Skip to content

Commit

Permalink
chore: simplify Terraform pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
afeld committed Jul 18, 2022
1 parent e8d4019 commit 70b2093
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 21 deletions.
28 changes: 10 additions & 18 deletions azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,44 +8,36 @@ trigger:
include:
- terraform/*
stages:
- stage: __default
- stage: plan
pool:
vmImage: ubuntu-latest
jobs:
- job: Job
- job: plan
steps:
- task: replacetokens@5
inputs:
targetFiles: "**/*.tf"
encoding: "auto"
tokenPattern: "custom"
tokenPrefix: "__"
tokenSuffix: "__"
writeBOM: true
escapeType: "none"
actionOnMissing: "warn"
keepToken: false
actionOnNoFiles: "continue"
enableTransforms: false
enableRecursion: false
useLegacyPattern: false
enableTelemetry: true
# https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformInstaller#readme
- task: TerraformInstaller@0
displayName: Install Terraform
inputs:
terraformVersion: 1.2.4
# https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformTask/TerraformTaskV3#readme
- task: TerraformTaskV3@3
displayName: Terraform init
inputs:
provider: "azurerm"
command: "init"
workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
# service connection
backendServiceArm: "Production"
# needs to match main.tf
backendAzureRmResourceGroupName: "RG-CDT-PUB-VIP-CALITP-P-001"
backendAzureRmStorageAccountName: "sacdtcalitpp001"
backendAzureRmContainerName: "tfstate"
backendAzureRmKey: "terraform.tfstate"
- task: TerraformTaskV3@3
displayName: Terraform plan
inputs:
provider: "azurerm"
command: "plan"
workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
# service connection
environmentServiceNameAzureRM: "Production"
15 changes: 12 additions & 3 deletions docs/deployment/infrastructure.md
Original file line number Diff line number Diff line change
Expand Up @@ -111,13 +111,22 @@ az webapp log tail --resource-group RG-CDT-PUB-VIP-CALITP-P-001 --name AS-CDT-PU

https://as-cdt-pub-vip-calitp-p-001-dev.scm.azurewebsites.net/api/logs/docker

## Continuous integration (CI)

[![Build Status](https://calenterprise.visualstudio.com/CDT.OET.CAL-ITP/_apis/build/status/cal-itp.benefits%20Infra?branchName=dev)](https://calenterprise.visualstudio.com/CDT.OET.CAL-ITP/_build/latest?definitionId=828&branchName=dev)

The Terraform configuration is `plan`'d through an Azure Pipeline. It's done there rather than GitHub Actions for a couple of reasons:

- Easier authentication with the Azure API using a service connnection
- Log output is hidden, avoiding accidentally leaking secrets

## Making changes

1. Get access to the Azure account through the DevSecOps team.

1. Install dependencies:
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
- [Terraform](https://www.terraform.io/downloads)

- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
- [Terraform](https://www.terraform.io/downloads)

1. [Authenticate using the Azure CLI](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli), specifying the `CDT/ODI Production` Subscription.

Expand Down
1 change: 1 addition & 0 deletions terraform/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ terraform {
}

backend "azurerm" {
# needs to match azure-pipelines.yml
resource_group_name = "RG-CDT-PUB-VIP-CALITP-P-001"
storage_account_name = "sacdtcalitpp001"
container_name = "tfstate"
Expand Down

0 comments on commit 70b2093

Please sign in to comment.