lawrencegripper/.Dockerfile

## .Dockerfile
# Very basic devcontainer, see line 15 copying in build agent start script
# https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/dotnet/dotnet-core-tools.Dockerfile
FROM mcr.microsoft.com/azure-functions/dotnet:3.0-dotnet3-core-tools

# To make it easier for build and release pipelines to run apt-get,
# configure apt to not require confirmation (assume the -y argument by default)
ENV DEBIAN_FRONTEND=noninteractive
RUN echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes

# Install system tools
RUN apt-get update \
    && apt-get -y install --no-install-recommends apt-utils nano unzip curl icu-devtools bash-completion jq

# Add AzureDevops build agent script
COPY ./buildagentstart.sh .

## buildagentstart.sh
#!/bin/bash
set -e

# This script comes from the following documentation
# See https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops

if [ -z "$AZP_URL" ]; then
  echo 1>&2 "error: missing AZP_URL environment variable"
  exit 1
fi

if [ -z "$AZP_TOKEN_FILE" ]; then
  if [ -z "$AZP_TOKEN" ]; then
    echo 1>&2 "error: missing AZP_TOKEN environment variable"
    exit 1
  fi

  mkdir -p /azp/
  AZP_TOKEN_FILE=/azp/.token
  echo -n $AZP_TOKEN > "$AZP_TOKEN_FILE"
fi

unset AZP_TOKEN

if [ -n "$AZP_WORK" ]; then
  mkdir -p "$AZP_WORK"
fi

rm -rf /azp/agent
mkdir /azp/agent
cd /azp/agent

export AGENT_ALLOW_RUNASROOT="1"

cleanup() {
  if [ -e config.sh ]; then
    print_header "Cleanup. Removing Azure Pipelines agent..."

    ./config.sh remove --unattended \
      --auth PAT \
      --token $(cat "$AZP_TOKEN_FILE")
  fi
}

print_header() {
  lightcyan='\033[1;36m'
  nocolor='\033[0m'
  echo -e "${lightcyan}$1${nocolor}"
}

# Let the agent ignore the token env variables
export VSO_AGENT_IGNORE=AZP_TOKEN,AZP_TOKEN_FILE

print_header "1. Determining matching Azure Pipelines agent..."

AZP_AGENT_RESPONSE=$(curl -LsS \
  -u user:$(cat "$AZP_TOKEN_FILE") \
  -H 'Accept:application/json;api-version=3.0-preview' \
  "$AZP_URL/_apis/distributedtask/packages/agent?platform=linux-x64")

if echo "$AZP_AGENT_RESPONSE" | jq . >/dev/null 2>&1; then
  AZP_AGENTPACKAGE_URL=$(echo "$AZP_AGENT_RESPONSE" \
    | jq -r '.value | map([.version.major,.version.minor,.version.patch,.downloadUrl]) | sort | .[length-1] | .[3]')
fi

if [ -z "$AZP_AGENTPACKAGE_URL" -o "$AZP_AGENTPACKAGE_URL" == "null" ]; then
  echo 1>&2 "error: could not determine a matching Azure Pipelines agent - check that account '$AZP_URL' is correct and the token is valid for that account"
  exit 1
fi

print_header "2. Downloading and installing Azure Pipelines agent..."

curl -LsS $AZP_AGENTPACKAGE_URL | tar -xz & wait $!

source ./env.sh

print_header "3. Configuring Azure Pipelines agent..."

./config.sh --unattended \
  --agent "${AZP_AGENT_NAME:-$(hostname)}" \
  --url "$AZP_URL" \
  --auth PAT \
  --token $(cat "$AZP_TOKEN_FILE") \
  --pool "${AZP_POOL:-Default}" \
  --work "${AZP_WORK:-_work}" \
  --replace \
  --acceptTeeEula & wait $!

print_header "4. Running Azure Pipelines agent..."

trap 'cleanup; exit 130' INT
trap 'cleanup; exit 143' TERM

# To be aware of TERM and INT signals call run.sh
# Running it with the --once flag at the end will shut down the agent after the build is executed
./run.sh & wait $!

## main.tf

variable azp_docker_image {
  description = "The docker image to use when running the build agent. This defaults to a build of ./.devcontainer pushed to the ACR container"
  type        = string
  default     = "your_repo_name_here.azurecr.io/devcontainer:buildagent"
}

variable azp_token {
  description = "The token used for the azure pipelines build agent to connect to Azure Devops"
  type        = string
  default     = ""
}

variable azp_url {
  description = "The url of the Azure Devops instance for the agent to connect to eg: https://dev.azure.com/yourOrg"
  type        = string
  default     = "https://dev.azure.com/your_org_here"
}

variable "docker_registry_username" {
  description = "Docker registry to be used for containers"
  default     = "your_repo_name_here"
}

variable "docker_registry_password" {
  description = "Docker registry password"
}

variable "subnet_id" {
  description = "Azure subnet ID the build agent should be deployed onto"
}

variable "docker_registry_url" {
  description = "Docker registry url"
  default     = "your_repo_here.azurecr.io"
}

resource "azurerm_resource_group" "env" {
  location = var.resource_group_location
  name     = var.resource_group_name
  tags     = var.tags
}

resource "azurerm_network_profile" "buildagent" {
  name                = "acg-profile"
  location            = azurerm_resource_group.env.location
  resource_group_name = azurerm_resource_group.env.name

  container_network_interface {
    name = "acg-nic"

    ip_configuration {
      name      = "aciipconfig"
      subnet_id = var.subnet_id
    }
  }
}

resource "azurerm_container_group" "build_agent" {
  name                = "buildagent"
  location            = azurerm_resource_group.env.location
  resource_group_name = azurerm_resource_group.env.name
  tags                = var.tags

  network_profile_id = azurerm_network_profile.buildagent.id
  ip_address_type    = "Private"

  os_type = "Linux"

  image_registry_credential {
    username = var.docker_registry_username
    password = var.docker_registry_password
    server   = var.docker_registry_url
  }

  container {
    name     = "buildagent"
    image    = var.azp_docker_image
    cpu      = "1"
    memory   = "2"
    commands = ["bash", "-f", "./buildagentstart.sh"]

    ports {
      port     = 443
      protocol = "TCP"
    }

    environment_variables = {
      // The URL of the Azure DevOps or Azure DevOps Server instance.
      AZP_URL = var.azp_url
      // Personal Access Token (PAT) with Agent Pools (read, manage) scope, created by a user who has permission to configure agents, at AZP_URL.
      AZP_TOKEN = var.azp_token
      // Agent name (default value: the container hostname).
      AZP_AGENT_NAME = local.shared_env.rg.name
      // Agent pool name (default value: Default).
      AZP_POOL = local.shared_env.rg.name
      // Work directory (default value: _work).
      AZP_WORK = "_work"
    }
  }
}
	# Very basic devcontainer, see line 15 copying in build agent start script
	# https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/dotnet/dotnet-core-tools.Dockerfile
	FROM mcr.microsoft.com/azure-functions/dotnet:3.0-dotnet3-core-tools

	# To make it easier for build and release pipelines to run apt-get,
	# configure apt to not require confirmation (assume the -y argument by default)
	ENV DEBIAN_FRONTEND=noninteractive
	RUN echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes

	# Install system tools
	RUN apt-get update \
	&& apt-get -y install --no-install-recommends apt-utils nano unzip curl icu-devtools bash-completion jq

	# Add AzureDevops build agent script
	COPY ./buildagentstart.sh .
	#!/bin/bash
	set -e

	# This script comes from the following documentation
	# See https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops

	if [ -z "$AZP_URL" ]; then
	echo 1>&2 "error: missing AZP_URL environment variable"
	exit 1
	fi

	if [ -z "$AZP_TOKEN_FILE" ]; then
	if [ -z "$AZP_TOKEN" ]; then
	echo 1>&2 "error: missing AZP_TOKEN environment variable"
	exit 1
	fi

	mkdir -p /azp/
	AZP_TOKEN_FILE=/azp/.token
	echo -n $AZP_TOKEN > "$AZP_TOKEN_FILE"
	fi

	unset AZP_TOKEN

	if [ -n "$AZP_WORK" ]; then
	mkdir -p "$AZP_WORK"
	fi

	rm -rf /azp/agent
	mkdir /azp/agent
	cd /azp/agent

	export AGENT_ALLOW_RUNASROOT="1"

	cleanup() {
	if [ -e config.sh ]; then
	print_header "Cleanup. Removing Azure Pipelines agent..."

	./config.sh remove --unattended \
	--auth PAT \
	--token $(cat "$AZP_TOKEN_FILE")
	fi
	}

	print_header() {
	lightcyan='\033[1;36m'
	nocolor='\033[0m'
	echo -e "${lightcyan}$1${nocolor}"
	}

	# Let the agent ignore the token env variables
	export VSO_AGENT_IGNORE=AZP_TOKEN,AZP_TOKEN_FILE

	print_header "1. Determining matching Azure Pipelines agent..."

	AZP_AGENT_RESPONSE=$(curl -LsS \
	-u user:$(cat "$AZP_TOKEN_FILE") \
	-H 'Accept:application/json;api-version=3.0-preview' \
	"$AZP_URL/_apis/distributedtask/packages/agent?platform=linux-x64")

	if echo "$AZP_AGENT_RESPONSE" \| jq . >/dev/null 2>&1; then
	AZP_AGENTPACKAGE_URL=$(echo "$AZP_AGENT_RESPONSE" \
	\| jq -r '.value \| map([.version.major,.version.minor,.version.patch,.downloadUrl]) \| sort \| .[length-1] \| .[3]')
	fi

	if [ -z "$AZP_AGENTPACKAGE_URL" -o "$AZP_AGENTPACKAGE_URL" == "null" ]; then
	echo 1>&2 "error: could not determine a matching Azure Pipelines agent - check that account '$AZP_URL' is correct and the token is valid for that account"
	exit 1
	fi

	print_header "2. Downloading and installing Azure Pipelines agent..."

	curl -LsS $AZP_AGENTPACKAGE_URL \| tar -xz & wait $!

	source ./env.sh

	print_header "3. Configuring Azure Pipelines agent..."

	./config.sh --unattended \
	--agent "${AZP_AGENT_NAME:-$(hostname)}" \
	--url "$AZP_URL" \
	--auth PAT \
	--token $(cat "$AZP_TOKEN_FILE") \
	--pool "${AZP_POOL:-Default}" \
	--work "${AZP_WORK:-_work}" \
	--replace \
	--acceptTeeEula & wait $!

	print_header "4. Running Azure Pipelines agent..."

	trap 'cleanup; exit 130' INT
	trap 'cleanup; exit 143' TERM

	# To be aware of TERM and INT signals call run.sh
	# Running it with the --once flag at the end will shut down the agent after the build is executed
	./run.sh & wait $!

	variable azp_docker_image {
	description = "The docker image to use when running the build agent. This defaults to a build of ./.devcontainer pushed to the ACR container"
	type = string
	default = "your_repo_name_here.azurecr.io/devcontainer:buildagent"
	}

	variable azp_token {
	description = "The token used for the azure pipelines build agent to connect to Azure Devops"
	type = string
	default = ""
	}

	variable azp_url {
	description = "The url of the Azure Devops instance for the agent to connect to eg: https://dev.azure.com/yourOrg"
	type = string
	default = "https://dev.azure.com/your_org_here"
	}

	variable "docker_registry_username" {
	description = "Docker registry to be used for containers"
	default = "your_repo_name_here"
	}

	variable "docker_registry_password" {
	description = "Docker registry password"
	}

	variable "subnet_id" {
	description = "Azure subnet ID the build agent should be deployed onto"
	}

	variable "docker_registry_url" {
	description = "Docker registry url"
	default = "your_repo_here.azurecr.io"
	}

	resource "azurerm_resource_group" "env" {
	location = var.resource_group_location
	name = var.resource_group_name
	tags = var.tags
	}

	resource "azurerm_network_profile" "buildagent" {
	name = "acg-profile"
	location = azurerm_resource_group.env.location
	resource_group_name = azurerm_resource_group.env.name

	container_network_interface {
	name = "acg-nic"

	ip_configuration {
	name = "aciipconfig"
	subnet_id = var.subnet_id
	}
	}
	}

	resource "azurerm_container_group" "build_agent" {
	name = "buildagent"
	location = azurerm_resource_group.env.location
	resource_group_name = azurerm_resource_group.env.name
	tags = var.tags

	network_profile_id = azurerm_network_profile.buildagent.id
	ip_address_type = "Private"

	os_type = "Linux"

	image_registry_credential {
	username = var.docker_registry_username
	password = var.docker_registry_password
	server = var.docker_registry_url
	}

	container {
	name = "buildagent"
	image = var.azp_docker_image
	cpu = "1"
	memory = "2"
	commands = ["bash", "-f", "./buildagentstart.sh"]

	ports {
	port = 443
	protocol = "TCP"
	}

	environment_variables = {
	// The URL of the Azure DevOps or Azure DevOps Server instance.
	AZP_URL = var.azp_url
	// Personal Access Token (PAT) with Agent Pools (read, manage) scope, created by a user who has permission to configure agents, at AZP_URL.
	AZP_TOKEN = var.azp_token
	// Agent name (default value: the container hostname).
	AZP_AGENT_NAME = local.shared_env.rg.name
	// Agent pool name (default value: Default).
	AZP_POOL = local.shared_env.rg.name
	// Work directory (default value: _work).
	AZP_WORK = "_work"
	}
	}
	}