From 70b2093e5a14a9d20e1534edca4779a9a269980d Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Mon, 18 Jul 2022 16:12:58 -0400 Subject: [PATCH] chore: simplify Terraform pipeline --- azure-pipelines.yml | 28 ++++++++++------------------ docs/deployment/infrastructure.md | 15 ++++++++++++--- terraform/main.tf | 1 + 3 files changed, 23 insertions(+), 21 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index b022d1a78..53403aec8 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -8,44 +8,36 @@ trigger: include: - terraform/* stages: - - stage: __default + - stage: plan pool: vmImage: ubuntu-latest jobs: - - job: Job + - job: plan steps: - - task: replacetokens@5 - inputs: - targetFiles: "**/*.tf" - encoding: "auto" - tokenPattern: "custom" - tokenPrefix: "__" - tokenSuffix: "__" - writeBOM: true - escapeType: "none" - actionOnMissing: "warn" - keepToken: false - actionOnNoFiles: "continue" - enableTransforms: false - enableRecursion: false - useLegacyPattern: false - enableTelemetry: true + # https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformInstaller#readme - task: TerraformInstaller@0 + displayName: Install Terraform inputs: terraformVersion: 1.2.4 + # https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformTask/TerraformTaskV3#readme - task: TerraformTaskV3@3 + displayName: Terraform init inputs: provider: "azurerm" command: "init" workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" + # service connection backendServiceArm: "Production" + # needs to match main.tf backendAzureRmResourceGroupName: "RG-CDT-PUB-VIP-CALITP-P-001" backendAzureRmStorageAccountName: "sacdtcalitpp001" backendAzureRmContainerName: "tfstate" backendAzureRmKey: "terraform.tfstate" - task: TerraformTaskV3@3 + displayName: Terraform plan inputs: provider: "azurerm" command: "plan" workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" + # service connection environmentServiceNameAzureRM: "Production" diff --git a/docs/deployment/infrastructure.md b/docs/deployment/infrastructure.md index 86ad0c0cf..13813bd06 100644 --- a/docs/deployment/infrastructure.md +++ b/docs/deployment/infrastructure.md @@ -111,13 +111,22 @@ az webapp log tail --resource-group RG-CDT-PUB-VIP-CALITP-P-001 --name AS-CDT-PU https://as-cdt-pub-vip-calitp-p-001-dev.scm.azurewebsites.net/api/logs/docker +## Continuous integration (CI) + +[![Build Status](https://calenterprise.visualstudio.com/CDT.OET.CAL-ITP/_apis/build/status/cal-itp.benefits%20Infra?branchName=dev)](https://calenterprise.visualstudio.com/CDT.OET.CAL-ITP/_build/latest?definitionId=828&branchName=dev) + +The Terraform configuration is `plan`'d through an Azure Pipeline. It's done there rather than GitHub Actions for a couple of reasons: + +- Easier authentication with the Azure API using a service connnection +- Log output is hidden, avoiding accidentally leaking secrets + ## Making changes 1. Get access to the Azure account through the DevSecOps team. - 1. Install dependencies: - - [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) - - [Terraform](https://www.terraform.io/downloads) + + - [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) + - [Terraform](https://www.terraform.io/downloads) 1. [Authenticate using the Azure CLI](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli), specifying the `CDT/ODI Production` Subscription. diff --git a/terraform/main.tf b/terraform/main.tf index 61862c1e2..e8b0210cb 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -7,6 +7,7 @@ terraform { } backend "azurerm" { + # needs to match azure-pipelines.yml resource_group_name = "RG-CDT-PUB-VIP-CALITP-P-001" storage_account_name = "sacdtcalitpp001" container_name = "tfstate"