jamesrcounts/azure-create-terraform-backend.sh

## azure-create-terraform-backend.sh
#!/usr/bin/env bash
set -euo pipefail

ID=$(uuidgen)
LOCATION=westus
RG=terraformrg

# Create unique name for storage account
STORAGE_ACCOUNT=$(echo "terraform-${ID}" | tr '[:upper:]' '[:lower:]' | sed 's/-//g' | cut -c1-24)

# Create Resource Group for Backend Storage
az group create \
  --location ${LOCATION} \
  --name ${RG}

# Create Geo-Redundant Storage Account
az storage account create \
  --kind StorageV2 \
  --location ${LOCATION} \
  --name "${STORAGE_ACCOUNT}" \
  --resource-group ${RG}  \
  --sku Standard_GRS

# Enable blob soft-deletes
az storage blob service-properties delete-policy update \
  --account-name "${STORAGE_ACCOUNT}" \
  --days-retained 365 \
  --enable true

# Create storage container
az storage container create \
  --account-name "${STORAGE_ACCOUNT}" \
  --name terraform

## azure-pipelines.complete.yaml
name: 0.1.$(Rev:r)

trigger:
  batch: true
  branches:
    include:
      - master

variables:
  - name: terraform_download_sha
    value: 43806e68f7af396449dd4577c6e5cb63c6dc4a253ae233e1dddc46cf423d808b
  - name: terraform_version
    value: 0.12.8
  - name: tf_in_automation
    value: true

stages:
  - stage: Build
    jobs:
      - job: Build

        pool:
          vmImage: 'ubuntu-latest'

        steps:
          - checkout: self
            fetchDepth: 1

          - task: Bash@3
            inputs:
              filePath: './scripts/terraform-download.sh'
            displayName: 'Terraform Download'

          - task: AzureCLI@1
            inputs:
              azureSubscription: 'Azure MSDN'
              scriptLocation: 'scriptPath'
              scriptPath: './scripts/environment-setup.sh'
              addSpnToEnvironment: true
              failOnStandardError: true
            displayName: 'Environment Setup'

          - task: Bash@3
            inputs:
              filePath: './scripts/terraform-init.sh'
              arguments: '$(Build.SourcesDirectory)'
              failOnStderr: true
            env:
              ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
              ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
              ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
              ARM_TENANT_ID: $(AZURE_TENANT_ID)
            displayName: 'Terraform Init'

          - task: Bash@3
            inputs:
              filePath: './scripts/terraform-plan.sh'
              arguments: '$(Build.SourcesDirectory)'
              failOnStderr: true
            env:
              ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
              ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
              ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
              ARM_TENANT_ID: $(AZURE_TENANT_ID)
            displayName: 'Terraform Plan'

          - task: ArchiveFiles@2
            inputs:
              rootFolderOrFile: '$(Build.SourcesDirectory)'
              includeRootFolder: false
              archiveType: 'tar'
              tarCompression: 'gz'
              archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).tgz'
              replaceExistingArchive: true
            displayName: 'Create Plan Artifact'

          - task: PublishBuildArtifacts@1
            inputs:
              PathtoPublish: '$(Build.ArtifactStagingDirectory)'
              ArtifactName: 'drop'
              publishLocation: 'Container'
            displayName: 'Publish Plan Artifact'

  - stage: Deploy
    jobs:
      - deployment: DeployDev
        displayName: 'Dev Environment Deployment'
        pool:
          vmImage: 'ubuntu-latest'
        environment: 'dev'
        strategy:
          runOnce:
            deploy:
              steps:
                - checkout: none

                - task: DownloadBuildArtifacts@0
                  inputs:
                    artifactName: 'drop'
                  displayName: 'Download Plan Artifact'

                - task: ExtractFiles@1
                  inputs:
                    archiveFilePatterns: '$(System.ArtifactsDirectory)/drop/$(Build.BuildId).tgz'
                    destinationFolder: '$(System.DefaultWorkingDirectory)/'
                    cleanDestinationFolder: false
                  displayName: 'Extract Plan Artifact'

                - task: Bash@3
                  inputs:
                    filePath: './scripts/terraform-download.sh'
                  displayName: 'Terraform Download'

                - task: AzureCLI@1
                  inputs:
                    azureSubscription: 'Azure MSDN'
                    scriptLocation: 'scriptPath'
                    scriptPath: './scripts/environment-setup.sh'
                    addSpnToEnvironment: true
                    failOnStandardError: true
                  displayName: 'Environment Setup'

                - task: Bash@3
                  inputs:
                    filePath: './scripts/terraform-apply.sh'
                    arguments: '$(Build.SourcesDirectory)'
                    failOnStderr: true
                  env:
                    ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
                    ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
                    ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
                    ARM_TENANT_ID: $(AZURE_TENANT_ID)
                  displayName: 'Terraform Apply'

## azure-pipelines.yaml
name: 0.1.$(Rev:r)

trigger:
  batch: true
  branches:
    include:
      - master

variables:
  - name: terraform_download_sha
    value: 43806e68f7af396449dd4577c6e5cb63c6dc4a253ae233e1dddc46cf423d808b
  - name: terraform_version
    value: 0.12.8
  - name: tf_in_automation
    value: true

stages:
  - stage: Build
    jobs:
      - job: Build

        pool:
          vmImage: 'ubuntu-latest'

        steps:
          - checkout: self
            fetchDepth: 1

          - task: Bash@3
            inputs:
              filePath: './scripts/terraform-download.sh'
            displayName: 'Terraform Download'

          - task: AzureCLI@1
            inputs:
              azureSubscription: 'Azure MSDN'
              scriptLocation: 'scriptPath'
              scriptPath: './scripts/environment-setup.sh'
              addSpnToEnvironment: true
              failOnStandardError: true
            displayName: 'Environment Setup'

          - task: Bash@3
            inputs:
              filePath: './scripts/terraform-init.sh'
              arguments: '$(Build.SourcesDirectory)'
              failOnStderr: true
            env:
              ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
              ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
              ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
              ARM_TENANT_ID: $(AZURE_TENANT_ID)
            displayName: 'Terraform Init'

          - task: Bash@3
            inputs:
              filePath: './scripts/terraform-plan.sh'
              arguments: '$(Build.SourcesDirectory)'
              failOnStderr: true
            env:
              ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
              ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
              ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
              ARM_TENANT_ID: $(AZURE_TENANT_ID)
            displayName: 'Terraform Plan'

          - task: ArchiveFiles@2
            inputs:
              rootFolderOrFile: '$(Build.SourcesDirectory)'
              includeRootFolder: false
              archiveType: 'tar'
              tarCompression: 'gz'
              archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).tgz'
              replaceExistingArchive: true
            displayName: 'Create Plan Artifact'

          - task: PublishBuildArtifacts@1
            inputs:
              PathtoPublish: '$(Build.ArtifactStagingDirectory)'
              ArtifactName: 'drop'
              publishLocation: 'Container'
            displayName: 'Publish Plan Artifact'

## environment-setup.sh
#!/usr/bin/env bash
set -euo pipefail

echo "##vso[task.setvariable variable=AZURE_CLIENT_ID;issecret=true]${servicePrincipalId}"
echo "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]${servicePrincipalKey}"
echo "##vso[task.setvariable variable=AZURE_SUBSCRIPTION_ID;issecret=true]$(az account show --query 'id' -o tsv)"
echo "##vso[task.setvariable variable=AZURE_TENANT_ID;issecret=true]${tenantId}"

## terraform-apply.sh
#!/usr/bin/env bash
set -euo pipefail

WORKING_DIRECTORY=${1}
cd ${WORKING_DIRECTORY}

terraform apply -input=false ${BUILD_BUILDNUMBER}.tfplan

## terraform-backend.tf
terraform {
  required_version = ">= 0.12"
  backend "azurerm" {
    resource_group_name  = "terraformrg"
    storage_account_name = "terraformde3fb0d9c9a7413"
    container_name       = "terraform"
    key                  = "terraform-getting-started.tfstate"
  }
}

## terraform-download.sh
#!/usr/bin/env bash
set -euo pipefail

curl -SL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" --output terraform.zip
echo "${TERRAFORM_DOWNLOAD_SHA} terraform.zip" | sha256sum -c -
unzip "terraform.zip"
sudo mv terraform /usr/local/bin
terraform --version
rm terraform.zip

## terraform-init.sh
#!/usr/bin/env bash
set -euo pipefail

WORKING_DIRECTORY=${1}
cd ${WORKING_DIRECTORY}

terraform init -input=false

## terraform-plan.sh
#!/usr/bin/env bash
set -euo pipefail

WORKING_DIRECTORY=${1}
cd ${WORKING_DIRECTORY}

terraform plan -input=false -out ${BUILD_BUILDNUMBER}.tfplan
	#!/usr/bin/env bash
	set -euo pipefail

	ID=$(uuidgen)
	LOCATION=westus
	RG=terraformrg

	# Create unique name for storage account
	STORAGE_ACCOUNT=$(echo "terraform-${ID}" \| tr '[:upper:]' '[:lower:]' \| sed 's/-//g' \| cut -c1-24)

	# Create Resource Group for Backend Storage
	az group create \
	--location ${LOCATION} \
	--name ${RG}

	# Create Geo-Redundant Storage Account
	az storage account create \
	--kind StorageV2 \
	--location ${LOCATION} \
	--name "${STORAGE_ACCOUNT}" \
	--resource-group ${RG} \
	--sku Standard_GRS

	# Enable blob soft-deletes
	az storage blob service-properties delete-policy update \
	--account-name "${STORAGE_ACCOUNT}" \
	--days-retained 365 \
	--enable true

	# Create storage container
	az storage container create \
	--account-name "${STORAGE_ACCOUNT}" \
	--name terraform
	name: 0.1.$(Rev:r)

	trigger:
	batch: true
	branches:
	include:
	- master

	variables:
	- name: terraform_download_sha
	value: 43806e68f7af396449dd4577c6e5cb63c6dc4a253ae233e1dddc46cf423d808b
	- name: terraform_version
	value: 0.12.8
	- name: tf_in_automation
	value: true

	stages:
	- stage: Build
	jobs:
	- job: Build

	pool:
	vmImage: 'ubuntu-latest'

	steps:
	- checkout: self
	fetchDepth: 1

	- task: Bash@3
	inputs:
	filePath: './scripts/terraform-download.sh'
	displayName: 'Terraform Download'

	- task: AzureCLI@1
	inputs:
	azureSubscription: 'Azure MSDN'
	scriptLocation: 'scriptPath'
	scriptPath: './scripts/environment-setup.sh'
	addSpnToEnvironment: true
	failOnStandardError: true
	displayName: 'Environment Setup'

	- task: Bash@3
	inputs:
	filePath: './scripts/terraform-init.sh'
	arguments: '$(Build.SourcesDirectory)'
	failOnStderr: true
	env:
	ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
	ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
	ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
	ARM_TENANT_ID: $(AZURE_TENANT_ID)
	displayName: 'Terraform Init'

	- task: Bash@3
	inputs:
	filePath: './scripts/terraform-plan.sh'
	arguments: '$(Build.SourcesDirectory)'
	failOnStderr: true
	env:
	ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
	ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
	ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
	ARM_TENANT_ID: $(AZURE_TENANT_ID)
	displayName: 'Terraform Plan'

	- task: ArchiveFiles@2
	inputs:
	rootFolderOrFile: '$(Build.SourcesDirectory)'
	includeRootFolder: false
	archiveType: 'tar'
	tarCompression: 'gz'
	archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).tgz'
	replaceExistingArchive: true
	displayName: 'Create Plan Artifact'

	- task: PublishBuildArtifacts@1
	inputs:
	PathtoPublish: '$(Build.ArtifactStagingDirectory)'
	ArtifactName: 'drop'
	publishLocation: 'Container'
	displayName: 'Publish Plan Artifact'

	- stage: Deploy
	jobs:
	- deployment: DeployDev
	displayName: 'Dev Environment Deployment'
	pool:
	vmImage: 'ubuntu-latest'
	environment: 'dev'
	strategy:
	runOnce:
	deploy:
	steps:
	- checkout: none

	- task: DownloadBuildArtifacts@0
	inputs:
	artifactName: 'drop'
	displayName: 'Download Plan Artifact'

	- task: ExtractFiles@1
	inputs:
	archiveFilePatterns: '$(System.ArtifactsDirectory)/drop/$(Build.BuildId).tgz'
	destinationFolder: '$(System.DefaultWorkingDirectory)/'
	cleanDestinationFolder: false
	displayName: 'Extract Plan Artifact'

	- task: Bash@3
	inputs:
	filePath: './scripts/terraform-download.sh'
	displayName: 'Terraform Download'

	- task: AzureCLI@1
	inputs:
	azureSubscription: 'Azure MSDN'
	scriptLocation: 'scriptPath'
	scriptPath: './scripts/environment-setup.sh'
	addSpnToEnvironment: true
	failOnStandardError: true
	displayName: 'Environment Setup'

	- task: Bash@3
	inputs:
	filePath: './scripts/terraform-apply.sh'
	arguments: '$(Build.SourcesDirectory)'
	failOnStderr: true
	env:
	ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
	ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
	ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
	ARM_TENANT_ID: $(AZURE_TENANT_ID)
	displayName: 'Terraform Apply'
	#!/usr/bin/env bash
	set -euo pipefail

	echo "##vso[task.setvariable variable=AZURE_CLIENT_ID;issecret=true]${servicePrincipalId}"
	echo "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]${servicePrincipalKey}"
	echo "##vso[task.setvariable variable=AZURE_SUBSCRIPTION_ID;issecret=true]$(az account show --query 'id' -o tsv)"
	echo "##vso[task.setvariable variable=AZURE_TENANT_ID;issecret=true]${tenantId}"
	#!/usr/bin/env bash
	set -euo pipefail

	WORKING_DIRECTORY=${1}
	cd ${WORKING_DIRECTORY}

	terraform apply -input=false ${BUILD_BUILDNUMBER}.tfplan
	terraform {
	required_version = ">= 0.12"
	backend "azurerm" {
	resource_group_name = "terraformrg"
	storage_account_name = "terraformde3fb0d9c9a7413"
	container_name = "terraform"
	key = "terraform-getting-started.tfstate"
	}
	}
	#!/usr/bin/env bash
	set -euo pipefail

	curl -SL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" --output terraform.zip
	echo "${TERRAFORM_DOWNLOAD_SHA} terraform.zip" \| sha256sum -c -
	unzip "terraform.zip"
	sudo mv terraform /usr/local/bin
	terraform --version
	rm terraform.zip