microsoft
diff --git a/‎devops/providers/gitlab/templates/.ci/az-login.sh‎
Lines changed: 4 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/az-login.sh‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/ci-dev.yml‎
Lines changed: 34 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/ci-dev.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/ci-integration.yml‎
Lines changed: 34 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/ci-integration.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/ci-prechecks.yml‎
Lines changed: 43 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/ci-prechecks.yml‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/ci-prod.yml‎
Lines changed: 34 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/ci-prod.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/ci-stages.yml‎
Lines changed: 27 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/ci-stages.yml‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/go-lint.sh‎
Lines changed: 19 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/go-lint.sh‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/tf-apply.sh‎
Lines changed: 4 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/tf-apply.sh‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/tf-init-for-stage.sh‎
Lines changed: 4 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/tf-init-for-stage.sh‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎devops/providers/gitlab/templates/.ci/tf-init-without-backend.sh‎
Lines changed: 4 additions & 0 deletions b/‎devops/providers/gitlab/templates/.ci/tf-init-without-backend.sh‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -euox pipefail
+
+az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID"
@@ -0,0 +1,34 @@
+# This file contains the variables and jobs for the dev stage
+
+.dev-vars: &dev-vars
+  ARM_CLIENT_ID: $DEV_ARM_CLIENT_ID
+  ARM_CLIENT_SECRET: $DEV_ARM_CLIENT_SECRET
+  AZURE_STORAGE_ACCOUNT_NAME: $DEV_AZURE_STORAGE_ACCOUNT_NAME
+  AZURE_STORAGE_ACCOUNT_CONTAINER: $DEV_AZURE_STORAGE_ACCOUNT_CONTAINER
+  AZURE_STORAGE_ACCOUNT_SUBSCRIPTION: $DEV_AZURE_STORAGE_ACCOUNT_SUBSCRIPTION
+  VAR_FILE_NAME: 'DEV_TF_VARS'
+  ENVIRONMENT: 'dev'
+
+DevBuild:
+  extends: .build
+  stage: Dev-Build
+  variables:
+    <<: *dev-vars
+  only:
+    - master
+    - merge_requests
+    - web
+
+DevRelease:
+  extends: .release
+  stage: Dev-Release
+  variables:
+    <<: *dev-vars
+  needs:
+    - job: DevBuild
+      artifacts: true
+  when: on_success
+  only:
+    - master
+    - merge_requests
+    - web
@@ -0,0 +1,34 @@
+# This file contains the variables and jobs for the integration stage
+
+.integration-vars: &integration-vars
+  ARM_CLIENT_ID: $INTEGRATION_ARM_CLIENT_ID
+  ARM_CLIENT_SECRET: $INTEGRATION_ARM_CLIENT_SECRET
+  AZURE_STORAGE_ACCOUNT_NAME: $INTEGRATION_AZURE_STORAGE_ACCOUNT_NAME
+  AZURE_STORAGE_ACCOUNT_CONTAINER: $INTEGRATION_AZURE_STORAGE_ACCOUNT_CONTAINER
+  AZURE_STORAGE_ACCOUNT_SUBSCRIPTION: $INTEGRATION_AZURE_STORAGE_ACCOUNT_SUBSCRIPTION
+  VAR_FILE_NAME: 'INTEGRATION_TF_VARS'
+  ENVIRONMENT: 'integration'
+
+IntegrationBuild:
+  extends: .build
+  stage: Integration-Build
+  variables:
+    <<: *integration-vars
+  only:
+    - master
+  needs:
+    - job: DevRelease
+      artifacts: false
+
+IntegrationRelease:
+  extends: .release
+  stage: Integration-Release
+  variables:
+    <<: *integration-vars
+  needs:
+    - job: IntegrationBuild
+      artifacts: true
+  when: manual
+  allow_failure: false
+  only:
+    - master
@@ -0,0 +1,43 @@
+# This file contains all of the checks that need to happen
+# before a build and release.
+
+# Cache dependent modules + proviers and upload an artifact. We need to
+# make sure that the backend configuration is not configured, since it will
+# need to be done for each stage. The configuration per stage may differ, so
+# it makes sense to defer the initialization.
+InitTF:
+  stage: Init
+  script: .ci/tf-init-without-backend.sh
+  artifacts:
+    paths:
+      - .terraform/
+  only:
+    - master
+    - merge_requests
+
+# Lint check terraform files
+LintTF:
+  stage: Pre-Build
+  script: .ci/tf-lint.sh
+  only:
+    - master
+    - merge_requests
+
+# Validate terraform configuration
+ValidateTF:
+  stage: Pre-Build
+  script: .ci/tf-validate.sh
+  needs:
+    - job: InitTF
+      artifacts: true
+  only:
+    - master
+    - merge_requests
+
+# Lint check go files
+lintGo:
+  stage: Pre-Build
+  script: .ci/go-lint.sh
+  only:
+    - master
+    - merge_requests
@@ -0,0 +1,34 @@
+# This file contains the variables and jobs for the prod stage
+
+.prod-vars: &prod-vars
+  ARM_CLIENT_ID: $PROD_ARM_CLIENT_ID
+  ARM_CLIENT_SECRET: $PROD_ARM_CLIENT_SECRET
+  AZURE_STORAGE_ACCOUNT_NAME: $PROD_AZURE_STORAGE_ACCOUNT_NAME
+  AZURE_STORAGE_ACCOUNT_CONTAINER: $PROD_AZURE_STORAGE_ACCOUNT_CONTAINER
+  AZURE_STORAGE_ACCOUNT_SUBSCRIPTION: $PROD_AZURE_STORAGE_ACCOUNT_SUBSCRIPTION
+  VAR_FILE_NAME: 'PROD_TF_VARS'
+  ENVIRONMENT: 'prod'
+
+ProdBuild:
+  extends: .build
+  stage: Prod-Build
+  variables:
+    <<: *prod-vars
+  only:
+    - master
+  needs:
+    - job: IntegrationRelease
+      artifacts: false
+
+ProdRelease:
+  extends: .release
+  stage: Prod-Release
+  variables:
+    <<: *prod-vars
+  needs:
+    - job: ProdBuild
+      artifacts: true
+  when: manual
+  allow_failure: false
+  only:
+    - master
@@ -0,0 +1,27 @@
+# This file contains jobs that can be extended by stage-specific
+# build and release steps
+
+# Generic terraform build job
+.build:
+  environment:
+    name: $ENVIRONMENT
+  artifacts:
+    paths:
+      - .terraform/
+      - "$PLAN_FILE"
+  script:
+    - .ci/az-login.sh
+    - .ci/tf-init-for-stage.sh
+    - .ci/tf-workspace-select.sh
+    - .ci/tf-plan.sh
+
+# Generic terraform release job
+.release:
+  environment:
+    name: $ENVIRONMENT
+  allow_failure: false
+  script:
+    - .ci/az-login.sh
+    - .ci/tf-init-for-stage.sh
+    - .ci/tf-workspace-select.sh
+    - .ci/tf-apply.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# Note: the omission of the `pipefail` flag is intentional. It allows this
+#       step to succeede in the case that there are no `*.go` files in the 
+#       infrastructure repository.
+set -euox
+
+echo "Linting Go Files... If this fails, run 'go fmt ./...' to fix"
+
+# This runs a go fmt on each file without using the 'go fmt ./...' syntax.
+# This is advantageous because it avoids having to download all of the go
+# dependencies that would have been triggered by using the './...' syntax.
+FILES_WITH_FMT_ISSUES=$(find . -name "*.go" | grep -v '.terraform' | xargs gofmt -l | wc -l)
+
+# convert to integer...
+FILES_WITH_FMT_ISSUES=$(($FILES_WITH_FMT_ISSUES + 0))
+
+# set exit code accordingly
+exit $FILES_WITH_FMT_ISSUES
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -euox pipefail
+
+terraform apply -input=false -auto-approve $PLAN_FILE
@@ -0,0 +1,4 @@
+# #!/usr/bin/env bash
+set -euox pipefail
+
+terraform init -backend-config "storage_account_name=$AZURE_STORAGE_ACCOUNT_NAME" -backend-config "container_name=$AZURE_STORAGE_ACCOUNT_CONTAINER"
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -euox pipefail
+
+terraform init -backend=false