-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathdeploy.yml
63 lines (62 loc) · 2.57 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
parameters:
- name: service_connection
type: string
- name: workspace
type: string
steps:
# https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformInstaller#readme
- task: TerraformInstaller@0
displayName: Install Terraform
inputs:
terraformVersion: 1.8.5
# https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformTask/TerraformTaskV3#readme
- task: TerraformTaskV3@3
displayName: Terraform init
inputs:
provider: azurerm
command: init
workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
# https://developer.hashicorp.com/terraform/tutorials/automation/automate-terraform#automated-terraform-cli-workflow
commandOptions: -input=false
# service connection
backendServiceArm: Production
# needs to match main.tf
backendAzureRmResourceGroupName: RG-CDT-PUB-VIP-CALITP-P-001
backendAzureRmStorageAccountName: sacdtcalitpp001
backendAzureRmContainerName: tfstate
backendAzureRmKey: terraform.tfstate
- task: TerraformTaskV3@3
displayName: Select environment
inputs:
provider: azurerm
command: custom
customCommand: workspace
commandOptions: select ${{ parameters.workspace }}
workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
# service connection
environmentServiceNameAzureRM: "${{ parameters.service_connection }}"
- task: TerraformTaskV3@3
displayName: Terraform plan
inputs:
provider: azurerm
command: plan
# wait for lock to be released, in case being used by another pipeline run
# https://discuss.hashicorp.com/t/terraform-plan-wait-for-lock-to-be-released/6870/2
commandOptions: -input=false -lock-timeout=5m
workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
# service connection
environmentServiceNameAzureRM: "${{ parameters.service_connection }}"
# the plan is done as part of the apply (below), so don't bother doing it twice
condition: notIn(variables['Build.SourceBranchName'], 'dev', 'test', 'prod')
- task: TerraformTaskV3@3
displayName: Terraform apply
inputs:
provider: azurerm
command: apply
# (ditto the lock comment above)
commandOptions: -input=false -lock-timeout=5m
workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
# service connection
environmentServiceNameAzureRM: "${{ parameters.service_connection }}"
# only run on certain branches
condition: in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod')