-
Notifications
You must be signed in to change notification settings - Fork 3
/
azure-pipelines-workspace.yml
97 lines (95 loc) · 3.79 KB
/
azure-pipelines-workspace.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
name: amg_workspace_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
variables:
- group: app-one
- name: region
value: 'us-east-2'
- name: profile
value: 'GrafanaWorkspaceProfile'
trigger:
branches:
include:
- main
- dev/add-workspace
paths:
include:
- /amg_workspace/*
pool:
vmImage: ubuntu-latest
stages:
- stage: grafana_workspace_deploy
displayName: Deploy Amazon Managed Grafana workspace
jobs:
- job: initialize
displayName: Initialize Terraform
pool:
vmImage: ubuntu-latest
steps:
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform init -backend-config="bucket=terraform-remote-bucket-skundu" -backend-config="key=tf/managed-grafana/workspace/terraform.tfstate" -backend-config="region=$(region)" -backend-config="access_key=$(access_key)" -backend-config="secret_key=$(secret_key)" -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_workspace'
displayName: Terraform init
- task: Bash@3
inputs:
targetType: 'inline'
script: 'pip install checkov'
displayName: Install checkov
- task: Bash@3
inputs:
targetType: 'inline'
workingDirectory: $(System.DefaultWorkingDirectory)/amg_workspace
script: 'checkov -d . -o junitxml > scan-result.xml'
displayName: Checkov source code scan
continueOnError: true
- task: PublishTestResults@2
inputs:
testResultsFormat: 'JUnit'
searchFolder: '$(System.DefaultWorkingDirectory)/amg_workspace'
testResultsFiles: '**/*scan-result.xml'
mergeTestResults: false
testRunTitle: Terraform source code scan
failTaskOnFailedTests: false
publishRunAttachments: true
displayName: Publish Test Result
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform plan -var access_key=$(access_key) -var secret_key=$(secret_key) -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_workspace'
displayName: "Terraform plan"
- job: approve
dependsOn: initialize
condition: and (succeeded(), ne(variables['Build.Reason'], 'PullRequest'), eq(variables['Build.SourceBranchName'], 'main'))
pool: server
displayName: Wait for approval
steps:
- task: ManualValidation@0
timeoutInMinutes: 15 # task times out in 15 mins
inputs:
notifyUsers: skundu.dev@gmail.com
instructions: 'Please validate the build configuration and resume'
onTimeout: 'reject'
- job: apply
dependsOn: approve
condition: and (succeeded(), eq(variables['Build.SourceBranchName'], 'main'))
pool:
vmImage: ubuntu-latest
displayName: Terraform apply
steps:
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform init -backend-config="bucket=terraform-remote-bucket-skundu" -backend-config="key=tf/managed-grafana/workspace/terraform.tfstate" -backend-config="region=$(region)" -backend-config="access_key=$(access_key)" -backend-config="secret_key=$(secret_key)" -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_workspace'
displayName: Terraform init
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform apply -var region=$(region) -var access_key=$(access_key) -var secret_key=$(secret_key) --auto-approve -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_workspace'
displayName: "Terraform apply"