feat: enable integration with ADO (#93)

westonplatter · coderabbitai[bot] · web-flow · commit f3b0da41fd35 · 2025-09-15T12:00:30.000-06:00
## what - `azure_devops`. Per the spacelift provider [docs](https://search.opentofu.org/provider/spacelift-io/spacelift/latest/docs/resources/stack#user-content-nestedblock--azure_devops), allow users to integration with ADO. - `raw_git`. Also setup the raw_git VCS setup. - Update the dynamic `github_enterprise` logic allowing `id` to be null in accordance with it's variable declaration ## why ## references https://search.opentofu.org/provider/spacelift-io/spacelift/latest/docs/resources/stack#user-content-nestedblock--azure_devops <img width="1668" height="708" alt="CleanShot 2025-09-13 at 16 09 47@2x" src="https://github.com/user-attachments/assets/08180e3d-4730-4686-b27c-858cc2825451" />  ## Summary by CodeRabbit - New Features - Added optional Azure DevOps integration for stacks via a new input, enabling configuration with project and integration ID. - Documentation - Updated module documentation to include the Azure DevOps input and its parameters. - Added a complete Azure DevOps usage example with step-by-step setup instructions and links to relevant docs. - Chores - Specified minimum Terraform and Spacelift provider versions for the example to ensure compatibility.  --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
diff --git a/README.md b/README.md
@@ -347,6 +347,7 @@ If you have many remote repositories that you need to manage via this pattern, y
 | <a name="input_aws_integration_attachment_write"></a> [aws\_integration\_attachment\_write](#input\_aws\_integration\_attachment\_write) | Indicates whether this attachment is used for write operations. | `bool` | `true` | no |
 | <a name="input_aws_integration_enabled"></a> [aws\_integration\_enabled](#input\_aws\_integration\_enabled) | Indicates whether the AWS integration is enabled. | `bool` | `false` | no |
 | <a name="input_aws_integration_id"></a> [aws\_integration\_id](#input\_aws\_integration\_id) | ID of the AWS integration to attach. | `string` | `null` | no |
+| <a name="input_azure_devops"></a> [azure\_devops](#input\_azure\_devops) | The Azure DevOps integration settings | <pre>object({<br/>    project = string<br/>    id      = optional(string)<br/>  })</pre> | `null` | no |
 | <a name="input_before_apply"></a> [before\_apply](#input\_before\_apply) | List of before-apply scripts | `list(string)` | `[]` | no |
 | <a name="input_before_destroy"></a> [before\_destroy](#input\_before\_destroy) | List of before-destroy scripts | `list(string)` | `[]` | no |
 | <a name="input_before_init"></a> [before\_init](#input\_before\_init) | List of before-init scripts | `list(string)` | `[]` | no |
@@ -371,6 +372,7 @@ If you have many remote repositories that you need to manage via this pattern, y
 | <a name="input_labels"></a> [labels](#input\_labels) | List of labels to apply to the stacks. | `list(string)` | `[]` | no |
 | <a name="input_manage_state"></a> [manage\_state](#input\_manage\_state) | Determines if Spacelift should manage state for this stack. | `bool` | `false` | no |
 | <a name="input_protect_from_deletion"></a> [protect\_from\_deletion](#input\_protect\_from\_deletion) | Protect this stack from accidental deletion. If set, attempts to delete this stack will fail. | `bool` | `false` | no |
+| <a name="input_raw_git"></a> [raw\_git](#input\_raw\_git) | The raw Git integration settings | <pre>object({<br/>    namespace = string<br/>    url       = string<br/>  })</pre> | `null` | no |
 | <a name="input_repository"></a> [repository](#input\_repository) | The name of your infrastructure repo | `string` | n/a | yes |
 | <a name="input_root_module_structure"></a> [root\_module\_structure](#input\_root\_module\_structure) | The root module structure of the Stacks that you're reading in. See README for full details.<br/><br/>MultiInstance - You're using Workspaces or Dynamic Backend configuration to create multiple instances of the same root module code.<br/>SingleInstance - You're using copies of a root module and your directory structure to create multiple instances of the same Terraform code. | `string` | `"MultiInstance"` | no |
 | <a name="input_root_modules_path"></a> [root\_modules\_path](#input\_root\_modules\_path) | The path, relative to the root of the repository, where the root module can be found. | `string` | `"root-modules"` | no |
diff --git a/examples/azure-devops/README.md b/examples/azure-devops/README.md
@@ -0,0 +1,22 @@
+# Azure DevOps Integration Example
+
+This example demonstrates how to configure the spacelift-automation module with Azure DevOps as the version control system.
+
+See Spacelift's full walk through here, https://docs.spacelift.io/integrations/source-control/azure-devops
+
+## Configuration
+
+The key difference from GitHub integration is using the `azure_devops` block instead of `github_enterprise`:
+
+```hcl
+azure_devops = {
+  project = "MyProject"        # Your Azure DevOps project name
+  id      = "integration-id"   # Spacelift Azure DevOps integration ID
+}
+```
+
+## Usage
+
+1. Update the `azure_devops.project` and `azure_devops.id` values with your Azure DevOps project and Spacelift integration ID
+2. Update the `repository` value with your actual repository name
+3. Run `terraform init` and `terraform plan` to see what resources will be created
diff --git a/examples/azure-devops/main.tf b/examples/azure-devops/main.tf
@@ -0,0 +1,39 @@
+module "automation_azure_devops" {
+  source = "../../"
+
+  azure_devops = {
+    project = "MyProject-Spacelift-Project"
+    id      = "name-of-your-azure-devops-integration-in-spacelift"
+  }
+  repository = "MyProject-Spacelift-Project"
+  branch     = "main"
+
+  root_modules_path        = "../../examples/complete/root-modules"
+  all_root_modules_enabled = true
+
+  aws_integration_id      = "01JEC7ZACVKHTSVY4NF8QNZVVB"
+  aws_integration_enabled = true
+}
+
+module "spacelift_policies" {
+  source  = "masterpointio/spacelift/policies"
+  version = "0.2.0"
+
+  policies = {
+    "access-default" = {
+      body        = <<-EOT
+        package spacelift
+        default allow = true
+      EOT
+      type        = "ACCESS"
+      description = "Policy allowing access to resources"
+      labels      = ["team:sre", "env:dev"]
+    }
+
+    "trigger-administrative" = {
+      body_url = "https://raw.githubusercontent.com/cloudposse/terraform-spacelift-cloud-infrastructure-automation/1.6.0/catalog/policies/trigger.administrative.rego"
+      type     = "TRIGGER"
+      labels   = ["autoattach:*"] # Showcasing how to attach to ALL stacks
+    }
+  }
+}
diff --git a/examples/azure-devops/versions.tf b/examples/azure-devops/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.9"
+
+  required_providers {
+    spacelift = {
+      source  = "spacelift-io/spacelift"
+      version = ">= 1.14"
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -369,7 +369,7 @@ locals {
     for stack in local.stacks : stack => try(coalesce(
       try(local.stack_configs[stack].worker_pool_id, null),                                 # worker_pool_id always takes precedence since it's the most explicit
       try(local.worker_pool_name_to_id[local.stack_configs[stack].worker_pool_name], null), # Then try to look up worker_pool_name from the stack.yaml to ID
-      var.worker_pool_id,                                                                   # Then try to use the global variable worker_pool_id 
+      var.worker_pool_id,                                                                   # Then try to use the global variable worker_pool_id
       try(local.worker_pool_name_to_id[var.worker_pool_name], null),                        # Then try to look up the global variable worker_pool_name to ID
     ), null)                                                                                # If no worker_pool_id or worker_pool_name is provided, default to null
   }
@@ -465,7 +465,23 @@ resource "spacelift_stack" "default" {
     for_each = var.github_enterprise != null ? [var.github_enterprise] : []
     content {
       namespace = github_enterprise.value["namespace"]
-      id        = github_enterprise.value["id"]
+      id        = try(github_enterprise.value["id"], null)
+    }
+  }
+
+  dynamic "azure_devops" {
+    for_each = var.azure_devops != null ? [var.azure_devops] : []
+    content {
+      project = azure_devops.value["project"]
+      id      = try(azure_devops.value["id"], null)
+    }
+  }
+
+  dynamic "raw_git" {
+    for_each = var.raw_git != null ? [var.raw_git] : []
+    content {
+      namespace = raw_git.value["namespace"]
+      url       = raw_git.value["url"]
     }
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -36,6 +36,25 @@ variable "github_enterprise" {
   default     = null
 }
 
+variable "azure_devops" {
+  type = object({
+    project = string
+    id      = optional(string)
+  })
+  description = "The Azure DevOps integration settings"
+  default     = null
+}
+
+variable "raw_git" {
+  type = object({
+    namespace = string
+    url       = string
+  })
+  description = "The raw Git integration settings"
+  default     = null
+}
+
+
 variable "repository" {
   type        = string
   description = "The name of your infrastructure repo"
