Skip to content

Commit

Permalink
Add Azure pipeline (#34)
Browse files Browse the repository at this point in the history
* Added GitLeaks files

* Added ignore patterns

* Added azure files

* chore(cli): double quotes

* Moving DB_URL composition to CMD

* Add Azure pipeline with templates

* Ignoring secrets to test the pipeline

* Fix Dockerfile path

---------

Co-authored-by: Samuele Salvatico <samuele.salvatico@nearform.com>
  • Loading branch information
williamwd and SamSalvatico authored Jun 19, 2024
1 parent 4186c62 commit 78abd6b
Show file tree
Hide file tree
Showing 8 changed files with 2,392 additions and 2 deletions.
2,223 changes: 2,223 additions & 0 deletions .gitleaks.toml

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions .gitleaksignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
/src/packages/connectors/connector-saml/README.md:private-key:101
/src/packages/cli/src/commands/database/ogcio/ogcio-seeder.json:generic-api-key:33
/src/packages/cli/src/commands/database/ogcio/ogcio-seeder.json:generic-api-key:42
/src/packages/cli/src/commands/database/ogcio/ogcio-seeder.json:generic-api-key:151
2 changes: 0 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,7 @@ ENV PORT=3301
ENV ADMIN_PORT=3302
WORKDIR /etc/logto
COPY --from=builder /etc/logto .
# OGCIO
RUN apk add --no-cache jq
# OGCIO
EXPOSE 3301
# OGCIO
EXPOSE 3302
Expand Down
77 changes: 77 additions & 0 deletions azure_pipelines.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
trigger:
- dev
- uat
- sta

pr:
autoCancel: true
branches:
include:
- "*"

parameters:
- name: buildBranches
type: object
default: ["dev", "sta", "uat"]

- name: validEnvironments
type: object
displayName: List of valid environments to deploy (do not change)
default: ['dev','sta', 'uat', 'prd']

variables:
- name: pushArtefacts
value: ${{ containsValue(parameters.buildBranches, variables['Build.SourceBranchName']) }}
- ${{ if containsValue(parameters.validEnvironments ,variables['Build.SourceBranchName']) }}:
- template: pipeline-variables/${{ coalesce(variables['Build.SourceBranchName'], 'fallback') }}.yml
- ${{ else }}:
- template: pipeline-variables/dev.yml

stages:
- stage: securityScan
displayName: Security Scans
jobs:
- job: gitLeaksScan
#continueOnError: True
pool:
vmImage: "ubuntu-22.04"
displayName: GitLeaks Scan
steps:
- task: DockerInstaller@0
displayName: Docker Installer
inputs:
dockerVersion: 17.09.0-ce
releaseType: stable
- script: |
docker pull zricethezav/gitleaks:v8.10.3
docker run --rm -i -v "$(pwd):/src" zricethezav/gitleaks:v8.10.3 detect --source="/src" -c "src/.gitleaks.toml" --no-git -v
displayName: GitLeaks Scan
- stage: Build_Logto
displayName: Build Logto
dependsOn:
- securityScan
jobs:
- template: pipeline-templates/build_service.yml
parameters:
serviceName: logto
pushArtefacts: ${{ variables.pushArtefacts }}
buildArguments: $(buildArguments)
- stage: Push_Logto
displayName: Push logto to ECR
dependsOn: Build_Logto
condition: ${{ variables.pushArtefacts }}
jobs:
- template: pipeline-templates/push_image.yml
parameters:
awsServiceConnection: ${{ variables.awsServiceConnection }}
awsRegion: ${{ variables.awsRegion }}
serviceName: logto
- stage: Deploy_Logto
displayName: Deploy to ECS - logto
dependsOn: Push_Logto
jobs:
- template: pipeline-templates/deploy_ecs.yml
parameters:
awsServiceConnection: ${{ variables.awsServiceConnection }}
awsRegion: ${{ variables.awsRegion }}
serviceName: logto
31 changes: 31 additions & 0 deletions pipeline-templates/build_service.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
parameters:
- name: serviceName
default: ""
- name: pushArtefacts
default: false
- name: buildArguments
default: ""

jobs:
- job: Build
displayName: Build job - ${{ parameters.serviceName }}
pool:
vmImage: 'ubuntu-latest'
steps:
- task: Docker@2
displayName: Build - ${{ parameters.serviceName }}
inputs:
command: build
repository: ${{ parameters.serviceName }}
dockerfile: ./Dockerfile
buildContext: '$(Build.SourcesDirectory)'
arguments: ${{ parameters.buildArguments }}
- task: Docker@0
displayName: 'Run a Docker command'
condition: ${{ parameters.pushArtefacts }}
inputs:
action: 'Run a Docker command'
customCommand: 'save -o $(Build.ArtifactStagingDirectory)/image_${{ parameters.serviceName }}_$(Build.BuildId).tar ${{ parameters.serviceName }}:$(Build.BuildId)'
- publish: $(Build.ArtifactStagingDirectory)
condition: ${{ parameters.pushArtefacts }}
artifact: 'docker-${{ parameters.serviceName }}-$(Build.BuildId)'
25 changes: 25 additions & 0 deletions pipeline-templates/deploy_ecs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
parameters:
- name: serviceName
- name: awsRegion
- name: awsServiceConnection

jobs:
- job: Deploy
displayName: Deploy - ${{ parameters.serviceName }}
pool:
vmImage: 'ubuntu-latest'
steps:
- task: AWSCLI@1
inputs:
awsCredentials: ${{ parameters.awsServiceConnection }}
regionName: ${{ parameters.awsRegion }}
awsCommand: 'ecs'
awsSubCommand: 'update-service'
awsArguments: '--force-new-deployment --cluster life-events-ecs --service ${{ parameters.serviceName }}-service'
- task: AWSCLI@1
inputs:
awsCredentials: ${{ parameters.awsServiceConnection }}
regionName: ${{ parameters.awsRegion }}
awsCommand: 'ecs'
awsSubCommand: 'wait'
awsArguments: 'services-stable --cluster life-events-ecs --service ${{ parameters.serviceName }}-service'
27 changes: 27 additions & 0 deletions pipeline-templates/push_image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
parameters:
- name: serviceName
- name: awsRegion
- name: awsServiceConnection

jobs:
- job: Push
displayName: Push - ${{ parameters.serviceName }}
pool:
vmImage: 'ubuntu-latest'
steps:
- download: current
artifact: 'docker-${{ parameters.serviceName }}-$(Build.BuildId)'
- task: Docker@0
displayName: 'Retrieve docker image from artifacts'
inputs:
action: 'Run a Docker command'
customCommand: 'load -i $(Pipeline.Workspace)/docker-${{ parameters.serviceName }}-$(Build.BuildId)/image_${{ parameters.serviceName }}_$(Build.BuildId).tar'
- task: ECRPushImage@1
inputs:
awsCredentials: ${{ parameters.awsServiceConnection }}
regionName: ${{ parameters.awsRegion }}
imageSource: 'imagename'
sourceImageName: ${{ parameters.serviceName }}
sourceImageTag: $(Build.BuildId)
pushTag: $(Build.SourceBranchName)
repositoryName: life-events-${{ parameters.serviceName }}
5 changes: 5 additions & 0 deletions pipeline-variables/dev.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variables:
awsServiceConnection: life-events-dev-ecr
awsRegion: eu-west-1
ecrEndpoint: 730335224023.dkr.ecr.eu-west-1.amazonaws.com
buildArguments: ""

0 comments on commit 78abd6b

Please sign in to comment.