Skip to main content

Version Control Settings

To configure your workflow's source code to be fetched, you have two options under Source and Parameters:

  1. VCS Provider: Fetch code directly from supported Git providers like GitHub, GitLab, etc.
  2. Subscribed Templates: Leverage pre-defined templates from the StackGuardian Library for quick and code-free deployment setups.
note

Learn how to create an IAC template. These templates act as automated blueprints for managing infrastructure as code, offering benefits such as no-code interfaces and lifecycle management capabilities.

Selecting a VCS Provider:​

  • Choose a supported "Git provider" using the HTTPS protocol, or select "Git Others (SSH, Secrets, or public Repo)" for other Git providers and SSH access.

For HTTPS Repositories:​

  • For private repositories, select the VCS provider from the dropdown. Refer to the VCS Connectors documentation for detailed setup instructions.

For SSH Repositories:​

  • Create a secret in the Vault containing your private SSH key and select the appropriate Authentication method. You can use a secret or a connector to authenticate against private repositories (e.g., /secrets/your-ssh-key or /integrations/github_com). For detailed instructions, see How to create a secret.

Advanced Options​

Stackguardian provides the following options under advanced setups:

Reference​

Specify a Git reference such as a branch, tag, or commit to fetch the code at runtime.

Working Directory​

Define a specific directory path within the repository to run operations if not located at the root (e.g., infra, app1/aws/ec2).

Git Sparse Checkout Config​

This option allows specifying paths to selectively checkout parts of a repository. Here are some examples:

  • To include the entire repository except for the .terraform directory and the backend.tf file: 
    /**
    !.terraform
    !backend.tf
  • To include only the IaC directory from the root and exclude the IaC/Documentation subdirectory: 
    /IaC
    !/IaC/Documentation
note

Exclusion rules should be placed after inclusion rules.

Enable git core.autocrlf​

When enabled, Git will automatically convert line endings, which helps maintain consistent line endings for files that are checked out across different operating systems, like Windows and Unix.

Template Parameters​

Choose how to provide inputs variables to a template, enabling parameterized terraform executions.

  • Select a "Subscribed Template" to utilise SG noCode form to pass input variables to the template parameters,

  • Available with source type "Subscribed Template" or "Git Repository", use JSON-Formatted Input to provide inputs in key-value format,

Example: Using a Private Repository in Workflows​

This guide demonstrates how to configure a workflow to execute Terraform code using the Terraform Workflow Type. Begin by forking the Infrastructure as Code template that deploys an S3 bucket for hosting a static website from this GitHub repository: template-tf-aws-s3-demo-website. Alternatively, you may use your own IaC code sourced from Git.

Next, select Git Repository and enter the Repository URL for the forked Terraform code.

info

To integrate a private GitHub.com repository, you can either use an existing GitHub Integration or set up a new one via VCS Connectors.

Although the template includes default values for Terraform variables, you can override them directly within the StackGuardian Platform under the Template Parameters section. Provide a JSON-formatted tfvars file to pass customized values during workflow execution. This enables creating highly parameterized IaC templates that adapt based on the values provided directly from the Workflow. An example configuration is shown below:

{
  "bucket_region": "eu-central-1",
  "s3_bucket_acl": "public-read",
  "s3_bucket_force_destroy": true,
  "s3_bucket_block_public_acls": false,
  "s3_bucket_block_public_policy": false,
  "s3_bucket_ignore_public_acls": false,
  "s3_bucket_restrict_public_buckets": false,
  "s3_bucket_tags": {},
  "s3_bucket_versioning": {
    "enabled": "true",
    "mfa_delete": "false"
  }
}

Working with Privately Hosted Version Control Systems

Working with Privately Hosted Version Control Systems When configuring VCS settings for a privately-hosted Git server, you can use Private Runners Groups to access these servers at the network level.

By following these steps, you can easily configure and execute Terraform workflows using both public and private repositories, ensuring secure and seamless infrastructure deployments.