-
Notifications
You must be signed in to change notification settings - Fork 95
/
Copy pathcd.yaml
77 lines (67 loc) · 2.35 KB
/
cd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# Build numbering format
name: $(BuildID)
trigger:
branches:
include:
- release
paths:
exclude:
- '*.md'
- 'images/*'
pr: none
pool:
vmImage: 'ubuntu-18.04'
variables:
- group: e2e-gov-demo-kv
stages:
- stage: ci_stage
displayName: CI Stage
jobs:
- job: ci_job
displayName: Terraform Validate and Lint
steps:
- bash: terraform version
displayName: terraform version
- bash: terraform init -backend=false
displayName: terraform init
- bash: |
terraform validate
terraform fmt -check
displayName: terraform validate and Lint
- stage: cd_stage
displayName: CD Stage
jobs:
- job: deploy
displayName: Terraform Plan and Apply
steps:
- bash: |
terraform init \
-backend-config="storage_account_name=$TF_STATE_BLOB_ACCOUNT_NAME" \
-backend-config="container_name=$TF_STATE_BLOB_CONTAINER_NAME" \
-backend-config="key=$TF_STATE_BLOB_FILE" \
-backend-config="sas_token=$TF_STATE_BLOB_SAS_TOKEN"
displayName: Terraform Init
env:
TF_STATE_BLOB_ACCOUNT_NAME: $(kv-tf-state-blob-account)
TF_STATE_BLOB_CONTAINER_NAME: $(kv-tf-state-blob-container)
TF_STATE_BLOB_FILE: $(kv-tf-state-blob-file)
TF_STATE_BLOB_SAS_TOKEN: $(kv-tf-state-sas-token)
- bash: terraform plan -out=deployment.tfplan -var superadmins_aad_object_id=$AAD_SUPERADMINS_GROUP_ID
displayName: Terraform Plan (ignores drift)
env:
ARM_SUBSCRIPTION_ID: $(kv-arm-subscription-id)
ARM_CLIENT_ID: $(kv-arm-client-id)
ARM_CLIENT_SECRET: $(kv-arm-client-secret)
ARM_TENANT_ID: $(kv-arm-tenant-id)
AZDO_ORG_SERVICE_URL: $(kv-azure-devops-org-url)
AZDO_PERSONAL_ACCESS_TOKEN: $(kv-azure-devops-pat)
AAD_SUPERADMINS_GROUP_ID: $(kv-aad-superadmins-group-id)
- bash: terraform apply -auto-approve deployment.tfplan
displayName: Terraform Apply
env:
ARM_SUBSCRIPTION_ID: $(kv-arm-subscription-id)
ARM_CLIENT_ID: $(kv-arm-client-id)
ARM_CLIENT_SECRET: $(kv-arm-client-secret)
ARM_TENANT_ID: $(kv-arm-tenant-id)
AZDO_ORG_SERVICE_URL: $(kv-azure-devops-org-url)
AZDO_PERSONAL_ACCESS_TOKEN: $(kv-azure-devops-pat)