Skip to content

Instantly share code, notes, and snippets.

@back-2-95
Last active May 13, 2022 11:28
Show Gist options
  • Save back-2-95/bb73dc3d76cdae889ed4bd87930682f9 to your computer and use it in GitHub Desktop.
Save back-2-95/bb73dc3d76cdae889ed4bd87930682f9 to your computer and use it in GitHub Desktop.
Trigger Lagoon deployment from Azure pipeline
trigger:
branches:
# These must have existing instance on Lagoon
include:
- dev
- qa
- main
pool:
vmImage: 'ubuntu-latest'
variables:
lagoonCliPath: /usr/local/bin/lagoon
lagoonCliRepo: https://github.com/uselagoon/lagoon-cli
lagoonCliVersion: v0.12.3
lagoonProject: YOUR_LAGOON_PROJECT_NAME
steps:
# No need to checkout the repo
- checkout: none
- task: InstallSSHKey@0
inputs:
# ssh-keyscan -p 32222 ssh.lagoon.amazeeio.cloud
knownHostsEntry: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAarTMx5JowyAcLlxZFixEa2OAlMO8td3JmBhYF9fVkym/ycs825Syf81KjgXfkW0/PpHbNPSiYM4X/j9fU9Wr7l2Qfzr3VZBHWCch1NeYJNhp3HMZ0US+85X7g6kgfkxX5zjOvmqbKIw1ncD0Bqop8PaWpL67TG53dk1CQjpPbup54H5cSoxjqaJS0D6TDYHvV4M2xnzjdza/OUD+HogP+FUhZnca2c4xDT0ZIN54Pjv4LWQzQzG2LUv16ooOc/9EdxEUoILqaPaomyH3C69Un4lPuJypBFNTQ6UOuuGyeeUX7vgvJ4SA8MR2aQLA4J7np8blccXiCeBD0WYbtYNJIszeSuloXg/fPfsdK1ZoONToaoA+ZA+I2LmKcnmEmjMW59jvslNUoW4QduZZ5K/AVuO9PxYC0bqUvGlXKeTgJ6P4+7T07PbqkaWHxQjKk5fUS3ScDNj2B8AVV0wzGrXy24GWD6OrOrdwJ5veQe/ss0f8q9jHu8P9cMEKPloZluM='
# Content of your public key.
sshPublicKey: 'YOUR_PUBLIC_KEY_CONTENT'
# Upload private key in Azure DevOps > Pipelines > Library > Secure files.
# Add here the name of that secure file:
sshKeySecureFile: 'azure_deploy_key_id_rsa'
- script: |
ssh-add -l
curl -L "$(lagoonCliRepo)/releases/download/$(lagoonCliVersion)/lagoon-cli-$(lagoonCliVersion)-linux-amd64" -o $(lagoonCliPath)
chmod +x $(lagoonCliPath)
displayName: 'Install Lagoon CLI $(lagoonCliVersion) to $(lagoonCliPath)'
- script: |
lagoon --force login
lagoon -p $(lagoonProject) list environments
lagoon -p $(lagoonProject) deploy branch -b $(Build.SourceBranchName) --force
displayName: 'Trigger deployment on $(Build.SourceBranchName) with Lagoon CLI'

Setting up Azure SSH Proxy for Lagoon Deployment

You need to create a dedicated proxy user on a server where you've full control over the ssh service. In following scenario we used the username git.

Creating git user and ssh confs for it:

ssh-keygen -f ~/id_azure -t rsa
sudo useradd -m git
sudo mkdir /home/git/.ssh/
sudo mv ~/id_azure* /home/git/.ssh
sudo echo "Host ssh.dev.azure.com" >> /home/git/.ssh/config
sudo echo "HostkeyAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "#PubkeyAcceptedAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "#HostkeyAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "User git" >> /home/git/.ssh/config
sudo echo "IdentityFile /home/git/.ssh/id_azure" >> /home/git/.ssh/config
sudo touch /home/git/.ssh/known_hosts
sudo touch /home/git/.ssh/authorized_keys
sudo echo "LAGOON_ED25519_DEPLOY_KEY Lagoon-Key" >> /home/git/.ssh/authorized_keys
sudo chown -R git:git /home/git
sudo chmod 644 /home/git/.ssh/*
sudo chmod 400 /home/git/.ssh/id_azure
cat /home/git/.ssh/id_azure.pub

!! Enable PubkeyAcceptedAlgorithms / HostkeyAlgorithms if you run OpenSSH >=8.8 (use ssh -V to check version) \

Add public key to Azure user SSH keys

Get the contents from /home/git/.ssh/id_azure.pub And add them in Azure DevOps > User settings > SSH public keys

Test connection:

sudo runuser -u git -- ssh -v ssh.dev.azure.com

Check for "debug1: Authentication succeeded (publickey)."
Followup error like "shell request failed on channel 0" is fine.

Configure SSHD to force SSH forwarding to ssh.dev.azure.com for user git.

sudo echo "" >> /etc/ssh/sshd_config
sudo echo "" >> /etc/ssh/sshd_config
sudo echo "Match User git" >> /etc/ssh/sshd_config
sudo echo "  ForceCommand ssh -T ssh.dev.azure.com \$SSH_ORIGINAL_COMMAND" >> /etc/ssh/sshd_config
sudo systemctl restart ssh.service

To test with your own key:

sudo echo "YOUR_ED25519_KEY" >> /home/git/.ssh/authorized_keys

Now you should be able to execute following command locally - given your local public key was also added to /home/azure/.ssh/authorized_keys:

git clone git@CUSTOM_SERVER_IP_OR_HOSTNAME:v3/OrganizationName/ProjectName/REPOSITORY

Change Git Url for Lagoon project

lagoon update p -p YOUR_LAGOON_PROJECT -g git@CUSTOM_SERVER_IP_OR_HOSTNAME:v3/OrganizationName/ProjectName/REPOSITORY.git
@back-2-95
Copy link
Author

back-2-95 commented May 13, 2022

Requirements:

  • LAGOON_ED25519_DEPLOY_KEY content from Amazee.io
  • Lagoon project clones the repository from Azure DevOps Repos
  • Create SSH key pair with ssh-keygen -t rsa and without passphrase
  • Add public key to your Lagoon user's SSH keys in https://dashboard.amazeeio.cloud/settings with name e.g. Azure deploy key
  • Upload private key in Azure DevOps > Pipelines > Library > Secure files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment