ТЕМА: Omaha : azure devops subscription - Кабринский Эдуард

Omaha : azure devops subscription - Кабринский Эдуард 2 років 10 місяців тому #29961

Kabrinskiy Eduard - Devops extensions - Kabrinskiy Eduard


<h1>Devops extensions</h1>
<p>[youtube]</p>
Devops extensions <a href="remmont.com">Current news events</a> Devops extensions
<h1>Comparing Azure DevOps Extension Pipeline tasks with Github Actions</h1>
<p>In my last blog post I shared my first experiences with Github Actions. One of the features of Github Actions is that you can publish actions in GitHub Marketplace and share actions you’ve created with the GitHub community.</p>
<p>After having developed quite some Azure DevOps (Release) Extensions I wanted to learn how to develop custom Github Actions and compare them.</p>
<p>Let’s first start with a short intro into Azure DevOps Extensions for those who are unaware of this feature.</p>
<h1>Azure DevOps Extensions</h1>
<p>Extensions are simple add-ons that can be used to customize and extend your DevOps experience with Azure DevOps Services. They are written with standard technologies - HTML, JavaScript, CSS - and can be developed using your preferred development tools.</p>
<p>Extensions can have multiple CI/CD Azure Pipelines tasks.</p>
<h2>Advantages of Extension</h2>
<p>Some of the advantages of using Azure DevOps Exensions are:</p>
<p><ul>
<li>Easy consumable by DevOps teams</li>
<li>Available via a (Private) MarketPlace</li>
<li>Supports versioning of both Extension and Tasks within Extension</li>
</ul>
</p>
<p>Most of the Extensions with Azure Pipeline tasks I’ve developed where private Extensions to deploy ‘certified’ Azure Resources/Products which could be consumed by DevOps teams within the customer DevOps organization. Within these Extensions ARM templates and PowerShell scripts are used to deploy the ‘certified’ Azure Resources/Products.</p>
<p>With ‘cerfified’ Azure Products customers can embed security and/or service management controls into their to be consumed Azure Products. An example of a security control that could be added to a ‘certified’ Azure Storage Account product could be that <em>all data needs to be encrypted in transit over public and private interconnections</em>.</p>
<p>For the <em>Azure Storage Account</em> this would mean that the Secure transfer setting of the Storage Accounts needs to be enabled for all Storage Accounts to be deployed by DevOps teams in their pipelines. This setting can be configured in the ARM template used to deploy the Storage Account.</p>
<p>If you want to learn more about how to develop an Azure DevOps Extension you can also view the recording of my PowerShell Conference Europe session called “Extend your PowerShell skills by creating Azure DevOps Extensions”</p>
<h2>Azure DevOps Storage Account Extension</h2>
<p>The Storage Account Extension with Azure Pipeline tasks is build with PowerShell scripts and an ARM Template.</p>
<p style="clear: both"><img src="stefanstranger.github.io/assets/06-02-2020-01.png" /></p>
<p>The Storage Account is deployed using the Create-StorageAccount.ps1 PowerShell script and the ARM StorageAccount.json file.</p>
<p>To remove the Storage Account the Remove-StorageAccount.ps1 script is used. The Main.ps1 PowerShell script translates the input from the Azure DevOps Extension task and calls the Create or Remove Storage Accounts PowerShell scripts.</p>
<p>The rest of the artifacts are used to build and publish the Azure DevOps Extension.</p>
<p>Within an Azure DevOps Release the following Extension Task parameters can be configured as input:</p>
<p style="clear: both"><img src="stefanstranger.github.io/assets/06-02-2020-02.png" /></p>
<p>In a YAML pipeline it looks as follows:</p>
<p>In the next part of this blog post I want to create the same functionality, to deploy and remove an Azure Storage Account using Github Actions in a Github Workflow.</p>
<h3>Functionality Github Actions:</h3>
<p>In the Github Action I want to implement the following functionality.</p>
<p><ol>
<li>Deploy an Azure Storage Account using an ARM Template with the following parameters:</li>
</ol>
<ul>
<li>Resource Group name</li>
<li>Storage Account name</li>
<li>Location</li>
<li>Storage Account type (allowed values: “Standard_LRS”, “Standard_GRS”, “Standard_RAGRS”, “Standard_ZRS”)</li>
<li>Storage Account Access Tier (allowed values: “Hot”,”Cool”)</li>
</ul>
<ol></p>
<p>Github Action(s) only consumable by authorized Github Environments (simular to Private Visual Studio Marketplace)</p>
<p>Support for versioning</p>
<h2>Github Storage Account Action</h2>
<p>The Github Storage Account Action is build using a Docker container. The reason for me using a Docker container to build the Github Action is the reusability of the code I already used for the Azure DevOps Storage Account Extension and tasks.</p>
<p>Currently Github Actions supports the following options to build Github Actions:</p>
<h3>Steps to create a Docker container Action</h3>
<ol>
<li>Create Github Repository</li>
<li>Create a Dockerfile</li>
<li>Create an action metadata file</li>
<li>Write action code</li>
<li>Create a README</li>
<li>Commit, tag and push action to Github</li>
<li>Testing action in workflow</li>
</ol>
<p>Skipping describing step 1 because you can easily find information online on how to create a new repository.</p>
<p style="clear: both"><img src="stefanstranger.github.io/assets/23-02-2020-01.png" /></p>
<p><strong>Step 2. Create a Dockerfile</strong></p>
<p>In your new storageaccount directory, create a new Dockerfile file.</p>
<p><strong><em>Dockerfile</em></strong></p>
<p>Let’s go through the Dockerfile step by step.</p>
<p> <table> <tr> <th>FROM mcr.microsoft.com/powershell:7.0.0-rc.3-alpine-3.8</th> </tr> </table> </p>
<p>The FROM instruction initializes a new build stage and sets the Base Image for subsequent instructions. We need PowerShell (core) to run the PowerShell command to deploy and remove the Storage Account, so we will be using the currently latest available alpine version.</p>
<p> <table> <tr> <th>RUN pwsh -c "Install-Module Az.xxx -Acceptlicense -Force"</th> </tr> </table> </p>
<p>The Docker file needs to be able to run PowerShell scripts containing the following Azure PowerShell commands:</p>
<p><ul>
<li>Connect-AzAccount (to connect to Azure)</li>
<li>New-AzResourceGroupDeployment (to deploy Storage Account with ARM Template)</li>
<li>Get-AzStorageAccount (get Storage Account to validate if it exists before removing)</li>
<li>Remove-AzStorageAccount (to remove Storage Account)</li>
</ul>
</p>
<p>For above commands it’s necessary to install the following Azure PowerShell modules available in the Docker container:</p>
<p><ul>
<li>Az.Accounts</li>
<li>Az.Profile</li>
<li>Az.Resources</li>
<li>Az.Storage</li>
</ul>
<table><tr><th>COPY ./src/ ./tmp/</th></tr></table></p>
<p>The COPY instruction copies new files or directories from and adds them to the filesystem of the container at the path</p>
<p>We need this Docker file instruction to copy the ARM template and PowerShell script files to the container.</p>
<p style="clear: both"><img src="stefanstranger.github.io/assets/23-02-2020-02.png" /></p>
<p> <table> <tr> <th>ENTRYPOINT ["pwsh","-File","/tmp/scripts/Main.ps1"]</th> </tr> </table> </p>
<p>An ENTRYPOINT allows you to configure a container that will run as an executable.</p>
<p>In the last step of the Docker container file we want to run a PowerShell script which parses the arguments when starting the Docker container and handles the logic to deploy or remove the Storage Account.</p>
<p><strong>Step 3.Create an action metadata file</strong></p>
<p>Docker and JavaScript actions require a metadata file. The metadata filename must be either action.yml or action.yaml. The data in the metadata file defines the inputs, outputs and main entrypoint for your action.</p>
<p>With the inputs statement in the action.yml meta datafile we offer the users of the Github Action to input the required parameter values for the Main.ps1 script.</p>
<p>I choose to incorporate both the deployment and removal of a Storage Account in one Github Action, so some of the inputs are required while others a action specific.</p>
<p>To allow the Main.ps1 script to consume the input from the Docker Container I had to use arguments.</p>
<p>It took quite some time to figure out how to supply parameter input from a Docker Container to a Powershell script running within that container, but this is what made it work. If there are better or easier ways please let me know via the comments below this blog post.</p>
<p>The end result is that the arguments are passed on through the Main.ps1 script the followin way:</p>
<p><strong>Step 4. Write action code</strong></p>
<p>The main reason why I choose to use a Docker image for the Github Action is that you can use any language for my actions, including PowerShell.</p>
<p>The deployment of the Storage Account will be done with the Azure PowerShell cmdlet New-AzResourceGroupDeployment and the supplied ARM Template.</p>
<p><strong>Create-StorageAccount.ps1</strong></p>
<p>For the orchestration of the deployment or deletion of the Storage Account we are using below Main.ps1 PowerShell script.</p>
<p><strong>Main.ps1</strong></p>
<p><strong>Configure Azure credentials</strong></p>
<p>The Github Action needs credentials required to authenticate with Azure. With the following command we can create an Azure Service Principal (SPN) with Contributor permissions on the Subscription level.</p>
<p style="clear: both"><img src="stefanstranger.github.io/assets/23-02-2020-03.png" /></p>
<p>The properties of the AZURE_CREDENTIALS Github Secret will be used in the final Github Workflow as an environment variable.</p>
<p>In the Main.ps1 PowerShell script this Environment variable is used to authenticate to Azure.</p>
<p><strong>Step 5. Create README</strong></p>
<p>Just check the README I created to accompany this blog post.</p>
<p><strong>Step 6. Commit, tag and push action to Github</strong></p>
<p>From your terminal, commit your all the files.</p>
<p>It’s best practice to also add a version tag for releases of your action. For more information on versioning your action, see “About actions.”</p>
<p><strong>Step 6. Testing action in workflow</strong></p>
<p>Now you’re ready to test your action out in a workflow. When an action is in a private repository, the action can only be used in workflows in the same repository. Public actions can be used by workflows in any repository.</p>
<p>In the README you can find example workflows to deploy and remove an Azure Storage Account.</p>
<h1>Comparing Extension Tasks with Actions</h1>
<p>I tried to make some comparisons between Extension Tasks and Github Actions for below functionalities.</p>
<p>Keep in mind that I’m new to Github Actions so if I forgot to mention functionality please let me know in the comments of this blog post.</p>
<p> <table> <thead> <tr> <th>Functionality</th> <th>Extension</th> <th>Action</th> <th>Comments</th> </tr> </th> <tbody> <tr> <td>Extensibility</td> <td>Customization are not limited to CI/CD tasks</td> <td>Limited CI/CD tasks.</td> <td>Azure DevOps offers at the moment more functionality then Github. But I’ve not looked into Github Enterprise yet</td> </tr> <tr> <td>Supported development languages</td> <td>Typescript and PowerShell*</td> <td>Javascript, TypeScript, Python, Java</td> <td>Focussing on development of CI/CD tasks for both</td> </tr> <tr> <td>Marketplace</td> <td>Public and private Marketplace</td> <td>Public Marketplace</td> <td>For Azure DevOps you can choose to not have your extension publicly published and only shared with certain Azure DevOps Organizations. When a Github Action is in a private repository, the action can only be used in workflows in the same repository. Public actions can be used by workflows in any repository.</td> </tr> <tr> <td>GUI support</td> <td>Azure DevOps Extension tasks support both a GUI and can be used in classical and yaml pipelines</td> <td>No support for a GUI interface</td> </tr> <tr> <td>Versioning</td> <td>Both the Extension and task can be versioned</td> <td>Support for versioning using a commit SHA, branch, or tag</td> <td>Azure DevOps tasks support automatic or manual updating of the pipeline</td> </tr> <tr> <td>Bundling of activities</td> <td>Extensions can bundle multiple tasks</td> <td>Github Actions often seem to have one Action within the Github Repository</td> </tr> </tbody> </table> </p>
<h1>Conclusion</h1>
<p>I’ve been able to deploy and remove an Azure Storage Account re-using much of the code used within the Azure DevOps Extension task.</p>
<p>By creating a Private Github Repository I was able to limit the use of the Github Action to authorized users, but I could only create workflows within this Repository.</p>
<p>Automatically updating a workflow when a new (minor) version of the Github Action is released is not supported.</p>
<p>For Github Actions I’m missing native development support for PowerShell. This would really be helpful to simplify the development of Github Actions.</p>
<p>All in all Github Actions offer similar functionality as Azure DevOps Extension pipeline tasks but they are less mature in my opinion than DevOps Extension tasks.</p>
<h2>Devops extensions</h2>

<h3>Devops extensions</h3>
<p>[youtube]</p>
Devops extensions <a href="remmont.com">National news</a> Devops extensions
<h4>Devops extensions</h4>
This is my personal blog. I work at Microsoft as a Consultant. You can find some of my open source projects on Github. I like to share my knowledge about Azure, PowerShell and DevOps
<h5>Devops extensions</h5>
Devops extensions <a href="remmont.com">Devops extensions</a> Devops extensions
SOURCE: <h6>Devops extensions</h6> <a href="dev-ops.engineer/">Devops extensions</a> Devops extensions
#tags#[replace: -,-Devops extensions] Devops extensions#tags#

Эдуард Кабринский
headline news
  • SHEQELBoolo
  • SHEQELBoolo аватар
  • Немає на сайті
  • Платиновий учасник
  • Дописи: 3182
  • Репутація: 0
Адміністратор заборонив доступ на запис.
Час відкриття сторінки: 0.066 секунд