Update pipelines

Author: craigthackerx

.azuredevops/workflows/jobs/dev/terraform-build.yaml

@@ -57,11 +57,6 @@ parameters:
       ]
     displayName: 'Extra Args for terraform init'
 
-  - name: TerraformPlanExtraArgsJson
-    type: string
-    default: '[ ]'
-    displayName: 'Extra Args for terraform plan'
-
   - name: AzureDevOpsPoolName
     type: string
     default: "vmss-libd-uks-dev-02"
@@ -71,16 +66,6 @@ parameters:
       - "vmss-libd-uks-dev-02"
     displayName: 'The Pool Name for the Job to run on'
 
-  - name: AzurePipelinesVmImage
-    type: string
-    default: 'ubuntu-latest'
-    displayName: 'If Azure Pipelines is selected, which vmImage to run'
-
-  - name: dependsOnJobs
-    displayName: "Depends On"
-    type: object
-    default: [ ]
-
 resources:
   repositories:
     - repository: githubTemplates
@@ -102,9 +87,7 @@ jobs:
       CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
       DebugMode: ${{ parameters.DebugMode }}
       TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
-      TerraformPlanExtraArgsJson: ${{ parameters.TerraformPlanExtraArgsJson }}
       AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
-      dependsOnJobs: ${{ parameters.dependsOnJobs }}
 
   - template: .azuredevops/templates/jobs/terraform-manual-approval.yaml@githubTemplates
     parameters:
@@ -119,6 +102,5 @@ jobs:
       CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
       DebugMode: ${{ parameters.DebugMode }}
       TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
-      TerraformPlanExtraArgsJson: ${{ parameters.TerraformPlanExtraArgsJson }}
       AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
       dependsOnJobs: [ ManualApprovalJob ]

.azuredevops/workflows/jobs/dev/terraform-destroy.yaml

@@ -0,0 +1,106 @@
+name: terraform-destroy.yaml-$(Build.DefinitionName)-$(date:yyyyMMdd)$(rev:.r)
+
+trigger: none
+
+parameters:
+  - name: ServiceConnection
+    type: string
+    default: "fedcred-msi-azdo-libredevops-4a23d149-8cee-4643-a57b-3b3db30e54ce"
+    displayName: 'Azure DevOps Service Connection'
+    values:
+      - "spn-libd-uks-dev-mgmt-01-client-secret-enabled"
+      - "spn-libd-uks-dev-mgmt-01"
+      - "fedcred-msi-azdo-libredevops-4a23d149-8cee-4643-a57b-3b3db30e54ce"
+      - "msi-azdo-libredevops-4a23d149-8cee-4643-a57b-3b3db30e54ce"
+      - "uid-libd-uks-dev-mgmt-01"
+
+  - name: TerraformCodeLocation
+    type: string
+    default: 'terraform'
+    displayName: 'Terraform Code Directory Path'
+
+  - name: TerraformStackToRunJson
+    type: string
+    default: '["rg"]'
+    values:
+      - '["rg"]'
+      - '["network"]'
+      - '["azdo-pipelines-setup"]'
+      - '["rg", "network"]'
+      - '["all"]'
+    displayName: 'Terraform Stacks to Run'
+
+  - name: TerraformWorkspace
+    type: string
+    default: 'dev'
+    displayName: 'Terraform Workspace Name'
+
+  - name: CheckovSkipCheck
+    type: string
+    default: 'CKV2_AZURE_31'
+    displayName: 'Checkov Skip Checks (Comma-Separated)'
+
+  - name: DebugMode
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: "Debug mode enabled"
+
+  - name: TerraformInitExtraArgsJson
+    type: string
+    default: >
+      [
+        "-backend-config=subscription_id=$(TF_VAR_ARM_BACKEND_SUBSCRIPTION_ID)",
+        "-backend-config=resource_group_name=$(TF_VAR_ARM_BACKEND_STORAGE_RG_NAME)",
+        "-backend-config=storage_account_name=$(TF_VAR_ARM_BACKEND_STORAGE_ACCOUNT)",
+        "-backend-config=container_name=$(TF_VAR_ARM_BACKEND_CONTAINER_NAME)"
+      ]
+    displayName: 'Extra Args for terraform init'
+
+  - name: AzureDevOpsPoolName
+    type: string
+    default: "vmss-libd-uks-dev-02"
+    values:
+      - "Default"
+      - "Azure Pipelines"
+      - "vmss-libd-uks-dev-02"
+    displayName: 'The Pool Name for the Job to run on'
+
+resources:
+  repositories:
+    - repository: githubTemplates
+      type: github
+      name: libre-devops/terraform-azure-azdo-pipeline-templates
+      ref: main
+      endpoint: libredevops
+
+variables:
+  - group: terraform-${{ parameters.TerraformWorkspace }}-vars
+
+jobs:
+  - template: .azuredevops/templates/jobs/terraform-init-plan-destroy.yaml@githubTemplates
+    parameters:
+      ServiceConnection: ${{ parameters.ServiceConnection }}
+      TerraformCodeLocation: ${{ parameters.TerraformCodeLocation }}
+      TerraformStackToRunJson: ${{ parameters.TerraformStackToRunJson }}
+      TerraformWorkspace: ${{ parameters.TerraformWorkspace }}
+      CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
+      DebugMode: ${{ parameters.DebugMode }}
+      TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
+      AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
+
+  - template: .azuredevops/templates/jobs/terraform-manual-approval.yaml@githubTemplates
+    parameters:
+      dependsOnJobs: [ TerraformInitPlanJob ]
+
+  - template: .azuredevops/templates/jobs/terraform-init-plan-destroy-apply.yaml@githubTemplates
+    parameters:
+      ServiceConnection: ${{ parameters.ServiceConnection }}
+      TerraformCodeLocation: ${{ parameters.TerraformCodeLocation }}
+      TerraformStackToRunJson: ${{ parameters.TerraformStackToRunJson }}
+      TerraformWorkspace: ${{ parameters.TerraformWorkspace }}
+      CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
+      DebugMode: ${{ parameters.DebugMode }}
+      TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
+      AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
+      dependsOnJobs: [ ManualApprovalJob ]

.azuredevops/workflows/stages/dev/terraform-build.yaml

@@ -1,4 +1,4 @@
-name: terraform-init-build.yaml-$(Build.DefinitionName)-$(date:yyyyMMdd)$(rev:.r)
+name: terraform-build.yaml-$(Build.DefinitionName)-$(date:yyyyMMdd)$(rev:.r)
 
 trigger: none
 
@@ -57,11 +57,6 @@ parameters:
       ]
     displayName: 'Extra Args for terraform init'
 
-  - name: TerraformPlanExtraArgsJson
-    type: string
-    default: '[ ]'
-    displayName: 'Extra Args for terraform plan'
-
   - name: AzureDevOpsPoolName
     type: string
     default: "vmss-libd-uks-dev-02"
@@ -71,11 +66,6 @@ parameters:
       - "vmss-libd-uks-dev-02"
     displayName: 'The Pool Name for the Job to run on'
 
-  - name: AzurePipelinesVmImage
-    type: string
-    default: 'ubuntu-latest'
-    displayName: 'If Azure Pipelines is selected, which vmImage to run'
-
 resources:
   repositories:
     - repository: githubTemplates
@@ -97,7 +87,6 @@ stages:
       CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
       DebugMode: ${{ parameters.DebugMode }}
       TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
-      TerraformPlanExtraArgsJson: ${{ parameters.TerraformPlanExtraArgsJson }}
       AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
 
   - template: .azuredevops/templates/stages/terraform-manual-approval.yaml@githubTemplates
@@ -113,6 +102,5 @@ stages:
       CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
       DebugMode: ${{ parameters.DebugMode }}
       TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
-      TerraformPlanExtraArgsJson: ${{ parameters.TerraformPlanExtraArgsJson }}
       AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
       dependsOnStages: [ ManualApprovalStage ]

.azuredevops/workflows/stages/dev/terraform-destroy.yaml

@@ -0,0 +1,106 @@
+name: terraform-destroy.yaml-$(Build.DefinitionName)-$(date:yyyyMMdd)$(rev:.r)
+
+trigger: none
+
+parameters:
+  - name: ServiceConnection
+    type: string
+    default: "fedcred-msi-azdo-libredevops-4a23d149-8cee-4643-a57b-3b3db30e54ce"
+    displayName: 'Azure DevOps Service Connection'
+    values:
+      - "spn-libd-uks-dev-mgmt-01-client-secret-enabled"
+      - "spn-libd-uks-dev-mgmt-01"
+      - "fedcred-msi-azdo-libredevops-4a23d149-8cee-4643-a57b-3b3db30e54ce"
+      - "msi-azdo-libredevops-4a23d149-8cee-4643-a57b-3b3db30e54ce"
+      - "uid-libd-uks-dev-mgmt-01"
+
+  - name: TerraformCodeLocation
+    type: string
+    default: 'terraform'
+    displayName: 'Terraform Code Directory Path'
+
+  - name: TerraformStackToRunJson
+    type: string
+    default: '["rg"]'
+    values:
+      - '["rg"]'
+      - '["network"]'
+      - '["azdo-pipelines-setup"]'
+      - '["rg", "network"]'
+      - '["all"]'
+    displayName: 'Terraform Stacks to Run'
+
+  - name: TerraformWorkspace
+    type: string
+    default: 'dev'
+    displayName: 'Terraform Workspace Name'
+
+  - name: CheckovSkipCheck
+    type: string
+    default: 'CKV2_AZURE_31'
+    displayName: 'Checkov Skip Checks (Comma-Separated)'
+
+  - name: DebugMode
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: "Debug mode enabled"
+
+  - name: TerraformInitExtraArgsJson
+    type: string
+    default: >
+      [
+        "-backend-config=subscription_id=$(TF_VAR_ARM_BACKEND_SUBSCRIPTION_ID)",
+        "-backend-config=resource_group_name=$(TF_VAR_ARM_BACKEND_STORAGE_RG_NAME)",
+        "-backend-config=storage_account_name=$(TF_VAR_ARM_BACKEND_STORAGE_ACCOUNT)",
+        "-backend-config=container_name=$(TF_VAR_ARM_BACKEND_CONTAINER_NAME)"
+      ]
+    displayName: 'Extra Args for terraform init'
+
+  - name: AzureDevOpsPoolName
+    type: string
+    default: "vmss-libd-uks-dev-02"
+    values:
+      - "Default"
+      - "Azure Pipelines"
+      - "vmss-libd-uks-dev-02"
+    displayName: 'The Pool Name for the Job to run on'
+
+resources:
+  repositories:
+    - repository: githubTemplates
+      type: github
+      name: libre-devops/terraform-azure-azdo-pipeline-templates
+      ref: main
+      endpoint: libredevops
+
+variables:
+  - group: terraform-${{ parameters.TerraformWorkspace }}-vars
+
+stages:
+  - template: .azuredevops/templates/stages/terraform-init-plan-destroy.yaml@githubTemplates
+    parameters:
+      ServiceConnection: ${{ parameters.ServiceConnection }}
+      TerraformCodeLocation: ${{ parameters.TerraformCodeLocation }}
+      TerraformStackToRunJson: ${{ parameters.TerraformStackToRunJson }}
+      TerraformWorkspace: ${{ parameters.TerraformWorkspace }}
+      CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
+      DebugMode: ${{ parameters.DebugMode }}
+      TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
+      AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
+
+  - template: .azuredevops/templates/stages/terraform-manual-approval.yaml@githubTemplates
+    parameters:
+      dependsOnStages: [ TerraformInitPlanStage ]
+
+  - template: .azuredevops/templates/stages/terraform-init-plan-destroy-apply.yaml@githubTemplates
+    parameters:
+      ServiceConnection: ${{ parameters.ServiceConnection }}
+      TerraformCodeLocation: ${{ parameters.TerraformCodeLocation }}
+      TerraformStackToRunJson: ${{ parameters.TerraformStackToRunJson }}
+      TerraformWorkspace: ${{ parameters.TerraformWorkspace }}
+      CheckovSkipCheck: ${{ parameters.CheckovSkipCheck }}
+      DebugMode: ${{ parameters.DebugMode }}
+      TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
+      AzureDevOpsPoolName: ${{ parameters.AzureDevOpsPoolName }}
+      dependsOnStages: [ ManualApprovalStage ]

terraform/allstackskip-99_azdo-pipelines-setup/build-jobs.tf

@@ -16,4 +16,24 @@ resource "azuredevops_build_definition" "job_terraform_build" {
     yml_path              = ".azuredevops/workflows/jobs/${each.key}/terraform-build.yaml"
     service_connection_id = data.azuredevops_serviceendpoint_github.github.id
   }
+}
+
+resource "azuredevops_build_definition" "job_terraform_destroy" {
+  for_each        = local.envs
+  project_id      = data.azuredevops_project.target.id
+  name            = "${title(local.repo_name)} - ${title(each.key)} - Terraform Destroy"
+  path            = "${local.folders_path[each.key]}\\jobs"
+  agent_pool_name = "Default"
+
+  ci_trigger {
+    use_yaml = false
+  }
+
+  repository {
+    repo_type             = "GitHub"
+    repo_id               = "${var.github_org_name}/${var.github_project_name}"
+    branch_name           = local.default_branch
+    yml_path              = ".azuredevops/workflows/jobs/${each.key}/terraform-destroy.yaml"
+    service_connection_id = data.azuredevops_serviceendpoint_github.github.id
+  }
 }

terraform/allstackskip-99_azdo-pipelines-setup/build-stages.tf

@@ -16,4 +16,24 @@ resource "azuredevops_build_definition" "stage_terraform_build" {
     yml_path              = ".azuredevops/workflows/stages/${each.key}/terraform-build.yaml"
     service_connection_id = data.azuredevops_serviceendpoint_github.github.id
   }
+}
+
+resource "azuredevops_build_definition" "stage_terraform_destroy" {
+  for_each        = local.envs
+  project_id      = data.azuredevops_project.target.id
+  name            = "${title(local.repo_name)} - ${title(each.key)} - Terraform Destroy"
+  path            = "${local.folders_path[each.key]}\\stages"
+  agent_pool_name = "Default"
+
+  ci_trigger {
+    use_yaml = false
+  }
+
+  repository {
+    repo_type             = "GitHub"
+    repo_id               = "${var.github_org_name}/${var.github_project_name}"
+    branch_name           = local.default_branch
+    yml_path              = ".azuredevops/workflows/stages/${each.key}/terraform-destroy.yaml"
+    service_connection_id = data.azuredevops_serviceendpoint_github.github.id
+  }
 }