* import existing pipeline changes
* try refactoring steps, splitting plan and apply permissions
* refactor more
* fix syntax
* fix tf apply step
* ci: use ubuntu-latest
* more cleanup, remove unused code
* cd: add prod stage
* relative paths, adjust PR
* pr-syntax: adjust, test later
* feat: add makefile with all local tf commands
* chore: use main branch again
This code needs to be on `main` or `production` branch to be properly tested.
* cd-pipeline: try fix, move vars to stage, debug vars
* drift-pipeline: debug why key vaults (var groups) are not being loaded
* drift-pipeilne: confirm if key vault loaded
* drift-pipeline: exit 1 if key vault check fails
* pipelines: more debugging code
* pipeline(drift-detection): scheduled run does not comment on PR
* temp: enable drift pipeline for this fix/ branch
* pipeline-vars: remove unused/broken
* pipeline(drift): rename step appropriately
* pipeline: remove temp testing code
* drift-pipeline: do not run scheduled version for PRs
* chore(deps): update terraform providers
* fix(terraform): backend type azurerm must be set. -backend-config is for key/val pairs only
* docs(terraform): update AAD permissions requirements
* feat(pipeline): config depending on branch name aka environment
* pipeline: rename comment stage
* pipeline: also need to set env for pull requests
* pipeline-vars: branch names start with refs/heads
* pipeline: more debugging
* pipeline: fix typo
* pipelines: debug built in variables too
* pipeline: try again after re-configuring git branch protection
* pipelines: completely refactor since PR target branch var not available for GitHub Repos
* stage(detect-draft): remove debugging conditionals
* drift: fix pipeline output filename
* pipelines: pr-only for PR pipelines
* pipeline(ci): ignore docs changes
* pipelines: errors if state file locked
* docs(pipelines): update
- key-vault: use RBAC authZ, which has since GA'd
- service connections are set directly from terraform
instead of indirectly via key vault because:
- terraform released 'sensitive=true' feature for outputs
- key vault RBAC propagation can take up to 10 minutes,
which breaks terraform runs
microsoft-github-policy-service[bot]
Julie Ng