Component: argocd-repo
This component is responsible for creating and managing an ArgoCD desired state repository.
Usage
Stack Level: Regional
The following are example snippets of how to use this component:
# stacks/argocd/repo/default.yaml
components:
terraform:
argocd-repo:
vars:
enabled: true
github_user: ci-acme
github_user_email: [email protected]
github_organization: ACME
github_codeowner_teams:
- "@ACME/cloud-admins"
- "@ACME/cloud-posse"
# the team must be present in the org where the repository lives
# team_slug is the name of the team without the org
# e.g. `@cloudposse/engineering` is just `engineering`
permissions:
- team_slug: admins
permission: admin
- team_slug: bots
permission: admin
- team_slug: engineering
permission: push
# stacks/argocd/repo/non-prod.yaml
import:
- catalog/argocd/repo/defaults
components:
terraform:
argocd-deploy-non-prod:
component: argocd-repo
settings:
spacelift:
workspace_enabled: true
vars:
name: argocd-deploy-non-prod
description: "ArgoCD desired state repository (Non-production) for ACME applications"
environments:
- tenant: mgmt
environment: uw2
stage: sandbox
# stacks/mgmt-gbl-corp.yaml
import:
...
- catalog/argocd/repo/non-prod
...
If the repository already exists, it will need to be imported (replace names of IAM profile var file accordingly):
$ export TF_VAR_github_token_override=[REDACTED]
$ atmos terraform varfile argocd-deploy-non-prod -s mgmt-gbl-corp
$ cd components/terraform/argocd-repo
$ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="mgmt-gbl-corp-argocd-deploy-non-prod.terraform.tfvars.json" "github_repository.default[0]" argocd-deploy-non-prod
$ atmos terraform varfile argocd-deploy-non-prod -s mgmt-gbl-corp
$ cd components/terraform/argocd-repo
$ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="mgmt-gbl-corp-argocd-deploy-non-prod.terraform.tfvars.json" "github_branch.default[0]" argocd-deploy-non-prod:main
$ cd components/terraform/argocd-repo
$ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="mgmt-gbl-corp-argocd-deploy-non-prod.terraform.tfvars.json" "github_branch_default.default[0]" argocd-deploy-non-prod
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 4.0 |
| github | >= 4.0 |
| random | >= 2.3 |
| tls | >= 3.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 4.0 |
| github | >= 4.0 |
| tls | >= 3.0 |
Modules
| Name | Source | Version |
|---|---|---|
| iam_roles | ../account-map/modules/iam-roles | n/a |
| store_write | cloudposse/ssm-parameter-store/aws | 0.11.0 |
| this | cloudposse/label/null | 0.25.0 |
Resources
| Name | Type |
|---|---|
| github_branch_default.default | resource |
| github_branch_protection.default | resource |
| github_repository.default | resource |
| github_repository_deploy_key.default | resource |
| github_repository_file.application_set | resource |
| github_repository_file.codeowners_file | resource |
| github_repository_file.gitignore | resource |
| github_repository_file.pull_request_template | resource |
| github_repository_file.readme | resource |
| github_team_repository.default | resource |
| tls_private_key.default | resource |
| aws_ssm_parameter.github_api_key | data source |
| github_repository.default | data source |
| github_team.default | data source |
| github_user.automation_user | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_tag_map | Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id.This is for some rare cases where resources want additional configuration of tags and therefore take a list of maps with tag key, value, and additional configuration. | map(string) | {} | no |
| attributes | ID element. Additional attributes (e.g. workers or cluster) to add to id,in the order they appear in the list. New attributes are appended to the end of the list. The elements of the list are joined by the delimiterand treated as a single ID element. | list(string) | [] | no |
| context | Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value.Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. | any | | no |
| create_repo | Whether or not to create the repository or use an existing one | bool | true | no |
| delimiter | Delimiter to be used between ID elements. Defaults to - (hyphen). Set to "" to use no delimiter at all. | string | null | no |
| description | The description of the repository | string | null | no |
| descriptor_formats | Describe additional descriptors to be output in the descriptors output map.Map of maps. Keys are names of descriptors. Values are maps of the form {<br/> format = string<br/> labels = list(string)<br/>}(Type is any so the map values can later be enhanced to provide additional options.)format is a Terraform format string to be passed to the format() function.labels is a list of labels, in order, to pass to format() function.Label values will be normalized before being passed to format() so they will beidentical to how they appear in id.Default is {} (descriptors output will be empty). | any | {} | no |
| enabled | Set to false to prevent the module from creating any resources | bool | null | no |
| environment | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | string | null | no |
| environments | Environments to populate applicationset.yaml files and repository deploy keys (for ArgoCD) for.auto-sync determines whether or not the ArgoCD application will be automatically synced.ignore-differences determines whether or not the ArgoCD application will ignore the number ofreplicas in the deployment. Read more on ignore differences here: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs Example: | | [] | no |
| github_base_url | This is the target GitHub base API endpoint. Providing a value is a requirement when working with GitHub Enterprise. It is optional to provide this value and it can also be sourced from the GITHUB_BASE_URL environment variable. The value must end with a slash, for example: https://terraformtesting-ghe.westus.cloudapp.azure.com/ | string | null | no |
| github_codeowner_teams | List of teams to use when populating the CODEOWNERS file. For example: ["@ACME/cloud-admins", "@ACME/cloud-developers"]. | list(string) | n/a | yes |
| github_default_notifications_enabled | Enable default GitHub commit statuses notifications (required for CD sync mode) | string | true | no |
| github_organization | GitHub Organization | string | n/a | yes |
| github_token_override | Use the value of this variable as the GitHub token instead of reading it from SSM | string | null | no |
| github_user | Github user | string | n/a | yes |
| github_user_email | Github user email | string | n/a | yes |
| gitignore_entries | List of .gitignore entries to use when populating the .gitignore file. For example: [".idea/", ".vscode/"]. | list(string) | n/a | yes |
| id_length_limit | Limit id to this many characters (minimum 6).Set to 0 for unlimited length.Set to null for keep the existing setting, which defaults to 0.Does not affect id_full. | number | null | no |
| label_key_case | Controls the letter case of the tags keys (label names) for tags generated by this module.Does not affect keys of tags passed in via the tags input.Possible values: lower, title, upper.Default value: title. | string | null | no |
| label_order | The order in which the labels (ID elements) appear in the id.Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | list(string) | null | no |
| label_value_case | Controls the letter case of ID elements (labels) as included in id,set as tag values, and output by this module individually. Does not affect values of tags passed in via the tags input.Possible values: lower, title, upper and none (no transformation).Set this to title and set delimiter to "" to yield Pascal Case IDs.Default value: lower. | string | null | no |
| labels_as_tags | Set of labels (ID elements) to include as tags in the tags output.Default is to include all labels. Tags with empty values will not be included in the tags output.Set to [] to suppress all generated tags.Notes: The value of the name tag, if included, will be the id, not the name.Unlike other null-label inputs, the initial setting of labels_as_tags cannot bechanged in later chained modules. Attempts to change it will be silently ignored. | set(string) | | no |
| name | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. This is the only ID element not also included as a tag.The "name" tag is set to the full id string. There is no tag with the value of the name input. | string | null | no |
| namespace | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | string | null | no |
| permissions | A list of Repository Permission objects used to configure the team permissions of the repositoryteam_slug should be the name of the team without the @{org} e.g. @cloudposse/team => teampermission is just one of the available values listed below | | [] | no |
| regex_replace_chars | Terraform regular expression (regex) string. Characters matching the regex will be removed from the ID elements. If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits. | string | null | no |
| region | AWS Region | string | n/a | yes |
| ssm_github_api_key | SSM path to the GitHub API key | string | "/argocd/github/api_key" | no |
| ssm_github_deploy_key_format | Format string of the SSM parameter path to which the deploy keys will be written to (%s will be replaced with the environment name) | string | "/argocd/deploy_keys/%s" | no |
| stage | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | string | null | no |
| tags | Additional tags (e.g. {'BusinessUnit': 'XYZ'}).Neither the tag keys nor the tag values will be modified by this module. | map(string) | {} | no |
| tenant | ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for | string | null | no |
Outputs
| Name | Description |
|---|---|
| deploy_keys_ssm_path_format | SSM Parameter Store path format for the repository's deploy keys |
| deploy_keys_ssm_paths | SSM Parameter Store paths for the repository's deploy keys |
| repository_default_branch | Repository default branch |
| repository_description | Repository description |
| repository_git_clone_url | Repository git clone URL |
| repository_ssh_clone_url | Repository SSH clone URL |
| repository_url | Repository URL |
References
- cloudposse/terraform-aws-components - Cloud Posse's upstream component
CHANGELOG
Components PR #851
This is a bug fix and feature enhancement update. There are few actions necessary to upgrade.
Upgrade actions
- Enable
github_default_notifications_enabled(settrue)
components:
terraform:
argocd-repo-defaults:
metadata:
type: abstract
vars:
enabled: true
github_default_notifications_enabled: true
- Apply changes with Atmos
Features
- Support predefined GitHub commit status notifications for CD sync mode:
on-deploy-startedapp-repo-github-commit-statusargocd-repo-github-commit-status
on-deploy-succededapp-repo-github-commit-statusargocd-repo-github-commit-status
on-deploy-failedapp-repo-github-commit-statusargocd-repo-github-commit-status
Bug Fixes
- Remove legacy unnecessary helm values used in old ArgoCD versions (ex.
workflow authconfigs) and dropped notifications services