-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpipeline.yaml
91 lines (82 loc) · 4.74 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# This is the pipeline to deploy SPOKES
# You will need to pass the following variables to this pipeline or specify in the variables in this file:
# serviceConnection - name of the DevOps service connection to deploy with
# workspaceName - Name of terraform workspace for this environment. MUST match the environment name.
# tfstate_sa - The storage account name that contains the tfstate.
# tfstate_rg - The resource group that contains the tfstate storage account - specify if not in the same subscription you're deploying to.
# tfstate_sub - The subscription ID that contains the tfstate storage account - specify if not in the same subscription you're deploying to.
# adds_ospassword - The password for the domain controller VMs that will be created. !!This should be securely passed from DevOps!!
#
# DO NOT SPECIFY SECRETS IN THIS FILE, securely pass them via DevOps pipeline variable
trigger:
branches:
include:
- main
pool:
vmImage: "ubuntu-latest"
variables:
terraform_version: 1.0.7
workspaceName: MyLab
serviceConnection: smithdavid-aia-SC
tfstate_sa: smithdavidaiatfstate01
# If the tfstate storage account is in a different subscription than you're deploying to, uncomment and enter the rg and sub below. Comment out line 49, uncomment line 50. This assumes the SPN has rights to the SA.
#tfstate_rg:
#tfstate_sub:
steps:
- script: |
wget --quiet https://releases.hashicorp.com/terraform/$(terraform_version)/terraform_$(terraform_version)_linux_amd64.zip
unzip terraform_$(terraform_version)_linux_amd64.zip
rm terraform_$(terraform_version)_linux_amd64.zip
chmod +x terraform
displayName: Install Terraform
- task: AzureCLI@1
inputs:
azureSubscription: $(serviceConnection)
addSpnToEnvironment: true
scriptLocation: inlineScript
failOnStandardError: false
inlineScript: |
echo "##vso[task.setvariable variable=ARM_SUBSCRIPTION_ID]$(az account show --query="id" -o tsv)"
echo "##vso[task.setvariable variable=ARM_CLIENT_ID]${servicePrincipalId}"
echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET]${servicePrincipalKey}"
echo "##vso[task.setvariable variable=ARM_TENANT_ID]$(az account show --query="tenantId" -o tsv)"
echo "##vso[task.setvariable variable=ADDS_OSPASSWORD]$(adds_ospassword)"
echo "##vso[task.setvariable variable=TFSTATE_SA_RG]$(az resource list --name $(tfstate_sa) --query [0].resourceGroup -o tsv)"
echo "##vso[task.setvariable variable=TFSTATE_ACCESSKEY]$(az storage account keys list -n $(tfstate_sa) --query="[0].value" -o tsv)"
#echo "##vso[task.setvariable variable=TFSTATE_ACCESSKEY]$(az storage account keys list -n $(tfstate_sa) --resource-group $(tfstate_rg) --subscription $(tfstate_sub) --query="[0].value" -o tsv)"
displayName: "Setup Authentication"
# Select Terraform Workspace
- script: |
cd '$(Build.Repository.LocalPath)/'
$(Build.Repository.LocalPath)/terraform init -backend-config=resource_group_name=$(TFSTATE_SA_RG) -backend-config=storage_account_name=$(tfstate_sa) -backend-config=container_name="tfstate" -backend-config=key="mylab.state" -backend-config=access_key=$(TFSTATE_ACCESSKEY) -no-color -input=false
displayName: "Terraform Workspace Init"
# Run Terraform Plan
- script: |
export TF_IN_AUTOMATION=true
export TF_VAR_subscription_id="$(ARM_SUBSCRIPTION_ID)"
export TF_VAR_client_id="$(ARM_CLIENT_ID)"
export TF_VAR_client_secret="$(ARM_CLIENT_SECRET)"
export TF_VAR_tenant_id="$(ARM_TENANT_ID)"
export TF_VAR_adds_ospassword="$(ADDS_OSPASSWORD)"
$(Build.Repository.LocalPath)/terraform plan -out=$(Build.Repository.LocalPath)/tfplan -no-color -input=false -var 'admin_ospassword=$(ADDS_OSPASSWORD)'
displayName: "Terraform Plan"
workingDirectory: $(Build.Repository.LocalPath)/
enabled: true
# Run Terraform Apply
- script: |
$(Build.Repository.LocalPath)/terraform apply -no-color -input=false -parallelism=1 -auto-approve tfplan
displayName: "Terraform Apply"
workingDirectory: $(Build.Repository.LocalPath)/
enabled: true
# Terraform Destroy
- script: |
export TF_IN_AUTOMATION=true
export TF_VAR_subscription_id="$(ARM_SUBSCRIPTION_ID)"
export TF_VAR_client_id="$(ARM_CLIENT_ID)"
export TF_VAR_client_secret="$(ARM_CLIENT_SECRET)"
export TF_VAR_tenant_id="$(ARM_TENANT_ID)"
export TF_VAR_adds_ospassword="$(ADDS_OSPASSWORD)"
$(Build.Repository.LocalPath)/terraform destroy -no-color -parallelism=1 -auto-approve -var 'admin_ospassword=$(ADDS_OSPASSWORD)'
displayName: "Terraform Destroy"
workingDirectory: $(Build.Repository.LocalPath)/
enabled: false