add and update files to support docker webapp deployment

polichtm · Dec 3, 2022 · d3be36e · d3be36e
1 parent bc399de
commit d3be36e
Show file tree

Hide file tree

Showing 5 changed files with 176 additions and 13 deletions.
diff --git a/.ado/eshoponweb-cd-webapp-docker.yml b/.ado/eshoponweb-cd-webapp-docker.yml
@@ -0,0 +1,44 @@
+#NAME THE PIPELINE SAME AS FILE (WITHOUT ".yml")
+
+resources:
+  repositories:
+    - repository: self
+      trigger: none
+
+variables:
+  azureServiceConnection: 'azure-connection'
+  resourceGroup: 'rg-az400-container-NAME'
+  location: 'westeurope'
+  subscriptionId: 'SUBSCRIPTION-ID'
+
+stages:
+- stage: Deploy
+  jobs:
+  - job: Deploy
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+    - task: AzureResourceManagerTemplateDeployment@3
+      displayName: Deploy App Service using Bicep
+      inputs:
+        deploymentScope: 'Resource Group'
+        azureResourceManagerConnection: $(azureServiceConnection)
+        subscriptionId: $(subscriptionId)
+        action: 'Create Or Update Resource Group'
+        resourceGroupName: '$(resourceGroup)'
+        location: '$(location)'
+        templateLocation: 'Linked artifact'
+        csmFile: '.azure/bicep/webapp-docker.bicep'
+        deploymentMode: 'Incremental'
+    - task: AzureResourceManagerTemplateDeployment@3
+      displayName: Add Role Assignment using Bicep
+      inputs:
+        deploymentScope: 'Resource Group'
+        azureResourceManagerConnection: $(azureServiceConnection)
+        subscriptionId: $(subscriptionId)
+        action: 'Create Or Update Resource Group'
+        resourceGroupName: '$(resourceGroup)'
+        location: '$(location)'
+        templateLocation: 'Linked artifact'
+        csmFile: '.azure/bicep/webapp-to-acr-roleassignment.bicep'
+        deploymentMode: 'Incremental'
diff --git a/.ado/eshoponweb-ci-docker.yml b/.ado/eshoponweb-ci-docker.yml
@@ -0,0 +1,60 @@
+# NAME THE PIPELINE SAME AS FILE (WITHOUT ".yml")
+
+resources:
+  repositories:
+    - repository: self
+      trigger: none
+
+variables:
+  azureServiceConnection: 'azure-connection'
+  subscriptionId: 'SUBSCRIPTION-ID'
+  resourceGroup: 'rg-az400-container-NAME'
+  location: 'westeurope'
+
+stages:
+- stage: Build
+  jobs:
+  - job: Build
+    pool:
+      vmImage: 'ubuntu-latest'
+    steps:
+    - task: AzureResourceManagerTemplateDeployment@3
+      displayName: Deploy ACR using Bicep
+      inputs:
+        deploymentScope: 'Resource Group'
+        azureResourceManagerConnection: $(azureServiceConnection)
+        subscriptionId: $(subscriptionId)
+        action: 'Create Or Update Resource Group'
+        resourceGroupName: '$(resourceGroup)'
+        location: '$(location)'
+        templateLocation: 'Linked artifact'
+        csmFile: '.azure/bicep/acr.bicep'
+        deploymentMode: 'Incremental'
+        deploymentOutputs: 'outputJson'
+    - task: PowerShell@2
+      displayName: Parse Bicep Output
+      inputs:
+        targetType: 'inline'
+        script: |
+          $var=ConvertFrom-Json '$(outputJson)'
+          $value=$var.acrLoginServer.value
+          Write-Host "##vso[task.setvariable variable=acrLoginServer;]$value"
+    - task: Docker@0
+      displayName: 'Build an image'
+      inputs:
+        azureSubscription: $(azureServiceConnection)
+        azureContainerRegistry: $(acrLoginServer)
+        dockerFile: 'src/Web/Dockerfile'
+        defaultContext: false
+        context: $(Build.SourcesDirectory)
+        includeLatestTag: true
+        imageName: eshoponweb/web:$(Build.BuildId)
+    - task: Docker@0
+      displayName: 'Push an image'
+      inputs:
+        azureSubscription: $(azureServiceConnection)
+        azureContainerRegistry: $(acrLoginServer)
+        action: 'Push an image'
+        imageName: eshoponweb/web:$(Build.BuildId)
+        includeLatestTag: true
+
diff --git a/.azure/bicep/acr.bicep b/.azure/bicep/acr.bicep
@@ -1,24 +1,19 @@
-@minLength(5)
-@maxLength(50)
-@description('Provide a globally unique name of your Azure Container Registry')
-param acrName string = 'acr${uniqueString(resourceGroup().id)}'
+@description('Generate a Suffix based on the Resource Group ID')
+param suffix string = uniqueString(resourceGroup().id)
 
-@description('Provide a location for the registry.')
+@description('Use the Resource Group Location')
 param location string = resourceGroup().location
 
-@description('Provide a tier of your Azure Container Registry.')
-param acrSku string = 'Basic'
-
-resource acrResource 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = {
-  name: acrName
+resource acr 'Microsoft.ContainerRegistry/registries@2021-09-01' = {
+  name: 'cr${suffix}'
   location: location
   sku: {
-    name: acrSku
+    name: 'Basic'
   }
   properties: {
-    adminUserEnabled: true
+    adminUserEnabled: false
   }
 }
 
 @description('Output the login server property for later use')
-output loginServer string = acrResource.properties.loginServer
+output acrLoginServer string = acr.properties.loginServer
diff --git a/.azure/bicep/webapp-docker.bicep b/.azure/bicep/webapp-docker.bicep
@@ -0,0 +1,38 @@
+@description('Generate a Suffix based on the Resource Group ID')
+param suffix string = uniqueString(resourceGroup().id)
+
+@description('Use the Resource Group Location')
+param location string = resourceGroup().location
+
+resource acr 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = {
+  name: 'cr${suffix}'
+}
+
+resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
+  name: 'asp-${suffix}'
+  location: location
+  kind: 'linux'
+  properties: {
+    reserved: true
+  }	
+  sku:  {
+  	name: 'B1'
+  }
+}
+
+resource webApp 'Microsoft.Web/sites@2022-03-01' = {
+  name: 'app-${suffix}'
+  location: location
+  tags: {}
+  properties: {
+    siteConfig: {
+      acrUseManagedIdentityCreds: true
+      appSettings: []
+      linuxFxVersion: 'DOCKER|${acr.properties.loginServer}/eshoponweb/web:latest'
+    }
+    serverFarmId: appServicePlan.id
+  }
+  identity: {
+    type: 'SystemAssigned'
+  }
+}
diff --git a/.azure/bicep/webapp-to-acr-roleassignment.bicep b/.azure/bicep/webapp-to-acr-roleassignment.bicep
@@ -0,0 +1,26 @@
+@description('Generate a Suffix based on the Resource Group ID')
+param suffix string = uniqueString(resourceGroup().id)
+
+@description('Set the ACR Pull Role Definition ID')
+param acrPullRoleDefinitionID string = '7f951dda-4ed3-4680-a7ca-43fe172d538d'
+
+@description('Generate a unique GUID to use as name for the role assignment')
+var webAppToAcrRoleAssignmentName = guid(webApp.id, acrPullRoleDefinitionID, acr.id)
+
+
+resource acr 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = {
+  name: 'cr${suffix}'
+}
+
+resource webApp 'Microsoft.Web/sites@2022-03-01' existing = {
+  name: 'app-${suffix}'
+}
+
+resource webAppToAcrRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: acr
+  name: webAppToAcrRoleAssignmentName
+  properties: {
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', acrPullRoleDefinitionID)
+    principalId: webApp.identity.principalId
+  }
+}