-
Notifications
You must be signed in to change notification settings - Fork 56
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#399 - ado readme ongoing to ado.tf.example
- Loading branch information
1 parent
b389d90
commit 0c1631d
Showing
1 changed file
with
67 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,10 +10,14 @@ It is a best practice to have two separate projects here (`prj-b-seed` and `prj- | |
`prj-b-seed` stores terraform state and has the Service Accounts able to create/modify infrastructure. | ||
The authentication infrastructure using [Workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation) is implemented in `prj-b-cicd-wif`. | ||
|
||
## Prerequisites | ||
To run the instructions described in this document, install the following: | ||
- You have followed instructions in [README.md#prerequisites](https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/0-bootstrap/README.md#prerequisites) | ||
|
||
## Optional - Automatic creation of Google Cloud Identity groups | ||
- You have followed instructions in [README.md#optional---automatic-creation-of-google-cloud-identity-groups](https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/0-bootstrap/README.md#optional---automatic-creation-of-google-cloud-identity-groups) | ||
|
||
|
||
Also make sure that you have the following: | ||
- A Microsoft Account | ||
- An Azure Account | ||
|
@@ -37,6 +41,7 @@ Also make sure that you have the following: | |
# Instructions | ||
see https://cloud.google.com/dotnet/docs/creating-a-cicd-pipeline-azure-pipelines-cloud-run | ||
|
||
|
||
## Draft - references from GCP as ENV variables to ADO | ||
- cloudbuild_project_id = "prj-b-cicd-82vv" | ||
- seed_project_id = "prj-b-seed-8919" | ||
|
@@ -49,6 +54,67 @@ see https://cloud.google.com/dotnet/docs/creating-a-cicd-pipeline-azure-pipeline | |
|
||
## Draft - Artifacts - Manual | ||
|
||
### Create ADO Project | ||
|
||
<img width="1472" alt="Screenshot 2024-04-29 at 11 05 21" src="https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/assets/24765473/f47c909f-5383-477d-8110-2ab1e4433769"> | ||
|
||
### Import base PBMM Repository | ||
Repos | Import | ||
for example - import https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding.git into https://dev.azure.com/obrienlabsxyz/pbmm-on-gcp-onboarding/_git/pbmm-on-gcp-onboarding | ||
|
||
<img width="1471" alt="Screenshot 2024-04-29 at 11 10 09" src="https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/assets/24765473/43084d8a-fb7a-40bc-bc64-7c21677db5c7"> | ||
|
||
Fork ADO repo will be of the form https://[email protected]/your-org/pbmm-on-gcp-onboarding/_git/pbmm-on-gcp-onboarding | ||
|
||
### Switch to the main branch - or a branch under active development | ||
``` | ||
git checkout main | ||
``` | ||
|
||
### Generate GIT Credentials on the ADO repo | ||
|
||
### Clone ADO repo into your local environment | ||
``` | ||
# replace YOUR-ORG with your ado organization | ||
git clone https://[email protected]/YOUR-ORG/pbmm-on-gcp-onboarding/_git/pbmm-on-gcp-onboarding | ||
cd pbmm-on-gcp-onboarding/0-bootstrap | ||
``` | ||
### Rename terraform.example.tfvars to terraform.tfvars and update the file with values from your environment: | ||
``` | ||
mv terraform.example.tfvars terraform.tfvars | ||
``` | ||
### Optionally: Use the helper script validate-requirements.sh to validate your environment: | ||
|
||
### Optionally: Downgrade Terraform to 1.3.10 | ||
- see https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/374 | ||
- https://releases.hashicorp.com/terraform/1.3.10/terraform_1.3.10_darwin_arm64.zip | ||
- | ||
``` | ||
which terraform | ||
/Users/michaelobrien/opt/google-cloud-sdk/bin/terraform | ||
terraform --version | ||
Terraform v1.3.0 | ||
``` | ||
upgrade in this case to 1.3.10 - download from https://releases.hashicorp.com/terraform/1.3.10/terraform_1.3.10_darwin_arm64.zip | ||
``` | ||
ichaelobrien@mbp7 _deploy_test_399_from_ado % mkdir terraform | ||
michaelobrien@mbp7 _deploy_test_399_from_ado % cd terraform | ||
michaelobrien@mbp7 terraform % cp ~/Downloads/terraform_1.3.10_darwin_arm64.zip . | ||
michaelobrien@mbp7 terraform % unzip terraform_1.3.10_darwin_arm64.zip | ||
Archive: terraform_1.3.10_darwin_arm64.zip | ||
inflating: terraform | ||
michaelobrien@mbp7 terraform % ls | ||
terraform terraform_1.3.10_darwin_arm64.zip | ||
michaelobrien@mbp7 terraform % which terraform | ||
/Users/michaelobrien/opt/google-cloud-sdk/bin/terraform | ||
michaelobrien@mbp7 terraform % cp terraform /Users/michaelobrien/opt/google-cloud-sdk/bin/terraform | ||
michaelobrien@mbp7 terraform % terraform --version | ||
Terraform v1.3.10 | ||
``` | ||
|
||
### Run terraform init and terraform plan and review the output. | ||
Note: cb.tf is commented out and not in use (specific to GCP Cloud Build) - it is replaced by ado.tf.example | ||
|
||
### Service Accounts for ADO | ||
- create a GCP service account for use by ADO with the following storage role - to be able to read the terraform remote state file from GCP GCS. | ||
|
||
|
@@ -70,7 +136,7 @@ tr -d '\n' < ado-sa.json > ado-sa-oneline.json | |
``` | ||
- Export the secret token on this SA for use by the ADO pipelines | ||
|
||
### Create ADO Project | ||
|
||
### Setup Agents | ||
#### Ask Azure for a request to increase free parallelism in Azure DevOps. | ||
this will take an average of 2 days | ||
|
@@ -98,7 +164,6 @@ Connecting to the server. | |
make sure to add a trailing slash in the url / - see https://learn.microsoft.com/en-us/answers/questions/272411/vs30063-you-are-not-authorized-to-access-https-dev | ||
``` | ||
>> Connect: | ||
Enter server URL > https://dev.azure.com/obrienlabsxyz/ | ||
Enter authentication type (press enter for PAT) > | ||
Enter personal access token > **************************************************** | ||
|
@@ -130,10 +195,6 @@ pool: olxyz-self | |
# vmImage: ubuntu-latest | ||
# agent.name: 13900D | ||
``` | ||
### Import base PBMM Repository | ||
Repos | Import | ||
for example - import https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding.git into https://dev.azure.com/obrienlabsxyz/pbmm-on-gcp-onboarding/_git/pbmm-on-gcp-onboarding | ||
### Generate GIT Credentials | ||
|
||
### Create 6 private ADO repositories | ||
- gcp-bootstrap | ||
|