feat(extra-vars): allow to pass extra CI/CD variables (#45)

jindraj · web-flow · commit 4e8f6ede2fc1 · 2025-05-12T21:38:04.000+02:00
* feat(extra-vars): allow to pass extra CI/CD variables
diff --git a/README.md b/README.md
@@ -93,16 +93,16 @@ module "static-site" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.61.0 |
-| <a name="provider_gitlab"></a> [gitlab](#provider\_gitlab) | 17.2.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.27 |
+| <a name="provider_gitlab"></a> [gitlab](#provider\_gitlab) | >= 15.7, < 18.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_certificate"></a> [certificate](#module\_certificate) | terraform-aws-modules/acm/aws | 5.1.1 |
 | <a name="module_gitlab"></a> [gitlab](#module\_gitlab) | ./modules/gitlab | n/a |
-| <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.7.0 |
+| <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.8.0 |
 
 ## Resources
 
@@ -147,6 +147,7 @@ module "static-site" {
 | <a name="input_enable_deploy_user"></a> [enable\_deploy\_user](#input\_enable\_deploy\_user) | Toggle s3 deploy user creation | `bool` | `true` | no |
 | <a name="input_encrypt_with_kms"></a> [encrypt\_with\_kms](#input\_encrypt\_with\_kms) | Enable server side s3 bucket encryption with KMS key | `bool` | `false` | no |
 | <a name="input_extra_domains"></a> [extra\_domains](#input\_extra\_domains) | Map of extra\_domains with domain name and zone\_id | `map(string)` | `{}` | no |
+| <a name="input_extra_gitlab_cicd_variables"></a> [extra\_gitlab\_cicd\_variables](#input\_extra\_gitlab\_cicd\_variables) | List of additional gitlab CI/CD variables | <pre>list(object({<br/>    protected = optional(bool, false)<br/>    masked    = optional(bool, false)<br/>    raw       = optional(bool, true)<br/>    key       = string<br/>    value     = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_functions"></a> [functions](#input\_functions) | n/a | <pre>object({<br/>    viewer_request  = optional(string)<br/>    viewer_response = optional(string)<br/>  })</pre> | `{}` | no |
 | <a name="input_gitlab_environment"></a> [gitlab\_environment](#input\_gitlab\_environment) | GitLab environment name | `string` | `"*"` | no |
 | <a name="input_gitlab_project_id"></a> [gitlab\_project\_id](#input\_gitlab\_project\_id) | Deprecated: Use gitlab\_project\_ids instead | `string` | `""` | no |
diff --git a/deploy.tf b/deploy.tf
@@ -100,6 +100,7 @@ module "gitlab" {
 
   enable_deploy_role             = var.enable_deploy_role
   enable_deploy_user             = var.enable_deploy_user
+  extra_gitlab_cicd_variables    = var.extra_gitlab_cicd_variables
   aws_s3_bucket_name             = module.s3_bucket.s3_bucket_id
   aws_cloudfront_distribution_id = aws_cloudfront_distribution.this.id
   aws_role_arn                   = var.enable_deploy_role ? aws_iam_role.deploy[0].arn : null
diff --git a/modules/gitlab/README.md b/modules/gitlab/README.md
@@ -68,6 +68,7 @@ No modules.
 |------|------|
 | [gitlab_project_variable.aws_default_region](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs/resources/project_variable) | resource |
 | [gitlab_project_variable.cloudfront_distribution_id](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs/resources/project_variable) | resource |
+| [gitlab_project_variable.extra](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs/resources/project_variable) | resource |
 | [gitlab_project_variable.s3_bucket](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs/resources/project_variable) | resource |
 | [gitlab_project_variable.site_aws_access_key_id](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs/resources/project_variable) | resource |
 | [gitlab_project_variable.site_aws_role_arn](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs/resources/project_variable) | resource |
@@ -87,6 +88,7 @@ No modules.
 | <a name="input_aws_secret_access_key"></a> [aws\_secret\_access\_key](#input\_aws\_secret\_access\_key) | n/a | `string` | n/a | yes |
 | <a name="input_enable_deploy_role"></a> [enable\_deploy\_role](#input\_enable\_deploy\_role) | n/a | `bool` | n/a | yes |
 | <a name="input_enable_deploy_user"></a> [enable\_deploy\_user](#input\_enable\_deploy\_user) | n/a | `bool` | n/a | yes |
+| <a name="input_extra_gitlab_cicd_variables"></a> [extra\_gitlab\_cicd\_variables](#input\_extra\_gitlab\_cicd\_variables) | n/a | <pre>list(object({<br/>    protected = optional(bool, false)<br/>    masked    = optional(bool, false)<br/>    raw       = optional(bool, true)<br/>    key       = string<br/>    value     = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_gitlab_environment"></a> [gitlab\_environment](#input\_gitlab\_environment) | n/a | `string` | `"*"` | no |
 | <a name="input_gitlab_project_ids"></a> [gitlab\_project\_ids](#input\_gitlab\_project\_ids) | n/a | `list(string)` | n/a | yes |
 
diff --git a/modules/gitlab/main.tf b/modules/gitlab/main.tf
@@ -1,3 +1,20 @@
+locals {
+  cicd_variable_flat_list = flatten([
+    for project_id in var.gitlab_project_ids : [
+      for variable in var.extra_gitlab_cicd_variables : {
+        id        = "${project_id}-${variable.key}"
+        project_id = project_id
+        variable   = variable
+      }
+    ]
+  ])
+
+  cicd_variable_flat_map = {
+    for item in local.cicd_variable_flat_list :
+    item.id => merge(item.variable, { project_id = item.project_id })
+  }
+}
+
 data "gitlab_project" "this" {
   for_each = toset(var.gitlab_project_ids)
   id       = each.value
@@ -92,3 +109,18 @@ resource "gitlab_project_variable" "site_aws_secret_access_key" {
 
   environment_scope = var.gitlab_environment
 }
+
+resource "gitlab_project_variable" "extra" {
+  for_each = local.cicd_variable_flat_map
+
+  project = each.value.project_id
+
+  protected = each.value.protected
+  masked    = each.value.masked
+  raw       = each.value.raw
+
+  key   = each.value.key
+  value = each.value.value
+
+  environment_scope = var.gitlab_environment
+}
diff --git a/modules/gitlab/variables.tf b/modules/gitlab/variables.tf
@@ -44,3 +44,14 @@ variable "aws_env_vars_suffix" {
   type    = string
   default = ""
 }
+
+variable "extra_gitlab_cicd_variables" {
+  type = list(object({
+    protected = optional(bool, false)
+    masked    = optional(bool, false)
+    raw       = optional(bool, true)
+    key       = string
+    value     = string
+  }))
+  default = []
+}
diff --git a/variables.tf b/variables.tf
@@ -246,3 +246,14 @@ variable "custom_headers" {
   default = null
 }
 
+variable "extra_gitlab_cicd_variables" {
+  type = list(object({
+    protected = optional(bool, false)
+    masked    = optional(bool, false)
+    raw       = optional(bool, true)
+    key       = string
+    value     = string
+  }))
+  default     = []
+  description = "List of additional gitlab CI/CD variables"
+}
