viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(provision): merge terragrunt-apply into single shell block for env persistence

Browse source
This commit is contained in:
Viktor Barzin 2026-03-18 00:11:14 +00:00
parent 7a24ff6702
commit de6a5caecc
1 changed files with 15 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

32
.woodpecker/provision-user.yml
View file

@ -134,31 +134,29 @@ steps:
limits: limits:
memory: 6Gi memory: 6Gi
commands: commands:
- "apk update && apk add curl unzip git openssh-client python3 py3-pip py3-yaml"
# Install sops
- "wget -qO /usr/local/bin/sops https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64"
- "chmod 755 /usr/local/bin/sops"
# Install Terraform
- "wget -qO /tmp/terraform.zip https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip"
- "unzip -o /tmp/terraform.zip -d /usr/local/bin/ && chmod 755 /usr/local/bin/terraform"
# Install Terragrunt
- "wget -qO /usr/local/bin/terragrunt https://github.com/gruntwork-io/terragrunt/releases/download/v0.99.4/terragrunt_linux_amd64"
- "chmod 755 /usr/local/bin/terragrunt"
# Source Vault token
- "source .vault-env"
# Apply stacks sequentially: vault → rbac → cloudflared → woodpecker
- | - |
source .vault-env set -e
apk update && apk add curl unzip git openssh-client python3 py3-pip py3-yaml
# Install sops
wget -qO /usr/local/bin/sops https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64
chmod 755 /usr/local/bin/sops
# Install Terraform
wget -qO /tmp/terraform.zip https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip
unzip -o /tmp/terraform.zip -d /usr/local/bin/ && chmod 755 /usr/local/bin/terraform
# Install Terragrunt
wget -qO /usr/local/bin/terragrunt https://github.com/gruntwork-io/terragrunt/releases/download/v0.99.4/terragrunt_linux_amd64
chmod 755 /usr/local/bin/terragrunt
# Source Vault token (must be in same shell block)
. .vault-env
export VAULT_ADDR export VAULT_ADDR
export VAULT_TOKEN export VAULT_TOKEN
echo "Vault token acquired, applying stacks..."
# Apply stacks sequentially: vault → rbac → cloudflared → woodpecker
for stack in vault rbac cloudflared woodpecker; do for stack in vault rbac cloudflared woodpecker; do
echo "=== Applying stack: $stack ===" echo "=== Applying stack: $stack ==="
cd "stacks/$stack" cd "stacks/$stack"
# Decrypt state
../../scripts/state-sync decrypt "$stack" || true ../../scripts/state-sync decrypt "$stack" || true
# Apply
terragrunt apply --non-interactive -auto-approve -backup=- terragrunt apply --non-interactive -auto-approve -backup=-
# Encrypt state
../../scripts/state-sync encrypt "$stack" || true ../../scripts/state-sync encrypt "$stack" || true
cd ../.. cd ../..
echo "=== Done: $stack ===" echo "=== Done: $stack ==="