CI/CD using Azure Pipelines
Azure Pipelines is a continuous integration and delivery (CI/CD) service built into Azure DevOps, Microsoft's successor to Team Foundation Server. Pipelines allow developers to automatically build, test, and deploy their code every time they push changes to an Azure Repos repository.
Key features of Azure Pipelines include:
Easy setup: Pipelines are built into Azure DevOps, so it's easy to get started with no additional setup.
Flexible configuration: Pipelines can be configured using YAML files, allowing for high customization.
Docker support: Pipelines uses Docker containers to provide a consistent and isolated environment for running builds and tests.
Parallel builds: Pipelines can run multiple builds in parallel, which can help speed up the overall build process.
Deployment options: Pipelines can deploy your code to various platforms, including AWS, Google Cloud, and Azure.
This section discusses how you can configure Azure DevOps to integrate with DuploCloud.
In the DuploCloud portal, navigate to Administrator -> Users. The Users page displays.
Click Add.
In the Username field, enter a non-email address username, such as cicd. The username cannot be a valid email address, as DuploCloud designates it as a service account.
From the Roles list box, select Admin for the fastest setup. If you select User, you must give Tenant access to that user.
Click Submit. Your service account is set up and can be viewed or modified from the Users page.
Create a permanent token for the service account that you created, using a token name that describes the CI/CD platform, such as azure-devops
.
In the Azure DevOps Portal, save the token that you created in DuploCloud to the Azure DevOps Pipelines Variable Group.
In an Azure DevOps project, navigate to Pipelines -> Library.
Create a new variable group named duplocloud-secrets
.
Add a DUPLO_TOKEN
variable; select Lock (next to the Value field), and paste in the permanent token as the Value.
Add a DUPLO_HOST
variable. The Value is your DuploCloud portal URL, as in the example above.
Add a ECR_BASE
variable based on the domain name of your ECR registry, as in the example above.
Build and push a Docker image from Azure DevOps to the AWS Elastic Container Registry (ECR)
Use DuploCloud service account authentication to build and push a Docker image from Azure DevOps to the AWS Elastic Container Registry (ECR). You can use ECR regardless of where your app is hosted.
Avoid using capital letters when referencing a DuploCloud construct, such as a Tenant, even when the UI displays the string as all capital letters. Don't specify DEV01 for example, specify dev01.
To build a Docker image and push it to the ECR, use a pipeline script. The script:
Logs you into AWS ECR, using Just-In-Time credentials from DuploCloud.
Builds and tags the Docker image. The tag name is based on the git commit
SHA (Simple Hashing Algorithm).
Pushes the Docker image to the ECR.
Here is an example Azure DevOps pipeline that builds a Docker image and pushes it to ECR.
Test and code coverage steps are commented to aid in getting started quickly with .NET apps. you can remove them for clarity.
DUPLO_TOKEN
, DUPLO_HOST
, and ECR_BASE
need to be pre-configured in the Azure DevOps variable group named duplocloud-secrets
.
The ECR must have the same name as the Azure DevOps repo being built. Modify the name of the ECR, if needed.
A Dockerfile
must exist for the application in your src
folder
These prerequisites can be customized to fit existing pipelines and conventions for passing YAML attribute values. Test and code coverage steps are included for illustration purposes. They are not required to publish an image to an ECR.
Sometimes on Windows based agents will fail to login to ECR due to missing dependency of ECR credentials helper. Basically all aws api calls require certain headers. Dockers api for registries don't require these headers. Therefore ECR is not exactly a normal docker registry. This credentials helper just hooks into docker and adds those required aws headers to any request to ECR.
If the ECR login step of your pipeline has a failure that looks like:
Error response from daemon: login attempt to https://******.dkr.ecr.us-east-1.amazonaws.com/v2/ failed with status: 400 Bad Request
You can add a step to install the ECR Credenteials hellper, for example:
More details on the ECR Credentials helper located here
Update the container image used by a DuploCloud Service
Use DuploCloud service account authentication from Azure DevOps to update the container image used by a service.
Update a DuploCloud service from an Azure DevOps pipeline using a pipeline script.
Here is an example Azure DevOps pipeline that updates a Docker container image used by a DuploCloud Service.
DUPLO_TOKEN
, DUPLO_HOST
, and ECR_BASE
need to be pre-configured in the Azure DevOps variable group named duplocloud-secrets
The ECR must have the same name as the Azure DevOps repo being built. Modify the name of the ECR, if needed.
Ensure that the DuploCloud Service has the same name as the Azure DevOps repo being built.
These prerequisites can be customized to fit existing pipelines and conventions for passing YAML attribute values. Note that the resources
section triggers the deployment when the ecr-publish
pipeline command finishes executing. env_names
can be a list of comma-separated values for multi-deployments. Default values in early non-production environments are suitable for continuous deployment when used with the pipeline resource trigger.