fixing some tfc related issues and adding a github pat

damienjburks · damienjburks · commit 5c6abc6c15a4 · 2025-08-26T13:50:16.000-05:00
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -2,7 +2,7 @@ data "azuread_client_config" "current" {}
 
 
 ### Create a new Azure DevOps project
-resource "azuredevops_project" "this_project" {
+resource "azuredevops_project" "this" {
   name               = "python-fastapi"
   visibility         = "private"
   version_control    = "Git"
@@ -18,22 +18,18 @@ resource "azuredevops_project" "this_project" {
 }
 
 ### Create a new Git repository for FastAPI
-resource "azuredevops_git_repository" "fast_api_git_repo" {
-  project_id = azuredevops_project.this_project.id
-  name       = "azure-python-fastapi"
-
-  initialization {
-    init_type   = "Import"
-    source_type = "Git"
-    source_url  = var.fast_api_git_repo
-  }
+resource "azuredevops_serviceendpoint_github" "this" {
+  project_id            = azuredevops_project.this.id
+  service_endpoint_name = "python-fastapi"
 
+  auth_personal {
+    personal_access_token = var.TFC_AZ_DEVOPS_GITHUB_PAT
+  }
 }
 
-
 ### Create Build Definition ###
-resource "azuredevops_build_definition" "this_definition" {
-  project_id = azuredevops_project.this_project.id
+resource "azuredevops_build_definition" "this" {
+  project_id = azuredevops_project.this.id
   name       = "Default"
 
   ci_trigger {
@@ -42,10 +38,11 @@ resource "azuredevops_build_definition" "this_definition" {
 
 
   repository {
-    repo_type   = "default"
-    repo_id     = azuredevops_git_repository.fast_api_git_repo.id
+    repo_type   = "GitHub"
+    repo_id     = "devsecblueprint/azure-python-fastapi"
     branch_name = "main"
     yml_path    = ".azdo-pipelines/azure-pipelines.yml"
+    service_connection_id = azuredevops_serviceendpoint_github.this.id
   }
 
 
@@ -96,13 +93,13 @@ resource "azurerm_federated_identity_credential" "ado_fed-id" {
   # sc://thogue1267/DevSecOps-FastApi/TimBoslice-Connection
   ## sc://<organization>/<project>/<service-connection-name> "this = subject"
 
-  depends_on = [azuredevops_build_definition.this_definition]
+  depends_on = [azuredevops_build_definition.this]
 }
 
 ### Create Service Connection to Azure Container Registry ###
 ### Authenticates the pipeline to ACR using OIDC and a User-Assigned Managed Identity ###
 resource "azuredevops_serviceendpoint_azurecr" "acr_registry_endpoint" {
-  project_id                             = azuredevops_project.this_project.id
+  project_id                             = azuredevops_project.this.id
   resource_group                         = var.resource_group_name
   service_endpoint_name                  = "AzureCR Endpoint"
   service_endpoint_authentication_scheme = "WorkloadIdentityFederation"
diff --git a/terraform/variable-group.tf b/terraform/variable-group.tf
@@ -1,5 +1,5 @@
 resource "azuredevops_variable_group" "infra_variable_group" {
-  project_id   = azuredevops_project.this_project.id
+  project_id   = azuredevops_project.this.id
   name         = "Infrastructure Pipeline Variables"
   description  = "Managed by Terraform"
   allow_access = true
@@ -16,19 +16,11 @@ resource "azuredevops_variable_group" "infra_variable_group" {
     secret_value = azuredevops_serviceendpoint_azurecr.acr_registry_endpoint.id
     is_secret    = true
   }
-
-  variable {
-    name         = "image_repo"
-    secret_value = var.fast_api_git_repo
-    is_secret    = true
-
-  }
-
 }
 
 
 resource "azuredevops_variable_group" "image_repo_variable" {
-  project_id   = azuredevops_project.this_project.id
+  project_id   = azuredevops_project.this.id
   name         = "Image Repository Variables"
   description  = "Managed by Terraform"
   allow_access = true
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -5,6 +5,7 @@ variable "TFC_AZ_TENANT_ID" {}
 variable "TFC_AZ_SUBSCRIPTION_ID" {}
 variable "TFC_AZ_DEVOPS_ORG_SERVICE_URL" {}
 variable "TFC_AZ_DEVOPS_PAT" {}
+variable "TFC_AZ_DEVOPS_GITHUB_PAT" {}
 
 ### Resource Group Variables ###
 
@@ -21,19 +22,6 @@ variable "location" {
 
 }
 
-### Repo Variables ###
-variable "infra_git_repo" {
-  type        = string
-  description = "name of the infra git repo"
-  default     = "https://github.com/devsecblueprint/azure-devsecops-pipeline.git"
-}
-
-variable "fast_api_git_repo" {
-  type        = string
-  description = "name of the fast api git repo"
-  default     = "https://github.com/devsecblueprint/azure-python-fastapi.git"
-}
-
 #### Azure Container Registry and Kubernetes Variables  ###
 variable "acr_name" {
   type        = string
