Skip to content

Commit

Permalink
Refactor Azure Pipelines YAML to streamline build, push, and testing …
Browse files Browse the repository at this point in the history 
…stages (#1160)

- Updated the display name for the Build stage for clarity.
- Separated the Docker build and push steps, changing the push stage to specifically handle the release candidate image.
- Added a new job for pushing the release candidate container after the build stage.
- Enhanced the Security Test stage to include Docker login and application container startup before running OWASP ZAP security tests.
- Updated tagging strategy for Docker images to include 'release-candidate' and 'production-release' tags.
- Cleaned up commented-out code related to previous security testing configurations.
  • Loading branch information
@will0684
will0684 authored Jan 21, 2025
1 parent 5911eb4 commit be4628d
Showing 1 changed file with 91 additions and 83 deletions.
174 changes: 91 additions & 83 deletions AzurePipelines/prod-test-build-and-push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,15 @@ variables:

stages:
- stage: Build
displayName: Build Container
displayName: Build
jobs:
- job: Build
displayName: Build Container
pool:
vmImage: $(vmImageName)
steps:
- task: Docker@2
inputs:
containerRegistry: "$(azureContainerRegistry.name)"
repository: "$(azureContainerRegistry.repository)"
command: "login"
- script: "docker pull $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):latest"
displayName: Pull latest for layer caching
continueOnError: true
- task: Docker@2
displayName: Build image
inputs:
containerRegistry: "$(azureContainerRegistry.name)"
repository: "$(azureContainerRegistry.repository)"
Expand All @@ -43,7 +36,7 @@ stages:
tags: |
$(tag)
latest
production-release
release-candidate
arguments: |
--pull
--build-arg NEXT_PUBLIC_BUILD_ID=$(ADO_BUILD)
Expand All @@ -60,34 +53,37 @@ stages:
--build-arg NOTIFY_API_KEY=$(NOTIFY_API_KEY)
--build-arg NOTIFY_FEEDBACK_TEMPLATE_ID=$(NOTIFY_FEEDBACK_TEMPLATE_ID)
- stage: Test
displayName: Run Regression Tests
dependsOn: Build
jobs:
- job: UnitAndIntegrationAndA11yTests
displayName: Run Jest, Cypress and A11y Tests
- job: Push Release Candidate Container
displayName: Push Release Candidate Container
pool:
vmImage: $(vmImageName)
dependsOn: Build
steps:
- task: NodeTool@0
- task: Docker@2
inputs:
versionSpec: "18.x"
displayName: "Install Node.js"

# Enable corepack for Yarn
- script: |
corepack enable
displayName: "Enable Corepack"
- script: |
yarn install --immutable
displayName: "Install Dependencies"
containerRegistry: "$(azureContainerRegistry.name)"
repository: "$(azureContainerRegistry.repository)"
command: "login"

- script: |
yarn test:ci
displayName: "Run Jest Tests"
- task: Docker@2
inputs:
containerRegistry: "$(azureContainerRegistry.name)"
repository: "$(azureContainerRegistry.repository)"
command: "push"
tags: |
$(tag)
latest
release-candidate
# Start the container before E2E tests
- stage: Test
displayName: Regression Tests
dependsOn: Build
jobs:
- job: Test
displayName: Run Regression Tests
pool:
vmImage: $(vmImageName)
steps:
- task: Docker@2
inputs:
containerRegistry: "$(azureContainerRegistry.name)"
Expand All @@ -102,6 +98,7 @@ stages:
timeout 60 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:3000)" != "200" ]]; do sleep 5; done' || false
displayName: "Start Application Container"
# Run your E2E tests here
- script: |
yarn cypress:run
displayName: "Run Cypress Tests"
Expand Down Expand Up @@ -153,58 +150,63 @@ stages:
artifact: "cypress-videos"
condition: always()

# - stage: SecurityTest
# displayName: Security Testing
# dependsOn: Build
# jobs:
# - job: OWASPZapTest
# displayName: OWASP ZAP Security Tests
# pool:
# vmImage: $(vmImageName)
# steps:
# # Start the application container
# - script: |
# docker pull $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):$(tag)
# docker run -d -p 3000:3000 $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):$(tag)
# displayName: Start Application Container

# # Use OWASP ZAP Scanner Task
# - task: Zap@1
# inputs:
# aggressivemode: false
# threshold: $(ZAP_THRESHOLD)
# port: 3000
# targeturl: $(ZAP_TARGET_URL)
# scantype: "targetedScan"
# contextpath: "$(System.DefaultWorkingDirectory)/zap"
# reportfilename: "OWASP-ZAP-Report.html"
# reportformat: "html"
# enableVerifications: true
# scantimeout: $(ZAP_TIMEOUT)
# failonhigh: true
# failonmedium: false
# scanningmode: "targeted"

# # Publish ZAP test results
# - task: PublishPipelineArtifact@1
# displayName: "Publish ZAP Results"
# inputs:
# targetPath: "$(System.DefaultWorkingDirectory)/zap"
# artifact: "zap-security-report"
# condition: always()

# # Convert ZAP results to JUnit format for better visualization
# - task: PublishTestResults@2
# inputs:
# testResultsFormat: "JUnit"
# testResultsFiles: "**/zap-report.xml"
# mergeTestResults: true
# testRunTitle: "OWASP ZAP Security Tests"
# condition: always()
- stage: Security Test
displayName: Security Testing
dependsOn: Build
jobs:
- job: OWASPZapTest
displayName: OWASP ZAP Security Tests
pool:
vmImage: $(vmImageName)
steps:
- task: Docker@2
inputs:
containerRegistry: "$(azureContainerRegistry.name)"
repository: "$(azureContainerRegistry.repository)"
command: "login"

# Start the application container
- script: |
docker pull $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):$(tag)
docker run -d -p 3000:3000 $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):$(tag)
displayName: Start Application Container
# Use OWASP ZAP Scanner Task
- task: Zap@1
inputs:
aggressivemode: false
threshold: $(ZAP_THRESHOLD)
port: 3000
targeturl: $(ZAP_TARGET_URL)
scantype: "targetedScan"
contextpath: "$(System.DefaultWorkingDirectory)/zap"
reportfilename: "OWASP-ZAP-Report.html"
reportformat: "html"
enableVerifications: true
scantimeout: $(ZAP_TIMEOUT)
failonhigh: true
failonmedium: false
scanningmode: "targeted"

# Publish ZAP test results
- task: PublishPipelineArtifact@1
displayName: "Publish ZAP Results"
inputs:
targetPath: "$(System.DefaultWorkingDirectory)/zap"
artifact: "zap-security-report"
condition: always()

# Convert ZAP results to JUnit format for better visualization
- task: PublishTestResults@2
inputs:
testResultsFormat: "JUnit"
testResultsFiles: "**/zap-report.xml"
mergeTestResults: true
testRunTitle: "OWASP ZAP Security Tests"
condition: always()

- stage: Push
displayName: Push to ACR
# dependsOn: SecurityTest
dependsOn: Test
jobs:
- job: PushContainer
Expand All @@ -218,12 +220,18 @@ stages:
repository: "$(azureContainerRegistry.repository)"
command: "login"

# Pull the release candidate image first
- script: |
docker pull $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):release-candidate
# Tag it with the new tags
docker tag $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):release-candidate $(azureContainerRegistry.domain)/$(azureContainerRegistry.repository):production-release
displayName: "Pull and tag release candidate"
# Push the production release tag
- task: Docker@2
inputs:
containerRegistry: "$(azureContainerRegistry.name)"
repository: "$(azureContainerRegistry.repository)"
command: "push"
tags: |
$(tag)
latest
production-release

0 comments on commit be4628d

Please sign in to comment.