108 lines
3.6 KiB
YAML
108 lines
3.6 KiB
YAML
# Starter pipeline
|
|
# Start with a minimal pipeline that you can customize to build and deploy your code.
|
|
# Add steps that build, run tests, deploy, and more:
|
|
# https://aka.ms/yaml
|
|
|
|
trigger:
|
|
- development
|
|
- releases/*
|
|
- feature/*
|
|
- hotfix/*
|
|
- bugfix/*
|
|
|
|
variables:
|
|
- group: blueprint-sandbox-web
|
|
- name: isReleaseDeployment
|
|
value: $[eq(variables['Build.SourceBranch'], 'refs/heads/development')]
|
|
- name: imageName
|
|
value: $[variables.containerImageName]
|
|
- name: containerRegistryEndpoint
|
|
value: $[variables.containerRegistryEndpointUrl]
|
|
- name: webAppName
|
|
value: $[variables.appServiceName]
|
|
|
|
pool:
|
|
vmImage: ubuntu-latest
|
|
|
|
steps:
|
|
- checkout: self
|
|
fetchDepth: 0 # It will fix gitversion iteraction to extract the correct version from our history
|
|
persistCredentials: true # It will fix terminal user to be able to push tag version on the build.
|
|
displayName: '[Step1.0] Define fetchDepth'
|
|
|
|
|
|
# Install gitversion tool
|
|
# - task: gitversion/setup@3
|
|
# displayName: '[Step2.1] Install Git Tools'
|
|
# inputs:
|
|
# versionSpec: '5.x'
|
|
|
|
# Execute the tool to identify the next SemVersion for this library
|
|
# - task: gitversion/execute@3
|
|
# displayName: '[Step2.2] Calculate SemVer'
|
|
# inputs:
|
|
# useConfigFile: true
|
|
# configFilePath: '.pipelines/GitVersion.yml'
|
|
|
|
# Echo the SemVersion Identified
|
|
- script: echo current version is $(GitVersion.SemVer) $(Build.SourcesDirectory)
|
|
displayName: '[Step2.3] Display calculated version'
|
|
|
|
- script: npm ci
|
|
displayName: '[Step3.1] NPM CI'
|
|
|
|
- task: SnykSecurityScan@1
|
|
displayName: '[Step3.2] Snyk Scanning'
|
|
inputs:
|
|
serviceConnectionEndpoint: 'SnykConnection'
|
|
testType: 'app'
|
|
severityThreshold: 'high'
|
|
monitorWhen: 'noIssuesFound'
|
|
failOnIssues: true
|
|
additionalArguments: '--file=package.json'
|
|
|
|
- task: Docker@2
|
|
displayName: '[Step4.1] Build'
|
|
inputs:
|
|
containerRegistry: '$(containerRegistryServiceConnectionName)'
|
|
repository: '$(imageName)'
|
|
command: 'build'
|
|
# tags: '$(GitVersion.SemVer)'
|
|
tags: 'sandbox'
|
|
Dockerfile: '**/Dockerfile'
|
|
arguments: --build-arg NEXT_PUBLIC_API_URL=$(NEXT_PUBLIC_API_URL) --build-arg NEXT_PUBLIC_CERBEROS_API_URL=$(NEXT_PUBLIC_CERBEROS_API_URL) --build-arg NEXT_PUBLIC_APP_ID=$(NEXT_PUBLIC_APP_ID) --build-arg NEXT_PUBLIC_REDIRECT_URI=$(NEXT_PUBLIC_REDIRECT_URI) --build-arg NEXT_PUBLIC_SCOPE=$(NEXT_PUBLIC_SCOPE) --build-arg NEXT_PUBLIC_AUTHORITY=$(NEXT_PUBLIC_AUTHORITY) --build-arg NEXT_PUBLIC_LOGOUT_URI=$(NEXT_PUBLIC_LOGOUT_URI) --build-arg NEXT_PUBLIC_ACCESS_AS_USER=$(NEXT_PUBLIC_ACCESS_AS_USER)
|
|
|
|
# - task: SnykSecurityScan@1
|
|
# inputs:
|
|
# serviceConnectionEndpoint: 'SnykConnection'
|
|
# testType: 'container'
|
|
# # dockerImageName: '$(containerRegistryEndpoint)/$(imageName):$(GitVersion.SemVer)'
|
|
# dockerImageName: '$(containerRegistryEndpoint)/$(imageName):sandbox'
|
|
# severityThreshold: 'high'
|
|
# monitorWhen: 'noIssuesFound'
|
|
# failOnIssues: true
|
|
|
|
- task: Docker@2
|
|
displayName: '[Step4.1] Push'
|
|
inputs:
|
|
containerRegistry: '$(containerRegistryServiceConnectionName)'
|
|
repository: '$(imageName)'
|
|
command: 'push'
|
|
# tags: '$(GitVersion.SemVer)'
|
|
tags: 'sandbox'
|
|
Dockerfile: '**/Dockerfile'
|
|
|
|
- task: AzureRmWebAppDeployment@4
|
|
displayName: 'Deploy on Sandbox'
|
|
condition: and(succeeded(), eq(variables.isReleaseDeployment, true))
|
|
enabled: true
|
|
inputs:
|
|
ConnectionType: 'AzureRM'
|
|
azureSubscription: '$(azureRMServiceConnectionName)'
|
|
appType: 'webAppContainer'
|
|
WebAppName: '$(webAppName)'
|
|
DockerNamespace: '$(containerRegistryEndpoint)'
|
|
DockerRepository: '$(imageName)'
|
|
# DockerImageTag: '$(GitVersion.SemVer)'
|
|
DockerImageTag: 'sandbox'
|