I have configured the below YAML pipeline for generating terraform plan.
trigger:
- none
stages:
- stage: Terraform Build
displayName: Terraform Validate
pool:
vmImage: "ubuntu-latest"
jobs:
- job: Terraform Validate
variables:
- group: xxxx
steps:
- script: |
set -x
terraform init
terraform validate
terraform plan -var-file="./testterraform.tfvars" --out test_tf.plan
displayName: Init, Validate, Plan and Apply
env:
ARM_TENANT_ID: $(TenantId)
ARM_SUBSCRIPTION_ID: $(SubscriptionId)
ARM_CLIENT_ID: $(ClientId)
ARM_CLIENT_SECRET: $(ClientSecret)
I want to add new stage with approvals for deploying the above generated terraform plan.
2
Answers
You could add a deployment job with entire environment (group of resources) as shown in the following YAML snippet:
Then add Approvals and checks to the environment
GeneratedTerraformPlan
:And add depend on for the stage
terraform plan
:You could check this document for some more details.
As defined here you can define a job which waits for manual validation:
Do note that you would have to publish your Terraform build artifact using the PublishBuildArtifacts task in the stage before the validation task. After validation, you would have to use the DownloadBuildArtifacts task to download your plan. Based on this a more complete example looks like this: