Skip to content

Commit c8ac11f

Browse files
committed
Set up CI with Azure Pipelines
[skip ci]
1 parent 4dbf3a3 commit c8ac11f

File tree

1 file changed

+110
-123
lines changed

1 file changed

+110
-123
lines changed

azure-pipelines.yml

+110-123
Original file line numberDiff line numberDiff line change
@@ -1,133 +1,120 @@
1-
trigger:
2-
- master
3-
- releases/*
4-
- node6hotfixes/*
1+
parameters:
2+
- name: serviceConnection
3+
displayName: Override Service Connection
4+
type: string
5+
default: '<from subscriptionConnection variable>'
6+
- name: jobType
7+
displayName: Job type
8+
type: string
9+
default: agentJob
10+
values:
11+
- agentJob
12+
- containerJob
13+
- deploymentJob
14+
- environmentVM
15+
- name: poolName
16+
displayName: Agent Pool
17+
type: string
18+
default: 'Azure Pipelines'
19+
- name: vmImage
20+
displayName: Agent Pool
21+
type: string
22+
default: 'ubuntu-latest'
23+
- name: environmentName
24+
displayName: Environment
25+
type: string
26+
default: 'scratch'
527

6-
resources:
7-
repositories:
8-
- repository: AzureDevOps
9-
type: git
10-
endpoint: AzureDevOps
11-
name: AzureDevOps/AzureDevOps
28+
steps:
29+
- task: AzureCLI@2
30+
displayName: 'AzureCLI $(serviceConnection)'
31+
inputs:
32+
addSpnToEnvironment: true
33+
azureSubscription: '$(serviceConnection)' # Task property referencing Service Connection -------------------------------------------------------
34+
scriptType: pscore
35+
scriptLocation: inlineScript
36+
inlineScript: |
37+
Write-Host "`n$($PSStyle.Bold)Service Connection name: '$(serviceConnection)'$($PSStyle.Reset) -----------------------------------------------"
1238
13-
jobs:
39+
Get-ChildItem -Path Env: -Recurse -Include ENDPOINT_DATA_* | Sort-Object -Property Name `
40+
| Select-Object -First 1 -ExpandProperty Name `
41+
| ForEach-Object { $_ -replace 'ENDPOINT_DATA_','' } `
42+
| Set-Variable serviceConnectionId
43+
Write-Host "Service Connection ID: ${serviceConnectionId}"
1444
15-
# All tasks on Windows
16-
- job: build_all_windows
17-
displayName: Build all tasks (Windows)
18-
condition: and(succeeded(), not(variables.task), eq(variables.os, 'Windows_NT'))
19-
pool:
20-
vmImage: vs2017-win2016
21-
timeoutInMinutes: 120
22-
steps:
23-
- template: ci/build-all-steps.yml
24-
parameters:
25-
os: Windows_NT
45+
Write-Host "`nVariables added by 'addSpnToEnvironment':" -NoNewline
46+
Get-ChildItem -Path Env: -Recurse -Include idToken, `
47+
servicePrincipalId, `
48+
servicePrincipalKey,`
49+
tenantId `
50+
| Sort-Object -Property Name `
51+
| Select-Object -Property Name `
52+
| Format-Table -HideTableHeaders
53+
if ($env:servicePrincipalKey) {
54+
Write-Host "Using Service Principal secret for authentication"
55+
} elseif ($env:idToken) {
56+
Write-Host "Using Workload Identity federation (OIDC) for authentication"
57+
}
2658
27-
# Publish on Windows
28-
- job: publish_windows
29-
displayName: Publish
30-
dependsOn:
31-
- build_all_windows
32-
condition: and(succeeded(), ne(variables['build.reason'], 'PullRequest'), eq(variables.os, 'Windows_NT'))
33-
pool:
34-
vmImage: vs2017-win2016
35-
steps:
36-
- template: ci/publish-steps.yml
59+
Write-Host "`n$($PSStyle.Formatting.FormatAccent)az account show$($PSStyle.Reset)"
60+
az account show -o json `
61+
| Tee-Object -FilePath subscription.json `
62+
| ConvertFrom-Json `
63+
| Set-Variable subscription
64+
Get-Content subscription.json
65+
$appId = $subscription.user.name
3766
38-
# Courtesy push on Windows
39-
- job: courtesy_push_windows
40-
displayName: Courtesy Push
41-
dependsOn:
42-
- publish_windows
43-
condition: and(succeeded(), in(variables['build.reason'], 'Schedule', 'Manual'), eq(variables['COURTESY_PUSH'], 'true'))
44-
pool:
45-
vmImage: vs2017-win2016
46-
steps:
47-
- powershell: |
48-
$week = (Invoke-WebRequest https://whatsprintis.it -Headers @{"Accept"= "application/json"} | ConvertFrom-Json).week
49-
Write-Host "##vso[task.setvariable variable=week]$week"
50-
displayName: "Determine if its the last week of the sprint"
51-
- checkout: AzureDevOps
52-
fetchDepth: 1
53-
persistCredentials: true
54-
condition: and(succeeded(), or(eq(variables['WEEK'], '3'), eq(variables['FORCE_COURTESY_PUSH'], 'true')))
55-
- checkout: self
56-
condition: and(succeeded(), or(eq(variables['WEEK'], '3'), eq(variables['FORCE_COURTESY_PUSH'], 'true')))
57-
- template: ci/courtesy-push.yml
67+
Write-Host "`n$($PSStyle.Bold)Service Connection role assignments:$($PSStyle.Reset) ---------------------------------------------------------------"
68+
Write-Host "$($PSStyle.Formatting.FormatAccent)az role assignment list --assignee <appId>$($PSStyle.Reset)"
69+
az role assignment list --all `
70+
--assignee $appId `
71+
-o json `
72+
| Tee-Object -FilePath roleAssignments.json `
73+
| ConvertFrom-Json `
74+
| Select-Object -Property roleDefinitionName, scope `
75+
| Sort-Object -Property roleDefinitionName
76+
| Format-Table -AutoSize -Wrap
5877
59-
# Send notifications by POST method to MS Teams webhook
60-
# Body of message is compiled as Office 365 connector card
61-
# More details about cards - https://docs.microsoft.com/en-us/microsoftteams/platform/task-modules-and-cards/cards/cards-reference#office-365-connector-card
62-
- job: notify_courtesy_push_fail
63-
displayName: Notify courtesy push fail
64-
dependsOn:
65-
- courtesy_push_windows
66-
condition: |
67-
and
68-
(
69-
in(dependencies.courtesy_push_windows.result, 'Failed', 'Skipped'),
70-
eq(variables['COURTESY_PUSH'], 'true'),
71-
eq(variables['build.reason'], 'Schedule'),
72-
eq(variables['COURTESY_PUSH_NOTIFICATION'], 'true')
73-
)
74-
pool:
75-
vmImage: vs2017-win2016
76-
steps:
77-
- powershell: .\ci\courtesy-push\send-notification.ps1 -IsPRCreated $false
78-
displayName: 'Send notification to the MS Teams channel'
79-
env:
80-
TEAMS_WEBHOOK: $(MSTeamsUri)
78+
Write-Host "`n$($PSStyle.Bold)Service Connection Service Principal object:$($PSStyle.Reset) -------------------------------------------------------"
79+
Write-Host "$($PSStyle.Formatting.FormatAccent)az ad sp show --id <appId>$($PSStyle.Reset)"
80+
az ad sp show --id $appId `
81+
-o json `
82+
| Tee-Object -FilePath servicePrincipal.json `
83+
| ConvertFrom-Json `
84+
| Set-Variable servicePrincipal
85+
Get-Content servicePrincipal.json
86+
if ($servicePrincipal.servicePrincipalType -eq 'ManagedIdentity') {
87+
"https://portal.azure.com/#@{0}/resource{1}" -f $subscription.tenantId, $servicePrincipal.alternativeNames[1] | Set-Variable azurePortalLink
88+
} else {
89+
"https://portal.azure.com/{0}/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/{1}/isMSAApp/" -f $subscription.tenantId, $appId | Set-Variable azurePortalLink
90+
}
91+
Write-Host "`nAzure Portal link for Service Principal of type '$($servicePrincipal.servicePrincipalType)':`n$($azurePortalLink)"
8192
82-
# All tasks on Linux
83-
- job: build_all_linux
84-
displayName: Build all tasks (Linux)
85-
condition: and(succeeded(), not(variables.task), eq(variables.os, 'Linux'))
86-
pool:
87-
vmImage: ubuntu-18.04
88-
steps:
89-
- template: ci/build-all-steps.yml
90-
parameters:
91-
os: Linux
93+
Write-Host "`n$($PSStyle.Bold)Subscriptions the Service Connection has access to:$($PSStyle.Reset) ------------------------------------------------"
94+
Write-Host "$($PSStyle.Formatting.FormatAccent)az account list$($PSStyle.Reset)"
95+
az account list --query "sort_by([].{Name:name, SubscriptionId:id}, &Name)" `
96+
-o table
97+
98+
Write-Host "`n$($PSStyle.Bold)Resource groups that the Service Connection has access to in subscription '$(az account show --query name -o tsv)':$($PSStyle.Reset) -------------"
99+
Write-Host "$($PSStyle.Formatting.FormatAccent)az group list$($PSStyle.Reset)"
100+
az group list --query "sort_by([].{Name:name, ResourceId:id}, &Name)" `
101+
-o table
102+
workingDirectory: '$(Build.ArtifactStagingDirectory)'
92103

93-
# All tasks on macOS
94-
- job: build_all_darwin
95-
displayName: Build all tasks (macOS)
96-
condition: and(succeeded(), not(variables.task), eq(variables.os, 'Darwin'))
97-
pool:
98-
vmImage: macos-10.15
99-
steps:
100-
- template: ci/build-all-steps.yml
101-
parameters:
102-
os: Darwin
104+
- task: AzurePowerShell@5
105+
displayName: 'AzurePowerShell $(serviceConnection)'
106+
inputs:
107+
azureSubscription: '$(serviceConnection)'
108+
scriptType: inlineScript
109+
inline: |
110+
Get-AzContext Format-List
111+
Get-AzContext | Select-Object -ExpandProperty Subscription | Format-List
103112
104-
# Single task
105-
- job: buildSingle
106-
displayName: Build single task
107-
condition: and(succeeded(), variables.task)
108-
steps:
109-
- template: ci/build-single-steps.yml
113+
azurePowerShellVersion: 'latestVersion'
114+
pwsh: true
115+
failOnStandardError: true
110116

111-
- job: buildSharedNpm_win
112-
displayName: Build shared npm packages (Win)
113-
condition: and(succeeded(), not(variables.task), eq(variables.os, 'Windows_NT'))
114-
pool:
115-
vmImage: vs2017-win2016
116-
steps:
117-
- template: ci/build-common-npm.yml
118-
119-
- job: buildSharedNpm_linux
120-
displayName: Build shared npm packages (Linux)
121-
condition: and(succeeded(), not(variables.task), eq(variables.os, 'Linux'))
122-
pool:
123-
vmImage: ubuntu-18.04
124-
steps:
125-
- template: ci/build-common-npm.yml
126-
127-
- job: buildSharedNpm_darwin
128-
displayName: Build shared npm packages (macOS)
129-
condition: and(succeeded(), not(variables.task), eq(variables.os, 'Darwin'))
130-
pool:
131-
vmImage: macos-10.15
132-
steps:
133-
- template: ci/build-common-npm.yml
117+
- pwsh: |
118+
Install-Module -Name Az -Repository PSGallery -Force
119+
Import-Module Az
120+
Get-AzContext

0 commit comments

Comments
 (0)