geertvl/deploy.yml

## deploy.yml
parameters:
- name: landingZone
- name: environment
- name: dependantEnvironment
  default: Package

stages:
- stage: ${{ parameters.environment }}
  displayName: "Deploy to ${{ parameters.environment }}"
  dependsOn:
  - Package
  - '${{ parameters.dependantEnvironment}}'
  variables:
  - template: "../variables/environment.yml"
    parameters:
      landingZone: ${{ parameters.landingZone }}
      environment: ${{ parameters.environment }}
  condition: and(succeeded('Package'), succeeded('${{ parameters.dependantEnvironment}}'), or( eq(variables.isHotfix, False), not(or(eq('${{ parameters.environment }}', 'tst'), eq('${{ parameters.environment }}', 'dev')))))
  jobs:
  - job: DeployTerraform
    displayName: Deploy Terraform
    continueOnError: false
    steps:
      - download: current
        artifact: "Infrastructure"
        displayName: "Downloading infrastructure artifacts"
      - task: Bash@3
        displayName: Install Terraform
        inputs:
          targetType: 'inline'
          script: |
            if ! command -v terraform &> /dev/null
            then
              wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
              echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
              sudo apt update && sudo apt install terraform
            fi
      - task: AzureCLI@2
        displayName: Init Terraform
        inputs:
          azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
          scriptType: 'pscore'
          scriptLocation: 'inlineScript'
          inlineScript: |
            $subscriptionId = az account show --query "id" -o tsv
            $storRgName = "rg-tepautomation-nonprd-weeu-01"
            $storName = "sttfdevweeu01"
            $key = az storage account keys list --subscription $subscriptionId -g $storRgName -n $storName --query "[0].value" -o tsv
            Write-Host $key
            terraform init -backend-config="access_key=$key"
          WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"

      - task: AzureCLI@2
        displayName: Terraform Validate
        inputs:
          azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
          scriptType: 'pscore'
          scriptLocation: 'inlineScript'
          inlineScript: |
            terraform validate
          WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"

      - task: AzureCLI@2
        displayName: Terraform Plan
        inputs:
          azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
          scriptType: 'pscore'
          scriptLocation: 'inlineScript'
          inlineScript: |
            terraform plan -input=false -out=tfplan `
              -var="spn-client-id=$($env:servicePrincipalId)" `
              -var="spn-client-secret=$($env:servicePrincipalKey)" `
              -var="spn-tenant-id=$($env:tenantId)"
          addSpnToEnvironment: true
          WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"
      - task: AzureCLI@2
        displayName: Terraform Apply
        inputs:
          azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
          scriptType: 'pscore'
          scriptLocation: 'inlineScript'
          inlineScript: |
            terraform apply -auto-approve -input=false tfplan
          WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"

## main.tf
variable "spn-client-id" {
  type=string
}

variable "spn-client-secret" {
  type=string
}

variable "spn-tenant-id" {
  type=string
}

variable "location" {
  type=string
  default = "westeurope"
}

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
    }
  }
  backend "azurerm" {
    storage_account_name = "sttfdevweeu01"
    container_name = "tfstate"
    key = "dev.terraform.tfstate"
  }
}

provider "azurerm" {
  features {}

  tenant_id = var.spn-tenant-id
  client_id = var.spn-client-id
  subscription_id = "9afd60b1-9f45-4d70-9ebf-cd800f0c9237"
  client_secret = var.spn-client-secret
}

resource "azurerm_resource_group" "default" {
  name = "rg-10821-dev-weeu-01"
  location = var.location

  tags = {
    ApplicationID = "10821"
    CostCenter = "CoE Infrastructure"
    FunctionalEnvironment = "nonprd"
    ApplicationName = "it-iotsctrl01"
    ApplicationOwner = "fpaulet@delhaize.be"
    ProjectCode = "BZ002199"
    WBS = "n/a"
  }
}
	parameters:
	- name: landingZone
	- name: environment
	- name: dependantEnvironment
	default: Package

	stages:
	- stage: ${{ parameters.environment }}
	displayName: "Deploy to ${{ parameters.environment }}"
	dependsOn:
	- Package
	- '${{ parameters.dependantEnvironment}}'
	variables:
	- template: "../variables/environment.yml"
	parameters:
	landingZone: ${{ parameters.landingZone }}
	environment: ${{ parameters.environment }}
	condition: and(succeeded('Package'), succeeded('${{ parameters.dependantEnvironment}}'), or( eq(variables.isHotfix, False), not(or(eq('${{ parameters.environment }}', 'tst'), eq('${{ parameters.environment }}', 'dev')))))
	jobs:
	- job: DeployTerraform
	displayName: Deploy Terraform
	continueOnError: false
	steps:
	- download: current
	artifact: "Infrastructure"
	displayName: "Downloading infrastructure artifacts"
	- task: Bash@3
	displayName: Install Terraform
	inputs:
	targetType: 'inline'
	script: \|
	if ! command -v terraform &> /dev/null
	then
	wget -O- https://apt.releases.hashicorp.com/gpg \| gpg --dearmor \| sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
	echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \| sudo tee /etc/apt/sources.list.d/hashicorp.list
	sudo apt update && sudo apt install terraform
	fi
	- task: AzureCLI@2
	displayName: Init Terraform
	inputs:
	azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
	scriptType: 'pscore'
	scriptLocation: 'inlineScript'
	inlineScript: \|
	$subscriptionId = az account show --query "id" -o tsv
	$storRgName = "rg-tepautomation-nonprd-weeu-01"
	$storName = "sttfdevweeu01"
	$key = az storage account keys list --subscription $subscriptionId -g $storRgName -n $storName --query "[0].value" -o tsv
	Write-Host $key
	terraform init -backend-config="access_key=$key"
	WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"

	- task: AzureCLI@2
	displayName: Terraform Validate
	inputs:
	azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
	scriptType: 'pscore'
	scriptLocation: 'inlineScript'
	inlineScript: \|
	terraform validate
	WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"

	- task: AzureCLI@2
	displayName: Terraform Plan
	inputs:
	azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
	scriptType: 'pscore'
	scriptLocation: 'inlineScript'
	inlineScript: \|
	terraform plan -input=false -out=tfplan `
	-var="spn-client-id=$($env:servicePrincipalId)" `
	-var="spn-client-secret=$($env:servicePrincipalKey)" `
	-var="spn-tenant-id=$($env:tenantId)"
	addSpnToEnvironment: true
	WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"
	- task: AzureCLI@2
	displayName: Terraform Apply
	inputs:
	azureSubscription: 'sub-becse-nonprd-dll-it-iotsctrl01'
	scriptType: 'pscore'
	scriptLocation: 'inlineScript'
	inlineScript: \|
	terraform apply -auto-approve -input=false tfplan
	WorkingDirectory: "$(Pipeline.Workspace)/Infrastructure"
	variable "spn-client-id" {
	type=string
	}

	variable "spn-client-secret" {
	type=string
	}

	variable "spn-tenant-id" {
	type=string
	}

	variable "location" {
	type=string
	default = "westeurope"
	}

	terraform {
	required_providers {
	azurerm = {
	source = "hashicorp/azurerm"
	}
	}
	backend "azurerm" {
	storage_account_name = "sttfdevweeu01"
	container_name = "tfstate"
	key = "dev.terraform.tfstate"
	}
	}

	provider "azurerm" {
	features {}

	tenant_id = var.spn-tenant-id
	client_id = var.spn-client-id
	subscription_id = "9afd60b1-9f45-4d70-9ebf-cd800f0c9237"
	client_secret = var.spn-client-secret
	}

	resource "azurerm_resource_group" "default" {
	name = "rg-10821-dev-weeu-01"
	location = var.location

	tags = {
	ApplicationID = "10821"
	CostCenter = "CoE Infrastructure"
	FunctionalEnvironment = "nonprd"
	ApplicationName = "it-iotsctrl01"
	ApplicationOwner = "fpaulet@delhaize.be"
	ProjectCode = "BZ002199"
	WBS = "n/a"
	}
	}