azure-pipelines.yml

# Deploy to Azure Kubernetes Service
# Build and push image to Azure Container Registry; Deploy to Azure Kubernetes Service
# https://docs.microsoft.com/azure/devops/pipelines/languages/docker

trigger:
- master

resources:
- repo: self

variables:

  # Container registry service connection established during pipeline creation
  dockerRegistryServiceConnection: 'ccee9150-1d33-4f60-9ee9-868713a42cd5'
  imageRepository: 'examplevotingapp'
  containerRegistry: 'eusdsolacr001.azurecr.io'
  dockerfilePath: '**/Dockerfile'
  tag: '$(Build.BuildId)'
  imagePullSecret: 'eusdsolacr001199039af-auth'

  # Agent VM image name
  vmImageName: 'ubuntu-latest'

  # ROX API TOKEN
  ROX_API_TOKEN: 'eyJhbGciOiJSUzI1NiIsImtpZCI6Imp3dGswIiwidHlwIjoiSldUIn0.eyJhdWQiOlsiaHR0cHM6Ly9zdGFja3JveC5pby9qd3Qtc291cmNlcyNhcGktdG9rZW5zIl0sImV4cCI6MTYyMDMxMzczMywiaWF0IjoxNTg4Nzc3NzMzLCJpc3MiOiJodHRwczovL3N0YWNrcm94LmlvL2p3dCIsImp0aSI6IjdjZTMzYjYwLTExMjktNDlhZS1hZWFhLWY5MGU4OTE4MGZhNSIsIm5hbWUiOiJHUy1DRi1BenVyZURldk9wcyIsInJvbGUiOiJDb250aW51b3VzIEludGVncmF0aW9uIn0.d2Bosy6WA2JJFIGfj5oXVKLw-yG1IVOMlddXbR8_zMbcprh0LUlzX0rovCDdOJMXWsrpPHaZTdfaL46avtY81xkrLNbrXNMpVSlvtePQ9qJdolBW6dEYQGphENw0yw7qjKbUbNJrXG-av18oullbc9jbOlFW80ksiZ18hZzXgIJW7AbW8QOsfnksYctlOGgTNwPsFx2SCP1Xbhgvx74Cj7zqb8VLjzHcu67P3x4QyiH1Wf9jn8ibMUI_PZ1a32pudiJ2wHObPulcNX3bNKF6mrWqM2Nk8j2-j620Hz3DGnN4f8lDrw1g_TJZGMcnVJujEYRm9rZjE8hfAvJw90eHVhKMREY_QoGZKQMrqUgNOU9NO-HRqdZQOewGX60J_xHoT2g9rH2wwcAr1JYLfbtFpnfUHtthOHaKRqWZzTy4Y1nNwiwHcyiuGvEjnIrXJzx20deEpKxDSu8yGy_Ma08vFku6bS7IdY-EeTD88GpwCqW5khl7eVDEcELIb3yqfBm7i7kIomURvLlvAtQsCrDLampMD2JYT_dIGrcJd_b9dFK--fH3L46zoxpGqtHbyXFux2oKrcTf7pTq5vGVqQMqGTf2rrteJ6y0lOH8Bw9yayBg8WGcjUU0R7kdNgLD1DlbWDkUfwpCq6-TMzul73x81eKo7lVmNvg_PkOwe86jrU8'
  # CENTRAL server IP 
  CENTRAL: '52.149.254.146:443'
  # KUBER DEPLOYMENT FILE 
  KUBEYAML: 'kube-deployment.yml'
  

stages:
- stage: Build
  displayName: Build stage
  jobs:  
  - job: Build
    displayName: Build
    pool:
      vmImage: $(vmImageName)
    steps:
    - task: Docker@2
      displayName: Build and push an image to container registry
      inputs:
        command: buildAndPush
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)
          
    - upload: manifests
      artifact: manifests

    - task: CmdLine@2
      displayName: Prepare ENV for roxctl
      inputs:
        script: |
          export ROX_API_TOKEN=${ROX_API_TOKEN}
          
          export CENTRAL=${CENTRAL}
    - task: CmdLine@2
      displayName: Getting Stackrox client
      inputs:
        script: |
          curl -s -k -H "Authorization: Bearer ${ROX_API_TOKEN}" https://${CENTRAL}/api/cli/download/roxctl-linux --output roxctl
          chmod +x ./roxctl

    - task: CmdLine@2
      displayName: Scanning Image ($(vmImageName)) at ${CENTRAL}
      inputs:
        script: './roxctl image check --insecure-skip-tls-verify -e ${CENTRAL} --image $(containerRegistry)/$(imageRepository):$(tag)'
   
    - task: CmdLine@2
      displayName: Stackrox deployment check
      inputs:
        script: './roxctl deployment check --insecure-skip-tls-verify -e ${CENTRAL} --file ${KUBEYAML}'

- stage: Deploy
  displayName: Deploy stage
  dependsOn: Build

  jobs:
  - deployment: Deploy
    displayName: Deploy
    pool:
      vmImage: $(vmImageName)
    environment: 'zodiaczodiacexamplevotingapp-1796.kube-test-rox'
    strategy:
      runOnce:
        deploy:
          steps:
          - task: KubernetesManifest@0
            displayName: Create imagePullSecret
            inputs:
              action: createSecret
              secretName: $(imagePullSecret)
              dockerRegistryEndpoint: $(dockerRegistryServiceConnection)
              
          - task: KubernetesManifest@0
            displayName: Deploy to Kubernetes cluster
            inputs:
              action: deploy
              manifests: |
                $(Pipeline.Workspace)/manifests/deployment.yml
                $(Pipeline.Workspace)/manifests/service.yml
              imagePullSecrets: |
                $(imagePullSecret)
              containers: |
                $(containerRegistry)/$(imageRepository):$(tag)
          - task: CmdLine@2
            displayName: Stackrox deployment check
            inputs:
              script: './roxctl deployment check --insecure-skip-tls-verify -e ${CENTRAL} --file ${KUBEYAML}'