chore(pipeline): select service connection dynamically

cal-itp · Nov 22, 2022 · 9eb4847 · 9eb4847
1 parent 4657163
commit 9eb4847
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 14 deletions.
diff --git a/terraform/pipeline/azure-pipelines.yml b/terraform/pipeline/azure-pipelines.yml
@@ -24,12 +24,8 @@ stages:
           - name: TARGET
             value: $[variables['System.PullRequest.TargetBranch']]
         steps:
-          # set the workspace variable at runtime (rather than build time) so that all the necessary variables are available, and we can use Python
-          # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-variables-scripts?view=azure-devops&tabs=bash#about-tasksetvariable
-          - bash: |
-              WORKSPACE=$(python terraform/pipeline/workspace.py)
-              echo "##vso[task.setvariable variable=workspace]$WORKSPACE"
-            displayName: Determine deployment environment
+          - bash: python terraform/pipeline/workspace.py
+            displayName: Set environment-related variables
             env:
               REASON: $(Build.Reason)
           # https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformInstaller#readme
@@ -47,7 +43,7 @@ stages:
               # https://developer.hashicorp.com/terraform/tutorials/automation/automate-terraform#automated-terraform-cli-workflow
               commandOptions: -input=false
               # service connection
-              backendServiceArm: Production
+              backendServiceArm: $(service_connection)
               # needs to match main.tf
               backendAzureRmResourceGroupName: RG-CDT-PUB-VIP-CALITP-P-001
               backendAzureRmStorageAccountName: sacdtcalitpp001
@@ -62,7 +58,7 @@ stages:
               commandOptions: select $(workspace)
               workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
               # service connection
-              environmentServiceNameAzureRM: Production
+              environmentServiceNameAzureRM: $(service_connection)
           - task: TerraformTaskV3@3
             displayName: Terraform plan
             inputs:
@@ -73,7 +69,7 @@ stages:
               commandOptions: -input=false -lock-timeout=5m
               workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
               # service connection
-              environmentServiceNameAzureRM: Production
+              environmentServiceNameAzureRM: $(service_connection)
             # the plan is done as part of the apply (below), so don't bother doing it twice
             condition: notIn(variables['Build.SourceBranchName'], 'dev', 'test', 'prod')
           - task: TerraformTaskV3@3
@@ -85,6 +81,6 @@ stages:
               commandOptions: -input=false -lock-timeout=5m
               workingDirectory: "$(System.DefaultWorkingDirectory)/terraform"
               # service connection
-              environmentServiceNameAzureRM: Production
+              environmentServiceNameAzureRM: $(service_connection)
             # only run on certain branches
             condition: in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod')
diff --git a/terraform/pipeline/workspace.py b/terraform/pipeline/workspace.py
@@ -1,16 +1,21 @@
+"""Used to set the environment-related variables at runtime (rather than build
+time) so that all the necessary pipeline variables are available."""
+
 import os
 import sys
 
 REASON = os.environ["REASON"]
-# the name of the variable that Azure Pipelines uses for the source branch depends on the type of run, so need to check both
+# the name of the variable that Azure Pipelines uses for the source branch
+# depends on the type of run, so need to check both
 SOURCE = os.environ.get("OTHER_SOURCE") or os.environ["INDIVIDUAL_SOURCE"]
 TARGET = os.environ["TARGET"]
 
 # the branches that correspond to environments
 ENV_BRANCHES = ["dev", "test", "prod"]
 
 if REASON == "PullRequest" and TARGET in ENV_BRANCHES:
-    # it's a pull request against one of the environment branches, so use the target branch
+    # it's a pull request against one of the environment branches, so use the
+    # target branch
     environment = TARGET
 elif REASON == "IndividualCI" and SOURCE in ENV_BRANCHES:
     # it's being run on one of the environment branches, so use that
@@ -22,11 +27,21 @@
 # matching logic in ../init.sh
 workspace = "default" if environment == "prod" else environment
 
+service_connection = "Production" if environment == "prod" else "Development"
+
 # just for troubleshooting
 if TARGET is not None:
     deployment_description = f"from {SOURCE} to {TARGET}"
 else:
     deployment_description = f"for {SOURCE}"
-print(f"Deploying {deployment_description} as a result of {REASON} using workspace {workspace}", file=sys.stderr)
+print(
+    f"Deploying {deployment_description}",
+    f"as a result of {REASON}",
+    f"using workspace {workspace},"
+    f"and service connection {service_connection}",
+    file=sys.stderr,
+)
 
-print(workspace)
+# https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-variables-scripts?view=azure-devops&tabs=bash#about-tasksetvariable
+print(f"##vso[task.setvariable variable=workspace]{workspace}")
+print(f"##vso[task.setvariable variable=service_connection]{service_connection}")