Prerequisites
- In Azure, have a service principal to have the rights to connect to subscription
- In Azure Devops, a service connection using this service principal
- Resource group created in Azure where resources are created (MYRG)
- Azure Container Registry (ACR) set up in Azure name "ACR01" and authorized to be used by this pipeline (create a service connection in **Project settings > Pipelines > service connection**)
- App service with a staging slot created in Azure
Trigger the pipeline
Here is the declaration of the action which trigger the pipeline:
With this declaration the pipeline will be triggered with a commit on master branch and for the creation of a pull request on master branch.
CI
In the CI stage we want to declare:
- Tests should be run for each pipeline
- Build, scan and push images in ACR only when a commit on master
These two operations shall be done in parallel to save time.
Warning: Make sure you have at least 2 agents declared in Project settings > Pipelines > Parallel jobs. See example if you are going to use Azure DevOps agents:
Parallel jobs
Here is the configuration to have parallel jobs:
Here we are using Azure DevOps agents "ubuntu-latest"
In job Build_scan_push there is a condition saying that this job is executed only for a commit on master branch.
Tests
The tests are described in the file tests.yaml and depend on your application. Here is an example:
Build
Here is how to build your image (file build.yaml):
Scan
In order to avoid any vulnerability in your image a scan is required. Here we use Trivy solution (file scan.yaml):
Push
Once the image is build and scanned we can push it in the ACR (file push.yaml):
Deployment
Now we are going to describe the second stage where the application will be deployed in an Azure app service using the blue/green process. So first we will deploy the container in the app service staging slot. Then, when the application is fully started on staging slot, swap the production slot and the staging slot.
This stage is executed only if the CI is succeeded and if the pipeline is triggered by a commit on master.
Final file
So here is the final file:
You have now set up a pipeline in Azure Devops to deploy your containered code in an App service. Your pipeline triggers automatically on different events on your repository. And you have optimized the time deployment using parallel jobs.
What do you think? Leave your comments here !