Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Set Up New Environment

...

Part 1: Set up a pipeline

To be able to deploy the code automatically when one commit the code to the repository, we need to create a pipeline that auto deploy the code, we use a Docker image to the new environment.

In this example we create a pipeline for the Development environment. Every time a developer commit their code to the CAMMS Repo (Dev Branch) , the pipeline is triggered and pushes the code to the Development environment.

  1. Go to https://dev.azure.com/transport-canada/Medical Certificate Processing/_build and click on create a new pipeline

  2. Image Added

    Select Use the classic editor

    Image Added
  3. Select the correct branch you need for the pipeline and click Continue

    Image Added
  4. Under the Select a template select Empty job or Docker container

    Image Added
  5. Give the pipeline a name

    Image Added
  6. Under Get sources make sure to select the correct repo and branch

    Image Added
  7. Under Agent job check that you have a check mark under Allow scripts to access the OAuth token

    Image Added
  8. Click to add a task if you selected an empty job, if selected Docker container in step 4 you will have this task already.

    Image Added
  9. Configure the first task “Build an image”. Under the Task version make sure to change it to 0.*. The Action should be Build an image. The Display name you can change to reflect building an image. Select the correct Subscription.

    Image Added
  10. Select the Dockerfile by clicking on the 3 dots

    Image Added
  11. Under Build Arguments add the following:

    Code Block
    PAT=$(System.AccessToken)
    FEED_URL=https://pkgs.dev.azure.com/transport-canada/_packaging/DevOps-Nuget/nuget/v3/index.json

12. Under the Image name add the environment name - pipeline name : $(Build.BuildNumber)

Code Block
ncdsafsecsurcr-camms-smmac-dev:$(Build.BuildNumber)

13. Click add a new task (similar to step 8). Search for Docker container and add the task and configure the “Push an image” task. Under Task version select 0.*. Under Action select Push an image. the Display name should change to Push an image. Make sure the subscription and container are correct.

...

14. Repeat step 12 to configure the image name for the push an image, if not already done.

15. Save the pipeline so you won’t lose any info before continuing to the Variables.

16. Add two new pipeline variables:

Code Block
BuildConfiguration              Release
Code Block
BuildPlatform                   any cpu

...

17. Configure the Triggers: Check “Enable continuous integration”

...

18. Configure the options. Make sure the Build number is in the following format:

Code Block
$(date:yyyyMMdd)$(rev:.r)

...

19. Save the pipeline and run it. At this point all should be running correctly and the code should be in the container registry under Repository.

Pipeline on IIS Special consideration:

The following pipelines are using these configurations: CAMIS-SIMAC-API, CAMMS-SMMAC-Publisher and the CAMMS-SMMAC-Ocelot.

Configurations:

  1. We add a File Transform task as in the picture

...

2. Add pipeline variables:

...

3. Add Variable groups and link them to the pipeline

...

4. All Variable groups are created and stored in the Library

...

Part 2: Set up and configure Azure AD

Setting up Azure portal involved few steps:

Activate your Developer role in order to configure Azure AD

In order to configure and view some features in Azure AD we need to activate our Developer role for the day or for few hours. To do that go to Azure Ad Privileged Identity Management

...

Click on My roles

...

Click on Activate

...

Give a reason for activating your role and click continue

...

Image AddedImage Added

Once your role is activated you can continue to configure the other steps.

Configure App registrations

To do ..

How to set up app reg.

How to set up app roles

and all the other configurations under app reg.

...

API permissions

In API permission, our clients that don’t have the role “Application Developer” in Azure can have an error to open the website.

...

So, we need to grant TC/TC and admin consent required for all permissions.

...

Image Added

Configure Groups

To do..

Why do we need a group

How to configure

What is the link with the other services on Azure AD like the app reg. groups etc.

...

Configure Container registries

Under Container registries we have 3 existing containers for Development, Test and Acceptance.

ncdsafsecsurcr → Development

nctsafsecsurcr → Test

ncasafsecsurcr → Acceptance

...

Image AddedImage Added

The repository holds all the images that are pushed to this Development environment

...

Configure App Services

Go to App Services and click on Create

...

Click Next: Docker to set up the Docker container with the correct image.

...

No more changes required, click Review + create.

Once created → We need to configure the following in app services:

Go to Configuration and create 3 new application settings with the correct value depending on the Environment:

ASPNETCORE_ENVIRONMENT

ASPNETCORE_FORWARDEDHEADERS_ENABLED

ENVIRONMENT

...

Go to TLS/SSL settings and click on “On” to enable HTTPS only

...

Go to Deployment center to verify that the settings are correct

...

Go to Identity to verify that the Status is ON

...

You will need the Object ID to search our App service for the Key vault.

Lastly, we can go to Overview to restart the app service and see the URL for our new environment

...

Configure Key vaults

To DO…

Configure the access policies

...

Click on he correct environment under Key vault.

Go to Access polices and add a new Access Policy

...

Image Added

Select Get and List for all Secret permissions, Certificate permissions. Then click on None selected under Select principal to configure the Principal.

Enter the Object Id from the Identity under the App Service in order to find your Principal

...

Test

Part 3: How to push and publish the code