Azure pipelines

Azure Workload Identity Federation (no SPN secrets)

- task: AzureCLI@2
  displayName: Initialize Terraform configuration
  inputs:
    azureSubscription: $(azureServiceConnection)
    scriptType: bash
    addSpnToEnvironment: true
    workingDirectory: $(tfDirectory)
    scriptLocation: inlineScript
    inlineScript: |
      #set -euo pipefail
      export ARM_CLIENT_ID=$servicePrincipalId
      export ARM_OIDC_TOKEN=$idToken
      export ARM_TENANT_ID=$tenantId
      export ARM_SUBSCRIPTION_ID=$(az account show --query id -o tsv)
      export ARM_USE_OIDC=true
      export PROXMOX_TOKEN=$PROXMOX_TOKEN
      export PROXMOX_USERNAME=$PROXMOX_USERNAME
      curl -sLo tf.zip $(tfDownloadUrl)
      unzip -o -q -d terraform tf.zip
      export PATH=$PATH:$(pwd)/terraform
      terraform --version
      terraform init
      terraform validate
      terraform plan $(tfPlanArguments)

- job: publishArtifactScript
  displayName: Publish Terraform Artifact
  condition: eq(variables['Build.SourceBranch'], 'refs/heads/master')
  steps:

    - task: CopyFiles@2
      displayName: Copy Terraform configuration from main branch
      inputs:
        sourceFolder: "$(tfDirectory)"
        contents: "**/*.tf"
        targetFolder: $(Build.ArtifactStagingDirectory)/$(projectName)

    - publish: $(Build.ArtifactStagingDirectory)/$(projectName)
      displayName: Publish Terraform Artifact
      artifact: $(tfArtifactName)

References

• https://jamesrcounts.com/2021/07/07/terraform-pipelines-with-azure-devops.html
• https://devblogs.microsoft.com/devops/public-preview-of-workload-identity-federation-for-azure-pipelines/
• https://learn.microsoft.com/en-us/azure/devops/pipelines/yaml-schema/stages-template?view=azure-pipelines
• https://learn.microsoft.com/en-us/azure/devops/pipelines/process/templates?view=azure-devops&pivots=templates-extends#extend-from-a-template
• https://learn.microsoft.com/en-us/azure/devops/pipelines/process/repository-resource?view=azure-devops#add-a-repository-resource-check
• https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch
• https://learn.microsoft.com/en-us/azure/devops/pipelines/process/runtime-parameters?view=azure-devops&tabs=script
• https://learn.microsoft.com/en-us/azure/devops/pipelines/artifacts/pipeline-artifacts?view=azure-devops&tabs=yaml#artifact-selection
• https://learn.microsoft.com/en-us/azure/devops/pipelines/process/deployment-jobs?view=azure-devops
• https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/copy-files-v2?view=azure-pipelines&tabs=yaml