Bitbucket pipeline with cdk for terraform

hello,

i’m trying to use the shiny cdktf and need to integrate it inside of an bitbucket pipeline.

my bitbucket-pipelines.yml looks like this right now:

image: node:14.4.0-alpine
options:
  docker: true

definitions:
  steps:
    - step: &deploy
        name: deployment
        script:
          - cd terraform
          - apk add terraform --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
          - npm install -g cdktf-cli
          - npm install
          - npm run synth
          - cd cdktf.out && terraform apply

pipelines:
  default: &default
    - parallel:
        - step: *deploy
  branches:
    develop:
      - <<: *default
    integration:
      - <<: *default
    master:
      - <<: *default

i’ve also tried “terraform init” but it doesn’t seem to find the config.
can somebody guide me here?

the above ends with:

Error: No configuration files

although they are generated.

Hi!

Which version of the CDK for Terraform are you using?
Since 0.3.0 we support multiple stacks which each reside in a subdirectory in cdktf.out.

See here for more information: terraform-cdk/app-stacks-concept.md at main · hashicorp/terraform-cdk · GitHub

You can also run cdktf list which will print the output directories.

Stack name
cdktf-hello

Path
cdktf.out/stacks/cdktf-hello

package.json:

“dependencies”: {
@cdktf/provider-aws”: “^1.0.80”,
“cdktf”: “^0.4.0”,
“constructs”: “^3.3.75”
},

Ah, alright.

So you would need to adjust your last command of the script to

cd cdktf.out/stacks/cdktf-hello && terraform apply
1 Like

ah nice! thank you, makes sense.

one last thing now:

Error: Required token could not be found

when terraform init is being called.

although there is a .terraformrc file which includes:

credentials “app.terraform.io” {
token = “xxxxxxxxxx”
}

I don’t know about the specifics of that file, but in which directory is it located? And in which directory does it need to be?

Good question. I’ve put into every directory without any change unfortunately.

or does it need to be here now?

/.terraform.d/credentials.tfrc.json with different name ?

answered it myself.

must be this file from above and foundable under ~/.terraform.d/
so the bitbucket pipeline needs to be something like this:

image: node:14.4.0-alpine
options:
  docker: true

definitions:
  steps:
    - step: &deploy
        name: deployment
        script:
          - cd terraform
          - apk add terraform --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
          - npm install -g cdktf-cli
          - npm install
          - npm run synth
          - cp credentials.tfrc.json ~/.terraform.d/
          - cd cdktf.out/stacks/cdktf-hello
          - terraform init
          - terraform validate

Glad that you figured it out.

Another option would be to set TFE_TOKEN as an environment variable for the Bitbucket pipelines. This way you don’t have to check a secret into your repository (if that’s what you’re doing currently).

1 Like

it is, but just for testing purposes. environment variable for the pipeline will be the final way.

1 Like

pipeline now succeeded. but although terraform init & validate worked, i don’t see anything in terraform cloud.

Does the generated cdk.tf.json (via synth) contain any resources?

yes. i may just have not enough rights maybe ?

although i’m the owner of this test organization and therefore workspace.

What kinds of resources are you provisioning?
Is remote execution enabled for Terraform Cloud or does it run “locally” (i.e. in Bitbucket Pipelines)?

You could also try to debug by adding a terraform plan and see what it outputs.