Versions Compared

Old Version 5

changes.mady.by.user Stuart Norton

Saved on

compared with

New Version 6

changes.mady.by.user John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Create a Personal Access Token (PAT)

  1. Right-click on the signed-in user, then

...

  1. the ellipsis () and User settings

    Image Modified

  2. Select Personal access tokens

    Image Modified

  3. Click on New Token,

...

  1. name the token, select the expiry date and select the scope (your security team will have advice on this, but Full access will minimise the chances of problems), the click on Create.

    Image Modified

  2. Don’t forget to copy the PAT for use in future cURL calls.

    Image Modified

Authentication against an Azure Account

...

The purpose of this group is to approve promotion of code into an official environment, eg: Test, QA, Pre-Production, Production. MettleCI CI projects are internal (or “unofficial”) and requiring approval for those would be counter-productive.

  1. If required, create an appropriate approvers group from the Azure DevOps management console.

  2. In order to use this group to automatically create an approval against an environment, we need information about the group we plan to use.

Code Block
$> az devops security group list --org <ORGANISATION_URL> --scope organization --query "graphGroups[?displayName=='<GROUP_NAME>'] | [0]"
{
  ...
  "originId": "<GROUP_ORIGIN_ID>",
  "principalName": "<GROUP_PRINCIPAL_NAME>",
  ...
}

We Record these values for use later, where we refer to these later them as <GROUP_ORIGIN_ID> and <GROUP_PRINCIPAL_NAME>.

...

To create a source code repository within Azure associated with the Project:

Code Block
$> az repos create \
  --name <REPO_NAME> \
  --org <ORGANISATION_URL> \
  --project <PROJECT_NAME>

Create Variable Group

Variable groups are used by the pipeline code to organise variables, and are created per DataStage instance (although it includes agent variables as well).

  1. Create the variable group, recording the id (referred to later as <GROUP_ID>). Regular variables (not the secret value variables we use for passwords) can be added at this time (<VARIABLES> is entered as variable=value, each pair separated by a space)

    Code Block
    $> az pipelines variable-group create \
  --name <VRAIABLE_GROUP_NAME> \
  --variables <VARIABLES> \
  --authorize true \
  --description <GROUP_DESCRIPTION> \
  --organization <ORGANISATION_URL> \
  --project <PROJECT_NAME>

  2. Add secret value variables to the group individually for MCIPASSWORD and IISPASSWORD

    Code Block
    $> az pipelines variable-group variable create \
  --org <ORGANISATION_URL> \
  --project <PROJECT_NAME> \
  --group-id <GROUP_ID> \
  --name <VARIABLE_NAME> \
  --secret true \
  --value <VARIABLE_VALUE>

Info

Note: I have seen where the secret value variable is created but the value is not assigned. In this case you will need to update the value manually in the Azure DevOps administration console.

...

Creating an Environment is currently not supported by the Azure CLI, but can be achieved using the REST API. All environments need to be created: MettleCI CI environments, and “official” ‘official’ environments, eg: i.e. Test, QA, Production, etc.

  1. Encode the previously-created PAT as Base64

...

  1. . Note that the colon

...

  1. :

...

  1. inside the single quotes, before the PAT

...

  1. , is critical

...

  1. .

    Code Block
    $> echo -n ':<PERSONAL_ACCESS_TOKEN>' | base64

  2. Add the encoded value as part of the authorisation in the cURL header.

    Code Block
    $> curl POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic <ENCODED_COLON_THEN_PAT>' \
'https://dev.azure.com/<ORGANISATION_NAME>/<PROJECT_NAME>/_apis/distributedtask/environments?api-version=5.0-preview.1' \
-d '{"description":"<ENVIRONMENT_DESCRIPTION>","name":"<ENVIRONMENT_NAME"}'

    Record the id field from the result. This is used below as <ENVIRONMENT_ID>.

  3. If the environment requires approval, use <ENVIRONMENT_NAME>, <ENVIRONMENT_ID>, <GROUP_ORIGIN_ID> and <GROUP_PRINCIPAL_NAME> to fill out the information required for the body of the request.

    Code Block
    $> curl POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic <ENCODED_COLON_THEN_PAT>' \
'https://dev.azure.com/<ORGANISATION_NAME>/<PROJECT_NAME>/_apis/pipelines/checks/configurations?api-version=7.1-preview.1' \
-d '{"type":{"id":"8C6F20A7-A545-4486-9777-F762FAFE0D4D","name":"Approval"},"settings":{"approvers":[{"displayName":"<GROUP_PRINCIPAL_NAME>","id":"<GROUP_ORIGIN_ID>"}],"executionOrder":1,"blockedApprovers":[],"minRequiredApprovers":0,"requesterCannotBeApprover":false},"resource":{"type":"environment","id":"<ENVIRONMENT_ID>","name":"<ENVIRONMENT_NAME"}}'

Info

Note: In the creation of an Approval for an Environment, the type section ({"id":"8C6F20A7-A545-4486-9777-F762FAFE0D4D","name":"Approval"}) contains a hard-coded id value. This is not project or pipeline specific, rather it is the internal id of the “Approval” class in Azure DevOps, and does not need to be changed.

...