Skip to content

Commit

Permalink
Update pipelines and make end to end tests stable (#2221)
Browse files Browse the repository at this point in the history 
* Build in onebranch
* Enable MSI access to IoT Hub in deployed IOT Hub template
* Deploy NSG and disable access to HTTP/HTTPS for iot edge
* Fix incremental updates
* Diagnostic must be around writer group not writer
* Build in onebranch
* Memory/cpu diag in console and diagnostic messages
* Stable end to end tests in onebranch
  • Loading branch information
@marcschier
marcschier authored May 31, 2024
1 parent 8dc28a6 commit 45d88c1
Show file tree
Hide file tree
Showing 181 changed files with 3,733 additions and 5,584 deletions.
95 changes: 32 additions & 63 deletions azure-pipelines.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,66 +4,35 @@ pr:
branches:
include:
- '*'
trigger:
batch: 'true'
branches:
include:
- main
- releases
- release/*
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: Azure-Pipelines-1ESPT-ExDShared
image: windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
settings:
skipBuildTagsForGitHubPullRequests: true
sdl:
baseline:
baselineFile: $(Build.SourcesDirectory)\.gdnbaselines
#suppression:
# suppressionFile: $(Build.SourcesDirectory)\.gdnsuppress
stages:
- stage: build
displayName: 'Build and Test Code'
condition: ne(variables['SkipBuild'], true)
jobs:
- template: /tools/templates/ci.yml@self
- template: /tools/templates/cc.yml@self
- stage: pack
displayName: 'Package and Sign Nuget'
condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
dependsOn:
- build
jobs:
- template: /tools/templates/nuget.yml@self
parameters:
sign: ${{ startsWith(variables['Build.SourceBranch'], 'refs/heads/TODO') }}
- stage: images
displayName: 'Build Images'
condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
dependsOn:
- build
jobs:
- template: /tools/templates/acrbuild.yml@self
- stage: e2e_tests
displayName: 'Triggering E2E tests'
condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
dependsOn:
- build
- pack
- images
jobs:
- template: /tools/templates/e2e_tests.yml@self
parameters:
branchName: ${{ replace(variables['Build.SourceBranch'], 'refs/heads/', '') }}
variables:
system_accesstoken: $(System.AccessToken)
jobs:
- job: OneBranchTrigger
pool:
vmImage: 'ubuntu-latest'
displayName: Trigger Pull Request Build on Governed Pipeline
steps:
- task: TriggerBuild@4
inputs:
definitionIsInCurrentTeamProject: true
buildDefinition: 'Industrial-IoT-PullRequest'
queueBuildForUserThatTriggeredBuild: false
ignoreSslCertificateErrors: false
useSameSourceVersion: false
useCustomSourceVersion: false
useSameBranch: false
branchToUse: 'main'
waitForQueuedBuildsToFinish: true
waitForQueuedBuildsToFinishRefreshTime: '60'
failTaskIfBuildsNotSuccessful: true
cancelBuildsIfAnyFails: false
treatPartiallySucceededBuildAsSuccessful: false
downloadBuildArtifacts: true
storeInEnvironmentVariable: false
authenticationMethod: 'OAuth Token'
enableBuildInQueueCondition: true
dependentOnSuccessfulBuildCondition: false
dependentOnFailedBuildCondition: false
checkbuildsoncurrentbranch: false
failTaskIfConditionsAreNotFulfilled: false
templateParameters: 'ref: $(Build.SourceBranch)'
4 changes: 2 additions & 2 deletions common.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@
<!--<TreatWarningsAsErrors>true</TreatWarningsAsErrors>-->
</PropertyGroup>
<ItemGroup Condition="$(NO_RCS) == ''">
<PackageReference Include="Roslynator.Analyzers" Version="4.12.2" PrivateAssets="All"/>
<PackageReference Include="Roslynator.Formatting.Analyzers" Version="4.12.2" PrivateAssets="All"/>
<PackageReference Include="Roslynator.Analyzers" Version="4.12.3" PrivateAssets="All"/>
<PackageReference Include="Roslynator.Formatting.Analyzers" Version="4.12.3" PrivateAssets="All"/>
</ItemGroup>
<!-- only create the SARIF files for the SDL build step in cloud builds -->
<PropertyGroup Condition="'$(NBGV_NugetPackageVersion)' != ''">
Expand Down
76 changes: 40 additions & 36 deletions deploy/scripts/deploy.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ param(
[int] $numberOfWindowsGateways = 1,
[int] $numberOfSimulationsPerEdge = 1,
[pscredential] $credentials,
[secureString] $accessToken,
[switch] $isServicePrincipal,
[object] $aadConfig,
[object] $context,
Expand Down Expand Up @@ -206,7 +207,13 @@ Function Select-Context() {
}
if (!$context) {
try {
if ($script:credentials) {
if ($script:accessToken) {
Write-Host "Signing into $($environment.Name) using the provided access token..."
$connection = Connect-AzAccount -Environment $environment.Name `
-AccessToken $script:accessToken `
-SkipContextPopulation @tenantArg -ErrorAction Stop
}
elseif ($script:credentials) {
Write-Host "Signing into $($environment.Name) using the provided credentials..."
$connection = Connect-AzAccount -Environment $environment.Name `
-Credential $script:credentials `
Expand Down Expand Up @@ -328,49 +335,46 @@ Function Select-Context() {
# Select repository and branch
#*******************************************************************************************************
Function Select-RepositoryAndBranch() {

if ([string]::IsNullOrEmpty($script:branchName)) {
# Try get branch name
$script:branchName = $env:BUILD_SOURCEBRANCH
if (![string]::IsNullOrEmpty($script:branchName)) {
if ($script:branchName.StartsWith("refs/heads/")) {
$script:branchName = $script:branchName.Replace("refs/heads/", "")
try {
$argumentList = @("rev-parse", "--abbrev-ref", "@{upstream}")
$symbolic = (& "git" @argumentList 2>&1 | ForEach-Object { "$_" });
if ($LastExitCode -ne 0) {
throw "git $($argumentList) failed with $($LastExitCode)."
}
else {
$script:branchName = $null
$remote = $symbolic.Split('/')[0]
$argumentList = @("remote", "get-url", $remote)
$giturl = (& "git" @argumentList 2>&1 | ForEach-Object { "$_" });
if ($LastExitCode -ne 0) {
throw "git $($argumentList) failed with $($LastExitCode)."
}
}
if ([string]::IsNullOrEmpty($script:branchName)) {
try {
$argumentList = @("rev-parse", "--abbrev-ref", "@{upstream}")
$symbolic = (& "git" @argumentList 2>&1 | ForEach-Object { "$_" });
if ($LastExitCode -ne 0) {
throw "git $($argumentList) failed with $($LastExitCode)."
}
$remote = $symbolic.Split('/')[0]
$argumentList = @("remote", "get-url", $remote)
$giturl = (& "git" @argumentList 2>&1 | ForEach-Object { "$_" });
if ($LastExitCode -ne 0) {
throw "git $($argumentList) failed with $($LastExitCode)."
}
if ([string]::IsNullOrEmpty($script:repo)) {
$script:repo = $giturl.Replace(".git", "")
}
$script:branchName = $symbolic.Replace("$($remote)/", "")
if ($script:branchName -eq "HEAD") {
Write-Warning "$($symbolic) is not a branch - using main."
$script:branchName = "main"
}
if ([string]::IsNullOrEmpty($script:repo)) {
$script:repo = $giturl.Replace(".git", "")
}
catch {
if (![string]::IsNullOrEmpty($script:version)) {
$script:branchName = "release/$script:version"
$script:branchName = $symbolic.Replace("$($remote)/", "")
if ($script:branchName -eq "HEAD") {
Write-Warning "$($symbolic) is not a branch - using main."
$script:branchName = "main"
}
}
catch {
# Try get branch name from build
$script:branchName = $env:BUILD_SOURCEBRANCH
if (![string]::IsNullOrEmpty($script:branchName)) {
if ($script:branchName.StartsWith("refs/heads/")) {
$script:branchName = $script:branchName.Replace("refs/heads/", "")
}
else {
Write-Warning "Cannot determine branch - using main."
$script:branchName = "main"
$script:branchName = $null
}
}
elseif (![string]::IsNullOrEmpty($script:version)) {
$script:branchName = "release/$script:version"
}
else {
Write-Warning "Cannot determine branch - using main."
$script:branchName = "main"
}
}
}

Expand Down
71 changes: 70 additions & 1 deletion deploy/templates/azuredeploy.edge.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,8 @@
"nicResourceId": "[resourceId(resourceGroup().name,'Microsoft.Network/networkInterfaces', variables('nicResourceName'))]",
"vnetResourceName": "[concat(variables('vmName'), '-vnet')]",
"vnetResourceId": "[resourceId(resourceGroup().name,'Microsoft.Network/virtualNetworks', variables('vnetResourceName'))]",
"nsgResourceName": "[concat(variables('vmName'), '-nsg')]",
"nsgResourceId": "[resourceId(resourceGroup().name,'Microsoft.Network/virtualNetworks', variables('nsgResourceName'))]",
"simulationName": "[concat(variables('vmName'), '-sim')]",
"simulationResourceName": "[concat(deployment().name, '.edge')]",
"identity": {
Expand Down Expand Up @@ -289,6 +291,73 @@
"[variables('vnetResourceId')]"
]
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2023-04-01",
"name": "[variables('nsgResourceName')]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "default-allow-22",
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', variables('nsgResourceName'), 'default-allow-22')]",
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1000,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAnyHTTPSOutbound",
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', variables('nsgResourceName'), 'DenyAnyHTTPSOutbound')]",
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"properties": {
"protocol": "TCP",
"sourcePortRange": "*",
"destinationPortRange": "443",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 1010,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAnyHTTPOutbound",
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', variables('nsgResourceName'), 'DenyAnyHTTPOutbound')]",
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"properties": {
"protocol": "TCP",
"sourcePortRange": "*",
"destinationPortRange": "80",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 1020,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}
},
{
"comments": "Virtual machine hosting the IoT Edge installation.",
"name": "[variables('vmName')]",
Expand Down Expand Up @@ -459,4 +528,4 @@
"value": "[parameters('edgeUsername')]"
}
}
}
}
29 changes: 28 additions & 1 deletion deploy/templates/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,13 @@
"description": "The Azure IoT Hub default message retention in days."
}
},
"iotHubRoleNameGuid": {
"type": "string",
"defaultValue": "[newGuid()]",
"metadata": {
"description": "A new GUID used to identify the IoTHub contrib role assignment"
}
},
"dpsName": {
"type": "string",
"defaultValue": "[concat('dps', take(uniqueString(subscription().subscriptionId, resourceGroup().id), 6))]",
Expand Down Expand Up @@ -343,6 +350,7 @@
"simulationConfigurationResourceName": "[concat(deployment().name, '.simulation.configuration')]",
"iotHubResourceId": "[resourceId('Microsoft.Devices/Iothubs', parameters('iotHubName'))]",
"iotHubKeyName": "iothubowner",
"iotHubContributorRoleId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4fc6c259-987e-4a07-842e-c321cc9d413f')]",
"iotHubKeyResource": "[resourceId('Microsoft.Devices/Iothubs/Iothubkeys', parameters('iotHubName'), variables('iotHubKeyName'))]",
"iothubTelemetryConsumerGroup": "telemetry",
"iothubEventsConsumerGroup": "events",
Expand Down Expand Up @@ -450,10 +458,13 @@
},
{
"comments": "Azure IoT Hub",
"apiVersion": "2019-03-22",
"apiVersion": "2023-06-30",
"type": "Microsoft.Devices/Iothubs",
"name": "[parameters('iotHubName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"tags": "[parameters('tags')]",
"sku": {
"name": "[parameters('iotHubSku')]",
Expand All @@ -463,6 +474,7 @@
"properties": {
"location": "[resourceGroup().location]",
"ipFilterRules": [],
"disableLocalAuth": false,
"eventHubEndpoints": {
"events": {
"retentionTimeInDays": "[parameters('iotHubRetentionInDays')]",
Expand Down Expand Up @@ -528,6 +540,21 @@
"[variables('storageResourceId')]"
]
},
{
"comments": "Assign access to IoT Hub to our managed identity",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"name": "[parameters('iotHubRoleNameGuid')]",
"scope": "[variables('iotHubResourceId')]",
"properties": {
"roleDefinitionId": "[variables('iotHubContributorRoleId')]",
"principalId": "[reference(variables('identityResourceId'), '2018-11-30').principalId]"
},
"dependsOn": [
"[variables('identityResourceId')]",
"[variables('iotHubResourceId')]"
]
},
{
"comments": "Telemetry Consumer Group in IoT Hub",
"apiVersion": "2019-03-22",
Expand Down
Loading

0 comments on commit 45d88c1

Please sign in to comment.