Release terraform with use of bitbucket shared-ci pipelines

In this post, I will describe how to use a terraform plan and apply it with bitbucket pipelines using the shared-ci feature.

Shared-ci is bitbucket premium feature used to establish consistent workflows and reduce copying and pasting yml from one repo to another.

More information about shared-ci pipelines can be found on the bitbucket webpage at this link

As we can think of shared-ci as templates, we can then have a separate repo for terraform code where our bitbucket-pipelines.yml will reside.

The pipeline that should serve as a template will look like this:

export: true

image: hashicorp/terraform:1.9

definitions:
 pipelines:
 terraform-validate:
 - step:
 name: 'Validate Terraform'
 script:
 - terraform -chdir=terraform/infrastructure init -backend-config="config/$TF_ENV.init" -reconfigure -upgrade
 - terraform validate
 - terraform -chdir=terraform/infrastructure plan -out=terraform-plan.out -parallelism=15
 terraform-apply:
 - step:
 name: 'Validate Terraform'
 script:
 - terraform -chdir=terraform/infrastructure init -backend-config="config/$TF_ENV.init" -reconfigure -upgrade
 - terraform validate
 - terraform -chdir=terraform/infrastructure plan -out=terraform-plan.out -parallelism=15
 artifacts:
 - terrafrom-plan.out
 - step:
 name: 'Apply Terraform for EU'
 trigger: manual
 script:
 - terraform -chdir=terraform/infrastructure init -backend-config="config/$TF_ENV.init" -reconfigure -upgrade
 - terraform -chdir=terraform/infrastructure apply -auto-approve

The main thing that we have is export: true to say this pipeline is used as a template, and in definition part we specify our steps.

In this example, the pipeline is exporting two actions terraform-validate and terraform-plan. This will be used in other bitbucket repository where we want to run defined steps.

In the other repo where we want to run our terraform steps which we defined in a previous step, we need to create a file bitbucket-pipelines.yml and define our pipeline.

pipelines:
 branches:
 "**":
 import: <repo_name>:<branch>:terraform-validate
 main:
 import: <repo_name>:<branch>:terraform-apply

In this example, terraform-validate is run for every merge, and terraform-apply is run when we merge to the main branch.