/
Taskfile.yml
168 lines (129 loc) · 3.62 KB
/
Taskfile.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# https://taskfile.dev
version: '3'
dotenv: ['.env']
output: prefixed
silent: true
env:
ENVIRONMENT: sandbox
vars:
GREETING: Terraform Taskfile!
PROJECT: XYZ
STACK: network
GIT_PROFILE: xyz-shared
AWS_PROFILE: xyz-test
AWS_ACCOUNT: 1234567890
AWS_REGION: eu-west-1
tasks:
default:
desc: Terraform Taskfile!
cmds:
- echo "{{.GREETING}}"
- echo ">> Environment {{.ENVIRONMENT}} Region {{.AWS_REGION}}"
- task -l
test:
desc: Test workflow.
prefix: test
cmds:
- task: fmt
- task: validate
- task: tflint
- task: tfsec
- task: tfcheck
clean:
desc: Terraform clean.
cmds:
- rm -rf {{.STACK}}/.terraform/
- rm -f {{.STACK}}/.terraform.lock.hcl
init:
desc: Terraform init.
cmds:
- terraform -chdir={{.STACK}} init
upgrade:
desc: Terraform upgrade.
cmds:
- terraform -chdir={{.STACK}} init -upgrade=true
validate:
desc: Terraform validate.
deps:
- task: init
cmds:
- terraform -chdir={{.STACK}} validate
fmt:
desc: Terraform fmt.
cmds:
- terraform -chdir={{.STACK}} fmt -check -diff
plan:
desc: Terraform plan.
deps:
- task: init
cmds:
- terraform -chdir={{.STACK}} plan -compact-warnings
apply:
desc: Terraform apply.
deps:
- task: init
cmds:
- terraform -chdir={{.STACK}} apply -auto-approve -compact-warnings
output:
desc: Terraform output.
deps:
- task: init
cmds:
- terraform -chdir={{.STACK}} output
cost:
desc: infracost - Generate cost estimates from Terraform
deps:
- task: init
cmds:
- infracost --tfdir {{.STACK}} --show-skipped
tflint:
desc: tflint - A Pluggable Terraform Linter
dir: $STACK
cmds:
- tflint --config=../.tflint.hcl --var-file=terraform.tfvars .
tfsec:
desc: tfsec - a simple tool to detect potential security vulnerabilities in your terraformed infrastructure.
dir: $STACK
cmds:
- tfsec . --soft-fail --config-file ../.tfsec.yml --tfvars-file terraform.tfvars --custom-check-dir ../.tfsec --concise-output
tfcheck:
desc: checkov - Prevent cloud misconfigurations during build-time for IaC tools
dir: $STACK
cmds:
- checkov --framework terraform --soft-fail --directory .
drift:
desc: driftctl - Detect, track and alert on infrastructure drift.
cmds:
- |
driftctl scan \
--from tfstate+s3://{{.ACCOUNT_ID}}-{{.REGION}}-tf-state/state/dev-app.tfstate \
--from tfstate+s3://{{.ACCOUNT_ID}}-{{.REGION}}-tf-state/state/dev-data.tfstate \
--from tfstate+s3://{{.ACCOUNT_ID}}-{{.REGION}}-tf-state/state/dev-network.tfstate
tfdoc:
desc: terraform-docs - A utility to generate documentation from Terraform modules in various output formats
dir: $STACK
cmds:
- terraform-docs markdown . --config ../.terraform-docs.yml --sort-by-required | pbcopy
tfdoc-v2:
desc: terraform-docs - A utility to generate documentation from Terraform modules in various output formats
dir: "env/{{.ENV }}/{{.REGION}}"
cmds:
- terraform-docs markdown . --config ../../../.terraform-docs.yml --output-file README.md
tfenv:
desc: tfenv
cmds:
- tfenv use
inframap:
desc: inframap
cmds:
- inframap generate --hcl .
kubeconfig:
desc: kubeconfig - Allow kubectl access to EKS cluster
dir: "env/{{.ENV }}/{{.REGION}}"
cmds:
- mkdir -p $HOME/.kube
- terraform output -raw kubeconfig > $HOME/.kube/config
print:
cmds:
- echo "{{.ENV}}"
- echo "{{.STACK}}"