Checkov in Azure DevOps pipelines
Source code: https://github.com/HoussemDellai/terraform-course
The last couple of posts have been dealing with Release managed from the Releases area under Azure Pipelines. This week we are going to take what we were doing in that separate area of Azure DevOps and instead make it part of the YAML that currently builds our application. If you need some background on how the project got to this point check out the following posts.
The current setup we have uses a YAML based Azure Pipeline to build a couple of ASP.NET Core web applications. Then on the Release side, we have basically a dummy release that doesn’t actually do anything but served as a demo of how to configure a continuous deployment type release. The following is the current YAML for our Pipeline for reference.
name: $(SourceBranchName)_$(date:yyyyMMdd)$(rev:.r) resources: repositories: - repository: Shared name: Playground/Shared type: git ref: master #branch name trigger: none variables: buildConfiguration: 'Release' jobs: - job: WebApp1 displayName: 'Build WebApp1' pool: vmImage: 'ubuntu-latest' steps: - task: PowerShell@2 inputs: targetType: 'inline' script: 'Get-ChildItem -Path Env:\' - template: buildCoreWebProject.yml@Shared parameters: buildConFiguration: $(buildConfiguration) project: WebApp1.csproj artifactName: WebApp1 - job: WebApp2 displayName: 'Build WebApp2' condition: and(succeeded(), eq(variables['BuildWebApp2'], 'true')) pool: vmImage: 'ubuntu-latest' steps: - template: build.yml parameters: buildConFiguration: $(buildConfiguration) project: WebApp2.csproj artifactName: WebApp2 - job: DependentJob displayName: 'Build Dependent Job' pool: vmImage: 'ubuntu-latest' dependsOn: - WebApp1 - WebApp2 steps: - template: buildCoreWebProject.yml@Shared parameters: buildConFiguration: $(buildConfiguration) project: WebApp1.csproj artifactName: WebApp1Again - job: TagSources displayName: 'Tag Sources' pool: vmImage: 'ubuntu-latest' dependsOn: - WebApp1 - WebApp2 - DependentJob condition: | and ( eq(dependencies.WebApp1.result, 'Succeeded'), in(dependencies.WebApp2.result, 'Succeeded', 'Skipped'), in(dependencies.DependentJob.result, 'Succeeded', 'Skipped') ) steps: - checkout: self persistCredentials: true clean: true fetchDepth: 1 - task: PowerShell@2 inputs: targetType: 'inline' script: | $env:GIT_REDIRECT_STDERR` = '2>&1' $tag = "manual_$(Build.BuildNumber)".replace(' ', '_') git tag $tag Write-Host "Successfully created tag $tag" git push --tags Write-Host "Successfully pushed tag $tag" failOnStderr: false
#azure-pipelines #azure #azure-devops #devops
As someone who has spent most of their (very short) career doing one click cloud resource deployments, I was shocked when I jumped onto a legacy project and realised the complexity of the deployment process to staging and production. Using a traditional .NET Framework application stack, the deployment process consisted of the following steps:
As you can see and may have experienced, this is a long, slow and error-prone process which can often take over an hour given likelihood of one of those steps not working correctly. For me it was also a real pain point having to use the client laptop, as it had 3 different passwords to get in, none of which I set or could remember. It also meant if we needed to do a deployment I had to be in the office to physically use the laptop — no working from home that day.
My first step was to automate the build process. If we could get Azure Pipelines to at least build the project, I could download the files and copy them over manually. There are plenty of guides online on how to set this up, but the final result meant it gave me a .zip artifact of all the files required for the project. This also took away a common hotspot for errors, which was building locally on my machine. This also meant regardless of who wrote the code, the build process was always identical.
The second step was to** set up a release pipeline**. Within Azure Pipelines, what we wanted to do was create a deployment group, and then register the server we want to deploy to as a target within that deployment group. This will allow us to deploy directly to an on premise server. So, how do we do this?
Deployment groups menu item in Azure DevOps > Pipelines
2. Create a new deployment group. The idea is you can have several servers that are in the same group and deploy the code to all of them simultaneously (for example for load balancing reasons). In my case I only have one target in my deployment group, so the idea of a group is a bit redundant.
#azure #azure-pipelines #deployment-pipelines #windows-server #azure-devops #devops
DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.
According to the survey in EMEA, IT decision-makers have observed a 129%* improvement in the overall software development process when performing DevOps on the Cloud. This success result was just 81% when practicing only DevOps and 67%* when leveraging Cloud without DevOps. Not only that, but the practice has also made the software predictability better, improve the customer experience as well as speed up software delivery 2.6* times faster.
3 Core Principle to fit DevOps Strategy
If you consider implementing DevOps in concert with the Cloud, then the
below core principle will guide you to utilize the strategy.
Guide to Remold Business with DevOps and Cloud
Companies are now re-inventing themselves to become better at sensing the next big thing their customers need and finding ways with the Cloud based DevOps to get ahead of the competition.
#devops #devops-principles #azure-devops #devops-transformation #good-company #devops-tools #devops-top-story #devops-infrastructure
In last week’s post, we covered taking our existing build pipeline and making it a multi-stage Pipeline with a build stage and a deploy stage. This week we are going to add another stage to our pipeline for production. Since we don’t want the production stage deployed before it has been through QA we will need to hold the stage until it is verified ready, which is what this post is going to be about. If you haven’t read last week’s post, Azure DevOps Pipelines: Multi-Stage Pipelines, you might want to start there before reading the rest of this post if you are new to multi-stage pipelines.
In order to require approval on a stage is to associate it with and environment and add the approval requirement to the environment. In Azure DevOps under Pipelines select Environments and then click the Create environment button.
On the New environment dialog fill in a Name. If you had actual resources associated with the environment they can be added to provide traceability, but in this example, we are going to stick with the None option.
Now that the resource has been created on its details page we can use the three dots to open the menu and click Approvals and checks.
On the next screen click the **+**button in the upper right corner and then from the lists of check select Approvals and then click Next. As you can see from the partial list in the screenshot the range of check available for approvals is massive.
#azure-devops #azure #azure-pipelines #devops
In this post, we discuss how to use Azure Static Web Apps from a pipeline in Azure DevOps.Last year, Microsoft released Azure Static Web Apps, a great way to bundle your static app with a serverless Azure Functions backend. If you have a GitHub repository, Azure Static Web Apps has you covered. You create an instance in Azure, select a GitHub repository, and Azure creates a GitHub Actions CI/CD pipeline for you that’ll automatically trigger when you merge a pull request into your
main branch. It’s still in preview, but a GA release isn’t too far off.
To borrow from a famous Henry Ford quote: you can have it from any repo you want, so long as it’s GitHub.
That has changed. Azure Static Web Apps now provides Azure DevOps support. If you have a repository in Azure DevOps, you can wire up an Azure Pipelines YAML file that builds and deploys your app to Azure Static Web Apps. While it isn’t as streamlined and elegant as the GitHub experience—you need to configure your deployment token manually, and you don’t get automatic staging environments—it sure beats the alternative for Azure DevOps customers (that is, no Azure Static Web Apps support at all).
#devops #azure #azure devops #pipelines