Push Workflow

Note: Premium video content requires a subscription.

We’ll review the push part of the pipeline. Here’s the relevant part of .gitlab-ci.yml that handles it.


image: ruby:latest

  - up dev
# ...

before_script: |
  # install terraform
  git clone https://github.com/tfutils/tfenv.git ~/.tfenv
  echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> ~/.bash_profile
  export PATH="$HOME/.tfenv/bin:$PATH"
  tfenv install 1.5.5 # do not use later than 1.5.5
  tfenv use 1.5.5
  terraform --version
  # install terraspace
  bundle exec terraspace new shim
  echo 'export PATH="/usr/local/bin:$PATH' >> ~/.bash_profile
  export PATH="/usr/local/bin:$PATH"
  # install infracost
  curl -fsSL https://raw.githubusercontent.com/infracost/infracost/master/scripts/install.sh | sh

# ...

  stage: up dev
    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "main"'
    - terraspace up demo -y

# ...


The pipeline uses the ruby:latest Docker image.

The first part with the before_script installs terraform and terraspace. This pipeline hook will run for every stage. This is because each GitLab pipeline stage run on a “fresh” environment. This was a GitLab design decision.

Environment Variables

We should set these environment variables. Note that the AWS variables are required only if you’re using terraspace_plugin_aws.

With GitLab, you set the environment variables in the Settings -> CI/CD -> Variables section.


  1. Go to the Repo Settings. It’s the tab on the left-hand side. You must own the repo or have admin permissions to see it.
  2. On the left-hand menu, go to CI/CD.
  3. Under the Variables section on the page, click Expand
  4. Create the variable, IE: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, GITLAB_TOKEN, and TS_TOKEN. You should uncheck Protect variable if your branch is not protected.

Terraspace Command

At the very end, the terraspace up demo -y command will run to deploy the demo stack. You can customize this command or add additional commands. IE: You probably want to use terraspace all up if you prefer.

Commit and Push

Let’s commit and push the files.

git add .
git commit -m 'add ci'
git push -u origin main

This starts the build process immediately.


After the job starts, you’ll see something like the following. You may have to refresh to see the job running.

You can see that a resource was created.

Next, we’ll look at the Merge Request Pipeline.

More tools: