Created
March 3, 2021 21:52
-
-
Save Wind010/c629463e7271f1d8aae16a606a26b15a to your computer and use it in GitHub Desktop.
Example azure-pipelines.yml that restores, builds, tests, code coverage report, Snyk scan, publishes artifacts. Stage for source and docker image build and publish.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# .NET Core Function App to Windows on Azure | |
# Build a .NET Core function app and deploy it to Azure as a Windows function App. | |
# Add steps that analyze code, save build artifacts, deploy, and more: | |
# https://docs.microsoft.com/en-us/azure/devops/pipelines/languages/dotnet-core | |
name: $(Date:yyyyMMdd)$(Rev:.r)-$(SourceBranchName) | |
trigger: | |
- master | |
- develop | |
variables: | |
# Azure Resource Manager connection created during pipeline creation | |
azureSubscription: 'YOUR_SUBSCRIPTION_ID' | |
# Agent VM image name | |
vmImageName: 'ubuntu-latest' | |
# Working Directory | |
workingDirectory: '' | |
projectName: 'payments-address' | |
mainProject: 'Some.API.csproj' | |
projectImageName: 'some.api' | |
containerRepository: 'YOUR_AZURE_CONTAINER_REPOSITORY' | |
tag: $(Build.BuildId)' | |
# Snyk | |
snykServiceConnectionName: 'YOUR Snyk Service Connection' | |
snykOrgId: '4ba743f7-3efd-4a36-8476-2a9dc010abc9' | |
buildPlatform: 'Any CPU' | |
buildConfiguration: 'Release' | |
runtime: 'win-x64' | |
Version.MajorMinor: 1.0 | |
Version.Revision: $[counter(variables['Version.MajorMinor'], 0)] | |
artifactName: $(Build.BuildId)-$(Build.SourceBranchName).zip | |
# Artifact Name | |
${{ if eq(variables['Build.SourceBranchName'], 'master') }}: | |
artifactName: $(Build.BuildId).zip | |
# Artifact feed credentials | |
AZURE_USERNAME: $(AccessTokenName) | |
AZURE_ARTIFACT_TOKEN: $(AccessTokenValue) | |
stages: | |
- stage: Build | |
displayName: Build Stage | |
jobs: | |
- job: Build | |
displayName: Build | |
pool: | |
vmImage: 'windows-latest' | |
steps: | |
- task: DotNetCoreCLI@2 | |
displayName: Restore | |
inputs: | |
command: 'restore' | |
projects: '**/*.csproj' | |
feedsToUse: 'select' | |
vstsFeed: 'YOUR_PACKAGE_FEED_ID' | |
verbosityRestore: 'Minimal' | |
- task: DotNetCoreCLI@2 | |
displayName: 'Build' | |
inputs: | |
command: 'build' | |
projects: | | |
**/*.csproj | |
arguments: '--configuration $(buildConfiguration) ' | |
- task: DotNetCoreCLI@2 | |
displayName: 'Run Tests' | |
inputs: | |
command: test | |
projects: '**/*[Tt]ests/**/*.csproj' | |
#arguments: '--configuration $(buildConfiguration) --filter TestCategory!=Integration&TestCategory!=E2E --collect "Code coverage"' | |
arguments: '--configuration $(buildConfiguration) --filter TestCategory!=Integration&TestCategory!=E2E --collect:"XPlat Code Coverage" /p:CollectCoverage=true /p:CoverletOutputFormat=cobertura' | |
publishTestResults: true | |
- task: reportgenerator@4 | |
displayName: 'Generate Code Coverage Report' | |
inputs: | |
reports: '$(Agent.TempDirectory)\**\coverage.cobertura.xml' | |
targetdir: '$(Build.SourcesDirectory)\TestResults\CoverageReport' | |
sourcedirs: '$(Build.SourcesDirectory)' | |
- task: PublishCodeCoverageResults@1 | |
displayName: 'Publish Code Coverage Results' | |
inputs: | |
codeCoverageTool: 'Cobertura' | |
summaryFileLocation: '$(Agent.TempDirectory)\**\coverage.cobertura.xml' | |
#reportDirectory: '$(Build.SourcesDirectory)/**/Coverage' | |
- task: SnykSecurityScan@0 | |
displayName: 'Snyk Scan Source Code' | |
inputs: | |
serviceConnectionEndpoint: $(snykServiceConnectionName) | |
testType: 'app' | |
severityThreshold: 'high' | |
monitorOnBuild: true | |
failOnIssues: false | |
organization: $(snykOrgId) | |
additionalArguments: '--all-projects --exclude=tests --detection-depth=8' | |
- task: DotNetCoreCLI@2 | |
displayName: 'Dotnet Publish' | |
inputs: | |
command: publish | |
publishWebProjects: True | |
arguments: '--configuration $(BuildConfiguration) --output $(Build.ArtifactStagingDirectory)' | |
zipAfterPublish: true | |
- task: PublishBuildArtifacts@1 | |
inputs: | |
PathtoPublish: '$(Build.ArtifactStagingDirectory)' | |
ArtifactName: 'drop' | |
publishLocation: 'Container' | |
# Alternative working previously | |
# - task: ArchiveFiles@2 | |
# displayName: 'Archive files' | |
# inputs: | |
# rootFolderOrFile: '$(System.ArtifactStagingDirectory)' | |
# includeRootFolder: false | |
# archiveType: zip | |
# archiveFile: $(Build.ArtifactStagingDirectory)/$(artifactName) | |
# replaceExistingArchive: true | |
- stage: DockerBuild | |
displayName: Docker Build Stage | |
dependsOn: Build | |
jobs: | |
- job: DockerBuild | |
displayName: 'Docker Image Build and Push' | |
pool: | |
vmImage: 'ubuntu-latest' | |
steps: | |
# https://github.com/Azure/azure-cli/issues/8305 | |
# - task: Docker@2 | |
# displayName: 'Docker Image Build' | |
# inputs: | |
# containerRegistry: 'Cassa_Azure_Container_Registry' | |
# repository: 's00374acrcassa' | |
# command: 'build' | |
# Dockerfile: '$(Build.SourcesDirectory)/Dockerfile' | |
# arguments: AZURE_ARTIFACT_TOKEN=$(AccessTokenName),AZURE_USERNAME=$(- task: CmdLine@2 | |
# tags: $(Build.BuildId) | |
# - task: Docker@2 | |
# displayName: 'Docker Image Push' | |
# inputs: | |
# containerRegistry: 'Cassa_Azure_Container_Registry' | |
# repository: 's00374acrcassa' | |
# command: 'push' | |
# tags: $(Build.BuildId) | |
- task: Docker@2 | |
displayName: 'Azure Container Registry Login' | |
inputs: | |
containerRegistry: 'Cassa Azure Container Registry' | |
command: 'login' | |
- task: CmdLine@2 | |
displayName: 'Docker Build' | |
inputs: | |
script: 'docker build -t $(containerRepository)/$(projectImageName):$(tag) --build-arg AZURE_ARTIFACT_TOKEN=$(AccessTokenName) --build-arg AZURE_USERNAME=$(AccessTokenValue) .' | |
#script: 'docker build -t s00374acrcassa.azurecr.io/payments-address.api:$(Build.BuildId) --build-arg AZURE_ARTIFACT_TOKEN=$(AccessTokenName) --build-arg AZURE_USERNAME=$(AccessTokenValue) .' | |
- task: SnykSecurityScan@0 | |
displayName: 'Snyk Scan Container Image' | |
inputs: | |
serviceConnectionEndpoint: 'Snyk Service Connection' | |
testType: 'container' | |
dockerImageName: '$(containerRepository)/$(projectImageName):$(tag)' | |
severityThreshold: 'high' | |
monitorOnBuild: true | |
failOnIssues: false | |
organization: $(snykOrgId) | |
- task: CmdLine@2 | |
displayName: 'Docker Push' | |
inputs: | |
script: 'docker push $(containerRepository)/$(projectImageName):$(tag)' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment