feat: Define multiple gitlab projects (#26)

* feat: Define multiple gitlab projects --------- Co-authored-by: Jakub Jindra <[email protected]>
cookielab · Dec 19, 2024 · 63e4626 · 63e4626
1 parent b3a8c2b
commit 63e4626
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -92,15 +92,15 @@ module "static-site" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.27 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.61.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_certificate"></a> [certificate](#module\_certificate) | terraform-aws-modules/acm/aws | 5.1.1 |
 | <a name="module_gitlab"></a> [gitlab](#module\_gitlab) | ./modules/gitlab | n/a |
-| <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.1.2 |
+| <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.2.2 |
 
 ## Resources
 
@@ -138,9 +138,10 @@ module "static-site" {
 | <a name="input_enable_deploy_user"></a> [enable\_deploy\_user](#input\_enable\_deploy\_user) | Toggle s3 deploy user creation | `bool` | `true` | no |
 | <a name="input_encrypt_with_kms"></a> [encrypt\_with\_kms](#input\_encrypt\_with\_kms) | Enable server side s3 bucket encryption with KMS key | `bool` | `false` | no |
 | <a name="input_extra_domains"></a> [extra\_domains](#input\_extra\_domains) | Map of extra\_domains with domain name and zone\_id | `map(string)` | `{}` | no |
-| <a name="input_functions"></a> [functions](#input\_functions) | n/a | <pre>object({<br>    viewer_request  = optional(string)<br>    viewer_response = optional(string)<br>  })</pre> | `{}` | no |
+| <a name="input_functions"></a> [functions](#input\_functions) | n/a | <pre>object({<br/>    viewer_request  = optional(string)<br/>    viewer_response = optional(string)<br/>  })</pre> | `{}` | no |
 | <a name="input_gitlab_environment"></a> [gitlab\_environment](#input\_gitlab\_environment) | GitLab environment name | `string` | `"*"` | no |
-| <a name="input_gitlab_project_id"></a> [gitlab\_project\_id](#input\_gitlab\_project\_id) | Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache | `string` | `null` | no |
+| <a name="input_gitlab_project_id"></a> [gitlab\_project\_id](#input\_gitlab\_project\_id) | Deprecated: Use gitlab\_project\_ids instead | `string` | `""` | no |
+| <a name="input_gitlab_project_ids"></a> [gitlab\_project\_ids](#input\_gitlab\_project\_ids) | Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache | `list(string)` | `[]` | no |
 | <a name="input_kms_deletion_window_in_days"></a> [kms\_deletion\_window\_in\_days](#input\_kms\_deletion\_window\_in\_days) | The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key | `number` | `30` | no |
 | <a name="input_kms_key_policy"></a> [kms\_key\_policy](#input\_kms\_key\_policy) | Additional KSM key policy | `string` | `"{}"` | no |
 | <a name="input_logs_bucket"></a> [logs\_bucket](#input\_logs\_bucket) | Bucket to store CloudFront logs | `string` | `null` | no |
@@ -150,12 +151,12 @@ module "static-site" {
 | <a name="input_origin_path"></a> [origin\_path](#input\_origin\_path) | Cloudfront origin path | `string` | `""` | no |
 | <a name="input_override_status_code_403"></a> [override\_status\_code\_403](#input\_override\_status\_code\_403) | Override status code for 403 error | `number` | `403` | no |
 | <a name="input_override_status_code_404"></a> [override\_status\_code\_404](#input\_override\_status\_code\_404) | Override status code for 404 error | `number` | `200` | no |
-| <a name="input_proxy_paths"></a> [proxy\_paths](#input\_proxy\_paths) | n/a | <pre>list(object({<br>    origin_domain = string<br>    path_prefix   = string<br>  }))</pre> | `[]` | no |
+| <a name="input_proxy_paths"></a> [proxy\_paths](#input\_proxy\_paths) | n/a | <pre>list(object({<br/>    origin_domain = string<br/>    path_prefix   = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_response_header_access_control_allow_credentials"></a> [response\_header\_access\_control\_allow\_credentials](#input\_response\_header\_access\_control\_allow\_credentials) | n/a | `bool` | `false` | no |
 | <a name="input_response_header_origin_override"></a> [response\_header\_origin\_override](#input\_response\_header\_origin\_override) | n/a | `bool` | `false` | no |
 | <a name="input_s3_bucket_name"></a> [s3\_bucket\_name](#input\_s3\_bucket\_name) | n/a | `string` | n/a | yes |
 | <a name="input_s3_bucket_policy"></a> [s3\_bucket\_policy](#input\_s3\_bucket\_policy) | Additional S3 bucket policy | `string` | `"{}"` | no |
-| <a name="input_s3_cors_rule"></a> [s3\_cors\_rule](#input\_s3\_cors\_rule) | List of maps containing rules for Cross-Origin Resource Sharing. | <pre>list(object({<br>    allowed_headers = optional(list(string))<br>    allowed_methods = optional(list(string))<br>    allowed_origins = optional(list(string))<br>    expose_headers  = optional(list(string))<br>    max_age_seconds = optional(number)<br>  }))</pre> | `[]` | no |
+| <a name="input_s3_cors_rule"></a> [s3\_cors\_rule](#input\_s3\_cors\_rule) | List of maps containing rules for Cross-Origin Resource Sharing. | <pre>list(object({<br/>    allowed_headers = optional(list(string))<br/>    allowed_methods = optional(list(string))<br/>    allowed_origins = optional(list(string))<br/>    expose_headers  = optional(list(string))<br/>    max_age_seconds = optional(number)<br/>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(string)` | `{}` | no |
 
 ## Outputs

diff --git a/deploy.tf b/deploy.tf
@@ -1,3 +1,7 @@
+locals {
+  gitlab_project_ids = toset(concat(var.gitlab_project_ids, var.gitlab_project_id != "" ? [var.gitlab_project_id] : []))
+}
+
 resource "aws_iam_user" "deploy" {
   count = var.enable_deploy_user == true ? 1 : 0
   name  = "zvirt-${local.main_domain_sanitized}-deploy"
@@ -42,11 +46,11 @@ resource "aws_iam_user_policy" "deploy" {
 }
 
 module "gitlab" {
-  count = var.gitlab_project_id == null ? 0 : 1
+  count = length(local.gitlab_project_ids) == 0 ? 0 : 1
 
   source = "./modules/gitlab"
 
-  gitlab_project_id  = var.gitlab_project_id
+  gitlab_project_ids = local.gitlab_project_ids
   gitlab_environment = var.gitlab_environment
 
   aws_s3_bucket_name             = module.s3_bucket.s3_bucket_id

diff --git a/modules/gitlab/README.md b/modules/gitlab/README.md
@@ -84,7 +84,7 @@ No modules.
 | <a name="input_aws_s3_bucket_name"></a> [aws\_s3\_bucket\_name](#input\_aws\_s3\_bucket\_name) | n/a | `string` | n/a | yes |
 | <a name="input_aws_secret_access_key"></a> [aws\_secret\_access\_key](#input\_aws\_secret\_access\_key) | n/a | `string` | n/a | yes |
 | <a name="input_gitlab_environment"></a> [gitlab\_environment](#input\_gitlab\_environment) | n/a | `string` | `"*"` | no |
-| <a name="input_gitlab_project_id"></a> [gitlab\_project\_id](#input\_gitlab\_project\_id) | n/a | `string` | n/a | yes |
+| <a name="input_gitlab_project_ids"></a> [gitlab\_project\_ids](#input\_gitlab\_project\_ids) | n/a | `list(string)` | n/a | yes |
 
 ## Outputs
 

diff --git a/modules/gitlab/main.tf b/modules/gitlab/main.tf
@@ -1,9 +1,12 @@
 data "gitlab_project" "this" {
-  id = var.gitlab_project_id
+  for_each = toset(var.gitlab_project_ids)
+  id       = each.value
 }
 
 resource "gitlab_project_variable" "s3_bucket" {
-  project = data.gitlab_project.this.id
+  for_each = data.gitlab_project.this
+
+  project = each.value.id
 
   protected = false
   masked    = false
@@ -16,7 +19,9 @@ resource "gitlab_project_variable" "s3_bucket" {
 }
 
 resource "gitlab_project_variable" "aws_default_region" {
-  project = data.gitlab_project.this.id
+  for_each = data.gitlab_project.this
+
+  project = each.value.id
 
   protected = false
   masked    = false
@@ -29,7 +34,9 @@ resource "gitlab_project_variable" "aws_default_region" {
 }
 
 resource "gitlab_project_variable" "cloudfront_distribution_id" {
-  project = data.gitlab_project.this.id
+  for_each = data.gitlab_project.this
+
+  project = each.value.id
 
   protected = false
   masked    = false
@@ -42,7 +49,9 @@ resource "gitlab_project_variable" "cloudfront_distribution_id" {
 }
 
 resource "gitlab_project_variable" "site_aws_access_key_id" {
-  project = data.gitlab_project.this.id
+  for_each = data.gitlab_project.this
+
+  project = each.value.id
 
   protected = false
   masked    = false
@@ -55,7 +64,9 @@ resource "gitlab_project_variable" "site_aws_access_key_id" {
 }
 
 resource "gitlab_project_variable" "site_aws_secret_access_key" {
-  project = data.gitlab_project.this.id
+  for_each = data.gitlab_project.this
+
+  project = each.value.id
 
   protected = false
   masked    = true

diff --git a/modules/gitlab/variables.tf b/modules/gitlab/variables.tf
@@ -1,5 +1,5 @@
-variable "gitlab_project_id" {
-  type = string
+variable "gitlab_project_ids" {
+  type = list(string)
 }
 
 variable "gitlab_environment" {

diff --git a/variables.tf b/variables.tf
@@ -22,10 +22,16 @@ variable "s3_bucket_policy" {
   description = "Additional S3 bucket policy"
 }
 
-variable "gitlab_project_id" {
+variable "gitlab_project_ids" {
   description = "Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache"
+  type        = list(string)
+  default     = []
+}
+
+variable "gitlab_project_id" {
   type        = string
-  default     = null
+  description = "Deprecated: Use gitlab_project_ids instead"
+  default     = ""
 }
 
 variable "gitlab_environment" {