From f140619cfb83386ac61f987ef63b92c99f883355 Mon Sep 17 00:00:00 2001 From: Furqan Agwan <19633375+furqanagwan@users.noreply.github.com> Date: Mon, 13 Jan 2025 14:33:02 +0000 Subject: [PATCH 1/2] Convert classic to YAML --- azure-pipelines.yml | 234 ++++++++++++++----------- pipeline-templates/job/code-build.yml | 56 ++++++ pipeline-templates/job/dacpac-buid.yml | 27 +++ pipeline-templates/job/deploy.yml | 100 +++++++++++ 4 files changed, 316 insertions(+), 101 deletions(-) create mode 100644 pipeline-templates/job/code-build.yml create mode 100644 pipeline-templates/job/dacpac-buid.yml create mode 100644 pipeline-templates/job/deploy.yml diff --git a/azure-pipelines.yml b/azure-pipelines.yml index e6b3eb9dc..092bb4ddd 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -1,3 +1,9 @@ +parameters: +- name: OverrideBlockOnPossibleDataLoss + displayName: Add /p:BlockOnPossibleDataLoss=false argument to DACPAC deployment + type: boolean + default: false + trigger: batch: true branches: @@ -5,124 +11,150 @@ trigger: - "master" variables: - - group: BUILD Management Resources - - group: ESFA - SonarCloud - - name: buildConfiguration - value: 'release' - - name: buildPlatform - value: 'anycpu' +- name: SolutionBaseName + value: SFA.DAS.ApplyService +- name: BuildConfiguration + value: release +- name: BuildPlatform + value: any cpu +- group: RELEASE Management Resources +- group: RELEASE das-apply-service +- name: Deploy + value: $[or(eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.Reason'], 'Manual'), eq(variables['Build.Reason'], 'PullRequest'))] resources: repositories: + - repository: self - repository: das-platform-building-blocks type: github name: SkillsFundingAgency/das-platform-building-blocks ref: refs/tags/2.1.28 endpoint: SkillsFundingAgency + - repository: das-platform-automation + type: github + name: SkillsFundingAgency/das-platform-automation + ref: refs/tags/5.1.14 + endpoint: SkillsFundingAgency + pipelines: + - pipeline: das-employer-config + project: Digital Apprenticeship Service + source: das-employer-config + branch: master stages: - stage: Build jobs: - - job: 'CodeBuild' - pool: - name: DAS - Continuous Integration Agents - demands: LATEST_DOTNET_VERSION -equals 3.1 - workspace: - clean: all - steps: - - template: azure-pipelines-templates/build/step/gitversion.yml@das-platform-building-blocks + - template: pipeline-templates/job/code-build.yml + parameters: + SolutionBaseName: $(SolutionBaseName) + BuildConfiguration: $(BuildConfiguration) + - template: azure-pipelines-templates/build/job/dacpac-template.yml@das-platform-building-blocks + parameters: + SolutionBaseName: $(SolutionBaseName).Database + SqlProjectPath: src/$(SolutionBaseName).Database/$(SolutionBaseName).Database.sqlproj - - template: azure-pipelines-templates/build/step/app-build.yml@das-platform-building-blocks - parameters: - SonarCloudProjectKey: SkillsFundingAgency_das-apply-service - ContinueOnVulnerablePackageScanError: true - - - task: DotNetCoreCLI@2 - displayName: 'dotnet pack' - inputs: - command: pack - packagesToPack: 'src/SFA.DAS.ApplyService.Types/SFA.DAS.ApplyService.Types.csproj' - versioningScheme: byBuildNumber - packDirectory: $(build.artifactstagingdirectory)/NugetPackages - - - task: DotNetCoreCLI@2 - displayName: 'Publish Website' - inputs: - command: publish - publishWebProjects: false - projects: 'src/SFA.DAS.ApplyService.Web/SFA.DAS.ApplyService.Web.csproj' - arguments: '--configuration $(buildConfiguration) --output $(build.artifactstagingdirectory)/publish --no-restore --no-build' +- stage: Deploy_AT + dependsOn: Build + displayName: Deploy to AT + condition: and(succeeded(), eq(variables.Deploy, 'true')) + variables: + - group: DevTest Management Resources + - group: AT DevTest Shared Resources + - group: AT das-apply-service + jobs: + - template: pipeline-templates/job/deploy.yml + parameters: + Environment: AT + ServiceConnection: SFA-DAS-DevTest-ARM + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + AppRoleAssignmentsServiceConnection: das-app-role-assignments-CDS - - task: DotNetCoreCLI@2 - displayName: 'Publish API' - inputs: - command: publish - publishWebProjects: false - projects: 'src/SFA.DAS.ApplyService.InternalApi/SFA.DAS.ApplyService.InternalApi.csproj' - arguments: '--configuration $(buildConfiguration) --output $(build.artifactstagingdirectory)/publish --no-restore --no-build' +- stage: Deploy_TEST + dependsOn: Build + displayName: Deploy to TEST + variables: + - group: DevTest Management Resources + - group: TEST DevTest Shared Resources + - group: TEST das-apply-service + jobs: + - template: pipeline-templates/job/deploy.yml + parameters: + Environment: TEST + ServiceConnection: SFA-DAS-DevTest-ARM + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + AppRoleAssignmentsServiceConnection: das-app-role-assignments-CDS - - task: CopyFiles@2 - displayName: 'Copy Files to: $(build.artifactstagingdirectory)' - inputs: - contents: | - azure/** - targetFolder: '$(build.artifactstagingdirectory)/publish' +- stage: Deploy_TEST2 + dependsOn: Build + displayName: Deploy to TEST2 + variables: + - group: DevTest Management Resources + - group: TEST2 DevTest Shared Resources + - group: TEST2 das-apply-service + jobs: + - template: pipeline-templates/job/deploy.yml + parameters: + Environment: TEST2 + ServiceConnection: SFA-DAS-DevTest-ARM + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + AppRoleAssignmentsServiceConnection: das-app-role-assignments-CDS - - task: PublishBuildArtifacts@1 - displayName: 'Publish Artifact' - inputs: - pathtoPublish: '$(build.artifactstagingdirectory)/publish' +- stage: Deploy_DEMO + dependsOn: Build + displayName: Deploy to DEMO + variables: + - group: DevTest Management Resources + - group: DEMO DevTest Shared Resources + - group: DEMO das-apply-service + jobs: + - template: pipeline-templates/job/deploy.yml + parameters: + Environment: DEMO + ServiceConnection: SFA-DAS-DevTest-ARM + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + AppRoleAssignmentsServiceConnection: das-app-role-assignments-CDS - - publish: $(build.artifactstagingdirectory)/NugetPackages - artifact: NugetPackages +- stage: Deploy_PP + dependsOn: Build + displayName: Deploy to PP + variables: + - group: PreProd Management Resources + - group: PreProd Shared Resources + - group: PREPROD das-apply-service + jobs: + - template: pipeline-templates/job/deploy.yml + parameters: + Environment: PP + ServiceConnection: SFA-DIG-PreProd-ARM + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + AppRoleAssignmentsServiceConnection: das-app-role-assignments-FCS - - job: 'DACPACBuild' - pool: - vmImage: 'windows-2019' - workspace: - clean: all - steps: - - task: VSBuild@1 - displayName: 'Build DACPAC' - inputs: - solution: 'src/SFA.DAS.ApplyService.Database/SFA.DAS.ApplyService.Database.sqlproj' - platform: '$(buildPlatform)' - configuration: '$(buildConfiguration)' - msbuildArgs: '/p:PackageLocation="$(build.artifactstagingdirectory)/publish"' - - task: CopyFiles@2 - displayName: 'Copy Files to: $(build.artifactstagingdirectory)' - inputs: - contents: | - src/**/*.dacpac - targetFolder: '$(build.artifactstagingdirectory)/publish' - - task: PublishBuildArtifacts@1 - displayName: 'Publish Artifact' - inputs: - pathtoPublish: '$(build.artifactstagingdirectory)/publish' +- stage: Deploy_MO + dependsOn: Build + displayName: Deploy to MO + variables: + - group: MO Management Resources + - group: MO Shared Resources + - group: MO das-apply-service + jobs: + - template: pipeline-templates/job/deploy.yml + parameters: + Environment: MO + ServiceConnection: SFA-ASM-ModelOffice-ARM + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + AppRoleAssignmentsServiceConnection: das-app-role-assignments-FCS -- stage: NugetPublish - displayName: 'Publish Nuget Package' - pool: - name: 'DAS - Continuous Deployment Agents' - condition: and(succeeded(), eq(variables['Build.Reason'], 'Manual')) +- stage: Deploy_PROD + dependsOn: Build + displayName: Deploy to PROD + variables: + - group: Prod Management Resources + - group: Prod Shared Resources + - group: PROD das-apply-service jobs: - - job: 'CleanArtifacts' - displayName: Clean artifacts directory - workspace: - clean: all - - deployment: 'NugetPush' - dependsOn: 'CleanArtifacts' - environment: 'Nuget' - strategy: - runOnce: - deploy: - steps: - - download: current - artifact: NugetPackages - - task: NuGetCommand@2 - displayName: 'NuGet push' - inputs: - command: push - packagesToPush: '$(Pipeline.Workspace)/NugetPackages/*.nupkg;!$(Pipeline.Workspace)/NugetPackages/*.symbols.nupkg' - nuGetFeedType: external - publishFeedCredentials: 'SFA NuGet' + - template: pipeline-templates/job/deploy.yml + parameters: + Environment: PROD + ServiceConnection: SFA-DIG-Prod-ARM + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + AppRoleAssignmentsServiceConnection: das-app-role-assignments-FCS \ No newline at end of file diff --git a/pipeline-templates/job/code-build.yml b/pipeline-templates/job/code-build.yml new file mode 100644 index 000000000..af3983b9c --- /dev/null +++ b/pipeline-templates/job/code-build.yml @@ -0,0 +1,56 @@ +parameters: + SolutionBaseName: + BuildConfiguration: + +jobs: +- job: CodeBuild + pool: + name: DAS - Continuous Integration Agents + workspace: + clean: all + variables: + - group: BUILD Management Resources + steps: + - template: azure-pipelines-templates/build/step/gitversion.yml@das-platform-building-blocks + - template: azure-pipelines-templates/build/step/app-build.yml@das-platform-building-blocks + parameters: + SonarCloudProjectKey: SkillsFundingAgency_das-apply-service + ContinueOnVulnerablePackageScanError: true + + - task: DotNetCoreCLI@2 + displayName: 'Pack Types' + inputs: + command: pack + packagesToPack: 'src/SFA.DAS.ApplyService.Types/SFA.DAS.ApplyService.Types.csproj' + versioningScheme: byBuildNumber + packDirectory: $(build.artifactstagingdirectory)/NugetPackages + + - task: DotNetCoreCLI@2 + displayName: 'Publish Website' + inputs: + command: publish + publishWebProjects: false + projects: src/${{ parameters.SolutionBaseName }}.Web/${{ parameters.SolutionBaseName }}.Web.csproj + arguments: -o $(build.artifactstagingdirectory)/publish -c ${{ parameters.BuildConfiguration }} --no-build + + - task: DotNetCoreCLI@2 + displayName: 'Publish API' + inputs: + command: publish + publishWebProjects: false + projects: src/${{ parameters.SolutionBaseName }}.InternalApi/${{ parameters.SolutionBaseName }}.InternalApi.csproj + arguments: '--configuration $(buildConfiguration) --output $(build.artifactstagingdirectory)/publish --no-restore --no-build' + + - task: CopyFiles@2 + displayName: Copy Files to $(build.artifactstagingdirectory)/publish + inputs: + Contents: | + azure/** + TargetFolder: $(build.artifactstagingdirectory)/publish + OverWrite: true + + - task: PublishPipelineArtifact@1 + displayName: Publish Build Artifact + inputs: + targetPath: $(build.artifactstagingdirectory)/publish + artifactName: ${{ parameters.SolutionBaseName }} \ No newline at end of file diff --git a/pipeline-templates/job/dacpac-buid.yml b/pipeline-templates/job/dacpac-buid.yml new file mode 100644 index 000000000..09263730b --- /dev/null +++ b/pipeline-templates/job/dacpac-buid.yml @@ -0,0 +1,27 @@ +jobs: +- job: DacpacBuild + dependsOn: CodeBuild + pool: + name: DAS - Continuous Integration + workspace: + clean: all + steps: + - task: VSBuild@1 + displayName: Build DACPAC + inputs: + solution: 'src/SFA.DAS.ApplyService.Database/SFA.DAS.ApplyService.Database.sqlproj' + platform: any cpu + configuration: release + msbuildArgs: /p:PackageLocation="$(build.artifactstagingdirectory)/publish" + + - task: CopyFiles@2 + displayName: Copy Files to - $(build.artifactstagingdirectory) + inputs: + contents: | + src/**/*.dacpac + targetFolder: $(build.artifactstagingdirectory)/publish + + - task: PublishBuildArtifacts@1 + displayName: 'Publish Artifact' + inputs: + pathtoPublish: '$(build.artifactstagingdirectory)/publish' \ No newline at end of file diff --git a/pipeline-templates/job/deploy.yml b/pipeline-templates/job/deploy.yml new file mode 100644 index 000000000..b8f19efa1 --- /dev/null +++ b/pipeline-templates/job/deploy.yml @@ -0,0 +1,100 @@ +parameters: + ServiceConnection: + SolutionBaseName: + Environment: + OverrideBlockOnPossibleDataLoss: + AppRoleAssignmentsServiceConnection: + +jobs: +- deployment: DeployApps + pool: + name: DAS - Continuous Deployment Agents + environment: ${{ parameters.Environment }} + strategy: + runOnce: + deploy: + steps: + - template: azure-pipelines-templates/deploy/step/wait-azure-devops-deployment.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.ServiceConnection }} + EnvironmentId: $(Environment.Id) + PipelineName: $(Build.DefinitionName) + RunId: $(Build.BuildId) + - template: azure-pipelines-templates/deploy/step/set-backendaccessrestrictions-variable.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.ServiceConnection }} + SharedEnvResourceGroup: $(SharedEnvResourceGroup) + SharedEnvVirtualNetworkName : $(SharedEnvVirtualNetworkName) + BackEndAccessRestrictionsExcludedSubnets: $(BackEndAccessRestrictionsExcludedSubnets) + ResourceEnvironmentName: $(ResourceEnvironmentName) + UnrestrictedEnvironments: $(UnrestrictedEnvironments) + UptimeMonitoringAccessRestrictions: $(UptimeMonitoringAccessRestrictions) + - template: azure-pipelines-templates/deploy/step/arm-deploy.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.ServiceConnection }} + SubscriptionId: $(SubscriptionId) + Location: $(ResourceGroupLocation) + Environment: ${{ parameters.Environment }} + TemplatePath: $(Pipeline.Workspace)/SFA.DAS.ApplyService/azure/template.json + ParametersPath: $(Pipeline.Workspace)/SFA.DAS.ApplyService/azure/template.parameters.json + IsMultiRepoCheckout: true + TemplateSecrets: + LoggingRedisConnectionString: $(LoggingRedisConnectionString) + ConfigurationStorageConnectionString: $(ConfigurationStorageConnectionString) + - template: azure-pipelines-templates/deploy/step/get-apim-subscription-key.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.ServiceConnection }} + ApimResourceGroup: $(SharedApimResourceGroup) + ApimName: $(SharedApimName) + SubscriptionId: $(ApiAppServiceName) + PipelineVariableName: RoatpApimSubscriptionKey + IsMultiRepoCheckout: true + - template: azure-pipelines-templates/deploy/step/generate-config.yml@das-platform-building-blocks + parameters: + EnvironmentName: $(EnvironmentName) + ServiceConnection: ${{ parameters.ServiceConnection }} + SourcePath: $(Pipeline.Workspace)/das-employer-config/Configuration/das-apply-service + StorageAccountName: $(ConfigurationStorageAccountName) + StorageAccountResourceGroup: $(SharedEnvResourceGroup) + TargetFileName: '*.schema.json' + TableName: Configuration + ConfigurationSecrets: + SqlConnectionstring: $(SqlConnectionstring) + SessionRedisConnectionString: $(SessionRedisConnectionString) + ApiNotificationsClientToken: $(ApiNotificationsClientToken) + RoatpApimSubscriptionKey: $(RoatpApimSubscriptionKey) + RoatpApiAuthenticationClientSecret: $(RoatpApiAuthenticationClientSecret) + CompaniesHouseApiAuthenticationApiKey: $(CompaniesHouseApiAuthenticationApiKey) + CharityCommissionApiAuthenticationApiKey: $(CharityCommissionApiAuthenticationApiKey) + - template: azure-pipelines-templates/deploy/step/app-role-assignments.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.AppRoleAssignmentsServiceConnection }} + ResourceName: $(UIAppServiceName) + Tenant: $(Tenant) + IsMultiRepoCheckout: true + - template: azure-pipelines-templates/deploy/step/app-role-assignments.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.AppRoleAssignmentsServiceConnection }} + ResourceName: $(APIAppServiceName) + Tenant: $(Tenant) + IsMultiRepoCheckout: true + - template: azure-pipelines-templates/deploy/step/sql-dacpac-deploy.yml@das-platform-building-blocks + parameters: + AzureSubscription: ${{ parameters.ServiceConnection }} + ServerName: $(SharedSQLServerFQDN) + SqlUsername: $(SharedSQLServerUsername) + SqlPassword: $(SharedSQLServerPassword) + DacpacFile: $(Pipeline.Workspace)/DacpacArtifact/src/SFA.DAS.ApplyService.Database/bin/Output/SFA.DAS.ApplyService.Database.dacpac + DatabaseName: $(DatabaseName) + OverrideBlockOnPossibleDataLoss: ${{ parameters.OverrideBlockOnPossibleDataLoss }} + Environment: ${{ parameters.Environment }} + - template: azure-pipelines-templates/deploy/step/app-deploy.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.ServiceConnection }} + AppServiceName: $(APIAppServiceName) + DeploymentPackagePath: $(Pipeline.Workspace)/SFA.DAS.ApplyService/SFA.DAS.ApplyService.InternalApi.zip + - template: azure-pipelines-templates/deploy/step/app-deploy.yml@das-platform-building-blocks + parameters: + ServiceConnection: ${{ parameters.ServiceConnection }} + AppServiceName: $(UIAppServiceName) + DeploymentPackagePath: $(Pipeline.Workspace)/SFA.DAS.ApplyService/SFA.DAS.ApplyService.Web.zip \ No newline at end of file From 90ef5c741db93363c6a011c9bbf173a88eaf392c Mon Sep 17 00:00:00 2001 From: Furqan Agwan <19633375+furqanagwan@users.noreply.github.com> Date: Mon, 13 Jan 2025 14:57:45 +0000 Subject: [PATCH 2/2] Bump platform building blocks to latest version --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 092bb4ddd..d20de2800 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -28,7 +28,7 @@ resources: - repository: das-platform-building-blocks type: github name: SkillsFundingAgency/das-platform-building-blocks - ref: refs/tags/2.1.28 + ref: refs/tags/2.2.17 endpoint: SkillsFundingAgency - repository: das-platform-automation type: github