ADO Pipeline to update a onefuzz instance with the latest release (#208)

2025-06-13 18:48:09 +00:00 · 2020-10-28 12:31:42 -07:00
parent e76064b340
commit 640091f8bc
9 changed files with 467 additions and 0 deletions
--- a/contrib/deploy-onefuzz-via-azure-devops/deploy-onefuzz.yml
+++ b/contrib/deploy-onefuzz-via-azure-devops/deploy-onefuzz.yml
@ -0,0 +1,117 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# It is designed to deploy latest versions in the Azure. There are fixed set of pipeline
+# variables which can be used to update onefuzz instances on Azure.
+#
+# Following the OneFuzz document at
+# https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#deploying-an-instance-of-onefuzz
+# to deploy OneFuzz on Azure.
+#
+# List of custom variables:
+# | Variable Name        | Comments                                                  |
+# |----------------------|-----------------------------------------------------------|
+# |AZURE_CLIENT_ID       | The appication ID created by you or the deployment script |
+# |AZURE_CLIENT_SECRET   | Secret created by App registration process                |
+# |AZURE_TENANT_ID       | Tenant ID of the Azure Subscription                       |
+# |CONTACT_EMAIL_ADDRESS | Email address for communication                           |
+# |ONEFUZZ_DEPLOY_LOC    | Deployment Folder location of this script location        |
+# |ONEFUZZ_INSTANCE_NAME | Instance name of Onefuzz Deployement                      |
+# |ONEFUZZ_SERVICE_URL   | OneFuzz service URL. Generally the url defined in App     |
+# |                      | Registration                                              |
+# |REGION                | OneFuzz Region (prefer westus2)                           |
+# |RESOURCE_GROUP_NAME   | Resource gorup name for OneFuzz deployment                |                        
+#
+# Note: Make sure to provide the App owners permission to onefuzz resource group
+
+---
+trigger: none
+
+stages:
+- stage: Deploy
+  jobs:
+    - job: "deploy_oneFuzz"
+      pool:
+        vmImage: "ubuntu-latest"
+      steps:
+        - task: UsePythonVersion@0
+          inputs:
+            versionSpec: "3.8"
+
+        - task: CmdLine@2
+          name: onefuzz_release
+          displayName: "Downloading OneFuzz Artifacts"
+          inputs:
+            workingDirectory: "$(ONEFUZZ_DEPLOY_LOC)"
+            script: |
+              set -ex
+              python -m pip install pipenv tox
+              pipenv install
+              artifact="artifact"
+              pipenv run python get_latest_version.py -path $artifact
+              version="$(pipenv run python get_latest_version.py -version)"
+              echo "Onefuzz version is $version"
+              echo "##vso[task.setvariable variable=version;isOutput=true]$version"
+              echo "##vso[task.setvariable variable=artifact]$artifact"
+
+        - task: CmdLine@2
+          displayName: "Installing Dependencies"
+          inputs:
+            workingDirectory: "$(ONEFUZZ_DEPLOY_LOC)/$(artifact)"
+            script: |
+              set -ex
+              unzip onefuzz-deployment-$(onefuzz_release.version).zip
+              pip install -r requirements.txt
+              wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb
+              sudo dpkg -i packages-microsoft-prod.deb
+              sudo apt-get update
+              sudo apt-get install azure-functions-core-tools-3
+
+        - task: CmdLine@2
+          displayName: "Deploying update to OneFuzz"
+          inputs:
+            workingDirectory: "$(ONEFUZZ_DEPLOY_LOC)/$(artifact)"
+            script: |
+              set -ex
+              az login --service-principal -u $(ONEFUZZ_SERVICE_URL) -p $(AZURE_CLIENT_SECRET) --tenant $(AZURE_TENANT_ID)
+              python deploy.py --client_id $(AZURE_CLIENT_ID) --client_secret $(AZURE_CLIENT_SECRET) $REGION $RESOURCE_GROUP_NAME $ONEFUZZ_INSTANCE_NAME $CONTACT_EMAIL_ADDRESS
+              echo "Deployed Onefuzz $(onefuzz_release.version)"
+
+        - task: CopyFiles@2
+          displayName: "Copying cli to Staging area"
+          inputs:
+            SourceFolder: "$(ONEFUZZ_DEPLOY_LOC)/$(artifact)"
+            Contents:
+              "onefuzz-cli-$(onefuzz_release.version).exe"
+            TargetFolder: $(Build.ArtifactStagingDirectory)
+            flattenFolders: true
+
+        - task: PublishBuildArtifacts@1
+          displayName: "Publish CLI exe"
+          inputs:
+            PathtoPublish: "$(Build.ArtifactStagingDirectory)"
+            ArtifactName: "onefuzz"
+            publishLocation: "Container"
+
+- stage: "Verify"
+  jobs:
+  - job: "verify_onefuzz_version"
+    pool:
+      vmImage: "windows-latest"
+    variables:
+      version: $[ stageDependencies.Deploy.deploy_oneFuzz.outputs['onefuzz_release.version'] ]
+    steps:
+      - download: current
+        artifact: onefuzz
+
+      - task: Bash@3
+        displayName: Test OneFuzz Deployment version
+        timeoutInMinutes: 1
+        inputs:
+          workingDirectory: "$(Pipeline.Workspace)/onefuzz"
+          targetType: 'inline'
+          script: |
+            set -ex
+            ./onefuzz-cli-$(version).exe config --endpoint $(ONEFUZZ_SERVICE_URL) --client_id "$(AZURE_CLIENT_ID)" --client_secret "$(AZURE_CLIENT_SECRET)"
+            ./onefuzz-cli-$(version).exe --version
+            until ./onefuzz-cli-$(version).exe versions check --exact; do echo "waiting due to version mismatch"; sleep 1; done