115 lines
4.5 KiB
YAML
115 lines
4.5 KiB
YAML
|
trigger:
|
||
|
- none
|
||
|
|
||
|
pool:
|
||
|
vmImage: ubuntu-latest
|
||
|
|
||
|
variables:
|
||
|
- group: openhack
|
||
|
- group: tfstate
|
||
|
- name: ServiceConnectionName
|
||
|
value: AzureServiceConnection
|
||
|
- name: workDir
|
||
|
value: "$(System.DefaultWorkingDirectory)/support/sqlsecretrotation"
|
||
|
|
||
|
stages:
|
||
|
- stage: Provision
|
||
|
displayName: Provision infrastructure
|
||
|
jobs:
|
||
|
- deployment: Provision
|
||
|
displayName: Provision
|
||
|
environment: sqlsecretrotation
|
||
|
strategy:
|
||
|
runOnce:
|
||
|
deploy:
|
||
|
steps:
|
||
|
- checkout: self
|
||
|
- task: TerraformInstaller@0
|
||
|
displayName: Setup Terraform
|
||
|
inputs:
|
||
|
terraformVersion: "latest"
|
||
|
- task: TerraformCLI@0
|
||
|
displayName: Terraform Init
|
||
|
inputs:
|
||
|
command: "init"
|
||
|
workingDirectory: "$(workDir)/iac/terraform"
|
||
|
backendType: "azurerm"
|
||
|
backendServiceArm: "$(ServiceConnectionName)"
|
||
|
backendAzureRmResourceGroupName: "$(TFSTATE_RESOURCES_GROUP_NAME)"
|
||
|
backendAzureRmStorageAccountName: "$(TFSTATE_STORAGE_ACCOUNT_NAME)"
|
||
|
backendAzureRmContainerName: "$(TFSTATE_STORAGE_CONTAINER_NAME)"
|
||
|
backendAzureRmKey: "sqlsecrot.tfstate"
|
||
|
allowTelemetryCollection: true
|
||
|
- task: TerraformCLI@0
|
||
|
displayName: Terraform Plan
|
||
|
inputs:
|
||
|
command: "plan"
|
||
|
workingDirectory: "$(workDir)/iac/terraform"
|
||
|
environmentServiceName: "$(ServiceConnectionName)"
|
||
|
commandOptions: '-detailed-exitcode -var="location=$(LOCATION)" -var="resources_prefix=$(RESOURCES_PREFIX)" -var="secret_name=SQL-PASSWORD" -var="key_vault_name=$(RESOURCES_PREFIX)kv" -var="key_vault_resource_group_name=$(RESOURCES_PREFIX)rg"'
|
||
|
publishPlanResults: "tfplan"
|
||
|
allowTelemetryCollection: true
|
||
|
- task: TerraformCLI@0
|
||
|
displayName: Terraform Apply
|
||
|
condition: eq(variables['TERRAFORM_PLAN_HAS_CHANGES'], 'true')
|
||
|
inputs:
|
||
|
command: "apply"
|
||
|
workingDirectory: "$(workDir)/iac/terraform"
|
||
|
environmentServiceName: "$(ServiceConnectionName)"
|
||
|
commandOptions: '-var="location=$(LOCATION)" -var="resources_prefix=$(RESOURCES_PREFIX)" -var="secret_name=SQL-PASSWORD" -var="key_vault_name=$(RESOURCES_PREFIX)kv" -var="key_vault_resource_group_name=$(RESOURCES_PREFIX)rg"'
|
||
|
allowTelemetryCollection: true
|
||
|
|
||
|
- stage: Build
|
||
|
displayName: Build function
|
||
|
dependsOn: Provision
|
||
|
condition: succeeded()
|
||
|
jobs:
|
||
|
- job: Build
|
||
|
displayName: Build
|
||
|
steps:
|
||
|
- checkout: self
|
||
|
- task: UseDotNet@2
|
||
|
displayName: "Setup .NET Core"
|
||
|
inputs:
|
||
|
packageType: "sdk"
|
||
|
version: "3.x"
|
||
|
- task: DotNetCoreCLI@2
|
||
|
displayName: Build project
|
||
|
inputs:
|
||
|
command: "build"
|
||
|
projects: "$(workDir)/src/*.csproj"
|
||
|
arguments: "--output $(System.DefaultWorkingDirectory)/publish_output --configuration Release"
|
||
|
workingDirectory: "$(workDir)/src"
|
||
|
- task: ArchiveFiles@2
|
||
|
displayName: "Archive files"
|
||
|
inputs:
|
||
|
rootFolderOrFile: "$(System.DefaultWorkingDirectory)/publish_output"
|
||
|
includeRootFolder: false
|
||
|
archiveType: "zip"
|
||
|
archiveFile: "$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip"
|
||
|
replaceExistingArchive: true
|
||
|
- publish: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip
|
||
|
displayName: "Publish Artifact"
|
||
|
artifact: drop
|
||
|
|
||
|
- stage: Deploy
|
||
|
displayName: Deploy function
|
||
|
dependsOn: Build
|
||
|
condition: succeeded()
|
||
|
jobs:
|
||
|
- deployment: Deploy
|
||
|
displayName: Deploy
|
||
|
environment: sqlsecretrotation
|
||
|
strategy:
|
||
|
runOnce:
|
||
|
deploy:
|
||
|
steps:
|
||
|
- task: AzureFunctionApp@1
|
||
|
displayName: "Azure Functions deploy"
|
||
|
inputs:
|
||
|
azureSubscription: "AzureServiceConnection"
|
||
|
appType: "functionApp"
|
||
|
appName: "$(RESOURCES_PREFIX)secrotfunc"
|
||
|
package: "$(Pipeline.Workspace)/drop/$(Build.BuildId).zip"
|
||
|
deploymentMethod: "auto"
|