-
Notifications
You must be signed in to change notification settings - Fork 5
/
azure-pipelines-prod.yml
129 lines (110 loc) · 3.69 KB
/
azure-pipelines-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# Deploy to Azure Kubernetes Service
# Build and push image to Azure Container Registry; Deploy to Azure Kubernetes Service
# https://docs.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- main
pool:
mo-cluster-agent-pool
resources:
- repo: self
variables:
# Container registry service connection established during pipeline creation
azureSubscription: 'Mogenius subscription ARM-SP'
clusterName: 'mogenius-prod-cluster'
azureResourceGroup: 'mo-rg'
dockerRegistryServiceConnection: '22486bb2-ad6b-424e-8276-4c5f0e867bd0'
imageRepository: 'mo-doc-prod'
containerRegistry: 'mogenius.azurecr.io'
dockerfilePath: '**/Dockerfile'
tag: '$(Build.BuildId)'
imagePullSecret: 'mogenius8877710a-auth'
keyVaulName: 'mo-key-vault'
environment: 'mo-doc-prod.default'
# Agent VM image name
# vmImageName: 'ubuntu-latest'
configuration: 'production'
stages:
- stage: Build
displayName: Build stage
jobs:
- job: Build
displayName: Build
steps:
- checkout: self
persistCredentials: true
clean: true
- script: |
if [ "${RN:0:10}" = "refs/tags/" ]; then
echo "Tag detected: ${RN:10}"
fi
displayName: 'check for tag'
- script: |
touch .npmrc
echo "registry=https://pkgs.dev.azure.com/mogenius/_packaging/mogenius/npm/registry/" >> .npmrc
echo "always-auth=true" >> .npmrc
displayName: 'create .npmrc for auth task'
- task: npmAuthenticate@0
inputs:
workingFile: '.npmrc'
displayName: 'npm authenticate'
- task: Docker@2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
latest
- upload: manifests
artifact: manifests
- stage: Deploy
displayName: Deploy stage
dependsOn: Build
jobs:
- deployment: Deploy
displayName: Deploy
environment: $(environment)
strategy:
runOnce:
deploy:
steps:
- task: AzureKeyVault@1
inputs:
azureSubscription: $(azureSubscription)
KeyVaultName: $(keyVaulName)
SecretsFilter: '*'
RunAsPreJob: true
- task: replacetokens@3
inputs:
rootDirectory: $(Pipeline.Workspace)/manifests
targetFiles: '**/*.yaml'
encoding: 'auto'
writeBOM: true
actionOnMissing: 'warn'
keepToken: false
tokenPrefix: '__'
tokenSuffix: '__'
useLegacyPattern: false
enableTelemetry: false
- task: KubernetesManifest@0
displayName: Create imagePullSecret
inputs:
action: createSecret
secretName: $(imagePullSecret)
dockerRegistryEndpoint: $(dockerRegistryServiceConnection)
- task: KubernetesManifest@0
displayName: Deploy to Kubernetes cluster
inputs:
action: deploy
manifests: |
$(Pipeline.Workspace)/manifests/prod/ingress.yaml
$(Pipeline.Workspace)/manifests/prod/ingress-redirect.yaml
$(Pipeline.Workspace)/manifests/prod/secret.yaml
$(Pipeline.Workspace)/manifests/prod/deployment.yaml
$(Pipeline.Workspace)/manifests/prod/service.yaml
imagePullSecrets: |
$(imagePullSecret)
containers: |
$(containerRegistry)/$(imageRepository):$(tag)