🔖 ci(main) Add Secrets Pipleines CI-CD ADO

OMaciasd · Sep 1, 2023 · f91838e · f91838e
1 parent c0942e3
commit f91838e
Show file tree

Hide file tree

Showing 10 changed files with 150 additions and 0 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+	"githubPullRequests.ignoredPullRequestBranches": [
+		"main"
+	]
+}
diff --git a/Azure DevOps/Secrets/.sops.yaml.enc b/Azure DevOps/Secrets/.sops.yaml.enc
@@ -0,0 +1,3 @@
+Salted__@T�NAV�5��'���[w�(�f}YbL�~S	�Φ�V���)4~@�[	˕������^��芴m�i�����h�J�\wV
+����]��	�X	���\]׆ŵ�౹�.��X�im�STa��J�%�Q�*�M��$
+ɀ�Yȇp��

diff --git a/Azure DevOps/Secrets/CHANGELOG.md b/Azure DevOps/Secrets/CHANGELOG.md
@@ -0,0 +1,14 @@
+# version [1.0.0]
+
+## 20230901
+
+- Include: Settings for mitigate hardcode.
+![Cifrate_SOPS_YAML][def]
+![Variables_Group][def2]
+![Variables][def3]
+![Artifacts][def4]
+
+[def]: ./src/img/image-1.png
+[def2]: ./src/img/image.png
+[def3]: ./src/img/variable.png
+[def4]: ./src/img/Artifacts.png
diff --git a/Azure DevOps/Secrets/README.md b/Azure DevOps/Secrets/README.md
@@ -0,0 +1,54 @@
+# Azure: Cifrado de secretos con SOPS (Pipeline)
+
+## Descripcion
+
+- Un saludo, espero se encuentre bien
+- A continuación detallaremos, desde Infraestructura - CyberSecurity, la guía del paso a paso para:
+- Que cualquier colaborador de Desrarrollo de Producto en la compañia, pueda Cifrar Secretos de repositorios o estructuras de archivos en repos desde una llave.
+
+## Requerimientos
+
+- Tener acceso, como lectura y escritura en cambios hacia el repositorio.
+
+## Guía
+
+- Crear una rama feature/test desde Main.
+
+## Etapas
+
+### Construcción
+
+#### appsettings.json
+
+- Abrir el archivo AppSettings.json.
+
+~~~ JSON
+{
+    "Logging": {
+            "LogLevel": {
+                    "Default": "",
+                    "Microsoft.AspNetCore": ""
+            }
+    },
+    "Cache": [
+            {
+                    "Name": "",
+                    "Hours": "",
+                    "Minutes": "",
+                    "seconds": ""
+            }
+    ],
+ }
+~~~
+
+- Editar con el schema del archivo con claves y valores a cifrar.
+- Commitear los cambios.
+- Correr el pipeline "ci.yml", correspondiente al repositorio.
+
+### Publicaciones
+
+- Descargar el artefacto.
+
+### Pruebas
+
+- validar el resultado.
diff --git a/Azure DevOps/Secrets/appsettings.json b/Azure DevOps/Secrets/appsettings.json
@@ -0,0 +1,16 @@
+{
+    "Logging": {
+            "LogLevel": {
+                    "Default": "Information",
+                    "Microsoft.AspNetCore": "Information"
+            }
+    },
+    "Cache": [
+            {
+                    "Name": "",
+                    "Hours": "",
+                    "Minutes": "",
+                    "seconds": ""
+            }
+    ]
+ }
diff --git a/Azure DevOps/Secrets/pipeline/ci.yml b/Azure DevOps/Secrets/pipeline/ci.yml
@@ -0,0 +1,58 @@
+---
+name: "$(BuildDefinitionName)_$(Build.SourceBranchName)_$(Major).$(Minor).$(Patch)"
+
+variables:
+    - name: Major
+      value: 1
+    - name: Minor
+      value: 0
+    - name: Patch
+      value: $[counter(format('{0}.{1}', variables['Major'], variables['Minor']), 0)]
+
+resources:
+    repositories:
+        - repository: $ORGANIZATION-infra
+          type: git
+          name: "$PROJECT/$ORGANIZATION-infra"
+
+trigger:
+  tags:
+    include:
+    - '*'
+  branches:
+    include:
+    - main
+  paths:
+    include:
+    - src
+    exclude:
+    - docs
+    - pipelines
+
+pool: "Agent Pool $ORGANIZATION"
+
+stages:
+    - stage: "Build"
+      jobs:
+          - deployment: build
+            continueOnError: false
+            environment: "dev"
+            variables:
+                - group: dev-key-vault-credential
+                - group: sops-key-vault
+
+            strategy:
+                runOnce:
+                    deploy:
+                        steps:
+                            - checkout: self
+
+                            - script: |
+                                eval $(SOPS_PAT)
+                              displayName: 'Download sops.yaml'
+
+                            - template: "templates/installSOPS.yml@$ORGANIZATION-infra"
+
+                            - template: "templates/encryptSOPS.yml@$ORGANIZATION-infra"
+                              parameters:
+                                  FileToEncryptWithPath: "$(System.DefaultWorkingDirectory)/appsettings.json"
diff --git a/Azure DevOps/Secrets/src/img/Artifacts.png b/Azure DevOps/Secrets/src/img/Artifacts.png
diff --git a/Azure DevOps/Secrets/src/img/image-1.png b/Azure DevOps/Secrets/src/img/image-1.png
diff --git a/Azure DevOps/Secrets/src/img/image.png b/Azure DevOps/Secrets/src/img/image.png
diff --git a/Azure DevOps/Secrets/src/img/variable.png b/Azure DevOps/Secrets/src/img/variable.png