Digger can be used with Azure Devops and Azure Repos! This document outlines the steps to configure Digger to run terraform in Azure DevOps as CI system:
Setting up an Azure Function
Configuring webhooks for the repository
Creating a digger.yml file in the repository
Creating an Azure pipeline
An Azure Devops repository for testing of digger functionality
VS Code installed for function deployment
1. Create Azure token
Go to dev.azure.com
Click on the top right corner and go to personal access tokens
Personal Access Tokens
Create a token for digger access. Take note of it; you will need this token later
Creating a token
For tutorial purposes the token is shown with full access. Don’t do that in production scenarios. Grant specific access rights instead.
2. Set up Azure Function
From within VSCode set the following parameters as function settings, You can set them both to the PAT token which was created in step 1:
3. Configure webhooks
We need to configure service hooks so that our function is notified about the events and trigger the right pipeline for digger to kick in.
In your azure devops project click on project settings > service hooks and then select web hooks from the list and click next
Select the repository you want to integrate digger with. Add the following 4 events for this repository:
Pull request commented on
Pull request created
Pul request merge attempted
Pull request updated
4. Create digger.yml
Follow the digger documentation to create digger.yml for your structure, it should be similar to this demo digger.yml
The minimum you would need to define for digger is where all your terraform lives:
projects: - name: dev dir: dev - name: prod dir: prod
5. Create Storage Account for locks
You can follow this guide to create storage account for storing digger locks. You only need to create the storage account for this guide and copy the CONNECTION_STRING
6. Create Azure DevOps pipeline
You can use this as your starter template, replace the values for YOUR_ORG and YOUR_REPO to match your repository details
# Starter pipeline # Start with a minimal pipeline that you can customize to build and deploy your code. # Add steps that build, run tests, deploy, and more: # pool: vmImage: ubuntu-latest trigger: none steps: - checkout: git://YOUR_ORG/YOUR_REPO@$(checkout_branch_ref) - script: | curl -sL -o digger chmod +x digger mv digger /usr/local/bin/digger digger displayName: 'install and run digger cli' continueOnError: true env: AZURE_CI: true LOCK_PROVIDER: azure DIGGER_AZURE_AUTH_METHOD: CONNECTION_STRING DIGGER_AZURE_CONNECTION_STRING: $(DIGGER_AZURE_CONNECTION_STRING) AZURE_TOKEN: $(AZURE_TOKEN)
Now we need to create a bunch of variables for the azure access to work, here are the variables that need to be set:
AZURE_CONTEXT - (leave it as overridable in checkbox) AZURE_TOKEN - (leave it as overridable in checkbox) checkout_branch_ref - (leave it as overridable in checkbox) DIGGER_AZURE_CONNECTION_STRING - Set it to the value of storage account connection in step 4
For variables that are left as overridable, you don’t need to provide a default value, just leave the value blank and tick the box “Let users override this value when running this pipeline”
Create a pull request and leave a comment on it, a pipeline should be triggered. If you would like to trigger a plan manually leave a comment “digger plan” on the pull request.
During the first run you might need to allow permissions for the pipeline to run:
If all goes well you should see the plan output and lock messages commented right in the pull request!
To apply these changes simply comment “digger apply”. The apply output will be commented on the pull request.