Question 112488 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – How build terraform approve and non approve YAML pipelines in Azure DevOps

I have configured the below YAML pipeline for generating terraform plan.

trigger:
  - none

stages:
  - stage: Terraform Build
    displayName: Terraform Validate
    pool:
      vmImage: "ubuntu-latest"
    jobs:
      - job: Terraform Validate
        variables:
          - group: xxxx
        steps:
          - script: |
              set -x
              terraform init
              terraform validate
              terraform plan -var-file="./testterraform.tfvars" --out test_tf.plan
            displayName: Init, Validate, Plan and Apply
            env:
              ARM_TENANT_ID: $(TenantId)
              ARM_SUBSCRIPTION_ID: $(SubscriptionId)
              ARM_CLIENT_ID: $(ClientId)
              ARM_CLIENT_SECRET: $(ClientSecret)

I want to add new stage with approvals for deploying the above generated terraform plan.

Tags:

2

Answers


  1. 0

    How build terraform approve and non approve YAML pipelines in Azure DevOps

    You could add a deployment job with entire environment (group of resources) as shown in the following YAML snippet:

    - stage: deploy
  jobs:
  - deployment: DeployWeb
    displayName: deploy Web App
    pool:
      vmImage: 'Ubuntu-latest'
    environment: 'GeneratedTerraformPlan'
    strategy:
      runOnce:
        deploy:
          steps:
          - script: echo Hello world

    Then add Approvals and checks to the environment GeneratedTerraformPlan:

    enter image description here

    And add depend on for the stage terraform plan

    stages:
  - stage: Terraform Build
    dependsOn: deploy
    displayName: Terraform Validate
    pool:
      vmImage: "ubuntu-latest"
    jobs:
      - job: Terraform Validate

    You could check this document for some more details.

    Login or Signup to reply.
  2. 0

    As defined here you can define a job which waits for manual validation:

    pool: 
   vmImage: ubuntu-latest

jobs:
- job: waitForValidation
  displayName: Wait for external validation  
  pool: server    
  timeoutInMinutes: 4320 # job times out in 3 days
  steps:   
   - task: ManualValidation@0
     timeoutInMinutes: 1440 # task times out in 1 day
     inputs:
         notifyUsers: |
            [email protected]
         instructions: 'Please validate the build configuration and resume'
         onTimeout: 'resume'

    Do note that you would have to publish your Terraform build artifact using the PublishBuildArtifacts task in the stage before the validation task. After validation, you would have to use the DownloadBuildArtifacts task to download your plan. Based on this a more complete example looks like this:

    pool: 
   vmImage: ubuntu-latest

jobs:
- job: terraformPlan
  displayName: Create a Terraform plan file and publish it
  steps: 
    # Creating a tf.plan file and copy it to $(Build.ArtifactStagingDirectory)
    # ...
    - task: PublishBuildArtifacts@1
      inputs:
        pathToPublish: '$(Build.ArtifactStagingDirectory)'
        artifactName: tf.plan
- job: waitForValidation
  displayName: Wait for external validation  
  pool: server    
  timeoutInMinutes: 4320
  steps:   
   - task: ManualValidation@0
     timeoutInMinutes: 1440
     inputs:
         notifyUsers: |
            [email protected]
         instructions: 'Please validate the build configuration and resume'
         onTimeout: 'resume'
- job: terraformApply
  steps:   
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'current'
        buildId: '$(Build.BuildId)'
        downloadType: 'single'
        artifactName: 'tf.plan'
        downloadPath: '$(System.ArtifactsDirectory)'
     # Apply your tf.plan file
     # ...
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search