Skip to content

bordera-randy/devops-resources

BranchesTags

Repository files navigation

DevOps Resources

A template repository for Azure DevOps (ADO) pipelines running Terraform to manage Azure infrastructure.

Overview

This repository provides a ready-to-use template for infrastructure as code (IaC) workflows. It includes:

  • Azure DevOps pipeline definitions with reusable templates
  • Example Terraform configuration for Azure resources
  • Environment-specific configurations (dev/prod)
  • A modules directory for reusable Terraform components
  • Community standard files and best practices

Repository Structure

.
├── .editorconfig                        # Consistent editor formatting
├── .terraform-version                   # Terraform version for tfenv
├── pipelines/
│   ├── terraform-pipeline.yml           # Main pipeline (Terraform extension)
│   ├── terraform-cli-pipeline.yml       # Alternative pipeline (Terraform CLI)
│   ├── terraform-destroy-pipeline.yml   # Pipeline for destroying infrastructure
│   └── templates/
│       ├── terraform-install.yml        # Template: install Terraform
│       ├── terraform-init.yml           # Template: terraform init
│       ├── terraform-validate.yml       # Template: terraform validate
│       ├── terraform-plan.yml           # Template: terraform plan
│       ├── terraform-apply.yml          # Template: terraform apply
│       └── terraform-destroy.yml        # Template: terraform destroy
├── terraform/
│   ├── main.tf                          # Main resource definitions
│   ├── variables.tf                     # Input variables
│   ├── outputs.tf                       # Output values
│   ├── versions.tf                      # Terraform and provider versions
│   ├── terraform.tfvars.example         # Example variable values
│   ├── .tflint.hcl                      # TFLint configuration
│   ├── environments/
│   │   ├── dev/
│   │   │   ├── backend.tfvars           # Dev backend configuration
│   │   │   └── terraform.tfvars         # Dev variable values
│   │   └── prod/
│   │       ├── backend.tfvars           # Prod backend configuration
│   │       └── terraform.tfvars         # Prod variable values
│   └── modules/                         # Reusable Terraform modules
│       └── README.md
├── scripts/
│   └── setup-backend.sh                 # Helper: create backend storage
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONFIGURATION.md                     # Detailed setup guide
├── CONTRIBUTING.md
├── LICENSE
└── SECURITY.md

Pipelines

1. Terraform Pipeline (terraform-pipeline.yml)

The main pipeline using Azure DevOps Terraform extension tasks. This pipeline:

  • Validate Stage: Installs Terraform, initializes, and validates configuration
  • Plan Stage: Runs terraform plan to preview changes
  • Apply Stage: Applies changes to infrastructure (only on main branch)

Features:

  • Uses the official Terraform Azure DevOps extension
  • Supports remote state management with Azure Storage
  • Includes deployment approval gates through environments
  • Automatically triggers on changes to terraform files

2. Terraform CLI Pipeline (terraform-cli-pipeline.yml)

An alternative pipeline that uses Terraform CLI commands directly through bash scripts.

Features:

  • No Terraform extension required
  • More control over Terraform commands
  • Includes format checking
  • Publishes and downloads plan artifacts between stages
  • Uses Azure CLI task for authentication

3. Terraform Destroy Pipeline (terraform-destroy-pipeline.yml)

A manual pipeline for destroying infrastructure.

Features:

  • Manual trigger only (no automatic triggers)
  • Requires deployment environment approval
  • Uses the same backend configuration as the apply pipeline

Using This Template

  1. Click Use this template on GitHub (or fork/clone the repository).
  2. Update terraform/ with your own resource definitions.
  3. Configure environment-specific values in terraform/environments/.
  4. Set up your Azure DevOps pipelines using the YAML files in pipelines/.

See CONFIGURATION.md for a detailed setup guide.

Getting Started

Prerequisites

  1. Azure DevOps Account: Access to an Azure DevOps organization and project
  2. Azure Subscription: An Azure subscription for deploying resources
  3. Service Connection: An Azure Resource Manager service connection configured in Azure DevOps
  4. Backend Storage: An Azure Storage Account for storing Terraform state (optional but recommended)

Setup Instructions

1. Configure Backend Storage (Recommended)

Use the included helper script to create the Azure Storage backend:

./scripts/setup-backend.sh [resource_group] [storage_account] [container] [location]

# Example with defaults:
./scripts/setup-backend.sh

Or create the resources manually:

# Create resource group
az group create --name tfstate-rg --location eastus

# Create storage account
az storage account create \
  --name tfstatestorage \
  --resource-group tfstate-rg \
  --location eastus \
  --sku Standard_LRS

# Create container
az storage container create \
  --name tfstate \
  --account-name tfstatestorage

2. Configure Service Connection

  1. In Azure DevOps, go to Project Settings → Service connections
  2. Create a new Azure Resource Manager service connection
  3. Note the service connection name

3. Configure Pipeline Variables

Update the following variables in the pipeline files or create a variable group:

  • azureServiceConnection: Name of your Azure service connection
  • backendResourceGroupName: Resource group containing the state storage
  • backendStorageAccountName: Storage account name for state
  • backendContainerName: Container name in the storage account
  • backendKey: Name of the state file

For the CLI pipeline, you may also need to set:

  • ARM_CLIENT_ID
  • ARM_CLIENT_SECRET
  • ARM_SUBSCRIPTION_ID
  • ARM_TENANT_ID

4. Configure Terraform Variables

  1. Copy terraform/terraform.tfvars.example to terraform/terraform.tfvars
  2. Update values according to your requirements
  3. Ensure terraform.tfvars is not committed (it's in .gitignore)

Alternatively, set variables in Azure DevOps pipeline variables.

5. Create the Pipeline

  1. In Azure DevOps, go to Pipelines → New Pipeline
  2. Select your repository
  3. Choose "Existing Azure Pipelines YAML file"
  4. Select the pipeline file you want to use:
    • pipelines/terraform-pipeline.yml (recommended)
    • pipelines/terraform-cli-pipeline.yml (alternative)
    • pipelines/terraform-destroy-pipeline.yml (for destroying resources)

6. Create Environments (Optional but Recommended)

For deployment approvals:

  1. Go to Pipelines → Environments
  2. Create a new environment named "production"
  3. Add approvals and checks as needed

Pipeline Workflows

Standard Deployment Workflow

  1. Developer pushes code to a feature branch
  2. Validate stage runs automatically:
    • Installs Terraform
    • Initializes configuration (without backend)
    • Validates syntax
  3. Plan stage runs on successful validation:
    • Initializes with backend
    • Generates execution plan
  4. Apply stage runs only on main branch:
    • Requires environment approval
    • Applies the planned changes

Destroy Workflow

  1. Manually trigger the destroy pipeline
  2. Environment approval required
  3. Destroy stage runs:
    • Initializes Terraform
    • Destroys all managed infrastructure

Terraform Configuration

The example Terraform configuration creates:

  • Azure Resource Group: Container for resources
  • Azure Storage Account: Example storage resource

Customizing the Configuration

Edit the files in the terraform/ directory:

  • main.tf: Add or modify resources
  • variables.tf: Add new variables
  • outputs.tf: Add outputs to display after deployment
  • versions.tf: Update Terraform or provider version constraints

Use environment-specific configurations in terraform/environments/ and place reusable components in terraform/modules/. See the respective README files for details.

Best Practices

  1. Use Remote State: Store Terraform state in Azure Storage for team collaboration
  2. Separate Environments: Use different backends/workspaces for dev/staging/prod
  3. Plan Before Apply: Always review the plan before applying changes
  4. Use Variable Files: Keep sensitive data out of version control
  5. Implement Approvals: Use Azure DevOps environments for production deployments
  6. Version Lock: Pin Terraform and provider versions for consistency
  7. Automated Validation: Run validate and format checks on every commit

Troubleshooting

Common Issues

Issue: Terraform state locked

  • Solution: Check if another pipeline is running. If stuck, manually unlock using Azure Portal or CLI

Issue: Authentication failed

  • Solution: Verify service connection has proper permissions on the subscription and state storage

Issue: Backend configuration error

  • Solution: Ensure backend storage account and container exist and are accessible

Security Considerations

  • Store sensitive variables in Azure DevOps variable groups marked as secret
  • Use service principals with minimum required permissions
  • Enable soft delete on state storage accounts
  • Implement branch policies requiring review before merging to main
  • Use deployment approvals for production environments

Contributing

Contributions are welcome! Please read CONTRIBUTING.md for guidelines.

License

This project is licensed under the MIT License. See LICENSE for details.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages