Skip to content

Commit

Permalink
chore: deploy to new Dev tenant (#432)
Browse files Browse the repository at this point in the history
* chore: deploy test resources

* pr-fix: use linux vm

* pr-fix: missing backtick

* pr-fix: use parameter secret

* pr-fix: gen password

* pr-fix: gen password

* pr-fix: remove location param

* pr-fix: add missing params

* pr-fix: server name

* pr-fix: app service name

* pr-fix: correct plan

* pr-fix: sql db sku

* pr-fix: sql db basic max bytes

* pr-fix: use ex max size

* pr-fix: change sku

* pr-fix: change sku

* pr-fix: change server name

* pr-fix: update min capacity

* pr-fix: update min capacity

* pr-fix: update min capacity

* pr-fix: update min capacity

* pr-fix: correct basic max size

* pr-fix: pass in az service connection

* pr-fix: expose test variables

* pr-fix: add quotes to condition

* pr-fix: correct var name

* pr-fix: correct arg name

* pr-fix: correct appsettings name

* pr-fix: use correct role assignments

* pr-fix: use correct password

* pr-fix: add certificate permissions to built-in logic apps service principal

* pr-fix: add role permissions access

* pr-fix: correct authz

* pr-fix: correct sql param name

* pr-fix: use access policies

* pr-fix: use correct access token

* pr-fix: use correct key perm

* pr-fix: sql filewalls

* pr-fix: correct sql

* pr-fix: correct sql

* pr-fix: correct sql

* pr-fix: correct ad

* pr-fix: secret name

* pr-fix: secret name

* pr-fix: secret name

* pr-fix: logging

* pr-fix: tenant id

* pr-fix: sql

* pr-fix: sql

* pr-fix: sql

* pr-fix: sql

* pr-fix: sql

* pr-fix: use server instance

* pr-fix: sql instance + connect graph

* pr-fix: sql instance var

* pr-fix: assign values ourselves

* pr-fix: secure string

* pr-fix: secure string

* pr-fix: secure string

* pr-fix: apim rest permissions?

* pr-fix: activate all tests

* pr-fix: remove commented-out sql tasks

* pr-fix: skip both apim tests

* temp: re-activate apim tets

* Update Arcus.Scripting.DevOps.tests.ps1

* pr-fix: remove update ps tasks
  • Loading branch information
stijnmoreels authored Aug 29, 2024
1 parent 92f804a commit b7446c6
Show file tree
Hide file tree
Showing 14 changed files with 390 additions and 40 deletions.
8 changes: 7 additions & 1 deletion build/ci-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ parameters:
- name: 'Package.Version.ManualTrigger'
type: string
default: 'preview'
- name: azureServiceConnection
displayName: 'Azure service connection'
type: string
default: 'Azure Codit-Arcus Service Principal'
- name: 'UnitTests'
type: object
default:
Expand Down Expand Up @@ -62,9 +66,9 @@ resources:
variables:
- group: 'Build Configuration'
- group: 'Arcus Scripting - Integration Testing'
- group: 'Arcus - GitHub Package Registry'
- group: 'MyGet'
- template: ./variables/build.yml
- template: ./variables/test.yml
- name: 'Package.Version'
value: '0.$(Build.BuildNumber)'
- name: 'Prerelease'
Expand Down Expand Up @@ -111,6 +115,7 @@ stages:
parameters:
projectName: '$(Project).Tests.Unit'
testName: '$(Project).${{UnitTest.name}}'
azureServiceConnection: ${{ parameters.azureServiceConnection }}

- stage: IntegrationTests
displayName: Integration Tests
Expand Down Expand Up @@ -139,6 +144,7 @@ stages:
parameters:
projectName: '$(Project).Tests.Integration'
testName: '$(Project).${{IntegrationTest.name}}'
azureServiceConnection: ${{ parameters.azureServiceConnection }}

- stage: ReleaseToMyget
displayName: 'Release to MyGet'
Expand Down
78 changes: 78 additions & 0 deletions build/deploy-test-resources.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: Arcus Scripting - Deploy test resources

trigger: none
pr: none

parameters:
- name: azureServiceConnection
displayName: 'Azure service connection'
type: string
default: 'Azure Codit-Arcus Service Principal'
- name: resourceGroupName
displayName: 'Resource group name'
default: arcus-scripting-dev-we-rg

variables:
- template: ./variables/build.yml
- template: ./variables/test.yml

stages:
- stage: Deploy
jobs:
- job: DeployBicep
displayName: 'Deploy test resources'
pool:
vmImage: '$(Vm.Linux.Image)'
steps:
- task: AzureCLI@2
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
inputs:
azureSubscription: '${{ parameters.azureServiceConnection }}'
addSpnToEnvironment: true
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az deployment sub create `
--location westeurope `
--template-file ./build/templates/deploy-resource-group.bicep `
--parameters resourceGroupName=$env:ARCUS_SCRIPTING_RESOURCEGROUP_NAME `
--parameters location=westeurope
$objectId = (az ad sp show --id $env:servicePrincipalId | ConvertFrom-Json).id
$symbols = '!@#$%^&*=(),.?'.ToCharArray()
$characterList = 'a'..'z' + 'A'..'Z' + '0'..'9' + $symbols
function Gen-Password {
param($length)
do {
$password = ""
for ($i = 0; $i -lt $length; $i++) {
$randomIndex = [System.Security.Cryptography.RandomNumberGenerator]::GetInt32(0, $characterList.Length)
$password += $characterList[$randomIndex]
}
$hasLowerChar = $password -cmatch '[a-z]'
$hasUpperChar = $password -cmatch '[A-Z]'
$hasDigit = $password -match '[0-9]'
$hasSymbol = $password.IndexOfAny($symbols) -ne -1
}
until (($hasLowerChar + $hasUpperChar + $hasDigit + $hasSymbol) -ge 3)
$password
}
$sqlAdminPassword = Gen-Password 14
az deployment group create `
--resource-group $env:ARCUS_SCRIPTING_RESOURCEGROUP_NAME `
--template-file ./build/templates/deploy-test-resources.bicep `
--parameters location=westeurope `
--parameters keyVaultName=$env:ARCUS_SCRIPTING_KEYVAULT_NAME `
--parameters storageAccountName=$env:ARCUS_SCRIPTING_STORAGEACCOUNT_NAME `
--parameters appServiceName=$env:ARCUS_SCRIPTING_APPSERVICE_NAME `
--parameters sqlServerName=$env:ARCUS_SCRIPTING_SQL_SERVERNAME `
--parameters sqlDatabaseName=$env:ARCUS_SCRIPTING_SQL_DATABASENAME `
--parameters sqlAdminUserName=$env:ARCUS_SCRIPTING_SQL_USERNAME `
--parameters sqlAdminPassword=$sqlAdminPassword `
--parameters sqlAdminPassword_secretName=$env:ARCUS_SCRIPTING_SQL_PASSWORD_SECRETNAME `
--parameters integrationAccountName=$env:ARCUS_SCRIPTING_INTEGRATIONACCOUNT_NAME `
--parameters servicePrincipal_objectId=$objectId
7 changes: 7 additions & 0 deletions build/psgallery-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ parameters:
displayName: 'Prerelease string (ex. -alpha, -alpha1, -BETA, -update20171020) or none'
type: 'string'
default: 'none'
- name: azureServiceConnection
displayName: 'Azure service connection'
type: string
default: 'Azure Codit-Arcus Service Principal'
- name: 'UnitTests'
type: object
default:
Expand Down Expand Up @@ -56,6 +60,7 @@ variables:
- group: 'Arcus Scripting - Integration Testing'
- group: 'Arcus.Scripting - Releasing PS Gallery'
- template: ./variables/build.yml
- template: ./variables/test.yml
- name: 'Repository'
value: 'arcus-azure/arcus.scripting'
- name: 'Package.Version'
Expand Down Expand Up @@ -104,6 +109,7 @@ stages:
parameters:
projectName: '$(Project).Tests.Unit'
testName: '$(Project).${{UnitTest.name}}'
azureServiceConnection: ${{ parameters.azureServiceConnection }}

- stage: IntegrationTests
displayName: Integration Tests
Expand Down Expand Up @@ -132,6 +138,7 @@ stages:
parameters:
projectName: '$(Project).Tests.Integration'
testName: '$(Project).${{IntegrationTest.name}}'
azureServiceConnection: ${{ parameters.azureServiceConnection }}

- stage: Release
displayName: 'Release to PowerShell Gallery'
Expand Down
15 changes: 15 additions & 0 deletions build/templates/deploy-resource-group.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// Define the name of the resource group.
param resourceGroupName string

// Define the location for the deployment of the components.
param location string

targetScope='subscription'

module resourceGroup 'br/public:avm/res/resources/resource-group:0.2.3' = {
name: 'resourceGroupDeployment'
params: {
name: resourceGroupName
location: location
}
}
155 changes: 155 additions & 0 deletions build/templates/deploy-test-resources.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
// Define the location for the deployment of the components.
param location string

// Define the name of the storage account that will be created.
param storageAccountName string

// Define the name of the Azure Functions app service that will be created.
param appServiceName string

// Define the name of the Azure SQL server instance that will be created.
param sqlServerName string

// Define the username of the administrator login for the Azure SQL server instance.
param sqlAdminUserName string

// Define the password of the administrator login for the Azure SQL server instance.
@secure()
param sqlAdminPassword string

// Define the Azure Key vault secret name of the administrator login password for the Azure SQL server instance.
param sqlAdminPassword_secretName string

// Define the name of the Azure SQL database that will be created within the Azure SQL server instance.
param sqlDatabaseName string

// Define the name of the integration account that will be created.
param integrationAccountName string

// Define the name of the Key Vault.
param keyVaultName string

// Define the Service Principal ID that needs access full access to the deployed resource group.
param servicePrincipal_objectId string

module storageAccount 'br/public:avm/res/storage/storage-account:0.9.1' = {
name: 'storageAccountDeployment'
params: {
name: storageAccountName
location: location
allowBlobPublicAccess: true
publicNetworkAccess: 'Enabled'
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
ipRules: []
virtualNetworkRules: []
}
roleAssignments: [
{
principalId: servicePrincipal_objectId
roleDefinitionIdOrName: 'Storage Blob Data Contributor'
}
{
principalId: servicePrincipal_objectId
roleDefinitionIdOrName: 'Storage Table Data Contributor'
}
]
}
}

module serverfarm 'br/public:avm/res/web/serverfarm:0.2.2' = {
name: 'serverfarmDeployment'
params: {
name: '${appServiceName}-plan'
skuCapacity: 2
skuName: 'Y1'
location: location
}
}

module functionApp 'br/public:avm/res/web/site:0.3.9' = {
name: 'functionAppDeployment'
params: {
kind: 'functionapp'
name: appServiceName
serverFarmResourceId: serverfarm.outputs.resourceId
location: location
enableTelemetry: false
siteConfig: {
alwaysOn: false
}
}
}

module sqlServer 'br/public:avm/res/sql/server:0.4.1' = {
name: 'sqlServerDeployment'
params: {
name: sqlServerName
location: location
administratorLogin: sqlAdminUserName
administratorLoginPassword: sqlAdminPassword
enableTelemetry: false
publicNetworkAccess: 'Enabled'
restrictOutboundNetworkAccess: 'Disabled'
auditSettings: {
state: 'Disabled'
}
databases: [
{
name: sqlDatabaseName
skuName: 'Basic'
skuTier: 'Basic'
maxSizeBytes: 2147483648
}
]
}
}

resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
name: integrationAccountName
location: location
properties: {
state: 'Enabled'
}
sku: {
name: 'Free'
}
}

module vault 'br/public:avm/res/key-vault/vault:0.6.1' = {
name: 'vaultDeployment'
params: {
name: keyVaultName
location: location
enableRbacAuthorization: false
sku: 'standard'
accessPolicies: [
{
objectId: servicePrincipal_objectId
permissions: {
secrets: [
'get', 'list', 'set', 'delete'
]
keys: [
'get', 'list', 'create', 'delete'
]
}
}
{
objectId: '0d926a02-88dc-4279-8265-fbcd8178ecb0' // (built-in) Azure Logic Apps service principal
permissions: {
keys: [
'list', 'get', 'decrypt', 'sign'
]
}
}
]
secrets: [
{
name: sqlAdminPassword_secretName
value: sqlAdminPassword
}
]
}
}
Loading

0 comments on commit b7446c6

Please sign in to comment.