{"id":18579001,"url":"https://github.com/libre-devops/pulumi-azdo-pipeline-template","last_synced_at":"2026-01-28T01:32:38.514Z","repository":{"id":118714124,"uuid":"491603385","full_name":"libre-devops/pulumi-azdo-pipeline-template","owner":"libre-devops","description":null,"archived":false,"fork":false,"pushed_at":"2022-05-12T23:50:25.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-01T09:52:48.543Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/libre-devops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-12T17:12:01.000Z","updated_at":"2022-05-12T17:12:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"a59fd585-bbc5-4e6e-b879-dd96691ddc3f","html_url":"https://github.com/libre-devops/pulumi-azdo-pipeline-template","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":"libre-devops/terraform-azdo-pipeline-template","purl":"pkg:github/libre-devops/pulumi-azdo-pipeline-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fpulumi-azdo-pipeline-template","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fpulumi-azdo-pipeline-template/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fpulumi-azdo-pipeline-template/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fpulumi-azdo-pipeline-template/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/libre-devops","download_url":"https://codeload.github.com/libre-devops/pulumi-azdo-pipeline-template/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fpulumi-azdo-pipeline-template/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28831621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T23:29:49.665Z","status":"ssl_error","status_checked_at":"2026-01-27T23:25:58.379Z","response_time":168,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T23:38:34.293Z","updated_at":"2026-01-28T01:32:38.500Z","avatar_url":"https://github.com/libre-devops.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Template for Azure DevOps\n\n```yaml\n---\nparameters:\n\n - name: TERRAFORM_PATH\n type: string\n default: \"\"\n displayName: \"What is the path to your terraform code?\"\n\n - name: TERRAFORM_VERSION\n type: string\n default: \"\"\n displayName: \"What version of terraform should be installed?\"\n\n - name: TERRAFORM_DESTROY\n default: false\n type: boolean\n displayName: \"Do you wish to run terraform destroy?\"\n\n - name: TERRAFORM_PLAN_ONLY\n default: true\n type: boolean\n displayName: \"Do you wish to run terraform destroy?\"\n\n - name: TERRAFORM_STORAGE_RG_NAME\n default: \"\"\n type: string\n displayName: \"What is the resource group name in which the storage account exists in?\"\n\n - name: TERRAFORM_STORAGE_ACCOUNT_NAME\n default: \"\"\n type: string\n displayName: \"What is the name of the storage account in which the state file is being stored?\"\n\n - name: TERRAFORM_BLOB_CONTAINER_NAME\n default: \"\"\n type: string\n displayName: \"What is the name of the blob container in which the state file is being stored?\"\n\n - name: TERRAFORM_STORAGE_KEY\n default: \"\"\n type: string\n displayName: \"What is the key used to access your storage account? Please note, this value is a secret\"\n\n - name: TERRAFORM_STATE_NAME\n default: \"\"\n type: string\n displayName: \"What name should the state file have?\"\n\n - name: TERRAFORM_WORKSPACE_NAME\n default: \"\"\n type: string\n displayName: \"Which workspace should be used or created?\"\n\n - name: TERRAFORM_COMPLIANCE_PATH\n type: string\n default: \"\"\n displayName: \"Where is your terraform-compliance policy files located?\"\n\n - name: AZURE_TARGET_CLIENT_ID\n default: \"\"\n type: string\n displayName: \"What is the client id of the service principle you wish to use with Terraform?\"\n\n - name: AZURE_TARGET_CLIENT_SECRET\n default: \"\"\n type: string\n displayName: \"What is the client of the service principle you wish to use with Terraform? Note, this value is a secret\"\n\n - name: AZURE_TARGET_SUBSCRIPTION_ID\n default: \"\"\n type: string\n displayName: \"What is the subscription ID of the target subscription you are trying to deploy to?\"\n\n - name: AZURE_TARGET_TENANT_ID\n default: \"\"\n type: string\n displayName: \"What is the tenant ID in which the target subscription resides?\"\n\n - name: SHORTHAND_PROJECT_NAME\n default: \"\"\n type: string\n displayName: \"What is the shorthand name for your project?\"\n\n - name: SHORTHAND_ENVIRONMENT_NAME\n default: \"\"\n type: string\n displayName: \"What is the shorthand (3 character) name for environment you are deploying to?\"\n\n - name: SHORTHAND_LOCATION_NAME\n default: \"\"\n type: string\n displayName: \"What is the shorthand location name? E.g. uks for UK South etc\"\n\n - name: CHECKOV_SKIP_TESTS\n default: \"\"\n type: string\n displayName: \"What Checkov steps should be skipped, null by default, should be value like CKV_AZURE_50, CKV_AZURE_20 etc.\"\n\nsteps:\n\n - task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller@0\n displayName: \"Install Terraform ${{ parameters.TERRAFORM_VERSION }}\"\n inputs:\n terraformVersion: ${{ parameters.TERRAFORM_VERSION }}\n enabled: true\n\n - ${{ if and(eq(parameters.TERRAFORM_DESTROY, false), eq(parameters.TERRAFORM_PLAN_ONLY, true)) }}:\n\n - pwsh: |\n New-Item -Path . -Name .terraform -ItemType \"Directory\" -Force ; `\n\n terraform init `\n -backend-config=\"storage_account_name=${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\" `\n -backend-config=\"container_name=${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\" `\n -backend-config=\"access_key=${{ parameters.TERRAFORM_STORAGE_KEY }}\" `\n -backend-config=\"key=${{ parameters.TERRAFORM_STATE_NAME }}\" ; `\n\n Write-Output \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" \u003e .terraform/environment ; `\n\n terraform workspace new \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n terraform workspace select \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n\n terraform validate ; `\n\n terraform plan -out pipeline.plan\n displayName: Terraform Init, Validate \u0026 Plan\n workingDirectory: ${{ parameters.TERRAFORM_PATH }}\n enabled: true\n env:\n TF_VAR_short: ${{ parameters.SHORTHAND_PROJECT_NAME }}\n TF_VAR_env: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n TF_VAR_loc: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n\n TF_VAR_TERRAFORM_STORAGE_RG_NAME: ${{ parameters.TERRAFORM_STORAGE_RG_NAME }}\n TF_VAR_TERRAFORM_STORAGE_ACCOUNT_NAME: ${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\n TF_VAR_TERRAFORM_BLOB_CONTAINER_NAME: ${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\n TF_VAR_TERRAFORM_STORAGE_KEY: ${{ parameters.TERRAFORM_STORAGE_KEY }}\n\n ARM_CLIENT_ID: ${{ parameters.AZURE_TARGET_CLIENT_ID }}\n ARM_CLIENT_SECRET: ${{ parameters.AZURE_TARGET_CLIENT_SECRET }}\n ARM_SUBSCRIPTION_ID: ${{ parameters.AZURE_TARGET_SUBSCRIPTION_ID }}\n ARM_TENANT_ID: ${{ parameters.AZURE_TARGET_TENANT_ID }}\n\n - pwsh: |\n pip3 install terraform-compliance ; `\n\n terraform-compliance -p pipeline.plan -f ${{ parameters.TERRAFORM_COMPLIANCE_PATH }}\n displayName: 'Terraform-Compliance Check'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: true\n enabled: true\n\n - pwsh: |\n if ($IsLinux)\n {\n brew install tfsec\n }\n elseif ($IsMacOS)\n {\n brew install tfsec\n }\n elseif ($IsWindows)\n {\n Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))\n choco install tfsec -y\n }\n tfsec . --force-all-dirs\n displayName: 'TFSEC Check'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n enabled: true\n\n - pwsh: |\n pip3 install checkov ; `\n\n terraform show -json pipeline.plan \u003e pipeline.plan.json ; `\n\n checkov -f pipeline.plan.json\n displayName: 'CheckOV Check'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n condition: eq('${{ parameters.CHECKOV_SKIP_TESTS }}', ' ')\n enabled: true\n\n - pwsh: |\n pip3 install checkov ; `\n\n terraform show -json pipeline.plan \u003e pipeline.plan.json ; `\n\n checkov -f pipeline.plan.json --skip-check ${{ parameters.CHECKOV_SKIP_TESTS }}\n displayName: 'CheckOV Check with Skipped Tests'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n condition: not(eq('${{ parameters.CHECKOV_SKIP_TESTS }}', ' '))\n enabled: true\n\n - ${{ if and(eq(parameters.TERRAFORM_DESTROY, false), eq(parameters.TERRAFORM_PLAN_ONLY, false)) }}:\n\n - pwsh: |\n New-Item -Path . -Name .terraform -ItemType \"Directory\" -Force ; `\n\n terraform init `\n -backend-config=\"storage_account_name=${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\" `\n -backend-config=\"container_name=${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\" `\n -backend-config=\"access_key=${{ parameters.TERRAFORM_STORAGE_KEY }}\" `\n -backend-config=\"key=${{ parameters.TERRAFORM_STATE_NAME }}\" ; `\n\n Write-Output \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" \u003e .terraform/environment ; `\n\n terraform workspace new \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n terraform workspace select \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n\n terraform validate ; `\n\n terraform plan -out pipeline.plan\n displayName: Terraform Init, Validate \u0026 Plan\n workingDirectory: ${{ parameters.TERRAFORM_PATH }}\n enabled: true\n env:\n TF_VAR_short: ${{ parameters.SHORTHAND_PROJECT_NAME }}\n TF_VAR_env: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n TF_VAR_loc: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n\n TF_VAR_TERRAFORM_STORAGE_RG_NAME: ${{ parameters.TERRAFORM_STORAGE_RG_NAME }}\n TF_VAR_TERRAFORM_STORAGE_ACCOUNT_NAME: ${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\n TF_VAR_TERRAFORM_BLOB_CONTAINER_NAME: ${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\n TF_VAR_TERRAFORM_STORAGE_KEY: ${{ parameters.TERRAFORM_STORAGE_KEY }}\n\n ARM_CLIENT_ID: ${{ parameters.AZURE_TARGET_CLIENT_ID }}\n ARM_CLIENT_SECRET: ${{ parameters.AZURE_TARGET_CLIENT_SECRET }}\n ARM_SUBSCRIPTION_ID: ${{ parameters.AZURE_TARGET_SUBSCRIPTION_ID }}\n ARM_TENANT_ID: ${{ parameters.AZURE_TARGET_TENANT_ID }}\n\n - pwsh: |\n pip3 install terraform-compliance ; `\n\n terraform-compliance -p pipeline.plan -f ${{ parameters.TERRAFORM_COMPLIANCE_PATH }}\n displayName: 'Terraform-Compliance Check'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: true\n enabled: true\n\n - pwsh: |\n if ($IsLinux)\n {\n brew install tfsec\n }\n elseif ($IsMacOS)\n {\n brew install tfsec\n }\n elseif ($IsWindows)\n {\n Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))\n choco install tfsec -y\n }\n tfsec . --force-all-dirs\n displayName: 'TFSEC Check'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n enabled: true\n\n - pwsh: |\n pip3 install checkov ; `\n\n terraform show -json pipeline.plan \u003e pipeline.plan.json ; `\n\n checkov -f pipeline.plan.json\n displayName: 'CheckOV Check'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n condition: eq('${{ parameters.CHECKOV_SKIP_TESTS }}', ' ')\n enabled: true\n\n - pwsh: |\n pip3 install checkov ; `\n\n terraform show -json pipeline.plan \u003e pipeline.plan.json ; `\n\n checkov -f pipeline.plan.json --skip-check ${{ parameters.CHECKOV_SKIP_TESTS }}\n displayName: 'CheckOV Check with Skipped Tests'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n condition: not(eq('${{ parameters.CHECKOV_SKIP_TESTS }}', ' '))\n enabled: true\n\n - pwsh: |\n New-Item -Path . -Name .terraform -ItemType \"Directory\" -Force ; `\n\n terraform init `\n -backend-config=\"storage_account_name=${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\" `\n -backend-config=\"container_name=${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\" `\n -backend-config=\"access_key=${{ parameters.TERRAFORM_STORAGE_KEY }}\" `\n -backend-config=\"key=${{ parameters.TERRAFORM_STATE_NAME }}\" ; `\n\n Write-Output \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" \u003e .terraform/environment ; `\n\n terraform workspace new \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n terraform workspace select \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n\n terraform validate ; `\n\n terraform plan -out pipeline.plan\n\n terraform apply pipeline.plan\n displayName: Terraform Init, Validate, Plan \u0026 Apply\n workingDirectory: ${{ parameters.TERRAFORM_PATH }}\n enabled: true\n env:\n TF_VAR_short: ${{ parameters.SHORTHAND_PROJECT_NAME }}\n TF_VAR_env: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n TF_VAR_loc: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n\n TF_VAR_TERRAFORM_STORAGE_RG_NAME: ${{ parameters.TERRAFORM_STORAGE_RG_NAME }}\n TF_VAR_TERRAFORM_STORAGE_ACCOUNT_NAME: ${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\n TF_VAR_TERRAFORM_BLOB_CONTAINER_NAME: ${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\n TF_VAR_TERRAFORM_STORAGE_KEY: ${{ parameters.TERRAFORM_STORAGE_KEY }}\n\n ARM_CLIENT_ID: ${{ parameters.AZURE_TARGET_CLIENT_ID }}\n ARM_CLIENT_SECRET: ${{ parameters.AZURE_TARGET_CLIENT_SECRET }}\n ARM_SUBSCRIPTION_ID: ${{ parameters.AZURE_TARGET_SUBSCRIPTION_ID }}\n ARM_TENANT_ID: ${{ parameters.AZURE_TARGET_TENANT_ID }}\n\n - ${{ if and(eq(parameters.TERRAFORM_DESTROY, true), eq(parameters.TERRAFORM_PLAN_ONLY, false)) }}:\n\n - pwsh: |\n New-Item -Path . -Name .terraform -ItemType \"Directory\" -Force ; `\n\n terraform init `\n -backend-config=\"storage_account_name=${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\" `\n -backend-config=\"container_name=${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\" `\n -backend-config=\"access_key=${{ parameters.TERRAFORM_STORAGE_KEY }}\" `\n -backend-config=\"key=${{ parameters.TERRAFORM_STATE_NAME }}\" ; `\n\n Write-Output \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" \u003e .terraform/environment ; `\n\n terraform workspace new \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n terraform workspace select \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n\n terraform validate ; `\n\n terraform plan -destroy -out pipeline.plan\n displayName: 'Terraform Init, Validate \u0026 Plan Destroy'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n enabled: true\n env:\n TF_VAR_short: ${{ parameters.SHORTHAND_PROJECT_NAME }}\n TF_VAR_env: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n TF_VAR_loc: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n\n TF_VAR_TERRAFORM_STORAGE_RG_NAME: ${{ parameters.TERRAFORM_STORAGE_RG_NAME }}\n TF_VAR_TERRAFORM_STORAGE_ACCOUNT_NAME: ${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\n TF_VAR_TERRAFORM_BLOB_CONTAINER_NAME: ${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\n TF_VAR_TERRAFORM_STORAGE_KEY: ${{ parameters.TERRAFORM_STORAGE_KEY }}\n\n ARM_CLIENT_ID: ${{ parameters.AZURE_TARGET_CLIENT_ID }}\n ARM_CLIENT_SECRET: ${{ parameters.AZURE_TARGET_CLIENT_SECRET }}\n ARM_SUBSCRIPTION_ID: ${{ parameters.AZURE_TARGET_SUBSCRIPTION_ID }}\n ARM_TENANT_ID: ${{ parameters.AZURE_TARGET_TENANT_ID }}\n\n - pwsh: |\n New-Item -Path . -Name .terraform -ItemType \"Directory\" -Force ; `\n\n terraform init `\n -backend-config=\"storage_account_name=${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\" `\n -backend-config=\"container_name=${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\" `\n -backend-config=\"access_key=${{ parameters.TERRAFORM_STORAGE_KEY }}\" `\n -backend-config=\"key=${{ parameters.TERRAFORM_STATE_NAME }}\" ; `\n\n Write-Output \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" \u003e .terraform/environment ; `\n\n terraform workspace new \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n terraform workspace select \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n\n terraform validate ; `\n\n terraform plan -destroy -out pipeline.plan\n\n terraform apply pipeline.plan\n displayName: 'Terraform Init, Validate, Plan and Apply Destroy'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n enabled: true\n env:\n TF_VAR_short: ${{ parameters.SHORTHAND_PROJECT_NAME }}\n TF_VAR_env: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n TF_VAR_loc: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n\n TF_VAR_TERRAFORM_STORAGE_RG_NAME: ${{ parameters.TERRAFORM_STORAGE_RG_NAME }}\n TF_VAR_TERRAFORM_STORAGE_ACCOUNT_NAME: ${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\n TF_VAR_TERRAFORM_BLOB_CONTAINER_NAME: ${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\n TF_VAR_TERRAFORM_STORAGE_KEY: ${{ parameters.TERRAFORM_STORAGE_KEY }}\n\n ARM_CLIENT_ID: ${{ parameters.AZURE_TARGET_CLIENT_ID }}\n ARM_CLIENT_SECRET: ${{ parameters.AZURE_TARGET_CLIENT_SECRET }}\n ARM_SUBSCRIPTION_ID: ${{ parameters.AZURE_TARGET_SUBSCRIPTION_ID }}\n ARM_TENANT_ID: ${{ parameters.AZURE_TARGET_TENANT_ID }}\n\n - ${{ if and(eq(parameters.TERRAFORM_DESTROY, true), eq(parameters.TERRAFORM_PLAN_ONLY, true)) }}:\n\n - pwsh: |\n New-Item -Path . -Name .terraform -ItemType \"Directory\" -Force ; `\n\n terraform init `\n -backend-config=\"storage_account_name=${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\" `\n -backend-config=\"container_name=${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\" `\n -backend-config=\"access_key=${{ parameters.TERRAFORM_STORAGE_KEY }}\" `\n -backend-config=\"key=${{ parameters.TERRAFORM_STATE_NAME }}\" ; `\n\n Write-Output \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" \u003e .terraform/environment ; `\n\n terraform workspace new \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n terraform workspace select \"${{ parameters.TERRAFORM_WORKSPACE_NAME }}\" ; `\n\n terraform validate ; `\n\n terraform plan -destroy -out pipeline.plan\n displayName: 'Terraform Init, Validate \u0026 Plan Destroy'\n workingDirectory: \"${{ parameters.TERRAFORM_PATH }}\"\n continueOnError: false\n enabled: true\n env:\n TF_VAR_short: ${{ parameters.SHORTHAND_PROJECT_NAME }}\n TF_VAR_env: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n TF_VAR_loc: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n\n TF_VAR_TERRAFORM_STORAGE_RG_NAME: ${{ parameters.TERRAFORM_STORAGE_RG_NAME }}\n TF_VAR_TERRAFORM_STORAGE_ACCOUNT_NAME: ${{ parameters.TERRAFORM_STORAGE_ACCOUNT_NAME }}\n TF_VAR_TERRAFORM_BLOB_CONTAINER_NAME: ${{ parameters.TERRAFORM_BLOB_CONTAINER_NAME }}\n TF_VAR_TERRAFORM_STORAGE_KEY: ${{ parameters.TERRAFORM_STORAGE_KEY }}\n\n ARM_CLIENT_ID: ${{ parameters.AZURE_TARGET_CLIENT_ID }}\n ARM_CLIENT_SECRET: ${{ parameters.AZURE_TARGET_CLIENT_SECRET }}\n ARM_SUBSCRIPTION_ID: ${{ parameters.AZURE_TARGET_SUBSCRIPTION_ID }}\n ARM_TENANT_ID: ${{ parameters.AZURE_TARGET_TENANT_ID }}\n\n```\n\n## Example Call of Template\n\n```yaml\n---\nname: $(Build.DefinitionName)-$(date:yyyyMMdd)$(rev:.r)\n\ntrigger: none\n\n# parameters are typed with defaults so they are correctly populated, you will get a choice in the GUI to edit these, but you should keep all changes as code.\nparameters:\n\n - name: SHORTHAND_ENVIRONMENT_NAME\n default: dev\n displayName: \"What is the shorthand name for this environment?\"\n type: string\n values:\n - dev\n - poc\n - mvp\n - tst\n - uat\n - ppd\n - prd\n\n - name: SHORTHAND_PROJECT_NAME\n type: string\n default: \"ldo\"\n displayName: \"Shorthand Project e.g. lbdo for libredevops\"\n\n - name: SHORTHAND_LOCATION_NAME\n type: string\n default: \"euw\"\n displayName: \"3 character location name, e.g., uks, ukw, euw\"\n\n - name: TERRAFORM_PATH\n type: string\n default: \"$(Build.SourcesDirectory)/azure-pipelines-module-development-build/terraform\"\n displayName: \"What is the path to your terraform code?\"\n\n - name: TERRAFORM_VERSION\n type: string\n default: \"1.1.7\"\n displayName: \"Which version of Terraform should be installed?\"\n\n - name: VARIABLE_GROUP_NAME\n type: string\n default: \"svp-kv-ldo-euw-dev-mgt-01\"\n displayName: \"Enter the variable group which contains your authentication information\"\n\n# This variable sets up a condition in the template, if set to true, it will run terraform plan -destroy instead of the normal plan\n - name: TERRAFORM_DESTROY\n default: false\n displayName: \"Check box to run a Destroy\"\n type: boolean\n \n - name: TERRAFORM_PLAN_ONLY\n default: true\n displayName: \"Check box to run plan ONLY and never run apply\"\n type: boolean\n\n - name: CHECKOV_SKIP_TESTS\n type: string\n default: ' '\n displayName: \"CheckOV tests to skip if comment skips don't work. All checks run if parameter is empty, empty by default\"\n\n# Declare variable group to pass variables to parameters, in this case, a libre-devops keyvault which is using a service principle for authentication\nvariables:\n - group: ${{ parameters.VARIABLE_GROUP_NAME }}\n\n# Sets what repos need cloned, for example, a library repo for modules and a poly-repo for target code\nresources:\n repositories:\n\n - repository: azure-naming-convention\n type: github\n endpoint: github_service_connection\n name: libre-devops/azure-naming-convention\n ref: main\n\n - repository: azure-pipelines-module-development-build\n type: github\n endpoint: github_service_connection\n name: libre-devops/azure-pipelines-module-development-build\n ref: dev\n\n# You may wish to use a separate or self-hosted agent per job, by default, all jobs will inherit stage agent\npool:\n name: Azure Pipelines\n vmImage: ubuntu-latest\n\n# Sets stage so that multiple stages can be used if needed, as it stands, only 1 stage is expected and is thus passed as a parameter\nstages:\n - stage: \"${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\"\n displayName: \"${{ parameters.SHORTHAND_ENVIRONMENT_NAME }} Stage\"\n jobs:\n - job: Terraform_Build\n workspace:\n clean: all\n displayName: Terraform Build\n steps:\n\n # Declare the repos needed from the resources list\n - checkout: self\n - checkout: azure-naming-convention\n\n # Remotely fetch pipeline template, in this case, I am using one in my development repo.\n - template: /templates/terraform-cicd-template.yml@azure-pipelines-module-development-build\n parameters:\n SHORTHAND_PROJECT_NAME: ${{ parameters.SHORTHAND_PROJECT_NAME }} # Parameters entered in YAML\n SHORTHAND_ENVIRONMENT_NAME: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n SHORTHAND_LOCATION_NAME: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n TERRAFORM_PATH: ${{ parameters.TERRAFORM_PATH }}\n TERRAFORM_VERSION: ${{ parameters.TERRAFORM_VERSION }}\n TERRAFORM_DESTROY: ${{ parameters.TERRAFORM_DESTROY }}\n TERRAFORM_PLAN_ONLY: ${{ parameters.TERRAFORM_PLAN_ONLY }}\n TERRAFORM_STORAGE_RG_NAME: $(SpokeSaRgName) # Key Vault variable\n TERRAFORM_STORAGE_ACCOUNT_NAME: $(SpokeSaName)\n TERRAFORM_BLOB_CONTAINER_NAME: $(SpokeSaBlobContainerName)\n TERRAFORM_STORAGE_KEY: $(SpokeSaPrimaryKey)\n TERRAFORM_STATE_NAME: \"${{ parameters.SHORTHAND_PROJECT_NAME }}-${{ parameters.SHORTHAND_LOCATION_NAME }}.terraform.tfstate\"\n TERRAFORM_WORKSPACE_NAME: $(System.StageName)\n TERRAFORM_COMPLIANCE_PATH: \"$(Build.SourcesDirectory)/azure-naming-convention/az-terraform-compliance-policy\"\n AZURE_TARGET_CLIENT_ID: $(SpokeSvpClientId)\n AZURE_TARGET_CLIENT_SECRET: $(SpokeSvpClientSecret)\n AZURE_TARGET_TENANT_ID: $(SpokeTenantId)\n AZURE_TARGET_SUBSCRIPTION_ID: $(SpokeSubID)\n CHECKOV_SKIP_TESTS: ${{ parameters.CHECKOV_SKIP_TESTS }}\n\n```\n\n# Use the main copy\n\nWant to use the copy held here rather than copying it locally? Try something like this\n\n```yaml\n---\nname: $(Build.DefinitionName)-$(date:yyyyMMdd)$(rev:.r)\n\ntrigger: none\n\n# parameters are typed with defaults so they are correctly populated, you will get a choice in the GUI to edit these, but you should keep all changes as code.\nparameters:\n\n - name: SHORTHAND_ENVIRONMENT_NAME\n default: dev\n displayName: \"What is the shorthand name for this environment?\"\n type: string\n values:\n - dev\n - poc\n - mvp\n - tst\n - uat\n - ppd\n - prd\n\n - name: SHORTHAND_PROJECT_NAME\n type: string\n default: \"ldo\"\n displayName: \"Shorthand Project e.g. lbdo for libredevops\"\n\n - name: SHORTHAND_LOCATION_NAME\n type: string\n default: \"euw\"\n displayName: \"3 character location name, e.g., uks, ukw, euw\"\n\n - name: TERRAFORM_PATH\n type: string\n default: \"$(Build.SourcesDirectory)/azure-pipelines-module-development-build/terraform\"\n displayName: \"What is the path to your terraform code?\"\n\n - name: TERRAFORM_VERSION\n type: string\n default: \"1.1.7\"\n displayName: \"Which version of Terraform should be installed?\"\n\n - name: VARIABLE_GROUP_NAME\n type: string\n default: \"svp-kv-ldo-euw-dev-mgt-01\"\n displayName: \"Enter the variable group which contains your authentication information\"\n\n# This variable sets up a condition in the template, if set to true, it will run terraform plan -destroy instead of the normal plan\n - name: TERRAFORM_DESTROY\n default: false\n displayName: \"Check box to run a Destroy\"\n type: boolean\n \n - name: TERRAFORM_PLAN_ONLY\n default: true\n displayName: \"Check box to run plan ONLY and never run apply\"\n type: boolean\n\n - name: CHECKOV_SKIP_TESTS\n type: string\n default: ' '\n displayName: \"CheckOV tests to skip if comment skips don't work. All checks run if parameter is empty, empty by default\"\n\n# Declare variable group to pass variables to parameters, in this case, a libre-devops keyvault which is using a service principle for authentication\nvariables:\n - group: ${{ parameters.VARIABLE_GROUP_NAME }}\n\n# Sets what repos need cloned, for example, a library repo for modules and a poly-repo for target code\nresources:\n repositories:\n\n - repository: azure-naming-convention\n type: github\n endpoint: github_service_connection\n name: libre-devops/azure-naming-convention\n ref: main\n\n - repository: azure-pipelines-module-development-build\n type: github\n endpoint: github_service_connection\n name: libre-devops/azure-pipelines-module-development-build\n ref: dev\n\n - repository: terraform-azdo-pipeline-template\n type: github\n endpoint: github_service_connection\n name: libre-devops/terraform-azdo-pipeline-template\n ref: main\n\n# You may wish to use a separate or self-hosted agent per job, by default, all jobs will inherit stage agent\npool:\n name: Azure Pipelines\n vmImage: ubuntu-latest\n\n# Sets stage so that multiple stages can be used if needed, as it stands, only 1 stage is expected and is thus passed as a parameter\nstages:\n - stage: \"${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\"\n displayName: \"${{ parameters.SHORTHAND_ENVIRONMENT_NAME }} Stage\"\n jobs:\n - job: Terraform_Build\n workspace:\n clean: all\n displayName: Terraform Build\n steps:\n\n # Declare the repos needed from the resources list\n - checkout: self\n - checkout: azure-naming-convention\n\n # Remotely fetch pipeline template, in this case, I am using one in my development repo.\n - template: /.azurepipelines/.templates/terraform-cicd-template.yml@terraform-azdo-pipeline-template\n parameters:\n SHORTHAND_PROJECT_NAME: ${{ parameters.SHORTHAND_PROJECT_NAME }} # Parameters entered in YAML\n SHORTHAND_ENVIRONMENT_NAME: ${{ parameters.SHORTHAND_ENVIRONMENT_NAME }}\n SHORTHAND_LOCATION_NAME: ${{ parameters.SHORTHAND_LOCATION_NAME }}\n TERRAFORM_PATH: ${{ parameters.TERRAFORM_PATH }}\n TERRAFORM_VERSION: ${{ parameters.TERRAFORM_VERSION }}\n TERRAFORM_DESTROY: ${{ parameters.TERRAFORM_DESTROY }}\n TERRAFORM_PLAN_ONLY: ${{ parameters.TERRAFORM_PLAN_ONLY }}\n TERRAFORM_STORAGE_RG_NAME: $(SpokeSaRgName) # Key Vault variable\n TERRAFORM_STORAGE_ACCOUNT_NAME: $(SpokeSaName)\n TERRAFORM_BLOB_CONTAINER_NAME: $(SpokeSaBlobContainerName)\n TERRAFORM_STORAGE_KEY: $(SpokeSaPrimaryKey)\n TERRAFORM_STATE_NAME: \"${{ parameters.SHORTHAND_PROJECT_NAME }}-${{ parameters.SHORTHAND_LOCATION_NAME }}.terraform.tfstate\"\n TERRAFORM_WORKSPACE_NAME: $(System.StageName)\n TERRAFORM_COMPLIANCE_PATH: \"$(Build.SourcesDirectory)/azure-naming-convention/az-terraform-compliance-policy\"\n AZURE_TARGET_CLIENT_ID: $(SpokeSvpClientId)\n AZURE_TARGET_CLIENT_SECRET: $(SpokeSvpClientSecret)\n AZURE_TARGET_TENANT_ID: $(SpokeTenantId)\n AZURE_TARGET_SUBSCRIPTION_ID: $(SpokeSubID)\n CHECKOV_SKIP_TESTS: ${{ parameters.CHECKOV_SKIP_TESTS }}\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibre-devops%2Fpulumi-azdo-pipeline-template","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flibre-devops%2Fpulumi-azdo-pipeline-template","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibre-devops%2Fpulumi-azdo-pipeline-template/lists"}