Deploy TFS files to remote, non-trusted, environment - deployment

First, I'm a TFS novice. I have a situation where I'm running TFS, and want to interact with a domain outside our environment. The destination server environment does not want to establish any trusts due to security\confidentiality reasons. I was thinking of using a BuildServer or second TFS server in the remote environment to accept the files from the (local) source TFS.

For anyone else looking to do this, I found out there is a way to do it, however it's certainly not a plug-n-play.
The steps would be:
Using the TFS API, write a solution to watch for check-in actions. When one is found, wait until the action is completed then copy all items to a temporary location.
This temporary is actually a secure FTP location that would send the files to the client site.
Once on the destination client, a folder watcher scans for changes.
When the FTP process is complete, a TFS API solution application call is made to check in the files to the destination TFS.

Related

Automatic git pull on server

So I have a server where I keep development files used for my game server. With multiple developers, I was wondering if there is a way to have the repository located on that server automatically pull new files as my developers push their commits to the online master? I have looked into ngrok but am unable to figure out how to implement this as this is not a web server and the files are not located on the root drive of the computer. Hope someone can give me a good step by step or point me in the right direction of a tutorial!
If you are on linux you can use crontab, on windows you can use Windows Task Scheduler

Download file from VSTS with lightweight client (PowerShell)

I code PowerShell, and save it to my VSTS account.
But when I code costumer specific Powershell script, I write them in my VS on my computer, then download them/the file from the customer server via web.
Is there any lightweight client or PowerShell script to download the latest version of a given file or folder from a private VSTS repository?
So I don't have to install anything on the customer server, and I can easily update the local file with a saved script.
It's a TFVC repository, not GIT repository if that makes a difference.
Neno Loje has built a small tool that can download one or more files directly from TFVC. It needs a couple of Client Object Model files, which are taken from the new TFS Client Object Model nuget files.
You can find it here:
https://blogs.msmvps.com/vstsblog/2011/03/14/download-files-from-tfs-version-control-and-set-the-file-last-access-timestamp-to-the-file-s-last-check-in-time/
The TFS 2015/2017 version will work against VSTS as well as pretty much any TFS server out there regardless of the version.
Alternatively, you could use the TFS Cross Platform Command Line, as long as Java is available on the target server

do TFS clients need to have local copies of the tools invoked by the build server?

Suppose that there is a TFS server with some kind of WF build activity installed in it. For example, and this is just an example, suppose that the activity takes the build output, decrypts credentials stored somewhere on the server, and performs an operation that requires the decrypted credentials: maybe it sends copies of the build output over the network to some computer that clients are not able to access directly.
Would TFS clients need to have local copies of the build activity that performs that operation? Or do they just push their code changes to the server and let the TFS server decide how to build the code and what to do with the build output? Or do clients have some control over the tools TFS uses to build the code and the operations it performs on the build output? And back to the example I provided, if the user is required to provide the credentials for the post-build action, is the implementer of the activity responsible for ensuring that the credentials are properly secured as they travel from the client to the server or does TFS take care of that?
Once created you can put the Team Build Custom Build Activities in the custom binaries in source control and configure the custom binary path of the Build Controller. TFS will then automatically grab the binaries when such a build gets executed.
As for supplying credentials to the build securely, there is nothing that TFS will do to help you with that. Though communication to TFS can be secured using SSL (configure SSL security on the TFS server), the build parameters are also stored in the TSF database in plain text format.
Your custom Activity and the designer you use to edit the values could provide some form of encryption of values, which would make sure they're not plain text stored in the server database, but you'll probably have to use a static key for this to work.
Best solution is to run the Build Agent under the user credentials you're after, that way the build agent itself has the proper permissions and there would be no transferring of any credentials or secrets over the wire, since Build agents will use NTLM or Kerberos to authenticate.
The build occurs on a Build Server (with the TFS Build Agent installed). Any custom activities are checked into TFS, and in the Build Controller properties you tell it where that directory is. The Build Controller ensures all assemblies in that directory are downloaded to each Build Agent as part of the build process.

Publishing TFS in the cloud

I've been testing TFS in the cloud, and have it all set up with a test project. Not using Git currently. My question is related to publishing to our remote server. I have a drive mapped and connect over VPN, and publishing via file system works. It appears that publishing occurs from my local solution, and not the solution in the central repository. This allows files that are checked out to be published to production. I had thought publishing would occur from the central repository, and only publish the files that are checked in.
Is the publishing process supposed to move the files from the central repo? Or, am I doing something wrong?
If not, are there controls in TFS to only publish approved/tested production files, and only files that are checked in? For example, prevent publishing and notify developer if files are checked out.
It's been a long time since I've used SCM, so bear with me. Thanks for your patience.
I think you need to investigate the build service built into TFS as this will let you generate builds using only the checked in source. A guide to doing this using the TFS cloud can be found here.

What is a typical workflow to put my local MVC3 project on to a "live server"?

I develop on my local machine with VS2010 and SQL Server. Naturally, my web.config points to my local SQL Server and I can debug/development and all is well. Unfortunately, I am not entirely sure on how to go about deploying my code to a live server.
Currently, my live server consists of a virtual machine (my site is accessible from the internet). When I'm ready to put my changes on the live server I publish my app (right click on solution explorer -> publish). Then I go to the directory it publishes to and dump all the files into a network share that goes to my site on the live server. On the initial copy over, I have to manually edit the web.config so that the connection string points to the SQL Server on the live server instead of my local machine. So this is my first stumbling block. How can I easily manage development settings and "live" settings in the web.config?
Now, I also use version control (Kiln). Can I possibly tag a changeset and have it automatically deployed to my live server somehow? Let's say someone submits a bug and I fix it. I push my changeset and now Kiln has the latest version of my code with the bug fix. What's the best way to get these changes on to a live server?
I'm unable to find any documentation that covers the entire workflow but I feel like there has go to be a better way. Surely, something like this can be accomplished without having to manually edit the web.config everytime I publish and pray to the computer Gods that I didn't miss something in the connection string.
It's just me so I have complete control over all of my environments, including the server and what's accessible via the internet, and anything is possible if only I knew what to do.
How can I easily manage development settings and "live" settings in the web.config?
Re: With VS 2010 web.config transformations, it is quite easy. Please take a look at this blog:
http://blogs.msdn.com/b/webdevtools/archive/2009/05/04/web-deployment-web-config-transformation.aspx
For VS 2008 or older, we used to have multiple config file based on environment and we used to create Debug/Release/DevTest/UAT/PROD release configuration and then in the post build event we used to replace the web.config with the release configuration based config. For example - if you build the project using "Prod" release configuration then we copy the PROD web.config to the publishing folder.
Now, I also use version control (Kiln).
Can I possibly tag a changeset and have it automatically deployed to my live server somehow? Let's say someone submits a bug and I fix it. I push my changeset and now Kiln has the latest version of my code with the bug fix. What's the best way to get these changes on to a live server?
Re: Source control and publishing to live server are two different things. The first question you are asking here related to how you manage multiple releases and have control over bug fixes for each release. The way I would do it is I will have PROD branch in my source control which will be the first release and for every major release I will sub branch it to have more control over e-fixes.
For the other question about how to get it to live server, it depends on your environment. We do it differently based on how customer environment is setup. If they have given us the FTP, we use that or otherwise we package the application into an MSI and then deploy it to UAT.. Until UAT signoff is done, we keep on updating the MSI. Once signoff received, the MSI goes to PROD.
Hope this helps.