Terraspace + Azure DevOPS Pipeline - YAML template example

Hi,

Sharing my experience with Azure DevOPS (ADO) Pipeline with the community, hoping it will help anyone like me using Azure Pipeline for CI/CD
(When you create a new repo on Azure Repos to put your terraspace project on it, do no request to generate the .gitignore file for Terraform type. Use the .gitignore generated by terraspace as the one from ADO will exclude *.tfvars file (I wasted a day because my terraspace layering didn’t find my tfvars :man_facepalming: )

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- test_terraspace_install_pipeline
pool:
  vmImage: ubuntu-latest

steps:
# Install the Terraform ADO extension from MS DevLab
# https://marketplace.visualstudio.com/items?itemName=ms-devlabs.custom-terraform-tasks
# I like this way as it's cleaner and cross-platform (even Terraspace does not work on Windows machine (yet :)?)
- task: TerraformInstaller@0
  inputs:
    terraformVersion: 'latest'

# Set Ruby to >3 as recommended for Terraspace otherwise it will use Ruby 2.7
- task: UseRubyVersion@0
  inputs:
    versionSpec: '>= 3.1'

- script: |
    bundle install
  displayName: 'bundle install'

# Set SSH key to access a private repo in Azure Repos set in my Terrafile file
# More info here: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/install-ssh-key?view=azure-devops#open-source
- task: InstallSSHKey@0
   inputs:
     knownHostsEntry: 'ssh.dev.azure.com ssh-rsa xxxxxxxxxxxxxxxxxx'
     sshPublicKey: '$(VARSSHPUBLICKEYSECRET)'
     sshPassphrase: '$(VARSSHPASSPHRASESECRET)'
     sshKeySecureFile: 'id_rsa_geodiscorp_devops'
   #DO NOT USE env var for secret as recommended by MS because it does not work with InstallSshKey@0 Pipeline task
   #env:
     #SSH_PUBLIC_KEY_ENV_VAR: $(varSshPublicKeySecret)
     #SSH_PASSPHRASE_ENV_VAR: $(varSshPassphraseSecret)

- bash: |
    terraspace version
    export ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET_ENV_VAR
    export ARM_CLIENT_ID=$(varArmClientId)
    export ARM_TENANT_ID=$(varArmTenantId)
    export ARM_SUBSCRIPTION_ID=$(varArmSubscriptionId)
    export ARM_LOCATION=$(varArmLocation)
    # To download my tf module from a private repo in Azure Repos set in my Terrafile file
    # It will create the vendor/modules/... folder
    terraspace bundle

    terraspace plan my_stack

    #Debug only
    # ls -Rlha .terraspace-cache/*
  env:
    ARM_CLIENT_SECRET_ENV_VAR: $(varArmClientSecretSecret) # the recommended way to map to an env variable
  displayName: 'Check Terraspace'
1 Like