 +141,22 @@ variable "compliance_pipeline_repo_auth_type" {
default = ""
}

variable "compliance_pipeline_repo_git_id" {
type = string
description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server."
default = ""
}

variable "compliance_pipeline_repo_git_provider" {
type = string
default = ""
description = "Git provider for pipeline repo"
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.compliance_pipeline_repo_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline repo."
}
}

variable "compliance_pipeline_repo_git_token_secret_crn" {
type = string
sensitive = true
Expand All @@ -158,6 +180,12 @@ variable "compliance_pipeline_repo_secret_group" {
default = ""
}

variable "compliance_pipeline_source_repo_url" {
type = string
default = ""
description = "The URL of a compliance pipelines repository to clone."
}

variable "cos_api_key_secret_crn" {
type = string
sensitive = true
Expand Down Expand Up @@ -265,6 +293,12 @@ variable "create_signing_key" {
default = false
}

variable "create_triggers" {
type = string
description = "Set to `true` to create the default triggers associated with the compliance repos and sample app."
default = "true"
}

variable "enable_key_protect" {
type = string
description = "Set to `true` to the enable Key Protect integrations."
Expand Down Expand Up @@ -333,10 +367,10 @@ variable "evidence_repo_existing_git_id" {

variable "evidence_repo_existing_git_provider" {
type = string
default = "hostedgit"
description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories."
default = ""
description = "Git provider for evidence repo. If not set will default to `hostedgit`."
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.evidence_repo_existing_git_provider)
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.evidence_repo_existing_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository."
}
}
Expand Down Expand Up @@ -408,10 +442,10 @@ variable "inventory_repo_existing_git_id" {

variable "inventory_repo_existing_git_provider" {
type = string
default = "hostedgit"
description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories."
default = ""
description = "Git provider for the inventory repo. If not set will default to `hostedgit`."
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.inventory_repo_existing_git_provider)
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.inventory_repo_existing_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for Inventory repository."
}
}
Expand Down Expand Up @@ -477,17 +511,17 @@ variable "issues_repo_existing_git_id" {

variable "issues_repo_existing_git_provider" {
type = string
default = "hostedgit"
description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories."
default = ""
description = "Git provider for the issues repo. If not set will default to `hostedgit`."
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.issues_repo_existing_git_provider)
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.issues_repo_existing_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for issue repository."
}
}

variable "issues_repo_existing_url" {
type = string
description = "Set to use an existing issues repository."
description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories."
default = ""
}

Expand Down Expand Up @@ -597,6 +631,22 @@ variable "pipeline_config_group" {
default = ""
}

variable "pipeline_config_repo_git_id" {
type = string
description = "Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server."
default = ""
}

variable "pipeline_config_repo_git_provider" {
type = string
default = ""
description = "Git provider for pipeline repo config"
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.pipeline_config_repo_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline config repo."
}
}

variable "pipeline_config_repo_git_token_secret_name" {
type = string
description = "Name of the Git token secret in the secret provider used for accessing the pipeline config repository."
Expand Down Expand Up @@ -673,6 +723,24 @@ variable "registry_namespace" {
default = ""
}

variable "repo_blind_connection" {
type = string
description = "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server."
default = ""
}

variable "repo_git_id" {
type = string
description = "The Git ID for the compliance repositories."
default = ""
}

variable "repo_git_provider" {
type = string
description = "The Git provider type."
default = ""
}

variable "repo_git_token_secret_crn" {
type = string
sensitive = true
Expand Down Expand Up @@ -709,6 +777,12 @@ variable "repo_secret_group" {
default = ""
}

variable "repo_root_url" {
type = string
description = "(Optional) The Root URL of the server. e.g. https://git.example.com."
default = ""
}

variable "repositories_prefix" {
type = string
description = "Prefix name for the cloned compliance repos. For the repositories_prefix value only a-z, A-Z and 0-9 and the special characters `-_` are allowed. In addition the string must not end with a special character or have two consecutive special characters."
Expand All @@ -723,6 +797,12 @@ variable "repositories_prefix" {
}
}

variable "repo_title" {
type = string
description = "(Optional) The title of the server. e.g. My Git Enterprise Server."
default = ""
}

variable "rotation_period" {
type = number
description = "The number of days until the `ibmcloud-api-key` and the `cos-api-key` are auto rotated."
Expand Down Expand Up @@ -984,8 +1064,12 @@ variable "cc_app_repo_git_id" {

variable "cc_app_repo_git_provider" {
type = string
description = "The type of the Git provider."
default = "hostedgit"
description = "Git provider for the application repo. If not set will default to `hostedgit`."
default = ""
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cc_app_repo_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository."
}
}

variable "cc_app_repo_git_token_secret_crn" {
Expand Down Expand Up @@ -1690,6 +1774,28 @@ variable "cd_change_management_repo_auth_type" {
default = ""
}

variable "change_management_existing_url" {
type = string
description = "The URL for an existing Change Management repository."
default = ""
}

variable "change_management_repo_git_id" {
type = string
description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server."
default = ""
}

variable "cd_change_management_repo_git_provider" {
type = string
default = ""
description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories."
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_change_management_repo_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository."
}
}

variable "cd_change_management_repo_git_token_secret_crn" {
type = string
sensitive = true
Expand Down Expand Up @@ -1887,8 +1993,12 @@ variable "cd_deployment_repo_existing_git_id" {

variable "cd_deployment_repo_existing_git_provider" {
type = string
description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories."
default = "hostedgit"
description = "Git provider for the deployment repo. If not set will default to `hostedgit`."
default = ""
validation {
condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_deployment_repo_existing_git_provider)
error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository."
}
}

variable "cd_deployment_repo_existing_url" {
Expand Down Expand Up @@ -3318,3 +3428,15 @@ variable "use_app_repo_for_cd_deploy" {
description = "Set to `true` to use the CI sample application repository as the deployment repository in the CD pipeline. This will be set in the pipeline config integration."
default = true
}

variable "add_pipeline_definitions" {
type = string
description = "Set to `true` to add pipeline definitions."
default = "true"
}

variable "create_git_triggers" {
type = string
description = "Set to `true` to create the default Git triggers associated with the compliance repos and sample app."
default = "true"
}
Loading

0 comments on commit 4b9255d

Please sign in to comment.