Last active
April 20, 2024 16:13
-
-
Save JeffBrownTech/b958fe8b98a1e916c7dbe14885003b8a to your computer and use it in GitHub Desktop.
Example Azure DevOps Multi-Stage Pipeline utilizing OIDC with Terraform Deployment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Separates each Terraform action into separate steps in the pipeline. | |
# Authorization token is exported in the first steps after logging into Azure using Az CLI. | |
# Script then exports information into environment variables. | |
trigger: | |
- main | |
pool: | |
vmImage: ubuntu-latest | |
variables: | |
- name: workingDirectory | |
value: azcli | |
stages: | |
- stage: validate | |
displayName: 'Validate' | |
jobs: | |
- job: Validate | |
steps: | |
- task: AzureCLI@2 | |
inputs: | |
azureSubscription: '<service connection>' | |
scriptType: 'pscore' | |
scriptLocation: 'scriptPath' | |
scriptPath: '$(System.DefaultWorkingDirectory)/Set-TerraformAzureRmOIDCVariables.ps1' | |
addSpnToEnvironment: true # Required to add OIDC token to environment | |
useGlobalConfig: true | |
failOnStandardError: true | |
- pwsh: | | |
terraform init -backend-config backend.hcl | |
displayName: 'terraform init' | |
workingDirectory: $(workingDirectory) | |
- pwsh: | | |
terraform validate | |
displayName: 'terraform validate' | |
workingDirectory: $(workingDirectory) | |
- pwsh: | | |
terraform plan | |
displayName: 'terraform plan' | |
workingDirectory: $(workingDirectory) | |
- stage: deploy | |
displayName: 'Deploy' | |
dependsOn: | |
- validate | |
jobs: | |
- job: 'Deploy' | |
steps: | |
- checkout: self | |
clean: true | |
- task: AzureCLI@2 | |
inputs: | |
azureSubscription: '<service connection>' | |
scriptType: 'pscore' | |
scriptLocation: 'scriptPath' | |
scriptPath: '$(System.DefaultWorkingDirectory)/Set-TerraformAzureRmOIDCVariables.ps1' | |
addSpnToEnvironment: true # Required to add OIDC token to environment | |
useGlobalConfig: true | |
failOnStandardError: true | |
- pwsh: | | |
terraform init -backend-config backend.hcl | |
displayName: 'terraform init' | |
workingDirectory: $(workingDirectory) | |
- pwsh: | | |
terraform apply --auto-approve | |
displayName: 'terraform apply' | |
workingDirectory: $(workingDirectory) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment