For our Terraform Deployment, we use an Azure DevOps pipeline that has 3 stages:
- plan
- apply (manual approval)
- test
For the apply stage we use a deployment job with an environment that has a manual approval (check). What we would like to have is "skipping" the apply and test stage, if the plan stage has shows no changes. Therefore we try to use the following yaml configuration for the apply stage:
- stage: ApplyShared
dependsOn: PlanShared
jobs:
- job: CheckSharedChanges
steps:
- task: DownloadPipelineArtifact@2
inputs:
artifactName: TerraformBuild
downloadPath: $(System.DefaultWorkingDirectory)
- bash: |
# using a file for indicating changes in TF plan, since
# you cannot pass variables between stages in Azure DevOps
if [ -f ".shared-changes" ]; then
echo '##vso[task.setvariable variable=shared_changes]yes'
fi
name: Check
- deployment: ApplyShared
dependsOn: CheckSharedChanges
# this condition seems to be ignored, if there is a manual
# approval on the stage
condition: eq(dependencies.CheckSharedChanges.outputs['Check.shared_env'], 'yes')
displayName: 'Apply - shared'
# we configured a manual approval (check) for this environment,
# so the pipeline stops and asks for an operator to approve the deployment
environment: 'infra-shared'
According to this issue on the MS Developer Community, a condition on a stage with an approval is not checked before the approval, so the approach does not work.
My question is: do you know any other way to implement this?
Edit
There now exists a hacky workaround for this issue, see this SO post