feat: enable integration with ADO

[westonplatter]

what

• azure_devops. Per the spacelift provider docs, allow users to integration with ADO.
• raw_git. Also setup the raw_git VCS setup.
• Update the dynamic github_enterprise logic allowing id to be null in accordance with it's variable declaration

why

references

https://search.opentofu.org/provider/spacelift-io/spacelift/latest/docs/resources/stack#user-content-nestedblock--azure_devops

Summary by CodeRabbit

• New Features
  • Added optional Azure DevOps integration for stacks via a new input, enabling configuration with project and integration ID.
• Documentation
  • Updated module documentation to include the Azure DevOps input and its parameters.
  • Added a complete Azure DevOps usage example with step-by-step setup instructions and links to relevant docs.
• Chores
  • Specified minimum Terraform and Spacelift provider versions for the example to ensure compatibility.

[coderabbitai]

Walkthrough

Introduces optional Azure DevOps integration to the module:

• Adds variable azure_devops (object with project and optional id) in variables.tf.
• Adds a dynamic azure_devops block to spacelift_stack.default in main.tf, populated when var.azure_devops is non-null.
• Updates README.md to document the new input.
• Adds an Azure DevOps example under examples/azure-devops with README.md, main.tf, and versions.tf (Terraform >= 1.9; spacelift provider >= 1.14).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix: support TF default workspace, more attributes + fix drift detection schedule #11 — Also modifies spacelift_stack configuration blocks and related settings; likely adjacent to this integration change.

Suggested reviewers

• gberenice
• Gowiem
• oycyc

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/enable-ado-integration

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "feat: enable integration with ADO" succinctly and accurately summarizes the main change: adding Azure DevOps (ADO) support via a new azure_devops variable, dynamic azure_devops block in the spacelift_stack resource, and example/documentation updates, so it is focused and relevant to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (6)

examples/azure-devops/versions.tf (1)

2-10: Pin provider for self‑hosted; keep SaaS flexible.

For Spacelift Self‑Hosted, it’s safer to pin an exact spacelift provider version known to be compatible; the docs recommend version pinning for SH deployments. For SaaS, your current ">= 1.14" is fine. Consider adding a note or pinning in this example if targeting SH users. (docs.spacelift.io)

 terraform {
   required_version = ">= 1.9"
   required_providers {
     spacelift = {
       source  = "spacelift-io/spacelift"
-      version = ">= 1.14"
+      # For Self-Hosted, pin a known-good version (example):
+      # version = "1.23.0"
+      version = ">= 1.14"
     }
   }
 }

variables.tf (1)

39-46: Guard against configuring multiple VCS providers simultaneously.

If both github_enterprise and azure_devops are set, the spacelift_stack resource will try to render both nested blocks and likely error. Add a validation/check enforcing mutual exclusivity.

# Add alongside existing `check` blocks:
check "vcs_integration_mutual_exclusivity" {
  assert {
    condition     = (var.github_enterprise == null) || (var.azure_devops == null)
    error_message = "Provide only one of github_enterprise or azure_devops."
  }
}

Optional: align the description to mirror GitHub’s (“The Azure DevOps VCS settings”) for consistency.

examples/azure-devops/README.md (1)

20-22: Clarify VCS choice and when to set id.

Add a short note that azure_devops and github_enterprise are mutually exclusive, and that azure_devops.id is only required when using a non‑default ADO integration in Spacelift.

README.md (1)

350-350: Doc tweak: call out mutual exclusivity.

Consider updating this input’s description (via variables.tf so terraform-docs regenerates it) to note it’s mutually exclusive with github_enterprise and that id is optional for non‑default integrations.

main.tf (1)

472-478: Dynamic ADO block looks good; add safety check for exclusivity.

Pattern matches your GitHub block. Add a module‑level check to prevent both VCS blocks being set at once (see variables.tf comment) to avoid plan errors.

examples/azure-devops/main.tf (1)

4-16: Example values: add hint about id usage.

Consider a comment that id is optional and only needed when selecting a non‑default ADO integration in Spacelift.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7597e4d and 54593ae.

📒 Files selected for processing (6)

• README.md (1 hunks)
• examples/azure-devops/README.md (1 hunks)
• examples/azure-devops/main.tf (1 hunks)
• examples/azure-devops/versions.tf (1 hunks)
• main.tf (2 hunks)
• variables.tf (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.tf

⚙️ CodeRabbit configuration file

**/*.tf: You're a Terraform expert who has thoroughly studied all the documentation from Hashicorp https://developer.hashicorp.com/terraform/docs and OpenTofu https://opentofu.org/docs/.
You have a strong grasp of Terraform syntax and prioritize providing accurate and insightful code suggestions.
As a fan of the Cloud Posse / SweetOps ecosystem, you incorporate many of their best practices https://docs.cloudposse.com/best-practices/terraform/ while balancing them with general Terraform guidelines.

Files:

• variables.tf
• examples/azure-devops/versions.tf
• examples/azure-devops/main.tf
• main.tf

🧠 Learnings (8)

📓 Common learnings

Learnt from: Gowiem
PR: masterpointio/terraform-spacelift-automation#3
File: modules/spacelift-automation/main.tf:221-227
Timestamp: 2024-10-29T00:06:05.693Z
Learning: In the Terraform module `modules/spacelift-automation/main.tf`, when `var.aws_integration_id` is a required variable, avoid suggesting to make the `spacelift_aws_integration_attachment` resource conditional based on whether `aws_integration_id` is provided.

📚 Learning: 2024-10-30T16:38:33.362Z

Learnt from: gberenice
PR: masterpointio/terraform-spacelift-automation#3
File: modules/spacelift-automation/variables.tf:0-0
Timestamp: 2024-10-30T16:38:33.362Z
Learning: Spacelift requires a specific Terraform version number; it does not support version constraints like "~> 1.7.0".

Applied to files:

• examples/azure-devops/versions.tf

📚 Learning: 2025-09-09T13:21:15.616Z

Learnt from: oycyc
PR: masterpointio/terraform-spacelift-automation#92
File: data.tf:1-4
Timestamp: 2025-09-09T13:21:15.616Z
Learning: The spacelift_aws_integrations data source exists and is available in the Spacelift Terraform provider for looking up AWS integrations, contrary to previous incorrect analysis.

Applied to files:

• examples/azure-devops/versions.tf

📚 Learning: 2024-10-30T17:01:23.897Z

Learnt from: Gowiem
PR: masterpointio/terraform-spacelift-automation#3
File: main.tf:231-257
Timestamp: 2024-10-30T17:01:23.897Z
Learning: In `main.tf`, grouping related attributes in the `spacelift_stack` resource using locals may overcomplicate things and remove important logic elsewhere; prefer to keep attributes as is.

Applied to files:

• examples/azure-devops/versions.tf
• main.tf

📚 Learning: 2024-10-29T00:06:05.693Z

Learnt from: Gowiem
PR: masterpointio/terraform-spacelift-automation#3
File: modules/spacelift-automation/main.tf:221-227
Timestamp: 2024-10-29T00:06:05.693Z
Learning: In the Terraform module `modules/spacelift-automation/main.tf`, when `var.aws_integration_id` is a required variable, avoid suggesting to make the `spacelift_aws_integration_attachment` resource conditional based on whether `aws_integration_id` is provided.

Applied to files:

• examples/azure-devops/main.tf
• main.tf

📚 Learning: 2024-10-29T17:52:31.823Z

Learnt from: gberenice
PR: masterpointio/terraform-spacelift-automation#3
File: modules/spacelift-automation/main.tf:224-230
Timestamp: 2024-10-29T17:52:31.823Z
Learning: In the `masterpointio/terraform-spacelift-automation` repository, the `context.tf` file is a mixin file that we don't own. Do not make suggestions or comments on `context.tf` in future reviews.

Applied to files:

• examples/azure-devops/main.tf

📚 Learning: 2024-10-29T00:05:59.989Z

Learnt from: Gowiem
PR: masterpointio/terraform-spacelift-automation#3
File: modules/spacelift-automation/main.tf:215-218
Timestamp: 2024-10-29T00:05:59.989Z
Learning: In the `modules/spacelift-automation/main.tf` file, it's valid to directly reference resource collections created with `for_each` in the `depends_on` attribute. For example, in the `spacelift_stack_destructor` resource, referencing `spacelift_drift_detection.this` and `spacelift_aws_integration_attachment.this` directly is acceptable and should not be flagged.

Applied to files:

• examples/azure-devops/main.tf
• main.tf

📚 Learning: 2024-10-28T12:47:36.579Z

Learnt from: gberenice
PR: masterpointio/terraform-spacelift-automation#3
File: modules/spacelift-automation/variables.tf:54-64
Timestamp: 2024-10-28T12:47:36.579Z
Learning: In the `spacelift-automation` module, the variable `aws_integration_attachment_write` has a default value of `true`, which matches the default value in the provider.

Applied to files:

• README.md

🔇 Additional comments (1)

main.tf (1)

372-375: Minor: coalesce+try already handles nulls.

Current expression is fine; no change needed. Just noting it correctly yields null when neither name nor ID is provided.

[Gowiem]

If the ID is left off, does anything work?

[westonplatter]

If id is null, spacelift will try to use the default Azure DevOps integration.

[Gowiem]