-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipelines-multi-env-multi-stage-with-approval.yaml
110 lines (93 loc) · 5.05 KB
/
azure-pipelines-multi-env-multi-stage-with-approval.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
variables:
InfraProvisioningResoureGroupName: $(environment)-provisioning-rg
tfBackendStorageAccountName: $(environment)terraformbackendsa
tfBackendStorageContainerName: terraform-backend-files
tfBackendFileName: $(environment)-tf-state-file
tfvarsFile: $(environment).tfvars
stages:
- stage: terraform_plan
jobs:
- deployment: Terraform_Plan
displayName: Terraform_Plan
pool:
vmImage: 'Ubuntu-16.04'
# creates an environment if it doesn't exist
environment: 'terraform_plan'
strategy:
runOnce:
deploy:
steps:
- checkout: self
- script: |
set +e
if [ -z $(environment) ]; then
echo "target environment not specified";
exit 1;
fi
echo "environment is:" $(environment)
displayName: 'Verify that the environment parameter has been supplied to pipeline'
- task: AzureKeyVault@1
inputs:
azureSubscription: '$(environment)-sp'
KeyVaultName: '$(environment)-pipeline-secrets-kv'
SecretsFilter: 'tf-sp-id,tf-sp-secret,tf-tenant-id,tf-subscription-id,tf-backend-sa-access-key,aks-sp-id,aks-sp-secret'
displayName: 'Get key vault secrets as pipeline variables'
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller@0
displayName: 'Install Terraform 0.12.3'
- task: AzureCLI@1
inputs:
azureSubscription: '$(environment)-sp'
scriptLocation: 'inlineScript'
inlineScript: 'terraform version'
displayName: "Terraform Version"
- script: |
az login --service-principal -u $(tf-sp-id) -p $(tf-sp-secret) --tenant $(tf-tenant-id)
cd $(System.DefaultWorkingDirectory)/tf-infra-provision
echo '#######Terraform Init########'
terraform init -backend-config="storage_account_name=$(tfBackendStorageAccountName)" -backend-config="container_name=$(tfBackendStorageContainerName)" -backend-config="access_key=$(tf-backend-sa-access-key)" -backend-config="key=$(tfBackendFileName)"
echo '#######Terraform Plan########'
terraform plan -var-file=./tf-vars/$(tfvarsFile) -var="client_id=$(tf-sp-id)" -var="client_secret=$(tf-sp-secret)" -var="tenant_id=$(tf-tenant-id)" -var="subscription_id=$(tf-subscription-id)" -var="aks_sp_id=$(aks-sp-id)" -var="aks_sp_secret=$(aks-sp-secret)" -out="out.plan"
- stage: terraform_apply
jobs:
- deployment: Terraform_Apply
displayName: terraform_apply
pool:
vmImage: 'Ubuntu-16.04'
# creates an environment if it doesn't exist
environment: 'terraform_apply'
strategy:
runOnce:
deploy:
steps:
- checkout: self
- script: |
set +e
if [ -z $(environment) ]; then
echo "target environment not specified";
exit 1;
fi
echo "environment is:" $(environment)
displayName: 'Verify that the environment parameter has been supplied to pipeline'
- task: AzureKeyVault@1
inputs:
azureSubscription: '$(environment)-sp'
KeyVaultName: '$(environment)-pipeline-secrets-kv'
SecretsFilter: 'tf-sp-id,tf-sp-secret,tf-tenant-id,tf-subscription-id,tf-backend-sa-access-key,aks-sp-id,aks-sp-secret'
displayName: 'Get key vault secrets as pipeline variables'
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller@0
displayName: 'Install Terraform 0.12.3'
- task: AzureCLI@1
inputs:
azureSubscription: '$(environment)-sp'
scriptLocation: 'inlineScript'
inlineScript: 'terraform version'
displayName: "Terraform Version"
- script: |
az login --service-principal -u $(tf-sp-id) -p $(tf-sp-secret) --tenant $(tf-tenant-id)
cd $(System.DefaultWorkingDirectory)/tf-infra-provision
echo '#######Terraform Init########'
terraform init -backend-config="storage_account_name=$(tfBackendStorageAccountName)" -backend-config="container_name=$(tfBackendStorageContainerName)" -backend-config="access_key=$(tf-backend-sa-access-key)" -backend-config="key=$(tfBackendFileName)"
echo '#######Terraform Plan########'
terraform plan -var-file=./tf-vars/$(tfvarsFile) -var="client_id=$(tf-sp-id)" -var="client_secret=$(tf-sp-secret)" -var="tenant_id=$(tf-tenant-id)" -var="subscription_id=$(tf-subscription-id)" -var="aks_sp_id=$(aks-sp-id)" -var="aks_sp_secret=$(aks-sp-secret)" -out="out.plan"
echo '#######Terraform Apply########'
terraform apply out.plan