[Rollout] Production rollout 2024-08-27 (#3876)

dotnet · Aug 26, 2024 · 0728989 · 0728989
2 parents dac7a16 + f51bd3e
commit 0728989
Show file tree

Hide file tree

Showing 78 changed files with 3,553 additions and 732 deletions.
diff --git a/arcade-services.sln b/arcade-services.sln
@@ -132,6 +132,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ProductConstructionService.
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ProductConstructionService.WorkItems", "src\ProductConstructionService\ProductConstructionService.WorkItems\ProductConstructionService.WorkItems.csproj", "{90C7747B-EBEF-4CF5-92A7-7856A3A13CAA}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProductConstructionService.WorkItem.Tests", "test\ProductConstructionService.WorkItem.Tests\ProductConstructionService.WorkItem.Tests.csproj", "{29A75658-2DC4-4E85-8A53-97198F00F28D}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProductConstructionService.DependencyFlow", "src\ProductConstructionService\ProductConstructionService.DependencyFlow\ProductConstructionService.DependencyFlow.csproj", "{E312686C-A134-486F-9F62-89CE6CA34702}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -623,6 +627,30 @@ Global
 		{90C7747B-EBEF-4CF5-92A7-7856A3A13CAA}.Release|x64.Build.0 = Release|Any CPU
 		{90C7747B-EBEF-4CF5-92A7-7856A3A13CAA}.Release|x86.ActiveCfg = Release|Any CPU
 		{90C7747B-EBEF-4CF5-92A7-7856A3A13CAA}.Release|x86.Build.0 = Release|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Debug|x64.Build.0 = Debug|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Debug|x86.Build.0 = Debug|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Release|x64.ActiveCfg = Release|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Release|x64.Build.0 = Release|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Release|x86.ActiveCfg = Release|Any CPU
+		{29A75658-2DC4-4E85-8A53-97198F00F28D}.Release|x86.Build.0 = Release|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Debug|x64.Build.0 = Debug|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Debug|x86.Build.0 = Debug|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Release|x64.ActiveCfg = Release|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Release|x64.Build.0 = Release|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Release|x86.ActiveCfg = Release|Any CPU
+		{E312686C-A134-486F-9F62-89CE6CA34702}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -672,6 +700,8 @@ Global
 		{BE0088E3-A8FF-4F05-9456-E8BAD2E50A19} = {243A4561-BF35-405A-AF12-AC57BB27796D}
 		{D40EADB7-5D48-421B-806D-6E2F79C077F8} = {1A456CF0-C09A-4DE6-89CE-1110EED31180}
 		{90C7747B-EBEF-4CF5-92A7-7856A3A13CAA} = {243A4561-BF35-405A-AF12-AC57BB27796D}
+		{29A75658-2DC4-4E85-8A53-97198F00F28D} = {1A456CF0-C09A-4DE6-89CE-1110EED31180}
+		{E312686C-A134-486F-9F62-89CE6CA34702} = {243A4561-BF35-405A-AF12-AC57BB27796D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {32B9C883-432E-4FC8-A1BF-090EB033DD5B}

diff --git a/azure-pipelines-pr.yml b/azure-pipelines-pr.yml
@@ -6,6 +6,8 @@ variables:
   value: https://dev.azure.com/dnceng
 - name: AzdoProject
   value: internal
+- name: configuration
+  value: Release
 
 pr:
   branches:
@@ -64,29 +66,35 @@ stages:
       enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }}
 
       jobs:
-      - job: Windows_NT
+      - job: Build
+        displayName: Build Repo
         timeoutInMinutes: 90
         pool:
           name: NetCore-Public
           demands: ImageOverride -equals 1es-windows-2019-open
 
-        strategy:
-          matrix:
-            debug_configuration:
-              _BuildConfig: Debug
-              _PublishType: none
-              _SignType: test
-            release_configuration:
-              _BuildConfig: Release
-              # PRs or external builds are not signed.
-              _PublishType: none
-              _SignType: test
         steps:
         - checkout: self
           clean: true
 
         - template: /eng/templates/steps/build.yml
           parameters:
-            configuration: $(_BuildConfig)
+            configuration: $(configuration)
 
         - template: /eng/templates/steps/test.yml
+          parameters:
+            configuration: $(configuration)
+
+      - job: Builder_Docker
+        displayName: Build Docker Image
+        pool:
+          name: NetCore-Public
+          demands: ImageOverride -equals 1es-ubuntu-2004-open
+
+        steps:
+        - checkout: self
+          clean: true
+
+        - template: /eng/templates/steps/docker-build.yml
+          parameters:
+            dockerImageName: test
diff --git a/azure-pipelines-product-construction-service.yml b/azure-pipelines-product-construction-service.yml
@@ -58,44 +58,13 @@ stages:
     steps:
     - checkout: self
 
-    - powershell: |
-        Write-Host "Dev branch suffix is $(devBranchSuffix)"
-        $shortSha = "$(Build.SourceVersion)".Substring(0,10)
-        $newDockerTag = "$(Build.BuildNumber)-$(System.JobAttempt)-$shortSha$(devBranchSuffix)"
-        Write-Host "##vso[task.setvariable variable=newDockerImageTag]$newDockerTag"
-        Write-Host "set newDockerImageTag to $newDockerTag"
-      displayName: Generate docker image tag
-
-    - powershell: >
-        docker build .
-        -f $(Build.SourcesDirectory)/src/ProductConstructionService/ProductConstructionService.Api/Dockerfile
-        -t "$(dockerRegistryUrl)/$(containerName):$(newDockerImageTag)"
-      displayName: Build docker image
+    - template: eng/templates/steps/docker-build.yml
+      parameters:
+        devBranchSuffix: $(devBranchSuffix)
+        dockerImageName: $(dockerRegistryUrl)/$(containerName)
 
     - ${{ if notin(variables['Build.Reason'], 'PullRequest') }}:
-      - task: AzureCLI@2
-        inputs:
-          azureSubscription: $(serviceConnectionName)
-          scriptType: pscore
-          scriptLocation: inlineScript
-          inlineScript: |
-            az acr login --name $(containerRegistryName)
-            docker push "$(dockerRegistryUrl)/$(containerName):$(newDockerImageTag)"
-        displayName: Push docker image
-
       - ${{ if ne(variables['Build.SourceBranch'], 'refs/heads/production') }}:
-        - task: AzureCLI@2
-          inputs:
-            # The Service Connection name needs to be known at compile time, so we can't use a variable for the azure subscription
-            azureSubscription: $(serviceConnectionName)
-            scriptType: pscore
-            scriptLocation: inlineScript
-            inlineScript: |
-              New-Item -ItemType Directory -Path $(diffFolder)
-              $before = az containerapp show --name $(containerappName) -g $(resourceGroupName) --output json
-              Set-Content -Path $(diffFolder)/before.json -Value $before
-          displayName: Snapshot configuration (before)
-
         - task: AzureCLI@2
           name: GetAuthInfo
           displayName: Get PCS Token
@@ -118,7 +87,7 @@ stages:
             arguments: >
               -resourceGroupName $(resourceGroupName)
               -containerappName $(containerappName)
-              -newImageTag $(newDockerImageTag)
+              -newImageTag $(DockerTag.newDockerImageTag)
               -containerRegistryName $(containerRegistryName)
               -imageName $(containerName)
               -token $(GetAuthInfo.Token)

diff --git a/eng/service-templates/ProductConstructionService/provision.bicep b/eng/service-templates/ProductConstructionService/provision.bicep
@@ -422,6 +422,8 @@ var storageQueueContrubutorRole = subscriptionResourceId('Microsoft.Authorizatio
 var contributorRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
 // azure system role Key Vault Reader
 var keyVaultReaderRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2')
+// storage account blob contributor
+var blobContributorRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
 
 // application insights for service logging
 resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
@@ -730,6 +732,28 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
     }
 }
 
+// Create the dataprotection container in the storage account
+resource storageAccountBlobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' = {
+    name: 'default'
+    parent: storageAccount
+}
+
+resource dataProtectionContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+    name: 'dataprotection'
+    parent: storageAccountBlobService
+}
+
+// allow identity access to the storage account
+resource storageAccountContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    scope: dataProtectionContainer // Use when specifying a scope that is different than the deployment scope
+    name: guid(subscription().id, resourceGroup().id, blobContributorRole)
+    properties: {
+        roleDefinitionId: blobContributorRole
+        principalType: 'ServicePrincipal'
+        principalId: pcsIdentity.properties.principalId
+    }
+}
+
 resource storageAccountQueueService 'Microsoft.Storage/storageAccounts/queueServices@2022-09-01' = {
     name: 'default'
     parent: storageAccount

diff --git a/eng/templates/jobs/e2e-tests.yml b/eng/templates/jobs/e2e-tests.yml
@@ -0,0 +1,131 @@
+parameters:
+- name: isProd
+  type: boolean
+- name: runAuthTests
+  type: boolean
+  default: false
+- name: name
+  type: string
+- name: displayName
+  type: string
+- name: testFilter
+  type: string
+
+jobs:
+- job: ${{ parameters.name }}
+  displayName: ${{ parameters.displayName }}
+  timeoutInMinutes: 60
+  variables:
+    # https://dev.azure.com/dnceng/internal/_library?itemType=VariableGroups&view=VariableGroupView&variableGroupId=20&path=Publish-Build-Assets
+    # Required for MaestroAppClientId, MaestroStagingAppClientId
+    - group: Publish-Build-Assets
+    - ${{ if parameters.isProd }}:
+      - group: MaestroProd KeyVault
+      - name: MaestroTestEndpoints
+        value: https://maestro-prod.westus2.cloudapp.azure.com,https://maestro.dot.net
+      - name: ScenarioTestSubscription
+        value: "Darc: Maestro Production"
+      - name: MaestroAppId
+        value: $(MaestroAppClientId)
+    - ${{ else }}:
+      - group: MaestroInt KeyVault
+      - name: MaestroTestEndpoints
+        value: https://maestro-int.westus2.cloudapp.azure.com,https://maestro.int-dot.net
+      - name: ScenarioTestSubscription
+        value: "Darc: Maestro Staging"
+      - name: MaestroAppId
+        value: $(MaestroStagingAppClientId)
+  steps:
+  - download: current
+    displayName: Download Darc
+    artifact: PackageArtifacts
+
+  - download: current
+    displayName: Download ScenarioTets
+    artifact: Maestro.ScenarioTests
+
+  - task: NuGetToolInstaller@1
+    displayName: Use NuGet
+    inputs:
+      versionSpec: 5.3.x
+
+  - powershell: |
+      . .\eng\common\tools.ps1
+      InitializeDotNetCli -install:$true
+      .\.dotnet\dotnet workload install aspire
+    displayName: Install .NET and Aspire Workload
+
+  - powershell: .\eng\common\build.ps1 -restore
+    displayName: Install .NET
+
+  - powershell: |
+      mkdir darc
+      .\.dotnet\dotnet tool install Microsoft.DotNet.Darc --prerelease --tool-path .\darc --add-source $(Pipeline.Workspace)\PackageArtifacts
+    displayName: Install Darc
+
+  - task: AzureCLI@2
+    name: GetAuthInfo
+    displayName: Get auth information
+    inputs:
+      azureSubscription: ${{ variables.ScenarioTestSubscription }}
+      addSpnToEnvironment: true
+      scriptType: ps
+      scriptLocation: inlineScript
+      inlineScript: |
+        # Fetch token used for scenario tests
+        $token = (az account get-access-token --resource "$(MaestroAppId)" | ConvertFrom-Json).accessToken
+        echo "##vso[task.setvariable variable=Token;isOutput=true;isSecret=true]$token"
+
+        # Set variables with auth info for tests below
+        echo "##vso[task.setvariable variable=ServicePrincipalId;isOutput=true]$env:servicePrincipalId"
+        echo "##vso[task.setvariable variable=FederatedToken;isOutput=true;isSecret=true]$env:idToken"
+        echo "##vso[task.setvariable variable=TenantId;isOutput=true]$env:tenantId"
+
+        # Either of the URIs will do
+        $barUri = "${{ split(variables.MaestroTestEndpoints, ',')[0] }}"
+        echo "##vso[task.setvariable variable=BarUri;isOutput=true]$barUri"
+
+  - ${{ if parameters.runAuthTests }}:
+    - powershell:
+        az login --service-principal -u "$(GetAuthInfo.ServicePrincipalId)" --federated-token "$(GetAuthInfo.FederatedToken)" --tenant "$(GetAuthInfo.TenantId)" --allow-no-subscriptions 
+
+        .\darc\darc.exe get-default-channels --source-repo arcade-services --ci --bar-uri "$(GetAuthInfo.BarUri)" --debug
+      displayName: Test Azure CLI auth
+
+    - powershell:
+        .\darc\darc.exe get-default-channels --source-repo arcade-services --ci --password "$(GetAuthInfo.Token)" --bar-uri "$(GetAuthInfo.BarUri)" --debug
+      displayName: Test BAR token auth
+
+  - task: DotNetCoreCLI@2
+    displayName: Run E2E tests
+    inputs:
+      command: custom
+      projects: |
+        $(Pipeline.Workspace)/Maestro.ScenarioTests/Maestro.ScenarioTests.dll
+      custom: test
+      arguments: >
+        --filter "TestCategory=PostDeployment&${{ parameters.testFilter }}"
+        --no-build
+        --logger "trx;LogFilePrefix=TestResults-"
+        --parallel
+        --
+        "RunConfiguration.ResultsDirectory=$(Build.ArtifactStagingDirectory)\TestResults"
+        RunConfiguration.MapCpuCount=4
+    env:
+      MAESTRO_BASEURIS: ${{ variables.MaestroTestEndpoints }}
+      MAESTRO_TOKEN: $(GetAuthInfo.Token)
+      GITHUB_TOKEN: $(maestro-scenario-test-github-token)
+      AZDO_TOKEN: $(dn-bot-dnceng-build-rw-code-rw-release-rw)
+      DARC_PACKAGE_SOURCE: $(Pipeline.Workspace)\PackageArtifacts
+      DARC_DIR: $(Build.SourcesDirectory)\darc
+      DARC_IS_CI: true
+
+  - task: PublishTestResults@2
+    displayName: Publish Core Test Results
+    condition: succeededOrFailed()
+    inputs:
+      testRunner: VSTest
+      testResultsFiles: '**/TestResults-*'
+      searchFolder: $(Build.ArtifactStagingDirectory)\TestResults
+      testRunTitle: ${{ parameters.displayName }}
+      mergeTestResults: true