Azure DevOps Terraform CI/CD Pipelines

Independent Dev and Prod Pipeline Flows

Stage
Job / Plan
Security Scan
Deployment
Dev Pipeline Auto Trigger
TRIGGER
Push to 'main' branch
+ Pull Request validation
STAGE 1: DevPlan (CI)
JOB 1: SecurityScan
  • Checkout code
  • Install tfsec
  • Run security scan (tfsec)
  • Publish test results
if succeeded
JOB 2: Plan
Sequential
  • Checkout code
  • Terraform init (with backend config)
  • Terraform validate
  • Terraform plan -out=tfplan
  • Publish tfplan as artifact
if succeeded
STAGE 2: DevApply (CD)
ApplyDev
runOnce
Environment: dev Pool: terraform-agents
Optional: Manual approval if configured
  • Checkout code
  • Download tfplan artifact
  • Terraform init (backend config)
  • Terraform apply tfplan
Prod Pipeline Manual Only
TRIGGER
Manual trigger only
No automatic runs
STAGE 1: ProdPlan (CI)
JOB 1: SecurityScan
  • Checkout code
  • Install tfsec
  • Run security scan (tfsec)
  • Publish test results
if succeeded
JOB 2: Plan
Sequential
  • Checkout code
  • Terraform init (backend config)
  • Terraform validate
  • Terraform plan -out=tfplan
  • Publish tfplan as artifact
if succeeded
STAGE 2: ProdApply (CD)
ApplyProd
runOnce
Environment: prod Pool: terraform-agents
Required: Mandatory approval before deployment
  • Checkout code
  • Download tfplan artifact
  • Terraform init (backend config)
  • Terraform apply tfplan
Back to Portfolio