azure-pipelines-product-construction-service.yml

# Changes the format of the Build.BuildNumber variable
name: $(Date:yyyyMMdd)$(Rev:r)

trigger:
  branches:
    include:
      - main

pr:
  branches:
    include:
      - main

variables:
- name: resourceGroupName
  value: product-construction-service
- name: containerName
  value: product-construction-service.api
- name: diffFolder
  value: $(Build.ArtifactStagingDirectory)/diff
- ${{ if ne(variables['Build.SourceBranch'], 'refs/heads/production') }}:
  # https://dev.azure.com/dnceng/internal/_library?itemType=VariableGroups&view=VariableGroupView&variableGroupId=189
  - group: Product-Construction-Service-Int
  - name: containerappName
    value: product-construction-int
  - name: containerRegistryName
    value: productconstructionint
  - name: containerappEnvironmentName
    value: product-construction-service-env-int
  - name: dockerRegistryUrl
    value: productconstructionint.azurecr.io
  - name: serviceConnectionName
    value: ProductConstructionServiceDeploymentInt
  - name: authServiceConnection
    value: "Darc: Maestro Staging"
  - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
    - name: devBranchSuffix
      value:
  - ${{ else }}:
    - name: devBranchSuffix
      value: -dev

stages:
- stage: DeployPCS
  displayName: Deploy Product Construction Service
  dependsOn: []
  jobs:
  - job: DeployPCS
    displayName: Deploy Product Construction Service
    pool:
      name: NetCore1ESPool-Internal
      demands: ImageOverride -equals 1es-ubuntu-2004

    steps:
    - checkout: self

    - powershell: |
        Write-Host "Dev branch suffix is $(devBranchSuffix)"
        $shortSha = "$(Build.SourceVersion)".Substring(0,10)
        $newDockerTag = "$(Build.BuildNumber)-$(System.JobAttempt)-$shortSha$(devBranchSuffix)"
        Write-Host "##vso[task.setvariable variable=newDockerImageTag]$newDockerTag"
        Write-Host "set newDockerImageTag to $newDockerTag"
      displayName: Generate docker image tag

    - powershell: >
        docker build .
        -f $(Build.SourcesDirectory)/src/ProductConstructionService/ProductConstructionService.Api/Dockerfile
        -t "$(dockerRegistryUrl)/$(containerName):$(newDockerImageTag)"
      displayName: Build docker image

    - ${{ if notin(variables['Build.Reason'], 'PullRequest') }}:
      - powershell: |
          echo $(container-registry-password) | docker login --username $(container-registry-username) --password-stdin $(dockerRegistryUrl)
          docker push "$(dockerRegistryUrl)/$(containerName):$(newDockerImageTag)"
        displayName: Push docker image

      - ${{ if ne(variables['Build.SourceBranch'], 'refs/heads/production') }}:
        - task: AzureCLI@2
          inputs:
            # The Service Connection name needs to be known at compile time, so we can't use a variable for the azure subscription
            azureSubscription: $(serviceConnectionName)
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              New-Item -ItemType Directory -Path $(diffFolder)
              $before = az containerapp show --name $(containerappName) -g $(resourceGroupName) --output json
              Set-Content -Path $(diffFolder)/before.json -Value $before
          displayName: Snapshot configuration (before)

        - task: AzureCLI@2
          name: GetAuthInfo
          displayName: Get PCS Token
          inputs:
            azureSubscription: $(authServiceConnection)
            addSpnToEnvironment: true
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              # Fetch pcs token
              $token = (az account get-access-token --resource "$env:servicePrincipalId" | ConvertFrom-Json).accessToken
              "##vso[task.setvariable variable=Token;isOutput=true;isSecret=true]$token"

        - task: AzureCLI@2
          inputs:
            azureSubscription: $(serviceConnectionName)
            scriptType: pscore
            scriptLocation: scriptPath
            scriptPath: $(Build.SourcesDirectory)/eng/deployment/product-construction-service-deploy.ps1
            arguments: >
              -resourceGroupName $(resourceGroupName)
              -containerappName $(containerappName)
              -newImageTag $(newDockerImageTag)
              -containerRegistryName $(containerRegistryName)
              -imageName $(containerName)
              -token $(GetAuthInfo.Token)
          displayName: Deploy container app

        - task: AzureCLI@2
          inputs:
            azureSubscription: $(serviceConnectionName)
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              $after = az containerapp show --name $(containerappName) -g $(resourceGroupName) --output json
              Set-Content -Path $(diffFolder)/after.json -Value $after
          displayName: Snapshot configuration (after)

        # git diff will set the exit code to 1, since the files are different, we have to manually set it back to 0
        - powershell: |
            $diff = git diff before.json after.json
            $LASTEXITCODE = 0
            Set-Content -Path diff -Value $diff
          displayName: Diff configuration snapshots
          workingDirectory: $(diffFolder)

        - publish: $(diffFolder)
          displayName: Upload snapshot diff
          artifact: DeploymentDiff