ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-08 00:01:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
onefuzz/contrib/deploy-onefuzz-via-azure-devops/deploy-onefuzz.yml
nharper285 2391d927f7
Updating yml file to run config endpoint command with tenant/authority ID. (#339) 
## Summary of the Pull Request

Originally, the yml file printed out a semi-generalized _onefuzz config --endpoint_ comman. This command did have a specified _--authority_ and so it used the Microsoft id by default. To enable users to work with OneFuzz on tenants other than the standard Microsoft tenant, we have added a _--authority_ parameter that is printed out at the end of the deployment. 

## PR Checklist
* [ ] I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #xxx

## Info on Pull Request

Changes to the yml file. 

## Validation Steps Performed

We have made this change to our local automation repository and tested an automated deployment pipeline with this change.
2020-11-30 14:54:42 +00:00

127 lines
5.8 KiB
YAML
Raw Blame History

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# It is designed to deploy latest versions in the Azure. There are fixed set of pipeline
# variables which can be used to update onefuzz instances on Azure.
#
# Following the OneFuzz document at
# https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#deploying-an-instance-of-onefuzz
# to deploy OneFuzz on Azure.
#
# List of custom variables:
# | Variable Name | Comments | Required/Optional |
# |----------------------|-----------------------------------------------------------|-------------------|
# |AZURE_CLIENT_ID | The appication ID created by you or the deployment script | Required |
# |AZURE_CLIENT_SECRET | Secret created by App registration process | Required |
# |AZURE_TENANT_ID | Tenant ID of the Azure Subscription | Required |
# |CONTACT_EMAIL_ADDRESS | Email address for communication | Required |
# |DEPLOY_ARGS | Specify OneFuzz deploy.py arguments | Optional |
# |ONEFUZZ_DEPLOY_LOC | Deployment Folder location of this script location | Required |
# |ONEFUZZ_INSTANCE_NAME | Instance name of Onefuzz Deployement | Required |
# |ONEFUZZ_SERVICE_URL | OneFuzz service URL. Generally the url defined in App | Required |
# | | Registration | Required |
# |REGION | OneFuzz Region (prefer westus2) | Required |
# |RESOURCE_GROUP_NAME | Resource group name for OneFuzz deployment | Required |
# |VERSION | Specify OneFuzz version, defaults to latest | Optional |
#
# Note: Make sure to add ONEFUZZ_INSTANCE_NAME has required role assignment as defined in
# https://github.com/microsoft/onefuzz/blob/main/src/deployment/deployment-role.json
---
trigger: none
stages:
- stage: Deploy
jobs:
- job: "deploy_oneFuzz"
pool:
vmImage: "ubuntu-latest"
steps:
- task: UsePythonVersion@0
inputs:
versionSpec: "3.8"
- task: CmdLine@2
name: onefuzz_release
displayName: "Downloading OneFuzz Artifacts"
inputs:
workingDirectory: "$(ONEFUZZ_DEPLOY_LOC)"
script: |
set -ex
python -m pip install pipenv tox
pipenv install
artifact="artifact"
if [ -z $(VERSION) ]
then
pipenv run python get_latest_version.py -path $artifact
version="$(pipenv run python get_latest_version.py -display_latest_version)"
else
pipenv run python get_latest_version.py -path $artifact -version $(VERSION)
version="$(VERSION)"
fi
echo "Onefuzz version is $version"
echo "##vso[task.setvariable variable=version;isOutput=true]$version"
echo "##vso[task.setvariable variable=artifact]$artifact"
- task: CmdLine@2
displayName: "Installing Dependencies"
inputs:
workingDirectory: "$(ONEFUZZ_DEPLOY_LOC)/$(artifact)"
script: |
set -ex
unzip onefuzz-deployment-$(onefuzz_release.version).zip
pip install -r requirements.txt
wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install azure-functions-core-tools-3
- task: CmdLine@2
displayName: "Deploying update to OneFuzz"
inputs:
workingDirectory: "$(ONEFUZZ_DEPLOY_LOC)/$(artifact)"
script: |
set -ex
az login --service-principal -u $(ONEFUZZ_SERVICE_URL) -p $(AZURE_CLIENT_SECRET) --tenant $(AZURE_TENANT_ID)
python deploy.py --client_id $(AZURE_CLIENT_ID) --client_secret $(AZURE_CLIENT_SECRET) $REGION $RESOURCE_GROUP_NAME $ONEFUZZ_INSTANCE_NAME $CONTACT_EMAIL_ADDRESS $DEPLOY_ARGS --upgrade
echo "Deployed Onefuzz $(onefuzz_release.version)"
- task: CopyFiles@2
displayName: "Copying cli to Staging area"
inputs:
SourceFolder: "$(ONEFUZZ_DEPLOY_LOC)/$(artifact)"
Contents:
"onefuzz-cli-$(onefuzz_release.version).exe"
TargetFolder: $(Build.ArtifactStagingDirectory)
flattenFolders: true
- task: PublishBuildArtifacts@1
displayName: "Publish CLI exe"
inputs:
PathtoPublish: "$(Build.ArtifactStagingDirectory)"
ArtifactName: "onefuzz"
publishLocation: "Container"
- stage: "Verify"
jobs:
- job: "verify_onefuzz_version"
pool:
vmImage: "windows-latest"
variables:
version: $[ stageDependencies.Deploy.deploy_oneFuzz.outputs['onefuzz_release.version'] ]
steps:
- download: current
artifact: onefuzz
- task: Bash@3
displayName: Test OneFuzz Deployment version
timeoutInMinutes: 1
inputs:
workingDirectory: "$(Pipeline.Workspace)/onefuzz"
targetType: 'inline'
script: |
set -ex
./onefuzz-cli-$(version).exe config --endpoint $(ONEFUZZ_SERVICE_URL) --client_id "$(AZURE_CLIENT_ID)" --client_secret "$(AZURE_CLIENT_SECRET)" --authority "https://login.microsoftonline.com/$(AZURE_TENANT_ID)"
./onefuzz-cli-$(version).exe --version
until ./onefuzz-cli-$(version).exe versions check --exact; do echo "waiting due to version mismatch"; sleep 1; done
Reference in New Issue View Git Blame Copy Permalink