-
Notifications
You must be signed in to change notification settings - Fork 3
/
azure-pipelines-dashboard.yml
196 lines (191 loc) · 7.09 KB
/
azure-pipelines-dashboard.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
name: amg_dashboard_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
variables:
- group: app-one
- name: region
value: 'us-east-2'
- name: workspace
value: 'g-2cfb445889'
- name: profile
value: 'PSProfile'
trigger:
branches:
include:
- main
- dev/add-dashboard
paths:
include:
- /amg_dashboard/*
pool:
vmImage: ubuntu-latest
stages:
- stage: grafana_dashboard_deploy
displayName: Initialize and Review
jobs:
- job: Initialize
pool:
vmImage: ubuntu-latest
steps:
- task: PowerShell@2
displayName: 'Check and install AWS.Tools modules'
inputs:
filePath: '$(build.sourcesdirectory)/amg_dashboard/InstallAWSTools.ps1'
- task: PowerShell@2
displayName: 'Set AWS Credentials'
inputs:
targetType: 'inline'
script: 'Set-AWSCredential -AccessKey $(access_key) `
-SecretKey $(secret_key) `
-StoreAs $(profile)'
- task: PowerShell@2
displayName: 'Create API key'
inputs:
targetType: 'inline'
workingDirectory: $(System.DefaultWorkingDirectory)/amg_dashboard
script: |
$apikey= (New-MGRFWorkspaceApiKey -KeyName "automation" `
-KeyRole ADMIN `
-SecondsToLive 600 `
-WorkspaceId $(workspace) `
-Region $(region) `
-ProfileName $(profile)).Key
$Content = "grafana_workspace_auth = `"$apikey`" `
`ngrafana_workspace_url = `"https://$(workspace).grafana-workspace.us-east-2.amazonaws.com`""
$Content | Out-File terraform.tfvars
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform init `
-backend-config="bucket=terraform-remote-bucket-skundu" `
-backend-config="key=tf/managed-grafana/dashboard/terraform.tfstate" `
-backend-config="access_key=$(access_key)" `
-backend-config="secret_key=$(secret_key)" `
-backend-config="region=$(region)" -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_dashboard'
displayName: Terraform init
- task: Bash@3
inputs:
targetType: 'inline'
script: 'pip install checkov'
displayName: Install checkov
- task: Bash@3
inputs:
targetType: 'inline'
workingDirectory: $(System.DefaultWorkingDirectory)/amg_dashboard
script: 'checkov -d . -o junitxml > scan-result.xml'
displayName: Checkov source code scan
continueOnError: true
- task: PublishTestResults@2
inputs:
testResultsFormat: 'JUnit'
searchFolder: '$(System.DefaultWorkingDirectory)/amg_dashboard'
testResultsFiles: '**/*scan-result.xml'
mergeTestResults: false
testRunTitle: Terraform source code scan
failTaskOnFailedTests: false
publishRunAttachments: true
displayName: Publish Test Result
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform plan -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_dashboard'
displayName: Terraform plan
- task: PowerShell@2
displayName: 'Delete API Key'
inputs:
targetType: 'inline'
script: |
Remove-MGRFWorkspaceApiKey -KeyName "automation" `
-WorkspaceId $(workspace) `
-ProfileName $(profile) `
-Region $(region) -Force
condition: always()
continueOnError: true
- task: PowerShell@2
displayName: 'Remove AWS Credentials'
inputs:
targetType: 'inline'
script: 'Remove-AWSCredentialProfile -ProfileName $(profile) -Force'
condition: always()
- job: review
dependsOn: Initialize
condition: and (succeeded(), ne(variables['Build.Reason'], 'PullRequest'), eq(variables['Build.SourceBranchName'], 'main'))
pool: server
displayName: Review the output of terraform plan in the previous job.
steps:
- task: ManualValidation@0
timeoutInMinutes: 15 # task times out in 15 mins
inputs:
notifyUsers: skundu.dev@gmail.com
instructions: 'Please validate the build configuration and resume'
onTimeout: 'reject'
- job: apply
dependsOn: review
pool:
vmImage: ubuntu-latest
displayName: Terraform apply
steps:
- task: PowerShell@2
displayName: 'Check and install AWS.Tools modules'
inputs:
filePath: '$(build.sourcesdirectory)/amg_dashboard/InstallAWSTools.ps1'
- task: PowerShell@2
displayName: 'Set AWS Credentials'
inputs:
targetType: 'inline'
script: 'Set-AWSCredential -AccessKey $(access_key) `
-SecretKey $(secret_key) `
-StoreAs $(profile)'
- task: PowerShell@2
displayName: 'Create API key'
inputs:
targetType: 'inline'
workingDirectory: $(System.DefaultWorkingDirectory)/amg_dashboard
script: |
$apikey= (New-MGRFWorkspaceApiKey -KeyName "automation" `
-KeyRole ADMIN `
-SecondsToLive 600 `
-WorkspaceId $(workspace) `
-Region $(region) `
-ProfileName $(profile)).Key
$Content = "grafana_workspace_auth = `"$apikey`" `
`ngrafana_workspace_url = `"https://$(workspace).grafana-workspace.us-east-2.amazonaws.com`""
$Content | Out-File terraform.tfvars
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform init `
-backend-config="bucket=terraform-remote-bucket-skundu" `
-backend-config="key=tf/managed-grafana/dashboard/terraform.tfstate" `
-backend-config="region=$(region)" `
-backend-config="access_key=$(access_key)" `
-backend-config="secret_key=$(secret_key)" -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_dashboard'
displayName: Terraform init
- task: PowerShell@2
inputs:
targetType: 'inline'
script: 'terraform apply --auto-approve -no-color'
workingDirectory: '$(build.sourcesdirectory)/amg_dashboard'
displayName: "Terraform apply"
- task: PowerShell@2
displayName: 'Delete API Key'
inputs:
targetType: 'inline'
script: |
Remove-MGRFWorkspaceApiKey -KeyName "automation" `
-WorkspaceId $(workspace) `
-ProfileName $(profile) `
-Region $(region) -Force
condition: always()
continueOnError: true
- task: PowerShell@2
displayName: 'Remove AWS Credentials'
inputs:
targetType: 'inline'
script: 'Remove-AWSCredentialProfile -ProfileName $(profile) -Force'
condition: always()