azure-pipeline.yml

trigger:
  batch: true
  branches:
    include: 
    - '*'
  paths:
    exclude:
    - README.md
    - FlowAndArchitecture.PNG

pr: none

variables:
  helmVersion: 3.2.4
  registryServerName: '$(registryName).azurecr.io'
  projectName: mymonthlyblogarticlebot
  chartName: $(registryServerName)/helm/$(projectName)
  terraformVersion: 0.12.26
  tfPlanArtifactName: 'tf-plan'
  location: eastus
  hostName: $(dnsName).$(aksLocation).cloudapp.azure.com
  nginxIngressVersion: 0.33.0
  helmChartVersion: v$(build.buildId)
  skipComponentGovernanceDetection: true
  # Additional variables needed to be defined in the Azure Pipeline definition:
  # For Build/CI stage: registryName, registryLogin and registryPassword.
  # For Release/CD stage: registryName, registryLogin, registryPassword, aksName, aksRgName, aksLocation, aksSpId, aksSpSecret and aksSpTenantId.

pool:
  name: mabenoittesttf
  #imageName: ubuntu-latest

stages:
- stage: 'Build'
  displayName: 'Build'
  jobs:
  - job: 'Package_Terraform_Templates'
    displayName: 'package and expose terraform templates'
    condition: and(succeeded(), eq(variables['deployInfrastucture'], 'true'))
    steps:
    - task: TerraformInstaller@0
      inputs:
        terraformVersion: $(terraformVersion)
    - script: |
        cd tf
        terraform init \
            -backend-config="storage_account_name=$(tfStateStorageAccountName)" \
            -backend-config="container_name=$(projectName)"
        chmod +x .terraform/plugins/linux_amd64/terraform-provider-*
        terraform plan \
            -var bot_name=$(projectName) \
            -var location=$(location) \
            -var microsoft_app_id=$(microsoftAppId) \
            -var bot_endpoint=https://$(hostName)/api/messages \
            -out=tf-plan
      failOnStderr: true
      displayName: 'terraform plan'
      env:
          ARM_TENANT_ID: $(tfTenantId)
          ARM_SUBSCRIPTION_ID: $(tfSubscriptionId)
          ARM_CLIENT_ID: $(tfClientId)
          ARM_CLIENT_SECRET: $(tfClientSecret)
          ARM_ACCESS_KEY: $(tfStateStorageAccountAccessKey)
    - publish: '$(system.defaultWorkingDirectory)/tf'
      artifact: $(tfPlanArtifactName)
  - job: 'Build_Container_Image'
    variables:
      imageTag: $(build.buildId)
    displayName: 'build and push container image'
    condition: and(succeeded(), eq(variables['deployContainer'], 'true'))
    steps:
    - bash: |
        docker build \
            -t $(projectName)-unittests:$(imageTag) \
            --target unittests \
            .
        id=$(docker create $(projectName)-unittests:$(imageTag))
        docker cp $id:/app/test/TestResults/ ./TestResults
        docker rm $id
      displayName: 'run unit tests'
    - task: PublishTestResults@2
      condition: succeededOrFailed()  
      inputs:
        testResultsFormat: 'VSTest'
        testResultsFiles: '**/*.trx'
        searchFolder: '$(System.DefaultWorkingDirectory)/TestResults'
        publishRunAttachments: true
      displayName: 'publish test results'
    - bash: |
        docker build \
            -t $(registryServerName)/$(projectName):$(imageTag) \
            .
      failOnStderr: true
      displayName: 'docker build'
    - bash: |
        echo '$(registryPassword)' | docker login \
            $(registryServerName) \
            -u $(registryLogin) \
            --password-stdin
      condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
      displayName: 'docker login'
    - bash: |
        docker push $(registryServerName)/$(projectName):$(imageTag)
      failOnStderr: true
      condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
      displayName: 'docker push'
  - job: 'Package_Helm_Chart'
    variables:
      imageTag: $(build.buildId)
    displayName: 'package and push helm chart'
    condition: and(succeeded(), eq(variables['deployContainer'], 'true'))
    steps:
    - task: HelmInstaller@1
      displayName: 'install helm'
      inputs:
        helmVersionToInstall: $(helmVersion)
    - bash: |
        cd chart/
        export HELM_EXPERIMENTAL_OCI=1
        helm package \
            --dependency-update \
            --version $(helmChartVersion) \
            --app-version $(imageTag) \
            .
      failOnStderr: true
      displayName: 'helm package'
    - bash: |
        cd chart/
        chartPackage=$(ls $(projectName)-$(helmChartVersion).tgz)
        export HELM_EXPERIMENTAL_OCI=1
        helm chart save $chartPackage $(chartName)
        echo '$(registryPassword)' | helm registry login \
            $(registryServerName) \
            -u $(registryLogin) \
            --password-stdin
        helm chart push $(chartName):$(helmChartVersion)
        # cleanup
        helm chart remove $(chartName):$(helmChartVersion)
        rm *.tgz
      failOnStderr: true
      name: helmPush
      condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
      displayName: 'helm push'
- stage: 'Release'
  condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
  displayName: 'Release'
  jobs:
  - deployment: Deploy_Terraform_Templates
    displayName: 'deploy terraform templates'
    environment: release-$(projectName)
    condition: and(succeeded(), eq(variables['deployInfrastucture'], 'true'))
    strategy:
      runOnce:
        deploy:
          steps:
          - checkout: none
          - download: current
            artifact: $(tfPlanArtifactName)
          - task: TerraformInstaller@0
            inputs:
              terraformVersion: $(terraformVersion)
          - script: |
              chmod +x .terraform/plugins/linux_amd64/terraform-provider-*
              terraform apply tf-plan
              appInsightsInstrumentationKey=$(terraform output app_insights_instrumentation_key)
              echo "##vso[task.setvariable variable=appInsightsInstrumentationKey;isOutput=true]$appInsightsInstrumentationKey"
              #microsoftAppId=$(terraform output azuread_application_application_id)
              #echo "##vso[task.setvariable variable=microsoftAppId;isOutput=true]$microsoftAppId"
              #microsoftAppPassword=$(terraform output azuread_application_application_secret)
              #echo "##vso[task.setvariable variable=microsoftAppPassword;isOutput=true]$microsoftAppPassword"
            workingDirectory: $(pipeline.workspace)/$(tfPlanArtifactName)
            failOnStderr: true
            name: Terraform_Apply
            displayName: 'Terraform apply'
            env:
                ARM_TENANT_ID: $(tfTenantId)
                ARM_SUBSCRIPTION_ID: $(tfSubscriptionId)
                ARM_CLIENT_ID: $(tfClientId)
                ARM_CLIENT_SECRET: $(tfClientSecret)
                ARM_ACCESS_KEY: $(tfStateStorageAccountAccessKey)
  - job: Deploy_Helm_Chart
    dependsOn: Deploy_Terraform_Templates
    variables:
      k8sNamespace: $(projectName)
      appInsightsInstrumentationKey: $[ dependencies.Deploy_Terraform_Templates.outputs['Deploy_Terraform_Templates.Terraform_Apply.appInsightsInstrumentationKey'] ]
      #microsoftAppId: $[ dependencies.Deploy_Terraform_Templates.outputs['Deploy_Terraform_Templates.Terraform_Apply.microsoftAppId'] ]
      #microsoftAppPassword: $[ dependencies.Deploy_Terraform_Templates.outputs['Deploy_Terraform_Templates.Terraform_Apply.microsoftAppPassword'] ]
    displayName: 'deploy helm chart into aks'
    condition: and(succeeded(), eq(variables['deployContainer'], 'true'))
    steps:
    - checkout: none
    - task: HelmInstaller@1
      displayName: 'install helm'
      inputs:
        helmVersionToInstall: $(helmVersion)
    - bash: |
        az login \
            --service-principal \
            -u $(aksSpId) \
            -p '$(aksSpSecret)' \
            --tenant $(aksSpTenantId)
        az aks get-credentials \
            -n $(aksName) \
            -g $(aksResourceGroupName)
        export HELM_EXPERIMENTAL_OCI=1
        echo '$(registryPassword)' | helm registry login \
            $(registryServerName) \
            -u $(registryLogin) \
            --password-stdin
        helm chart pull $(chartName):$(helmChartVersion)
        helm chart export $(chartName):$(helmChartVersion) --destination ./install
        helm upgrade \
            --namespace $(k8sNamespace) \
            --create-namespace \
            --install \
            --history-max 1 \
            --wait \
            --set image.repository=$(registryServerName)/$(projectName) \
            --set image.env.microsoftAppId=$(microsoftAppId) \
            --set image.env.microsoftAppPassword=$(microsoftAppPassword) \
            --set image.env.appInsights.instrumentationKey=$(appInsightsInstrumentationKey) \
            --set image.env.search.serviceName=$(azureSearchServiceName) \
            --set image.env.search.indexName=$(azureSearchIndexName) \
            --set image.env.search.serviceQueryApiKey=$(azureSearchServiceQueryApiKey) \
            --set networkpolicies.enabled=$(networkPoliciesEnabled) \
            --set ingress.hostName=$(hostName) \
            --set issuer.acme.email=$(issuerEmail) \
            --set ingress-nginx.defaultBackend.enabled=false \
            --set ingress-nginx.controller.scope.enabled=true \
            --set ingress-nginx.controller.image.tag=$(nginxIngressVersion) \
            --set ingress-nginx.controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$(dnsName) \
            $(projectName) \
            ./install/$(projectName)
        # cleanup
        rm -r ./install
        helm chart remove $(chartName):$(helmChartVersion)
      failOnStderr: true
      displayName: 'deploy helm chart'