I am creating a CI/CD pipeline for my Azure Resources using ARM Template.
In my Arm Template I am using zipdeploy to deploy the code of my azure function.
"resources": [
{
"apiVersion": "2021-02-01",
"type": "extensions",
"name": "zipdeploy",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
],
"properties": {
"packageUri": "[parameters('packageUri')]"
}
}
]
Basically, I need to specify the packageUri, it needs to be accessed over the internet.
In my Azure Pipeline I am creating a zip package of my function and publishing to Azure pipeline artifacts using dotnet publish
and then I am getting the URL: https://dev.azure.com/ifolor/_apis/resources/Containers/$(Build.ContainerId)/drop?itemPath=drop/myfunction.zip
task: PublishBuildArtifacts#1
Problem:
This URL is private, the Azure function cannot access this artifact
Is it possible to give access permissions to my Azure function from Azure Portal to access the pipeline artifacts from Azure Pipeline?
Pipeline artifact:
Is it possible to give access permissions to my Azure function from Azure Portal to access the pipeline artifacts from Azure Pipeline?
No.
Typically, you don't use an ARM template to deploy your application, you use a continuous delivery pipeline that pushes the changes out to the site, as explained in the documentation.
i.e.
- task: AzureWebApp#1
inputs:
azureSubscription: '<Azure service connection>'
appType: 'webAppLinux'
appName: '<Name of web app>'
package: '$(System.DefaultWorkingDirectory)/**/*.zip'
Related
I’m following the new CICD guide for ADF https://learn.microsoft.com/en-us/azure/data-factory/continuous-integration-deployment-improvements
I am then publishing the ARMTemplates generated from the npm export pipeline to my ADF Dev using Azure Resource Group ARM Template deployment described here: https://learn.microsoft.com/en-us/azure/data-factory/continuous-integration-deployment#script
Looks like this:
- task: AzureResourceGroupDeployment#1
displayName: 'Azure Deployment:Create Or Update Resource Group action on adf-dev-rg'
inputs:
ConnectedServiceName: 'guycarpenter-privatenonprod-Contributor'
resourceGroupName: 'gc-adf-nasa-prinonprod-dev-rg'
location: 'East US 2'
csmFile: '$(Agent.BuildDirectory)/ARMTemplate/ARMTemplateForFactory.json'
csmParametersFile: '$(Agent.BuildDirectory)/ARMTemplate/ARMTemplateParametersForFactory.json'
After I publish the new ARMTemplate to my ADF Dev, ADF git repo Configure gets disconnected.
How should I publish the new ARMTemplate to my ADF Dev without disconnecting the repo?
Edit:
I also found that setting includeFactoryTemplate=false solves the disconenction, but I need it set to true to parametrize ADF for other environments.
Edit #2:
This solved the problem: https://stackoverflow.com/a/56863897/13570809
How should I publish the new ARMTemplate to my ADF Dev without disconnecting the repo?
There is a known user voice about this:
Retain GIT configuration when deploying Data Factory ARM template
You could vote this request and check the feedback.
And the Jason replied:
This has been implemented by the repoConfiguration properties in the
Azure Resource Manager template for the Data Factory resource. See
here for reference -
https://learn.microsoft.com/en-us/azure/templates/microsoft.datafactory/2018-06-01/factories
I am using Bot Framework Virtual Assistant template to Create and configure Bot in Azure,
For this process i have ARM template is in place for creating resources,
Deploy PS script is used to create knowledgebase and (Deploy.ps1) once qnamaker resources are created.
In current implementation, If i execute script from local Powershell tool everything works fine:
Creating Resources
Creating Knowledgebase
KnowledgeBase configuration
I am stuck at configuring this set up in Azure DevOps, How do i configure ARM deployment and PowerShell script execution in CI/CD pipeline.
So that once resources are created through ARM deployment, Knowledgebase creation should automatically trigger ?
Any help is appreciated
First you need to put the ARM template in a source repository(Github or Azure Repos). See document Create a new Git repo in your project
Then Create the pipeline(Yaml or Classic). See YAML example here. For Classic UI pipeline check out this example.
Before you can deploy to your Azure subscription. You need to create an azure Resource Manager service connection to connect your Azure subscription to Azure devops. See this thread for an example
In your pipeline use ARM template deployment task to deploy the ARM template. And use Azure powershell task to execute the Deploy PS script. See below example
trigger:
- master
pool:
vmImage: windows-latest
steps:
- task: AzureResourceManagerTemplateDeployment#3
displayName: 'ARM Template deployment: Subscription scope'
inputs:
azureResourceManagerConnection: 'my-azure-sub'
resourceGroupName: 'azrue resource group'
location: 'West Europe'
csmFile: **/template.json
csmParametersFile: **/parameter.json
deploymentMode: Incremental
- task: AzurePowerShell#5
displayName: 'Azure PowerShell script: FilePath'
inputs:
azureSubscription: 'my-azure-sub'
ScriptPath: **/Deploy.ps1
azurePowerShellVersion: LatestVersion
See this tutorial for more information.
I have developed logic app using VS2019. In that I’m reading the secret value from Azure Key Vault using the below lines of code:
logicapp.parameters.json
"azuretables_sharedkey": {
"reference": {
"keyVault": {
"id": "/subscriptions/XXXXXXXXX/resourceGroups/XXXXXXXXXXX/providers/Microsoft.KeyVault/vaults/XXXX-KV-NonProd"
},
"secretName": "StorageAccountSharedKey"
}
},
I have configured Build and Release pipeline to deploy the logic app into Azure using “ARM Template Deployment” task in Azure DevOps. But I want to override the above key vault reference parameters in Azure DevOps Build and Release Pipeline.
So, can anyone suggest me how to do it?
You can pass keyVaultName, keyVaultSecretName and keyVaultSecretValue from Azure DevOps library and update key vault using below ARM template code.
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2019-09-01",
"name": "[concat(parameters('keyVaultName'), '/', parameters('keyVaultSecretName'))]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
],
"properties": {
"value": "[parameters('keyVaultSecretValue')]"
}
}
You can access key vault secret value in ARM template for function/webapp using below code statement. It refers to value in current secret version.
"value": "[concat('#Microsoft.KeyVault(SecretUri=', 'https://',parameters('keyVaultName'),'.vault.azure.net/secrets/',parameters('keyVaultSecretName'))')]"
On the ARM template deployment task, there is an option "Override template parameters" can be used to override the template parameters.
[UPDATE]
Here is case for the same question: Azure ARM template keyvault override in Azure DevOps
I have removed key vault reference code from template file. And then integrated Azure Key Vault with Common Library in Azure DevOps CI/CD pipelines by following this documentation.
Is it possible to trigger an azure DevOps pipeline via ADF through web activity?
If not then how to trigger via ADF?
It is not possible to trigger an Azure Devops release pipeline from ADF.
But you can use a logic app to trigger the same and in turn call the logic app through ADF via web activity.
As of this time, however, there isn't an existing function that support Azure Data Factory to trigger Azure DevOps pipeline.
But there is a REST API Runs - Run Pipeline that can queue a pipeline outside the Azure DevOps which may help you.
POST https://dev.azure.com/{organization}/{project}/_apis/pipelines/{pipelineId}/runs?api-version=6.0-preview.1
Here is an example of the request body:
{
"stagesToSkip": [],
"resources": {
"repositories": {
"self": {
"refName": "refs/heads/main"
}
}
},
"variables": {}
}
For data factory, you only can add the pipeline trigger:
When the pipeline runs, the web active will run and call the azure DevOps pipeline. You can use REST API like Jane said. We can not trigger the azure DevOps pipeline directly. There isn't a active can achieve that.
HTH.
I want to be able to set a variable in a Azure DevOps library and then use it to populate an AWS secret.
In the releases/tasks I see that there is a premade Azure DevOps task "AWS Secrets Manager Create/Update Secret".
Is there anyway I can use a variable I have already set in the Azure DevOps library groups to populate the secret value in the premade task "AWS Secrets Manager Create/Update Secret"?
Yes of course, what you need is just refer to this variables (and have variable group added to your pipeline/release)
In YAML it would be just
- task: SecretsManagerCreateOrUpdateSecret#1
inputs:
awsCredentials: 'aws'
regionName: 'eu-west-1'
secretNameOrId: 'SomeSecret'
secretValueSource: 'inline'
secretValue: '$(MyVariable)'
and in UI