How to use terraform to clone a git repo, update files, and push commits to it?

10/27/2020

Problem

  • We write config files using Terraform for both our Kubernetes Cluster or Apps
  • Some of these files must be pushed to different git repos
    • Just following GitOps for kubernetes and dynamic config repos

Question

So far, I have the following:

  • Generate the configs:
# https://stackoverflow.com/questions/36629367/getting-an-environment-variable-in-terraform-configuration/36672931#36672931
variable GITLAB_CLONE_TOKEN {}

locals {
  carCrdInstance = {
    apiVersion = "car.io/v1"
    kind       = "Car"
    metadata = {
      name = "super-car"
    }
    spec = {
      convertible = "true"
      color = "black"
    }
  }

  # https://docs.gitlab.com/ee/user/project/deploy_tokens/#git-clone-a-repository
  clone_location = "${path.module}/.gitops"
  branch = "feature/crds-setup"
}

resource "null_resource" "git_clone" {
  provisioner "local-exec" {
    command = "git clone --branch ${local.branch} https://${var.username}:${var.GITLAB_CLONE_TOKEN}@gitlab.example.com/tanuki/awesome_project.git ${local.clone_location}"
  }
}

resource "local_file" "cert_manager_cluster_issuer_object" {
  content  = yamlencode(local.cert_issuer)
  filename = "${git_repo.configs.destination}/crds/instances/white-convertible.yaml"

  # https://stackoverflow.com/questions/52421656/terraform-execute-script-before-lambda-creation/52422595#52422595
  depends_on = ["null_resource.git_clone"]

  # https://stackoverflow.com/questions/7149984/how-do-i-execute-a-git-command-without-being-in-the-repository/35899275#35899275
  provisioner "local-exec" {
    command = "git -C ${local.clone_location} commit -am ':new: updating cars...'"
  }

  provisioner "local-exec" {
    command = "git -C ${local.clone_location} push origin ${local.branch}'"
  }
}

Is there anything like that?

  • I haven't tested this above, but I'm looking for something that allows me to do that
-- Marcello de Sales
git
kubernetes
terraform

1 Answer

1/4/2021

How can I perform a git clone, commit, push using terraform?

Should we just use shell?

Terraform is a good tool - it is best for provisioning immutable infrastructure. Shell script might also have its place, but when you can, it is preferably to use a more declarative approach.

What you describe with "git clone, commit, push" is essentially some of the steps that is commonly done in something like a Build or Deployment Pipeline. Terraform might be a good tool to use in some of the steps, but it is not the best tool to orchestrate the full workflow, in my point of view.

A tool made for orchestrating pipeline workflows might be best for this, like e.g.

-- Jonas
Source: StackOverflow