From b40468a58e1529be1e14cd60d7dd2be29d2ea7dd Mon Sep 17 00:00:00 2001 From: Isabelle Bersano <100224087+ibersanoMS@users.noreply.github.com> Date: Tue, 28 Mar 2023 17:29:22 -0400 Subject: [PATCH] Feature: Azure Pipeline for deploying ACA LZA (#40) * cicd: initial ADO pipeline * cicd: updated syntax and added output variables for deploy * cicd: updated output variables * cicd: update delete command for deployment * docs: Added readme for ADO pipeline --- .ado/README.md | 21 +++++++ .ado/lza-deployment_bicep.yaml | 107 +++++++++++++++++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 .ado/README.md create mode 100644 .ado/lza-deployment_bicep.yaml diff --git a/.ado/README.md b/.ado/README.md new file mode 100644 index 00000000..13b9bb16 --- /dev/null +++ b/.ado/README.md @@ -0,0 +1,21 @@ +# Azure Pipeline Deployment +If you'd like to use an Azure Pipeline to deploy the ACA Landing Zone Accelerator, you will need: +- A fork of the ACA Landing Zone repository +- An Azure DevOps project +- A [service connection](https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml) available for your pipeline that connects to your Azure subscription +- A variable group called "ACA-LZA" that contains the following variables: + - location: The location of where you want the Azure resources deployed + - azureServiceConnection: the name of the service connection you created in the previous step + +# Create your pipeline +After you've created the items in the previous step, follow these instructions for creating your pipeline. +1. Navigate into your Azure DevOps projects and click on Pipelines on the left sidebar. +2. Click *New Pipeline* in the upper right hand corner of the window or the *create pipeline* button in the middle if this is your first pipeline. +3. Select *GitHub* as the source for your YAML. +4. Select your repository in GitHub. If you don't already have the Azure Pipeline app installed in your GitHub repository, it will prompt you to enable that and redirect you back to this creation screen. +5. Select *Existing Azure Pipelines YAML file*, select the main branch and the file *lza-deployment-bicep.yaml*. +6. Once you select the file, hit next and then click *Run* in the upper right hand corner of the *Review* tab. If you don't want to run it immediately, you can click the dropdown on the *Run* button and choose to save it. + +### Note +When you first run your pipeline, you may need to give the pipeline permission to access the service connection and the variable group. This will only occur the first time you run the pipeline. + diff --git a/.ado/lza-deployment_bicep.yaml b/.ado/lza-deployment_bicep.yaml new file mode 100644 index 00000000..5c441288 --- /dev/null +++ b/.ado/lza-deployment_bicep.yaml @@ -0,0 +1,107 @@ +# This workflow will deploy the LZA in ADO +name: LZA_Deployment + +trigger: none + +pr: + branches: + include: + - main + paths: + include: + - scenarios/aca-internal/bicep + +variables: + - group: "ACA-LZA" + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # The lint job performs linting on the bicep code + - job: lint + pool: + vmImage: 'ubuntu-latest' + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under so your job can access it + - checkout: self + + # Runs the Bicep linter to ensure build is successful + - bash: az bicep build --file ./scenarios/aca-internal/bicep/main.bicep + + - job: validate + pool: + vmImage: 'ubuntu-latest' + dependsOn: [lint] + steps: + - checkout: self + - task: AzureCLI@2 + inputs: + azureSubscription: $(azureServiceConnection) + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + az deployment sub validate --name "ACA-$(Build.BuildId)" --location $(location) --template-file ./scenarios/aca-internal/bicep/main.bicep --parameters ./scenarios/aca-internal/bicep/main.parameters.jsonc + + - job: preview + pool: + vmImage: 'ubuntu-latest' + dependsOn: [lint, validate] + steps: + - checkout: self + - task: AzureCLI@2 + inputs: + azureSubscription: $(azureServiceConnection) + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + az deployment sub what-if \ + --location $(location) \ + --template-file ./scenarios/aca-internal/bicep/main.bicep \ + --parameters ./scenarios/aca-internal/bicep/main.parameters.jsonc \ + --parameters deployHelloWorldSample=false + - job: deploy + pool: + vmImage: 'ubuntu-latest' + dependsOn: [preview] + steps: + - checkout: self + - task: AzureCLI@2 + name: deploy + inputs: + azureSubscription: $(azureServiceConnection) + scriptType: bash + scriptLocation: inlineScript + failOnStandardError: true + inlineScript: | + output=$(az deployment sub create \ + --name "ADO-$(Build.BuildId)" \ + --location $(location) \ + --template-file ./scenarios/aca-internal/bicep/main.bicep \ + --parameters ./scenarios/aca-internal/bicep/main.parameters.jsonc \ + --parameters deployHelloWorldSample=false) + echo $output | jq . + spokeResourceGroup=$(echo $output | jq -r '.properties.outputs.spokeResourceGroupName.value') + hubResourceGroup=$(echo $output | jq -r '.properties.outputs.hubResourceGroupName.value') + echo "##vso[task.setvariable variable=spokeResourceGroupName;isoutput=true]$spokeResourceGroupName" + echo "##vso[task.setvariable variable=hubResourceGroupName;isoutput=true]$hubResourceGroupName" + + - job: teardown + pool: + vmImage: 'ubuntu-latest' + variables: + spokeRG: dependencies.deploy.outputs['deploy.spokeResourceGroupName'] + hubRG: dependencies.deploy.outputs['deploy.hubResourceGroupName'] + dependsOn: [deploy] + condition: and(succeeded(), eq(variables.enable_teardown, 'true')) + + steps: + - task: AzureCLI@2 + inputs: + azureSubscription: $(azureServiceConnection) + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + az group delete --name $(spokeRG) --yes + az group delete --name $(hubRG) --yes + az deployment sub delete --name "ADO-$(Build.BuildId)" --no-wait \ No newline at end of file