This repository contains an example of how to use an OCI repository to store and retrieve terraform artifacts and use them within the spacelift platform.
- A Spacelift Account
- Some sort of OCI repository, this repository uses ghcr.io (githubs package registry)
- An AWS Account
Under the management/custom-images directory is a Dockerfile that must be used in stacks that are running this workflow. That image adds docker cli and flux-cli to the spacelift runner image.
The image is not hosted anywhere, so you will need to build it (via docker build) and push it to your own repository. Additionally, management/stacks.tf will need updated to use that runner_image you are hosting.
From a high level, the process is as follows:
- A developer creates a change to the
aws/important-s3-bucketsdirectory. - The developer pushes that change to git and opens a pull request.
- Spacelift triggers a proposed change in the
oci-proposalsstack.- Note: this stack has policies applied to it that only allow proposals and will block any applies.
- Once a developer confirms the proposal, they can merge the pull request to main.
- The github action setup in
.githubwill build the artifacts withflux-cliand push them to the OCI repository.- Note: the
oci-devstack does not get automatically triggered.
- Note: the
- After the artifacts are pushed to the OCI repository, and the team is ready for the change to be promoted to the
devenvironment. The developer can editlocals.tfand add the new version of the artifact intodev_oci_version. - The developer can then trigger the
oci-devstack. - Inside spacelift, the stack will pull the artifact from ghcr, and plan / apply the changes contained within.
- After applying, the spacelift stack will then retag the image in preperation for the next environment with
{next_env}.{version}.
There are 4 important directories in this repository:
.githubholds a workflow that builds and pushes the terraform artifacts to the OCI repository.awsholds an example s3 bucket configmanagementis a managment stack in spacelift that will create nessesary, reusable, contexts, policies, stacks, etc.modulesholds a module that can configure spacelift stacks repeatably.