From 5d3c2ea53dc3cbc15cb141c249d1c574d909605e Mon Sep 17 00:00:00 2001 From: Julie Ng Date: Fri, 20 Nov 2020 16:18:44 +0100 Subject: [PATCH] pipeline(detect-drift): check nightly for configuration drift --- azure-pipelines/detect-drift.yaml | 53 +++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 azure-pipelines/detect-drift.yaml diff --git a/azure-pipelines/detect-drift.yaml b/azure-pipelines/detect-drift.yaml new file mode 100644 index 0000000..0aefda6 --- /dev/null +++ b/azure-pipelines/detect-drift.yaml @@ -0,0 +1,53 @@ +# Build numbering format +name: $(BuildID) + +pool: + vmImage: 'ubuntu-18.04' + +trigger: none + +pr: none + +schedules: + - cron: "0 0 * * *" + displayName: Daily midnight build + always: true + branches: + include: + - release + +variables: + - group: e2e-gov-demo-kv + +steps: +- bash: terraform version + displayName: Terraform - Vsersion + +- bash: | + terraform validate + terraform fmt -check + displayName: Terraform - Validate and Lint + +- bash: | + terraform init \ + -backend-config="storage_account_name=$TF_STATE_BLOB_ACCOUNT_NAME" \ + -backend-config="container_name=$TF_STATE_BLOB_CONTAINER_NAME" \ + -backend-config="key=$TF_STATE_BLOB_FILE" \ + -backend-config="sas_token=$TF_STATE_BLOB_SAS_TOKEN" + displayName: Terraform - Init + env: + TF_STATE_BLOB_ACCOUNT_NAME: $(kv-tf-state-blob-account) + TF_STATE_BLOB_CONTAINER_NAME: $(kv-tf-state-blob-container) + TF_STATE_BLOB_FILE: $(kv-tf-state-blob-file) + TF_STATE_BLOB_SAS_TOKEN: $(kv-tf-state-sas-token) + +- bash: terraform plan -detailed-exitcode -var superadmins_aad_object_id=$AAD_SUPERADMINS_GROUP_ID + displayName: Terraform - Detect configuration drift + env: + ARM_SUBSCRIPTION_ID: $(kv-arm-subscription-id) + ARM_CLIENT_ID: $(kv-arm-client-id) + ARM_CLIENT_SECRET: $(kv-arm-client-secret) + ARM_TENANT_ID: $(kv-arm-tenant-id) + AZDO_ORG_SERVICE_URL: $(kv-azure-devops-org-url) + AZDO_PERSONAL_ACCESS_TOKEN: $(kv-azure-devops-pat) + AAD_SUPERADMINS_GROUP_ID: $(kv-aad-superadmins-group-id)