Using Terraform to define Azure DevOps Variables and Build Pipeline

This is the 5th post in the series of blog posts on managing Azure DevOps using the Terraform. You can find the series index here. In this blog post, we’ll learn to define variables and variable groups within the Azure DevOps as well as creating a Build pipeline, both using Terraform. We’ll be building onto our previous code where we ended up creating a git repository in the Azure DevOps Project. Although going through previous posts is not required to understand the concepts explained here, but its good to have a look because we’ll be referring parts of code from previous posts.

Creating variables / variable group

There is no resource to create a single variable at this point in Azure DevOps provider. So we’ll need to create variable group and within variable group, we can create as many variables as we need, using inline blocks. To create a variable group, we need to use azuredevops_variable_group resource. To create it, we need to define below mandatory properties:

  • project_id – Provide the id of Azure DevOps Project to which it should be associated
  • scope – Boolean to indicate if this variable group is shared by all pipelines of this project.
  • name – Name of the variable group.

Within the variable group, we can define variable blocks to define variables and associate them with values. The only required property with the variable group is the variable name defined using name, but its good to add a value and is_secret to define whether the value is a secret or not. Although the functionality is there, its debatable whether you should be defining secrets in plain text in Terraform Configuration.

Below is our code, where we added couple of variables in a variable group named ‘Any CPU – Release’:

# Partially complete block below – will not work in isolation
resource "azuredevops_variable_group" "variablegroup" {
project_id =
name = "Any CPU – Release"
description = "This variable group is created using Terraform"
allow_access = true
variable {
name = "buildPlatform"
value = "Any CPU"
variable {
name = "buildConfiguration"
value = "Release"

Define Build Definition (as Yaml code)

To define build pipeline using Terraform, we need to use resource azuredevops_build_definition resource. For this, we need to define below properties:

  1. project_id – Required – Id of the Azure DevOps Project to which it should be associated
  2. name – Optional – name of the build definition
  3. agent_pool_name – Optional – agent pool that should execute the build. Defaults to Hosted Ubuntu 1604
  4. ci_trigger block – Optional – continuous Integration Integration trigger
  5. variable_groups block – Optional – list of variable group IDs (integers) to link to the build definition
  6. variable block(s) – Optional – A list of variable blocks, directly associated with the pipeline
  7. repository block – Required with below properties:
    1. repo_type – Valid values: GitHub or TfsGit or Bitbucket. Defaults to Github. TfsGit refers to Azure DevOps itself
    2. repo_id – The id of the repository
    3. branch_name – Name of the branch for which builds are triggered, defaults to master
    4. yml_path – path of the Yaml file describing the build definition

With all above in place, we can define our pipeline as below:

# Partially incomplete block below – will not work in isolation
resource "azuredevops_build_definition" "tf-example-build" {
project_id =
name = "Build Definition for forked-repo"
agent_pool_name = "Azure Pipelines"
ci_trigger {
use_yaml = true
repository {
repo_type = "TfsGit"
repo_id = data.azuredevops_git_repositories.forked-repo.repositories[0].id
branch_name = data.azuredevops_git_repositories.forked-repo.repositories[0].default_branch
yml_path = "azure-pipelines.yml"
variable_groups = []
variable {
name = "solution"
value = "**/*.sln"

Here’s code for azure-pipelines.yml, if interested:

# ASP.NET Core (.NET Framework)
# Build and test ASP.NET Core projects targeting the full .NET Framework.
# Add steps that publish symbols, save build artifacts, and more:
vmImage: 'windows-latest'
group: "Any CPU – Release"
task: NuGetToolInstaller@1
task: NuGetCommand@2
restoreSolution: '$(solution)'
task: VSBuild@1
solution: '$(solution)'
msbuildArgs: '/p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:DesktopBuildPackageLocation="$(build.artifactStagingDirectory)\" /p:DeployIisAppPath="Default Web Site"'
platform: '$(buildPlatform)'
configuration: '$(buildConfiguration)'
task: VSTest@2
platform: '$(buildPlatform)'
configuration: '$(buildConfiguration)'

At this point, we can run terraform plan to validate our changes:

Lets go and apply our changes and hop over to Azure DevOps to see the pipeline in action:

One thought on “Using Terraform to define Azure DevOps Variables and Build Pipeline

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s