fix(pipeline): scheduled drift detection (#28)

* pipeline(drift-detection): scheduled run does not comment on PR * temp: enable drift pipeline for this fix/ branch * pipeline-vars: remove unused/broken * pipeline(drift): rename step appropriately * pipeline: remove temp testing code * drift-pipeline: do not run scheduled version for PRs
Azure · Jun 22, 2021 · 3e4906b · 3e4906b
1 parent 54fb1ce
commit 3e4906b
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 6 deletions.
diff --git a/azure-pipelines/pr-main.yaml b/azure-pipelines/pr-main.yaml
@@ -14,4 +14,4 @@ variables:
 
 stages:
   - template: stages/ci.yaml
-  - template: stages/detect-drift.yaml
+  - template: stages/pr-drift-comment.yaml
diff --git a/azure-pipelines/pr-production.yaml b/azure-pipelines/pr-production.yaml
@@ -14,4 +14,4 @@ variables:
 
 stages:
   - template: stages/ci.yaml
-  - template: stages/detect-drift.yaml
+  - template: stages/pr-drift-comment.yaml
diff --git a/azure-pipelines/schedule-drift.yaml b/azure-pipelines/schedule-drift.yaml
@@ -3,6 +3,9 @@ name: $(BuildID)
 pool:
   vmImage: 'ubuntu-18.04'
 
+trigger: none
+pr: none
+
 schedules:
   - cron: "0 0 * * *"
     displayName: Daily midnight build
@@ -19,5 +22,31 @@ variables:
   - ${{ if eq(variables.isProduction, 'True') }}:
     - group: e2e-gov-demo-kv
 
-stages:
-  - template: stages/detect-drift.yaml
+steps:
+- bash: |
+    terraform -version
+    terraform init \
+      -backend-config="storage_account_name=$TF_STATE_BLOB_ACCOUNT_NAME" \
+      -backend-config="container_name=$TF_STATE_BLOB_CONTAINER_NAME" \
+      -backend-config="key=$TF_STATE_BLOB_FILE" \
+      -backend-config="sas_token=$TF_STATE_BLOB_SAS_TOKEN"
+  displayName: Terraform Init
+  env:
+    TF_STATE_BLOB_ACCOUNT_NAME:   $(kv-tf-state-blob-account)
+    TF_STATE_BLOB_CONTAINER_NAME: $(kv-tf-state-blob-container)
+    TF_STATE_BLOB_FILE:           $(kv-tf-state-blob-file)
+    TF_STATE_BLOB_SAS_TOKEN:      $(kv-tf-state-sas-token)
+
+- bash: |
+    terraform plan \
+      -detailed-exitcode \
+      -var superadmins_aad_object_id=$AAD_SUPERADMINS_GROUP_ID
+  displayName: Terraform - Detect Drift
+  env:
+    ARM_SUBSCRIPTION_ID:        $(kv-arm-subscription-id)
+    ARM_CLIENT_ID:              $(kv-arm-client-id)
+    ARM_CLIENT_SECRET:          $(kv-arm-client-secret)
+    ARM_TENANT_ID:              $(kv-arm-tenant-id)
+    AZDO_ORG_SERVICE_URL:       $(kv-azure-devops-org-url)
+    AZDO_PERSONAL_ACCESS_TOKEN: $(kv-azure-devops-pat)
+    AAD_SUPERADMINS_GROUP_ID:   $(kv-aad-superadmins-group-id)
diff --git a/azure-pipelines/stages/detect-drift.yaml → azure-pipelines/stages/pr-drift-comment.yaml b/azure-pipelines/stages/detect-drift.yaml → azure-pipelines/stages/pr-drift-comment.yaml
diff --git a/azure-pipelines/vars/global.yaml b/azure-pipelines/vars/global.yaml
@@ -7,5 +7,3 @@ variables:
   isTrustedCode:       ${{ eq(variables.isFork, 'False') }}
   isScheduled:         ${{ eq(variables['Build.Reason'], 'Schedule') }}
   isTrustedCI:         ${{ and( eq(variables.isFork,'False'), eq(variables.isPR,'False'), eq(variables.isScheduled,'False') ) }}
-  isPullRequestToMain: ${{ and( eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/main'), eq(variables.isFork, 'False') ) }}
-  isPullRequestToProd: ${{ and( eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/production'), eq(variables.isFork, 'False') ) }}