Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Task: Move ACR deployment to deploy stage #2285

Open
wants to merge 37 commits into
base: main
Choose a base branch
from
+148 −112
Open

Task: Move ACR deployment to deploy stage #2285

Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
571903c
Test deploy
Mar 20, 2025
4349872
Fix yaml
Mar 20, 2025
de6bb91
Add environment
Mar 20, 2025
8ecec24
Update trigger condition
Mar 20, 2025
ccfb2d8
Checkout repo first
Mar 20, 2025
3dc2126
Add platform
Mar 20, 2025
496087e
Use buildx
Mar 20, 2025
9463d48
Fix platforms
Mar 21, 2025
645a96e
Fix platform
Mar 21, 2025
84b0543
Test with removed privilege
Mar 21, 2025
cbabba5
Remove global definition for environment
Mar 25, 2025
313ba89
Restore privileged mode
Mar 25, 2025
666ff35
Specify pool at stage level
Mar 25, 2025
dc0dd67
Update image
Mar 25, 2025
29bcd0c
Fix buildx
Mar 25, 2025
3b7235e
Remove ARM v7
Mar 25, 2025
dc8e4ff
Test on PPE
Mar 26, 2025
e61a4a9
Switch to prod configs
Mar 26, 2025
cffa9d3
Fix trigger branch
Mar 26, 2025
1aef449
Close and condition
Mar 26, 2025
1ed040b
Test triggers
Mar 26, 2025
80e08a5
Fix typo in condition
Mar 26, 2025
152946f
Update references
Mar 26, 2025
80d2a2f
Update .azure-pipelines/ci-build.yml
Onokaev Mar 28, 2025
4519068
Remove checkout step
Mar 28, 2025
2187708
Add artifactname
Mar 28, 2025
dadca7c
Add environment for tests
Mar 28, 2025
410bfa6
Triger only docker_images deployment
Mar 28, 2025
c08890c
Copy over files at build
Apr 1, 2025
6bb06b0
Remove publish task
Apr 1, 2025
a2964e8
Add files to pipeline artifacts
Apr 1, 2025
758cab7
Fix file reference
Apr 1, 2025
a68e5e5
Test new environment
Apr 1, 2025
2598dad
Cleanup and restore right variables
Apr 1, 2025
436e048
Validate for this branch
Apr 2, 2025
ec3e05d
Test deploy
Apr 2, 2025
c108327
Cleanup pipeline
Apr 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
260 changes: 148 additions & 112 deletions .azure-pipelines/ci-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,10 @@ extends:
displayName: 'Publish Artifact: Nugets'
artifactName: Nugets
targetPath: '$(Build.ArtifactStagingDirectory)/Nugets'
- output: pipelineArtifact
displayName: 'Publish Artifact: RepoFiles'
artifactName: RepoFiles
targetPath: '$(Build.ArtifactStagingDirectory)/RepoFiles'
steps:
- task: UseDotNet@2
displayName: 'Use .NET 6'
Expand Down Expand Up @@ -198,12 +202,29 @@ extends:
targetFolder: $(Build.ArtifactStagingDirectory)/Nugets
sourceFolder: $(Build.ArtifactStagingDirectory)
content: '*.nupkg'


# Copy repository files to be used in the deploy stage
- task: CopyFiles@2
displayName: 'Copy repository files for deploy stage'
inputs:
SourceFolder: '$(Build.SourcesDirectory)'
Contents: |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have you considered this option instead of copying the whole repo which is effectively working around the security constraints?
https://stackoverflow.com/questions/66468815/how-to-publish-docker-image-as-an-artifact-in-azure-devops

**/*
!**/bin/**
!**/obj/**
!**/.git/**
TargetFolder: '$(Build.ArtifactStagingDirectory)/RepoFiles'

- stage: deploy
condition: and(contains(variables['build.sourceBranch'], 'refs/tags/v'), succeeded())
condition: and(or(contains(variables['Build.SourceBranch'], 'refs/tags/v'), eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])), succeeded())
dependsOn: build
pool:
name: Azure-Pipelines-1ESPT-ExDShared
os: linux
image: ubuntu-latest
jobs:
- deployment: deploy_hidi
condition: and(contains(variables['build.SourceBranch'], 'refs/tags/v'), succeeded())
templateContext:
type: releaseJob
isProduction: true
Expand All @@ -228,6 +249,7 @@ extends:
publishFeedCredentials: 'OpenAPI Nuget Connection'

- deployment: deploy_lib
condition: and(contains(variables['build.SourceBranch'], 'refs/tags/v'), succeeded())
templateContext:
type: releaseJob
isProduction: true
Expand Down Expand Up @@ -260,6 +282,7 @@ extends:
publishFeedCredentials: 'OpenAPI Nuget Connection'

- deployment: deploy_yaml_reader
condition: and(contains(variables['build.SourceBranch'], 'refs/tags/v'), succeeded())
templateContext:
type: releaseJob
isProduction: true
Expand Down Expand Up @@ -318,119 +341,132 @@ extends:
assets: '$(Pipeline.Workspace)\**\*.exe'
addChangeLog: false

- stage: Build_and_deploy_docker_images
displayName: 'Build and deploy docker images'
condition: or(eq(variables['build.sourceBranch'], 'refs/tags/v'), eq(variables['build.sourceBranch'], variables['PREVIEW_BRANCH']))
dependsOn: build
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: ubuntu-latest
os: linux
jobs:
- job: buildAndPush
steps:
- task: AzureCLI@2
displayName: 'Login to Azure Container Registry'
inputs:
azureSubscription: 'ACR Images Push Service Connection'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
az acr login --name msgraphprodregistry

- powershell: |
$content = [XML](Get-Content ./Directory.Build.props)
Write-Host "XML loaded, finding version..."

# Handle PropertyGroup as either a single element or array
$version = $null
if ($content.Project.PropertyGroup -is [array]) {
Write-Host "PropertyGroup is an array, checking each entry..."
foreach ($pg in $content.Project.PropertyGroup) {
if ($pg.Version) {
$version = $pg.Version.ToString().Trim()
Write-Host "Found version in PropertyGroup array: $version"
break
- deployment: deploy_docker_image
environment: docker-images-deploy
templateContext:
type: releaseJob
isProduction: true
inputs:
- input: pipelineArtifact
artifactName: RepoFiles
targetPath: '$(Pipeline.Workspace)'
strategy:
runOnce:
deploy:
pool:
vmImage: 'ubuntu-latest'
steps:
- task: AzureCLI@2
displayName: 'Login to Azure Container Registry'
inputs:
azureSubscription: 'ACR Images Push Service Connection'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
az acr login --name msgraphprodregistry

- powershell: |
$content = [XML](Get-Content $(Pipeline.Workspace)/Directory.Build.props)
Write-Host "XML loaded, finding version..."

# Handle PropertyGroup as either a single element or array
$version = $null
if ($content.Project.PropertyGroup -is [array]) {
Write-Host "PropertyGroup is an array, checking each entry..."
foreach ($pg in $content.Project.PropertyGroup) {
if ($pg.Version) {
$version = $pg.Version.ToString().Trim()
Write-Host "Found version in PropertyGroup array: $version"
break
}
}
} else {
# Single PropertyGroup
$version = $content.Project.PropertyGroup.Version
if ($version) {
$version = $version.ToString().Trim()
Write-Host "Found version in PropertyGroup: $version"
}
}
}
} else {
# Single PropertyGroup
$version = $content.Project.PropertyGroup.Version
if ($version) {
$version = $version.ToString().Trim()
Write-Host "Found version in PropertyGroup: $version"
}
}

if (-not $version) {
Write-Host "##vso[task.logissue type=error]Version not found in Directory.Build.props"
exit 1
}

Write-Host "Version found: $version"
Write-Host "##vso[task.setvariable variable=version;isoutput=true]$version"
Write-Host "##vso[task.setvariable variable=VERSION]$version"
displayName: 'Get version from csproj'
name: getversion

if (-not $version) {
Write-Host "##vso[task.logissue type=error]Version not found in Directory.Build.props"
exit 1
}
- bash: |
# Debug output to verify version variable
echo "Version from previous step: $VERSION"
displayName: 'Verify version variable'

Write-Host "Version found: $version"
Write-Host "##vso[task.setvariable variable=version;isoutput=true]$version"
Write-Host "##vso[task.setvariable variable=VERSION]$version"
displayName: 'Get version from csproj'
name: getversion

- bash: |
# Debug output to verify version variable
echo "Version from previous step: $VERSION"
displayName: 'Verify version variable'

- bash: |
echo "Build Number: $(Build.BuildNumber)"
# Extract the last 3 characters for the run number
runnumber=$(echo "$(Build.BuildNumber)" | grep -o '[0-9]\+$')
echo "Extracted Run Number: $runnumber"
- bash: |
echo "Build Number: $(Build.BuildNumber)"
# Extract the last 3 characters for the run number
runnumber=$(echo "$(Build.BuildNumber)" | grep -o '[0-9]\+$')
echo "Extracted Run Number: $runnumber"

# If extraction fails, set a default
if [ -z "$runnumber" ]; then
echo "Extraction failed, using default value"
runnumber=$(date +"%S%N" | cut -c1-3)
echo "Generated fallback run number: $runnumber"
fi

# Set the variable for later steps
echo "##vso[task.setvariable variable=RUNNUMBER]$runnumber"
echo "##vso[task.setvariable variable=RUNNUMBER;isOutput=true]$runnumber"
displayName: 'Get truncated run number'
name: getrunnumber
condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])

- bash: |
date=$(date +'%Y%m%d')
echo "Date value: $date"
echo "##vso[task.setvariable variable=BUILDDATE;isOutput=true]$date"
echo "##vso[task.setvariable variable=BUILDDATE]$date"
displayName: 'Get current date'
name: setdate
condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])

# If extraction fails, set a default
if [ -z "$runnumber" ]; then
echo "Extraction failed, using default value"
runnumber=$(date +"%S%N" | cut -c1-3)
echo "Generated fallback run number: $runnumber"
fi

# Set the variable for later steps
echo "##vso[task.setvariable variable=RUNNUMBER]$runnumber"
echo "##vso[task.setvariable variable=RUNNUMBER;isOutput=true]$runnumber"
displayName: 'Get truncated run number'
name: getrunnumber
condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])

- bash: |
date=$(date +'%Y%m%d')
echo "Date value: $date"
echo "##vso[task.setvariable variable=BUILDDATE;isOutput=true]$date"
echo "##vso[task.setvariable variable=BUILDDATE]$date"
displayName: 'Get current date'
name: setdate
condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])

- bash: |
echo "Building Docker image..."
echo "Using build date: ${BUILDDATE}"
# Using quotes around tags to prevent flag interpretation
docker build \
-t "$(REGISTRY)/$(IMAGE_NAME):nightly" \
-t "$(REGISTRY)/$(IMAGE_NAME):${VERSION}.${BUILDDATE}${RUNNUMBER}" \
"$(Build.SourcesDirectory)"
- script: |
docker run --privileged --rm tonistiigi/binfmt --install all
displayName: "Enable multi-platform builds"

- script: |
docker buildx create --use --name mybuilder
displayName: "Set up Docker BuildX"

- script: |
docker buildx inspect --bootstrap
displayName: "Ensure BuildX is working"

echo "Pushing Docker image with nightly tag..."
docker push "$(REGISTRY)/$(IMAGE_NAME):nightly"
docker push "$(REGISTRY)/$(IMAGE_NAME):${VERSION}.${BUILDDATE}${RUNNUMBER}"
displayName: 'Build and Push Nightly Image'
condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])

- bash: |
echo "Building Docker image for release..."
docker build \
-t "$(REGISTRY)/$(IMAGE_NAME):latest" \
-t "$(REGISTRY)/$(IMAGE_NAME):${VERSION}.${BUILDDATE}${RUNNUMBER}" \
"$(Build.SourcesDirectory)"
- bash: |
echo "Building Docker image..."
echo "Using build date: ${BUILDDATE}"
# Using quotes around tags to prevent flag interpretation
docker buildx build \
--platform linux/amd64,linux/arm64/v8 \
--push \
-t "$(REGISTRY)/$(IMAGE_NAME):nightly" \
-t "$(REGISTRY)/$(IMAGE_NAME):${VERSION}.${BUILDDATE}${RUNNUMBER}" \
"$(Pipeline.Workspace)"

displayName: 'Build and Push Nightly Image'
condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])

echo "Pushing Docker image with latest and version tags..."
docker push "$(REGISTRY)/$(IMAGE_NAME):latest"
docker push "$(REGISTRY)/$(IMAGE_NAME):${VERSION}.${BUILDDATE}${RUNNUMBER}"
displayName: 'Build and Push Release Image'
condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/v')
- bash: |
echo "Building Docker image for release..."
docker buildx build\
--platform linux/amd64,linux/arm64/v8 \
--push \
-t "$(REGISTRY)/$(IMAGE_NAME):latest" \
-t "$(REGISTRY)/$(IMAGE_NAME):${VERSION}.${BUILDDATE}${RUNNUMBER}" \
"$(Pipeline.Workspace)"
displayName: 'Build and Push Release Image'
condition: contains(variables['Build.SourceBranch'], 'refs/tags/v')