Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI Environment] [MAJOR/BREAKING] Introducing OIDC and dual environment support #1608

Draft
wants to merge 20 commits into
base: main
Choose a base branch
from
Draft

[CI Environment] [MAJOR/BREAKING] Introducing OIDC and dual environment support #1608

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
dff8869
[MAJOR/BREAKING] Adding OIDC login functionality (#1452)
Jun 26, 2022
1ae3bc6
Added environments for Publishing and Validation
MariusStorhaug Jun 26, 2022
47d86a0
[Pipeline] Users/seseicht/adjust publish (#1472)
SeSeicht Jun 26, 2022
20a1380
Update dependency workflow to use validation env
MariusStorhaug Jun 26, 2022
e45656f
Merge branch 'issue/1607' of https://github.com/Azure/ResourceModules…
MariusStorhaug Jun 26, 2022
0cad50c
Fix todo tags and automationaccount
MariusStorhaug Jun 26, 2022
b1726a4
fix for workflows
MariusStorhaug Jun 26, 2022
61a1935
whitespace
MariusStorhaug Jun 26, 2022
c7fca0d
Fix params for templates
MariusStorhaug Jun 26, 2022
f44300d
Updated name of subscription var
MariusStorhaug Jun 26, 2022
b0d20b3
Corrected capitalization
MariusStorhaug Jun 26, 2022
6950754
update for serviceconnections
MariusStorhaug Jun 26, 2022
70e4a23
added some text to show svccon in use
MariusStorhaug Jun 26, 2022
aa10be5
Dependency deploy validation svccon
MariusStorhaug Jun 26, 2022
dcdb32f
bump batch for test
MariusStorhaug Jun 26, 2022
6393e1d
test
MariusStorhaug Jun 26, 2022
83952db
Merge branch 'main' of https://github.com/Azure/ResourceModules into …
MariusStorhaug Jun 27, 2022
acf6cf9
Update based on feedback from MrM
MariusStorhaug Jun 27, 2022
35803c8
clean up default value in dependency pipeline
MariusStorhaug Jun 27, 2022
358fdaa
whitespace
MariusStorhaug Jun 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 29 additions & 25 deletions .azuredevops/pipelineTemplates/jobs.publishModule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,40 +18,42 @@
##
## NOTE: If you don't need to overwrite a shared value, you can IGNORE this section
##
## |======================================================================================================================================================================================================================|
## | Parameter | Default Value | Description | Example |
## |---------------------------------|--------------------------------------|---------------------------------------------------------------------------------------------------------|-----------------------------------|
## | displayName | 'Publishing' | Name for the pipeline job | 'Publish KeyVault' |
## | serviceConnection | '$(serviceConnection)' | The service connection that connects to Azure | 'demo-internal' |
## | poolName | '$(poolName)' | You can provide either a [poolname] or [vmImage] to run the job on | 'Custom Deployment Pool' |
## | vmImage | '$(vmImage)' | You can provide either a [poolname] or [vmImage] to run the job on | 'ubuntu20.04' |
## | defaultJobTimeoutInMinutes | 120 | The timeout for the job in this pipeline | 120 |
## | modulePath | '$(modulePath)' | The path to the module to deploy. E.g. [c:/KeyVault] | 'c:/KeyVault' |
## | templateSpecsRGName | '$(templateSpecsRGName)' | Required to publish to template spec. ResourceGroup of the template spec to publish to | 'mgmt-rg' |
## | templateSpecsRGLocation | '$(templateSpecsRGLocation)' | Required to publish to template spec. Location of the template spec resource group | 'West Europe' |
## | templateSpecsDescription | '$(templateSpecsDescription)' | Required to publish to template spec. Description of the template spec to publish to | 'IaCs module' |
## | vstsFeedToken | '$(vstsFeedToken)' | Required to publish to a DevOps feed. Token with access to the feed to publish to. | '...' |
## | vstsFeedName | '$(vstsFeedName)' | Required to publish to a DevOps feed. Name to the feed to publish to. | 'modules' |
## | vstsFeedProject | '$(vstsFeedProject)' | Required to publish to a DevOps feed. Name of the project hosting the artifacts feed. May be empty. | 'iacs' |
## | bicepRegistryName | '$(bicepRegistryName)' | Required to publish to the private bicep registry. Name of the hosting container registry | 'adpsxxazacrx001' |
## | bicepRegistryRGName | '$(bicepRegistryRGName)' | Required to publish to the private bicep registry. Resource group of the hosting container registry | 'artifacts-rg' |
## | bicepRegistryRgLocation | '$(bicepRegistryRgLocation)' | Required to publish to the private bicep registry. Location of the RG of the hosting container registry | 'West Europe' |
## | vstsOrganizationUri | '$(vstsOrganizationUri)' | Required to publish to a DevOps feed. Name of the organization hosting the artifacts feed. | 'servicescode' |
## | azurePowerShellVersion | '$(azurePowerShellVersion)' | Used for configuring the Azure PowerShell Version, one of the example values. | 'latestVersion' or 'OtherVersion' |
## | preferredAzurePowerShellVersion | '$(preferredAzurePowerShellVersion)' | Used for configuring the Azure PowerShell Version, either an empty string or specific version. | '4.4.0' |
## |======================================================================================================================================================================================================================|
## |===========================================================================================================================================================================================================================|
## | Parameter | Default Value | Description | Example |
## |---------------------------------|--------------------------------------|---------------------------------------------------------------------------------------------------------|----------------------------------------|
## | displayName | 'Publishing' | Name for the pipeline job | 'Publish KeyVault' |
## | serviceConnection | '$(serviceConnectionPublishing)' | The service connection that connects to Azure | 'demo-internal' |
## | subscriptionId | '$(ARM_PUBLISHING_SUBSCRIPTION_ID)' | The id of the subscription to deploy into when using a Management group service connection | 'aed7c000-6387-412e-bed0-24dfddf4bbc6' |
## | poolName | '$(poolName)' | You can provide either a [poolname] or [vmImage] to run the job on | 'Custom Deployment Pool' |
## | vmImage | '$(vmImage)' | You can provide either a [poolname] or [vmImage] to run the job on | 'ubuntu20.04' |
## | defaultJobTimeoutInMinutes | 120 | The timeout for the job in this pipeline | 120 |
## | modulePath | '$(modulePath)' | The path to the module to deploy. E.g. [c:/KeyVault] | 'c:/KeyVault' |
## | templateSpecsRGName | '$(templateSpecsRGName)' | Required to publish to template spec. ResourceGroup of the template spec to publish to | 'mgmt-rg' |
## | templateSpecsRGLocation | '$(templateSpecsRGLocation)' | Required to publish to template spec. Location of the template spec resource group | 'West Europe' |
## | templateSpecsDescription | '$(templateSpecsDescription)' | Required to publish to template spec. Description of the template spec to publish to | 'IaCs module' |
## | vstsFeedToken | '$(vstsFeedToken)' | Required to publish to a DevOps feed. Token with access to the feed to publish to. | '...' |
## | vstsFeedName | '$(vstsFeedName)' | Required to publish to a DevOps feed. Name to the feed to publish to. | 'modules' |
## | vstsFeedProject | '$(vstsFeedProject)' | Required to publish to a DevOps feed. Name of the project hosting the artifacts feed. May be empty. | 'iacs' |
## | bicepRegistryName | '$(bicepRegistryName)' | Required to publish to the private bicep registry. Name of the hosting container registry | 'adpsxxazacrx001' |
## | bicepRegistryRGName | '$(bicepRegistryRGName)' | Required to publish to the private bicep registry. Resource group of the hosting container registry | 'artifacts-rg' |
## | bicepRegistryRgLocation | '$(bicepRegistryRgLocation)' | Required to publish to the private bicep registry. Location of the RG of the hosting container registry | 'West Europe' |
## | vstsOrganizationUri | '$(vstsOrganizationUri)' | Required to publish to a DevOps feed. Name of the organization hosting the artifacts feed. | 'servicescode' |
## | azurePowerShellVersion | '$(azurePowerShellVersion)' | Used for configuring the Azure PowerShell Version, one of the example values. | 'latestVersion' or 'OtherVersion' |
## | preferredAzurePowerShellVersion | '$(preferredAzurePowerShellVersion)' | Used for configuring the Azure PowerShell Version, either an empty string or specific version. | '4.4.0' |
## |===========================================================================================================================================================================================================================|
##
##---------------------------------------------##

parameters:
# Pipeline-related parameters
checkoutRepositories: ''
displayName: 'Publishing'
serviceConnection: '$(serviceConnection)'
serviceConnection: '$(serviceConnectionPublishing)'
poolName: '$(poolName)'
vmImage: '$(vmImage)'
defaultJobTimeoutInMinutes: 120
modulesRepository: '$(modulesRepository)'
subscriptionId: '$(ARM_PUBLISHING_SUBSCRIPTION_ID)'

# Logic-related parameters
## Module-related
Expand Down Expand Up @@ -200,7 +202,7 @@ jobs:
# [template-spec publish] task(s)
#--------------------------------
- task: AzurePowerShell@5
displayName: 'Publish module to template specs'
displayName: 'Publish module to template specs via connection [${{ parameters.serviceConnection }}]'
condition: and(
eq(variables['templateSpecsDoPublish'], true),
succeeded()
Expand Down Expand Up @@ -243,6 +245,7 @@ jobs:
TemplateSpecsRgName = '${{ parameters.templateSpecsRgName }}'
TemplateSpecsRgLocation = '${{ parameters.templateSpecsRgLocation }}'
TemplateSpecsDescription = '${{ parameters.templateSpecsDescription }}'
SubscriptionId = '${{ parameters.subscriptionId }}'
ModuleVersion = $ModuleToPublish.Version
}

Expand All @@ -256,7 +259,7 @@ jobs:
# [private bicep registry publish] task(s)
#-------------------------------------------
- task: AzureCLI@2
displayName: 'Publish module to private bicep registry'
displayName: 'Publish module to private bicep registry via connection [${{ parameters.serviceConnection }}]'
condition: and(
eq(variables['bicepRegistryDoPublish'], true),
succeeded()
Expand Down Expand Up @@ -303,6 +306,7 @@ jobs:
BicepRegistryName = '${{ parameters.bicepRegistryName }}'
BicepRegistryRgName = '${{ parameters.bicepRegistryRgName }}'
BicepRegistryRgLocation = '${{ parameters.bicepRegistryRgLocation }}'
SubscriptionId = '${{ parameters.subscriptionId }}'
ModuleVersion = $ModuleToPublish.Version
}

Expand Down
14 changes: 7 additions & 7 deletions .azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,17 @@
## |=================================================================================================================================================================================================================================|
## | Parameter | Default Value | Description | Example |
## |---------------------------------|--------------------------------------|-----------------------------------------------------------------------------------------------------------|--------------------------------------------|
## | serviceConnection | '$(serviceConnection)' | The service connection that connects to Azure | 'demo-internal' |
## | serviceConnection | '$(serviceConnectionValidation)' | The service connection that connects to Azure | 'demo-internal' |
## | removeDeployment | '$(removeDeployment)' | Set to [true] to flag resource for removal. If not provided, defaults to false. | 'true' |
## | poolName | '$(poolName)' | You can provide either a [poolname] or [vmImage] to run the job on | 'Custom Deployment Pool' |
## | vmImage | '$(vmImage)' | You can provide either a [poolname] or [vmImage] to run the job on | 'ubuntu20.04' |
## | defaultJobTimeoutInMinutes | 120 | The timeout for the job in this pipeline | 120 |
## | checkoutRepositories | '' | An optional list of repositories to check out at the beginning of this job in addition to the source | 'Components' |
## | modulePath | '$(modulePath)' | The path to the module to deploy. E.g. [c:/KeyVault] | 'c:/KeyVault' |
## | deploymentBlocks | | The parameter file(s) to deploy with. Must be provided | path: 'C:/parameters.json' |
## | location | '$(location)' | The location to deploy with | 'EastUs2' |
## | resourceGroupName | '$(resourceGroupName)' | The resourcegroup to deploy into. Required only for Resource-Group-Level deployments | 'validation-rg' |
## | subscriptionId | '$(ARM_SUBSCRIPTION_ID)' | The id of the subscription to deploy into when using a Management group service connection | 'aed7c000-6387-412e-bed0-24dfddf4bbc6' |
## | location | '$(location)' | The location to deploy with | 'EastUs2' |
## | resourceGroupName | '$(resourceGroupName)' | The resourcegroup to deploy into. Required only for Resource-Group-Level deployments | 'validation-rg' |
## | subscriptionId | '$(ARM_VALIDATION_SUBSCRIPTION_ID)' | The id of the subscription to deploy into when using a Management group service connection | 'aed7c000-6387-412e-bed0-24dfddf4bbc6' |
## | managementGroupId | '$(ARM_MGMTGROUP_ID)' | The id of the management group to deploy into. Required only for Management-Group-Level deployments | '6ycc9620-cb01-454f-9ebc-fc6b1df48d64' |
## | parametersRepository | '$(Build.Repository.Name)' | The respository with the parameter files. Defaults to the triggering repository | 'Solutions' |
## | modulesRepository | '$(modulesRepository)' | The respository with the modules. | 'Components' |
Expand All @@ -46,7 +46,7 @@

parameters:
# Pipeline-related parameters
serviceConnection: '$(serviceConnection)'
serviceConnection: '$(serviceConnectionValidation)'
poolName: '$(poolName)'
vmImage: '$(vmImage)'
defaultJobTimeoutInMinutes: 120
Expand All @@ -58,7 +58,7 @@ parameters:
deploymentBlocks: ''
location: '$(location)'
resourceGroupName: '$(resourceGroupName)'
subscriptionId: '$(ARM_SUBSCRIPTION_ID)'
subscriptionId: '$(ARM_VALIDATION_SUBSCRIPTION_ID)'
managementGroupId: '$(ARM_MGMTGROUP_ID)'
parametersRepository: '$(Build.Repository.Name)'
modulesRepository: '$(modulesRepository)'
Expand Down Expand Up @@ -180,7 +180,7 @@ jobs:
resourceGroupName = '${{ parameters.resourceGroupName }}'
subscriptionId = '${{ parameters.subscriptionId }}'
managementGroupId = '${{ parameters.managementGroupId }}'
tenantId = '$(ARM_TENANT_ID)'
tenantId = '$(AZURE_TENANT_ID)'
deploymentSpId = '$(DEPLOYMENT_SP_ID)'
}

Expand Down
Loading