From ce7034d9a4730752a629736627ddf4893468ad85 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Tue, 22 Nov 2022 01:51:41 -0500 Subject: [PATCH] chore(pipeline): select service connection dynamically --- terraform/pipeline/azure-pipelines.yml | 16 ++++++---------- terraform/pipeline/workspace.py | 22 ++++++++++++++++++---- 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/terraform/pipeline/azure-pipelines.yml b/terraform/pipeline/azure-pipelines.yml index 53070d85e9..641a363e13 100644 --- a/terraform/pipeline/azure-pipelines.yml +++ b/terraform/pipeline/azure-pipelines.yml @@ -24,12 +24,8 @@ stages: - name: TARGET value: $[variables['System.PullRequest.TargetBranch']] steps: - # set the workspace variable at runtime (rather than build time) so that all the necessary variables are available, and we can use Python - # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-variables-scripts?view=azure-devops&tabs=bash#about-tasksetvariable - - bash: | - WORKSPACE=$(python terraform/pipeline/workspace.py) - echo "##vso[task.setvariable variable=workspace]$WORKSPACE" - displayName: Determine deployment environment + - bash: python terraform/pipeline/workspace.py + displayName: Set environment-related variables env: REASON: $(Build.Reason) # https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformInstaller#readme @@ -47,7 +43,7 @@ stages: # https://developer.hashicorp.com/terraform/tutorials/automation/automate-terraform#automated-terraform-cli-workflow commandOptions: -input=false # service connection - backendServiceArm: Production + backendServiceArm: "$(service_connection)" # needs to match main.tf backendAzureRmResourceGroupName: RG-CDT-PUB-VIP-CALITP-P-001 backendAzureRmStorageAccountName: sacdtcalitpp001 @@ -62,7 +58,7 @@ stages: commandOptions: select $(workspace) workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" # service connection - environmentServiceNameAzureRM: Production + environmentServiceNameAzureRM: "$(service_connection)" - task: TerraformTaskV3@3 displayName: Terraform plan inputs: @@ -73,7 +69,7 @@ stages: commandOptions: -input=false -lock-timeout=5m workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" # service connection - environmentServiceNameAzureRM: Production + environmentServiceNameAzureRM: "$(service_connection)" # the plan is done as part of the apply (below), so don't bother doing it twice condition: notIn(variables['Build.SourceBranchName'], 'dev', 'test', 'prod') - task: TerraformTaskV3@3 @@ -85,6 +81,6 @@ stages: commandOptions: -input=false -lock-timeout=5m workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" # service connection - environmentServiceNameAzureRM: Production + environmentServiceNameAzureRM: "$(service_connection)" # only run on certain branches condition: in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod') diff --git a/terraform/pipeline/workspace.py b/terraform/pipeline/workspace.py index 4915d03f3c..c4f37de448 100644 --- a/terraform/pipeline/workspace.py +++ b/terraform/pipeline/workspace.py @@ -1,8 +1,12 @@ +"""Used to set the environment-related variables at runtime (rather than build +time) so that all the necessary pipeline variables are available.""" + import os import sys REASON = os.environ["REASON"] -# the name of the variable that Azure Pipelines uses for the source branch depends on the type of run, so need to check both +# the name of the variable that Azure Pipelines uses for the source branch +# depends on the type of run, so need to check both SOURCE = os.environ.get("OTHER_SOURCE") or os.environ["INDIVIDUAL_SOURCE"] TARGET = os.environ["TARGET"] @@ -10,7 +14,8 @@ ENV_BRANCHES = ["dev", "test", "prod"] if REASON == "PullRequest" and TARGET in ENV_BRANCHES: - # it's a pull request against one of the environment branches, so use the target branch + # it's a pull request against one of the environment branches, so use the + # target branch environment = TARGET elif REASON == "IndividualCI" and SOURCE in ENV_BRANCHES: # it's being run on one of the environment branches, so use that @@ -22,11 +27,20 @@ # matching logic in ../init.sh workspace = "default" if environment == "prod" else environment +service_connection = "Production" if environment == "prod" else "Development" + # just for troubleshooting if TARGET is not None: deployment_description = f"from {SOURCE} to {TARGET}" else: deployment_description = f"for {SOURCE}" -print(f"Deploying {deployment_description} as a result of {REASON} using workspace {workspace}", file=sys.stderr) +print( + f"Deploying {deployment_description}", + f"as a result of {REASON}", + f"using workspace {workspace}," f"and service connection {service_connection}", + file=sys.stderr, +) -print(workspace) +# https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-variables-scripts?view=azure-devops&tabs=bash#about-tasksetvariable +print(f"##vso[task.setvariable variable=workspace]{workspace}") +print(f"##vso[task.setvariable variable=service_connection]{service_connection}")