dehio3 · June 14, 2019 06:35
diff --git a/circleci-config-terraform.yml b/circleci-config-terraform.yml
 version: 2

 defaults: &defaults
  docker:
    - image: hashicorp/terraform:0.11.13
      environment:
        AWS_DEFAULT_REGION: ap-northeast-1

 tfnotify_install: &tfnotify_install
  name: tfnotify install 
  # https://github.com/mercari/tfnotify
  command: |
    curl -sL https://github.com/mercari/tfnotify/releases/download/v0.3.0/tfnotify_v0.3.0_linux_amd64.tar.gz -o /tmp/tfnotify.tar.gz && \
    tar zxvf /tmp/tfnotify.tar.gz -C /tmp && \
    cp /tmp/tfnotify_v0.3.0_linux_amd64/tfnotify /usr/local/bin/tfnotify && \
    rm -rf /tmp/*

 awscli_install: &awscli_install
  name: awscli install
  command: |
    apk update
    apk add py-pip jq
    pip install --upgrade pip awscli

 set_assume-role: &set_assume-role
  name: set assume-role
  command: |
    temp_role=$(aws sts assume-role --role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${AWS_ASSUME_ROLE_NAME} --role-session-name "terraform_session" --output json)
    echo "export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq .Credentials.AccessKeyId)" >> $BASH_ENV
    echo "export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq .Credentials.SecretAccessKey)" >> $BASH_ENV
    echo "export AWS_SESSION_TOKEN=$(echo $temp_role | jq .Credentials.SessionToken)" >> $BASH_ENV

 jobs:
  apply:
      <<: *defaults
      steps:
        - checkout
        - add_ssh_keys
        - run:
            <<: *tfnotify_install
        - run:
            <<: *awscli_install
        - run:
            <<: *set_assume-role
        - run: 
            name: terrafrom init
            command: |
              source $BASH_ENV
              terraform init
        - run: 
            name: terraform apply
            command: | 
              source $BASH_ENV
              terraform apply -auto-approve | tfnotify --config .tfnotify/tfnotify.yml apply

  plan:
      <<: *defaults
      steps:
        - checkout
        - add_ssh_keys
        - run:
            <<: *tfnotify_install
        - run:
            <<: *awscli_install
        - run:
            <<: *set_assume-role
        - run: 
            name: terrafrom init
            command: |
              source $BASH_ENV
              terraform init
        - run: 
            name: terraform validate
            command: |
              source $BASH_ENV
              terraform validate
        - run:
            name: terraform plan
            command: |
              source $BASH_ENV
              terraform plan | tfnotify --config .tfnotify/tfnotify.yml plan --message "$PWD"

 workflows:
  version: 2
  plan_and_apply:
    jobs:
      - plan
      - apply:
          filters:
            branches:
              only: master
	version: 2

	defaults: &defaults
	docker:
	- image: hashicorp/terraform:0.11.13
	environment:
	AWS_DEFAULT_REGION: ap-northeast-1

	tfnotify_install: &tfnotify_install
	name: tfnotify install
	# https://github.com/mercari/tfnotify
	command: \|
	curl -sL https://github.com/mercari/tfnotify/releases/download/v0.3.0/tfnotify_v0.3.0_linux_amd64.tar.gz -o /tmp/tfnotify.tar.gz && \
	tar zxvf /tmp/tfnotify.tar.gz -C /tmp && \
	cp /tmp/tfnotify_v0.3.0_linux_amd64/tfnotify /usr/local/bin/tfnotify && \
	rm -rf /tmp/*

	awscli_install: &awscli_install
	name: awscli install
	command: \|
	apk update
	apk add py-pip jq
	pip install --upgrade pip awscli

	set_assume-role: &set_assume-role
	name: set assume-role
	command: \|
	temp_role=$(aws sts assume-role --role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${AWS_ASSUME_ROLE_NAME} --role-session-name "terraform_session" --output json)
	echo "export AWS_ACCESS_KEY_ID=$(echo $temp_role \| jq .Credentials.AccessKeyId)" >> $BASH_ENV
	echo "export AWS_SECRET_ACCESS_KEY=$(echo $temp_role \| jq .Credentials.SecretAccessKey)" >> $BASH_ENV
	echo "export AWS_SESSION_TOKEN=$(echo $temp_role \| jq .Credentials.SessionToken)" >> $BASH_ENV

	jobs:
	apply:
	<<: *defaults
	steps:
	- checkout
	- add_ssh_keys
	- run:
	<<: *tfnotify_install
	- run:
	<<: *awscli_install
	- run:
	<<: *set_assume-role
	- run:
	name: terrafrom init
	command: \|
	source $BASH_ENV
	terraform init
	- run:
	name: terraform apply
	command: \|
	source $BASH_ENV
	terraform apply -auto-approve \| tfnotify --config .tfnotify/tfnotify.yml apply

	plan:
	<<: *defaults
	steps:
	- checkout
	- add_ssh_keys
	- run:
	<<: *tfnotify_install
	- run:
	<<: *awscli_install
	- run:
	<<: *set_assume-role
	- run:
	name: terrafrom init
	command: \|
	source $BASH_ENV
	terraform init
	- run:
	name: terraform validate
	command: \|
	source $BASH_ENV
	terraform validate
	- run:
	name: terraform plan
	command: \|
	source $BASH_ENV
	terraform plan \| tfnotify --config .tfnotify/tfnotify.yml plan --message "$PWD"

	workflows:
	version: 2
	plan_and_apply:
	jobs:
	- plan
	- apply:
	filters:
	branches:
	only: master