This repository has been archived by the owner on Nov 25, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipeline.yml
238 lines (234 loc) · 9.5 KB
/
azure-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
trigger:
batch: true
branches:
include:
- '*'
paths:
exclude:
- README.md
- FlowAndArchitecture.PNG
pr: none
variables:
helmVersion: 3.2.4
registryServerName: '$(registryName).azurecr.io'
projectName: mymonthlyblogarticlebot
chartName: $(registryServerName)/helm/$(projectName)
terraformVersion: 0.12.26
tfPlanArtifactName: 'tf-plan'
location: eastus
hostName: $(dnsName).$(aksLocation).cloudapp.azure.com
nginxIngressVersion: 0.33.0
helmChartVersion: v$(build.buildId)
skipComponentGovernanceDetection: true
# Additional variables needed to be defined in the Azure Pipeline definition:
# For Build/CI stage: registryName, registryLogin and registryPassword.
# For Release/CD stage: registryName, registryLogin, registryPassword, aksName, aksRgName, aksLocation, aksSpId, aksSpSecret and aksSpTenantId.
pool:
name: mabenoittesttf
#imageName: ubuntu-latest
stages:
- stage: 'Build'
displayName: 'Build'
jobs:
- job: 'Package_Terraform_Templates'
displayName: 'package and expose terraform templates'
condition: and(succeeded(), eq(variables['deployInfrastucture'], 'true'))
steps:
- task: TerraformInstaller@0
inputs:
terraformVersion: $(terraformVersion)
- script: |
cd tf
terraform init \
-backend-config="storage_account_name=$(tfStateStorageAccountName)" \
-backend-config="container_name=$(projectName)"
chmod +x .terraform/plugins/linux_amd64/terraform-provider-*
terraform plan \
-var bot_name=$(projectName) \
-var location=$(location) \
-var microsoft_app_id=$(microsoftAppId) \
-var bot_endpoint=https://$(hostName)/api/messages \
-out=tf-plan
failOnStderr: true
displayName: 'terraform plan'
env:
ARM_TENANT_ID: $(tfTenantId)
ARM_SUBSCRIPTION_ID: $(tfSubscriptionId)
ARM_CLIENT_ID: $(tfClientId)
ARM_CLIENT_SECRET: $(tfClientSecret)
ARM_ACCESS_KEY: $(tfStateStorageAccountAccessKey)
- publish: '$(system.defaultWorkingDirectory)/tf'
artifact: $(tfPlanArtifactName)
- job: 'Build_Container_Image'
variables:
imageTag: $(build.buildId)
displayName: 'build and push container image'
condition: and(succeeded(), eq(variables['deployContainer'], 'true'))
steps:
- bash: |
docker build \
-t $(projectName)-unittests:$(imageTag) \
--target unittests \
.
id=$(docker create $(projectName)-unittests:$(imageTag))
docker cp $id:/app/test/TestResults/ ./TestResults
docker rm $id
displayName: 'run unit tests'
- task: PublishTestResults@2
condition: succeededOrFailed()
inputs:
testResultsFormat: 'VSTest'
testResultsFiles: '**/*.trx'
searchFolder: '$(System.DefaultWorkingDirectory)/TestResults'
publishRunAttachments: true
displayName: 'publish test results'
- bash: |
docker build \
-t $(registryServerName)/$(projectName):$(imageTag) \
.
failOnStderr: true
displayName: 'docker build'
- bash: |
echo '$(registryPassword)' | docker login \
$(registryServerName) \
-u $(registryLogin) \
--password-stdin
condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
displayName: 'docker login'
- bash: |
docker push $(registryServerName)/$(projectName):$(imageTag)
failOnStderr: true
condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
displayName: 'docker push'
- job: 'Package_Helm_Chart'
variables:
imageTag: $(build.buildId)
displayName: 'package and push helm chart'
condition: and(succeeded(), eq(variables['deployContainer'], 'true'))
steps:
- task: HelmInstaller@1
displayName: 'install helm'
inputs:
helmVersionToInstall: $(helmVersion)
- bash: |
cd chart/
export HELM_EXPERIMENTAL_OCI=1
helm package \
--dependency-update \
--version $(helmChartVersion) \
--app-version $(imageTag) \
.
failOnStderr: true
displayName: 'helm package'
- bash: |
cd chart/
chartPackage=$(ls $(projectName)-$(helmChartVersion).tgz)
export HELM_EXPERIMENTAL_OCI=1
helm chart save $chartPackage $(chartName)
echo '$(registryPassword)' | helm registry login \
$(registryServerName) \
-u $(registryLogin) \
--password-stdin
helm chart push $(chartName):$(helmChartVersion)
# cleanup
helm chart remove $(chartName):$(helmChartVersion)
rm *.tgz
failOnStderr: true
name: helmPush
condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
displayName: 'helm push'
- stage: 'Release'
condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
displayName: 'Release'
jobs:
- deployment: Deploy_Terraform_Templates
displayName: 'deploy terraform templates'
environment: release-$(projectName)
condition: and(succeeded(), eq(variables['deployInfrastucture'], 'true'))
strategy:
runOnce:
deploy:
steps:
- checkout: none
- download: current
artifact: $(tfPlanArtifactName)
- task: TerraformInstaller@0
inputs:
terraformVersion: $(terraformVersion)
- script: |
chmod +x .terraform/plugins/linux_amd64/terraform-provider-*
terraform apply tf-plan
appInsightsInstrumentationKey=$(terraform output app_insights_instrumentation_key)
echo "##vso[task.setvariable variable=appInsightsInstrumentationKey;isOutput=true]$appInsightsInstrumentationKey"
#microsoftAppId=$(terraform output azuread_application_application_id)
#echo "##vso[task.setvariable variable=microsoftAppId;isOutput=true]$microsoftAppId"
#microsoftAppPassword=$(terraform output azuread_application_application_secret)
#echo "##vso[task.setvariable variable=microsoftAppPassword;isOutput=true]$microsoftAppPassword"
workingDirectory: $(pipeline.workspace)/$(tfPlanArtifactName)
failOnStderr: true
name: Terraform_Apply
displayName: 'Terraform apply'
env:
ARM_TENANT_ID: $(tfTenantId)
ARM_SUBSCRIPTION_ID: $(tfSubscriptionId)
ARM_CLIENT_ID: $(tfClientId)
ARM_CLIENT_SECRET: $(tfClientSecret)
ARM_ACCESS_KEY: $(tfStateStorageAccountAccessKey)
- job: Deploy_Helm_Chart
dependsOn: Deploy_Terraform_Templates
variables:
k8sNamespace: $(projectName)
appInsightsInstrumentationKey: $[ dependencies.Deploy_Terraform_Templates.outputs['Deploy_Terraform_Templates.Terraform_Apply.appInsightsInstrumentationKey'] ]
#microsoftAppId: $[ dependencies.Deploy_Terraform_Templates.outputs['Deploy_Terraform_Templates.Terraform_Apply.microsoftAppId'] ]
#microsoftAppPassword: $[ dependencies.Deploy_Terraform_Templates.outputs['Deploy_Terraform_Templates.Terraform_Apply.microsoftAppPassword'] ]
displayName: 'deploy helm chart into aks'
condition: and(succeeded(), eq(variables['deployContainer'], 'true'))
steps:
- checkout: none
- task: HelmInstaller@1
displayName: 'install helm'
inputs:
helmVersionToInstall: $(helmVersion)
- bash: |
az login \
--service-principal \
-u $(aksSpId) \
-p '$(aksSpSecret)' \
--tenant $(aksSpTenantId)
az aks get-credentials \
-n $(aksName) \
-g $(aksResourceGroupName)
export HELM_EXPERIMENTAL_OCI=1
echo '$(registryPassword)' | helm registry login \
$(registryServerName) \
-u $(registryLogin) \
--password-stdin
helm chart pull $(chartName):$(helmChartVersion)
helm chart export $(chartName):$(helmChartVersion) --destination ./install
helm upgrade \
--namespace $(k8sNamespace) \
--create-namespace \
--install \
--history-max 1 \
--wait \
--set image.repository=$(registryServerName)/$(projectName) \
--set image.env.microsoftAppId=$(microsoftAppId) \
--set image.env.microsoftAppPassword=$(microsoftAppPassword) \
--set image.env.appInsights.instrumentationKey=$(appInsightsInstrumentationKey) \
--set image.env.search.serviceName=$(azureSearchServiceName) \
--set image.env.search.indexName=$(azureSearchIndexName) \
--set image.env.search.serviceQueryApiKey=$(azureSearchServiceQueryApiKey) \
--set networkpolicies.enabled=$(networkPoliciesEnabled) \
--set ingress.hostName=$(hostName) \
--set issuer.acme.email=$(issuerEmail) \
--set ingress-nginx.defaultBackend.enabled=false \
--set ingress-nginx.controller.scope.enabled=true \
--set ingress-nginx.controller.image.tag=$(nginxIngressVersion) \
--set ingress-nginx.controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$(dnsName) \
$(projectName) \
./install/$(projectName)
# cleanup
rm -r ./install
helm chart remove $(chartName):$(helmChartVersion)
failOnStderr: true
displayName: 'deploy helm chart'