The purpose of this Azure DevOps Pipeline is to build fence, run a test suite, and then push the fence container into an Azure Container Registry.
If you don't already have access, you can use the free sign up with Azure Devops.
You can also import the pipeline, see these doc notes as a guide.
Create a Service Principal in your Azure Subscription using Azure CLI.
First, log into az cli:
az login
az account set -s <Subscription ID>You can create a service principal in Azure AD:
spObject=$(az ad sp create-for-rbac --name ServicePrincipalName)
# this can be used for the SP_CLIENT_ID
spClientId=$(echo $spObject | jq -r ".appId")
# this can be used for the SP_CLIENT_PASSWORD
spPassword=$(echo $spObject | jq -r ".password")
# this can be used for the TENANT_ID
spTenantId=$(echo $spObject | jq -r ".tenant")You will need to have appropriate permissions in the AAD directory. If you don't have access, please work with your Azure Subscription administrator to obtain a Service Principal.
You can also create an Azure Container Registry using azure cli or the portal.
You can use the following az cli commands in bash for reference:
az group create --name myResourceGroup --location eastus
az acr create --resource-group myResourceGroup --name myContainerRegistry --sku BasicAlso, make sure that the Service Principal has rights to the Azure Container Registry to acrPull and acrPush.
acrResourceId="$(az acr show -n myContainerRegistry -g myResourceGroup --query "id" -o tsv)"
az role assignment create --assignee $spClientId --role 'AcrPull' --scope $acrResourceId
az role assignment create --assignee $spClientId --role 'AcrPush' --scope $acrResourceIdTo verify if the pipeline context will have access to ACR, you can login.
Note, this is an approach for dev / test, but in a production scenario, it is more likely that your SP Credentials used in the Azure DevOps Pipeline would be populated as secrets through variables or Variable Groups.
az login --service-principal --username "$spClientId" --password "$spPassword" --tenant "$spTenantId"
az acr login --name myContainerRegistryYou can also verify that this service principal will have ACRPush and ACRPull permission with ACR, which you can check how the getting started with docker guide for more details.
First, pull and tag an image:
docker pull mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine
docker tag mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine mycontainerregistry.azurecr.io/samples/nginxNote that the ACR names will default to lowercase for the
fqdn, so make sure that when you're tagging images to use lowercase for the ACR name.
Check that you can push an image to ACR:
docker push mycontainerregistry.azurecr.io/samples/nginxCheck that you can pull an image from ACR:
docker pull mycontainerregistry.azurecr.io/samples/nginxYou can also list out the images in the ACR with az cli:
az acr repository list --name mycontainerregistryYou can set the variables on your Azure DevOps pipeline.
First, make sure you have already imported your Azure DevOps Pipeline.
Click on the pipeline and then click edit, which will let you update the variables in the Azure DevOps pipeline:
| Variable Name | Description |
|---|---|
| SP_CLIENT_ID | This is your Service Principal Client ID. |
| SP_CLIENT_PASS | This is your Service Principal Password. You can override this value when running the Azure DevOps pipeline. |
| TENANT_ID | This is the Azure AD tenant ID where the SP and the ACR reside. |
| ACR_NAME | This is the Azure Container Registry name. Note, it is not the FQDN (e.g. myacrname instead of myacrname.azurecr.io). |
| LOCAL_POSTGRESQL_PORT | This is the Local PostgreSQL Port number. The default port for a PostgreSQL server is 5432, but you can change this to another port in case this port is already in use on the host. For example you can use 5433. |
| DESIRED_LOCAL_POSTGRESQL_PORT | This is the Local PostgreSQL Port number. For example you can use 5432 even if the LOCAL_POSTGRESQL_PORT is set to 5433. |
| GIT_REPO_TAG | This is the tag to use for the fence git repository, with a default of azure-support. |
After updating the variables, be sure to click save:
You can run the pipeline to validate the fence build and push to ACR.
