back-2-95/azure-pipelines.yml

## azure-pipelines.yml
trigger:
  branches:
    # These must have existing instance on Lagoon
    include:
      - dev
      - qa
      - main

pool:
  vmImage: 'ubuntu-latest'

variables:
  lagoonCliPath: /usr/local/bin/lagoon
  lagoonCliRepo: https://github.com/uselagoon/lagoon-cli
  lagoonCliVersion: v0.12.3
  lagoonProject: YOUR_LAGOON_PROJECT_NAME

steps:

  # No need to checkout the repo
  - checkout: none

  - task: InstallSSHKey@0
    inputs:
      # ssh-keyscan -p 32222 ssh.lagoon.amazeeio.cloud
      knownHostsEntry: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAarTMx5JowyAcLlxZFixEa2OAlMO8td3JmBhYF9fVkym/ycs825Syf81KjgXfkW0/PpHbNPSiYM4X/j9fU9Wr7l2Qfzr3VZBHWCch1NeYJNhp3HMZ0US+85X7g6kgfkxX5zjOvmqbKIw1ncD0Bqop8PaWpL67TG53dk1CQjpPbup54H5cSoxjqaJS0D6TDYHvV4M2xnzjdza/OUD+HogP+FUhZnca2c4xDT0ZIN54Pjv4LWQzQzG2LUv16ooOc/9EdxEUoILqaPaomyH3C69Un4lPuJypBFNTQ6UOuuGyeeUX7vgvJ4SA8MR2aQLA4J7np8blccXiCeBD0WYbtYNJIszeSuloXg/fPfsdK1ZoONToaoA+ZA+I2LmKcnmEmjMW59jvslNUoW4QduZZ5K/AVuO9PxYC0bqUvGlXKeTgJ6P4+7T07PbqkaWHxQjKk5fUS3ScDNj2B8AVV0wzGrXy24GWD6OrOrdwJ5veQe/ss0f8q9jHu8P9cMEKPloZluM='
      # Content of your public key.
      sshPublicKey: 'YOUR_PUBLIC_KEY_CONTENT'
      # Upload private key in Azure DevOps > Pipelines > Library > Secure files.
      # Add here the name of that secure file:
      sshKeySecureFile: 'azure_deploy_key_id_rsa'

  - script: |
      ssh-add -l
      curl -L "$(lagoonCliRepo)/releases/download/$(lagoonCliVersion)/lagoon-cli-$(lagoonCliVersion)-linux-amd64" -o $(lagoonCliPath)
      chmod +x $(lagoonCliPath)
    displayName: 'Install Lagoon CLI $(lagoonCliVersion) to $(lagoonCliPath)'

  - script: |
      lagoon --force login
      lagoon -p $(lagoonProject) list environments
      lagoon -p $(lagoonProject) deploy branch -b $(Build.SourceBranchName) --force
    displayName: 'Trigger deployment on $(Build.SourceBranchName) with Lagoon CLI'

## ssh-git-proxy.md

      
    Raw
  

              ssh-git-proxy.md
            
          
    Setting up Azure SSH Proxy for Lagoon Deployment

You need to create a dedicated proxy user on a server where you've full control over the ssh service.
In following scenario we used the username git.
Creating git user and ssh confs for it:

ssh-keygen -f ~/id_azure -t rsa
sudo useradd -m git
sudo mkdir /home/git/.ssh/
sudo mv ~/id_azure* /home/git/.ssh
sudo echo "Host ssh.dev.azure.com" >> /home/git/.ssh/config
sudo echo "HostkeyAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "#PubkeyAcceptedAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "#HostkeyAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "User git" >> /home/git/.ssh/config
sudo echo "IdentityFile /home/git/.ssh/id_azure" >> /home/git/.ssh/config
sudo touch /home/git/.ssh/known_hosts
sudo touch /home/git/.ssh/authorized_keys
sudo echo "LAGOON_ED25519_DEPLOY_KEY Lagoon-Key" >> /home/git/.ssh/authorized_keys
sudo chown -R git:git /home/git
sudo chmod 644 /home/git/.ssh/*
sudo chmod 400 /home/git/.ssh/id_azure
cat /home/git/.ssh/id_azure.pub
!! Enable PubkeyAcceptedAlgorithms / HostkeyAlgorithms if you run OpenSSH >=8.8 (use ssh -V to check version) \
Add public key to Azure user SSH keys

Get the contents from /home/git/.ssh/id_azure.pub
And add them in Azure DevOps > User settings > SSH public keys
Test connection:

sudo runuser -u git -- ssh -v ssh.dev.azure.com
Check for "debug1: Authentication succeeded (publickey)." 

Followup error like "shell request failed on channel 0" is fine.
Configure SSHD to force SSH forwarding to ssh.dev.azure.com for user git.

sudo echo "" >> /etc/ssh/sshd_config
sudo echo "" >> /etc/ssh/sshd_config
sudo echo "Match User git" >> /etc/ssh/sshd_config
sudo echo "  ForceCommand ssh -T ssh.dev.azure.com \$SSH_ORIGINAL_COMMAND" >> /etc/ssh/sshd_config
sudo systemctl restart ssh.service
To test with your own key:

sudo echo "YOUR_ED25519_KEY" >> /home/git/.ssh/authorized_keys
Now you should be able to execute following command locally - given your local public key was also added to /home/azure/.ssh/authorized_keys:
git clone git@CUSTOM_SERVER_IP_OR_HOSTNAME:v3/OrganizationName/ProjectName/REPOSITORY
Change Git Url for Lagoon project

lagoon update p -p YOUR_LAGOON_PROJECT -g git@CUSTOM_SERVER_IP_OR_HOSTNAME:v3/OrganizationName/ProjectName/REPOSITORY.git
	trigger:
	branches:
	# These must have existing instance on Lagoon
	include:
	- dev
	- qa
	- main

	pool:
	vmImage: 'ubuntu-latest'

	variables:
	lagoonCliPath: /usr/local/bin/lagoon
	lagoonCliRepo: https://github.com/uselagoon/lagoon-cli
	lagoonCliVersion: v0.12.3
	lagoonProject: YOUR_LAGOON_PROJECT_NAME

	steps:

	# No need to checkout the repo
	- checkout: none

	- task: InstallSSHKey@0
	inputs:
	# ssh-keyscan -p 32222 ssh.lagoon.amazeeio.cloud
	knownHostsEntry: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAarTMx5JowyAcLlxZFixEa2OAlMO8td3JmBhYF9fVkym/ycs825Syf81KjgXfkW0/PpHbNPSiYM4X/j9fU9Wr7l2Qfzr3VZBHWCch1NeYJNhp3HMZ0US+85X7g6kgfkxX5zjOvmqbKIw1ncD0Bqop8PaWpL67TG53dk1CQjpPbup54H5cSoxjqaJS0D6TDYHvV4M2xnzjdza/OUD+HogP+FUhZnca2c4xDT0ZIN54Pjv4LWQzQzG2LUv16ooOc/9EdxEUoILqaPaomyH3C69Un4lPuJypBFNTQ6UOuuGyeeUX7vgvJ4SA8MR2aQLA4J7np8blccXiCeBD0WYbtYNJIszeSuloXg/fPfsdK1ZoONToaoA+ZA+I2LmKcnmEmjMW59jvslNUoW4QduZZ5K/AVuO9PxYC0bqUvGlXKeTgJ6P4+7T07PbqkaWHxQjKk5fUS3ScDNj2B8AVV0wzGrXy24GWD6OrOrdwJ5veQe/ss0f8q9jHu8P9cMEKPloZluM='
	# Content of your public key.
	sshPublicKey: 'YOUR_PUBLIC_KEY_CONTENT'
	# Upload private key in Azure DevOps > Pipelines > Library > Secure files.
	# Add here the name of that secure file:
	sshKeySecureFile: 'azure_deploy_key_id_rsa'

	- script: \|
	ssh-add -l
	curl -L "$(lagoonCliRepo)/releases/download/$(lagoonCliVersion)/lagoon-cli-$(lagoonCliVersion)-linux-amd64" -o $(lagoonCliPath)
	chmod +x $(lagoonCliPath)
	displayName: 'Install Lagoon CLI $(lagoonCliVersion) to $(lagoonCliPath)'

	- script: \|
	lagoon --force login
	lagoon -p $(lagoonProject) list environments
	lagoon -p $(lagoonProject) deploy branch -b $(Build.SourceBranchName) --force
	displayName: 'Trigger deployment on $(Build.SourceBranchName) with Lagoon CLI'