[Rollout] Production rollout 2024-09-10 (#3940)

.github/ISSUE_TEMPLATE/rollout-issue.md

@@ -71,7 +71,7 @@ In case the services don't work as expected after the rollout, it's necessary to
 
 ## Rollout times
 
-Use the following [Kusto query](https://dataexplorer.azure.com/clusters/engsrvprod/databases/engineeringdata?query=H4sIAAAAAAAAA51Qy07DMBC89ytWuTSWwg+k6gFUCfWCqhZxQSha4m1j5Eew10B5/DubUETgiE+r8ezM7GhqLUaCx0zx2PQY0RFTTOU2WBsyr3UNNvgDLEEtZpYYLolXOSKb4AUsG3NiVNDsTUy8YzxQDYmjGUGLfzAFbzOQd20cWeNpS22IOo3YOzx3JHEusrF6rWG5BDH49XUlCcH4cuI2dVEncsrOYTSvJK4YWaI6WdoN82CsKiCvBxRfJuhpuY/hgVqGyaH7EB1yw8JKPfpy2D770q6g6LrauUIa+ljMejmSR6Hb+SbSeS9qT2ihHElqfidqHFKLUnw5afOnchEcCyhk2OR7a1IHOUl1sMLYFkpV3/Ih8f/0V9TbcBwMbtAajUygR8iRZ3FYfALfQdHDGQIAAA==) to gather data about rollout times:
+Use the following [Kusto query](https://dataexplorer.azure.com/clusters/engsrvprod/databases/engineeringdata?query=H4sIAAAAAAAAA52QP0%2FDQAzF934KK0tzUlgYU2UAtUJdUNWyIRSZxG0O3eWCzwHKn%2B%2BOE4oIjNxkvbN%2Fz341VQ6Z4LEnPpYdMnoS4phug3Ohl3WdgwvtAQqzmDkSuCJZ9oxiQwsFpKU9NWRQ7i1H2QkeKIcobEfR4R%2FNwNsM9N1YT862tKUqcB1H7R2eG9JtLnvr6nUNRQFq8OvrWhcE26YTt6mLOTXH3ntk%2B0rqiiy6qteh3VAPxiYDautBxZeJehruODxQJTA5dB%2FYo5SiXbHDNh2mz77YGSRNk3ufaEIfi1mnR8oIup1vmC46pT2hg3RsMvM7pUmIFWru6STNn8QVOAaQaLHp752NDfRRo4MlcpUYk33jQ5T%2F8ZfUuXAcDFbnKxCKEpW7%2BATR1TCdDgIAAA%3D%3D) to gather data about rollout times:
 
 * Pre-Approval run time: `<TO BE FILLED>`
 * Post-Approval run time: `<TO BE FILLED>`

.vault-config/product-construction-dev.yaml

@@ -25,3 +25,10 @@ secrets:
         location: engkeyvault
         name: BotAccount-dotnet-bot
       gitHubBotAccountName: dotnet-bot
+
+  github:
+    type: github-app-secret
+    parameters:
+      hasPrivateKey: true
+      hasWebhookSecret: false
+      hasOAuthSecret: true

azure-pipelines-product-construction-service.yml

@@ -1,6 +1,3 @@
-# Changes the format of the Build.BuildNumber variable
-name: $(Date:yyyyMMdd)$(Rev:r)
-
 trigger:
   batch: true
   branches:
@@ -21,6 +18,14 @@ variables:
   value: product-construction-service.api
 - name: diffFolder
   value: $(Build.ArtifactStagingDirectory)/diff
+- name: _TeamName
+  value: DotNetCore
+- name: _PublishUsingPipelines
+  value: true
+- name: _DotNetArtifactsCategory
+  value: .NETCore
+- name: _SignType
+  value: test
 - ${{ if ne(variables['Build.SourceBranch'], 'refs/heads/production') }}:
   - name: subscriptionId
     value: e6b5f9f5-0ca4-4351-879b-014d78400ec2
@@ -133,3 +138,74 @@ stages:
         - publish: $(diffFolder)
           displayName: Upload snapshot diff
           artifact: DeploymentDiff
+
+- stage: BuildRepo
+  displayName: Build and Publish Repo
+  dependsOn: []
+  jobs:
+  - job: BuildAndPublish
+    displayName: Build and Publish Repo
+    pool:
+      name: NetCore1ESPool-Internal
+      demands: ImageOverride -equals 1es-windows-2019
+
+    variables:
+    - name: BuildConfig
+      value: Release
+
+    steps:
+    - checkout: self
+
+    - powershell: |
+        . .\eng\common\tools.ps1
+        InitializeDotNetCli -install:$true
+        .\.dotnet\dotnet workload update --source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json
+        .\.dotnet\dotnet workload install aspire --source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json
+      displayName: Install .NET and Aspire Workload
+
+    - powershell: >
+        .\eng\common\build.ps1
+        -restore
+        -pack
+        -configuration $(BuildConfig)
+        -projects .\src\Microsoft.DotNet.Darc\Darc\Microsoft.DotNet.Darc.csproj
+      displayName: Build Darc
+
+    - powershell: >
+        .\eng\common\build.ps1
+        -restore
+        -build
+        -configuration $(BuildConfig)
+        -projects .\test\ProductConstructionService.ScenarioTests\ProductConstructionService.ScenarioTests.csproj
+      displayName: Build ScenarioTests
+
+    - publish: $(Build.SourcesDirectory)\artifacts\bin\ProductConstructionService.ScenarioTests\$(BuildConfig)\net8.0\publish
+      artifact: ProductConstructionService.ScenarioTests
+
+    - publish: $(Build.SourcesDirectory)\artifacts\packages\$(BuildConfig)\NonShipping
+      artifact: PackageArtifacts
+
+- stage: TestPCS
+  displayName: Run E2E Product Construction Service Tests
+  dependsOn:
+  - DeployPCS
+  - BuildRepo
+
+  jobs:
+  - template: /eng/templates/jobs/e2e-pcs-tests.yml
+    parameters:
+      name: scenarioTests_GitHub
+      displayName: GitHub tests
+      testFilter: 'TestCategory=GitHub'
+
+  - template: /eng/templates/jobs/e2e-pcs-tests.yml
+    parameters:
+      name: scenarioTests_AzDO
+      displayName: AzDO tests
+      testFilter: 'TestCategory=AzDO'
+
+  - template: /eng/templates/jobs/e2e-pcs-tests.yml
+    parameters:
+      name: scenarioTests_Other
+      displayName: Other tests
+      testFilter: 'TestCategory!=GitHub&TestCategory!=AzDO'

docs/DevGuide.md

@@ -17,6 +17,7 @@
       ('https://github.com/maestro-auth-test/maestro-test', 289474),
       ('https://github.com/maestro-auth-test/maestro-test2', 289474),
       ('https://github.com/maestro-auth-test/maestro-test3', 289474),
+      ('https://github.com/maestro-auth-test/arcade', 289474),
       ('https://github.com/maestro-auth-test/dnceng-vmr', 289474);
   ```
 

eng/service-templates/ProductConstructionService/container-app.bicep

@@ -0,0 +1,145 @@
+param location string
+param containerRegistryName string
+param containerImageName string
+param containerCpuCoreCount string
+param containerMemory string
+param aspnetcoreEnvironment string
+param productConstructionServiceName string
+param applicationInsightsConnectionString string
+param pcsIdentityId string
+param containerEnvironmentId string
+param contributorRoleId string
+param deploymentIdentityPrincipalId string
+
+// common environment variables used by the app
+var containerAppEnv = [
+  {
+      name: 'ASPNETCORE_ENVIRONMENT'
+      value: aspnetcoreEnvironment
+  }
+  {
+      name: 'Logging__Console__FormatterName'
+      value: 'simple'
+  }
+  {
+      name: 'Logging__Console__FormatterOptions__SingleLine'
+      value: 'true'
+  }
+  {
+      name: 'Logging__Console__FormatterOptions__IncludeScopes'
+      value: 'true'
+  }
+  {
+      name: 'ASPNETCORE_LOGGING__CONSOLE__DISABLECOLORS'
+      value: 'true'
+  }
+  {
+      name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+      value: applicationInsightsConnectionString
+  }
+  {
+      name: 'VmrPath'
+      value: '/mnt/datadir/vmr'
+  }
+  {
+      name: 'TmpPath'
+      value: '/mnt/datadir/tmp'
+  }
+]
+
+// container app hosting the Product Construction Service
+resource containerApp 'Microsoft.App/containerApps@2023-04-01-preview' = {
+  name: productConstructionServiceName
+  location: location
+  identity: {
+      type: 'UserAssigned'
+      userAssignedIdentities: { '${pcsIdentityId}' : {}}
+  }
+  properties: {
+      managedEnvironmentId: containerEnvironmentId
+      configuration: {
+          activeRevisionsMode: 'Multiple'
+          maxInactiveRevisions: 5
+          ingress: {
+              external: true
+              targetPort: 8080
+              transport: 'http'
+          }
+          dapr: { enabled: false }
+          registries: [
+              {
+                  server: '${containerRegistryName}.azurecr.io'
+                  identity: pcsIdentityId
+              }
+          ]
+      }
+      template: {
+          scale: {
+              minReplicas: 1
+              maxReplicas: 1
+          }
+          serviceBinds: []
+          containers: [ 
+              {
+                  image: containerImageName
+                  name: 'api'
+                  env: containerAppEnv
+                  resources: {
+                      cpu: json(containerCpuCoreCount)
+                      memory: containerMemory
+                      ephemeralStorage: '50Gi'
+                  }
+                  volumeMounts: [
+                      {
+                          volumeName: 'data'
+                          mountPath: '/mnt/datadir'
+                      }
+                  ]
+                  probes: [
+                      {
+                          httpGet: {
+                              path: '/alive'
+                              port: 8080
+                              scheme: 'HTTP'
+                          }
+                          initialDelaySeconds: 5
+                          periodSeconds: 10
+                          successThreshold: 1
+                          failureThreshold: 3
+                          type: 'Startup'
+                      }
+                      {
+                          httpGet: {
+                              path: '/health'
+                              port: 8080
+                              scheme: 'HTTP'
+                          }
+                          initialDelaySeconds: 60
+                          failureThreshold: 10
+                          successThreshold: 1
+                          periodSeconds: 30
+                          type: 'Readiness'
+                      }
+                  ]
+              } 
+          ]
+          volumes: [
+              {
+                  name: 'data'
+                  storageType: 'EmptyDir'
+              }
+          ]
+      }
+  }
+}
+
+// Give the PCS Deployment MI the Contributor role in the containerapp to allow it to deploy
+resource deploymentSubscriptionTriggererContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: containerApp
+  name: guid(subscription().id, resourceGroup().id, '${productConstructionServiceName}-contributor')
+  properties: {
+      roleDefinitionId: contributorRoleId
+      principalType: 'ServicePrincipal'
+      principalId: deploymentIdentityPrincipalId
+  }
+}

eng/service-templates/ProductConstructionService/container-environment.bicep

@@ -0,0 +1,61 @@
+param location string
+param logAnalyticsName string
+param containerEnvironmentName string
+param productConstructionServiceSubnetId string
+param infrastructureResourceGroupName string
+param applicationInsightsName string
+
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = {
+  name: logAnalyticsName
+  location: location
+  properties: any({
+      retentionInDays: 30
+      features: {
+          searchVersion: 1
+      }
+      sku: {
+          name: 'PerGB2018'
+      }
+  })
+}
+
+resource containerEnvironment 'Microsoft.App/managedEnvironments@2023-04-01-preview' = {
+    name: containerEnvironmentName
+    location: location
+    properties: {
+      appLogsConfiguration: {
+          destination: 'log-analytics'
+          logAnalyticsConfiguration: {
+              customerId: logAnalytics.properties.customerId
+              sharedKey: logAnalytics.listKeys().primarySharedKey
+          }
+      }
+      workloadProfiles: [
+          {
+              name: 'Consumption'
+              workloadProfileType: 'Consumption'
+          }
+      ]
+      vnetConfiguration: {
+          infrastructureSubnetId: productConstructionServiceSubnetId
+      }
+      infrastructureResourceGroup: infrastructureResourceGroupName
+    }
+}
+
+// application insights for service logging
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+    name: applicationInsightsName
+    location: location
+    kind: 'web'
+    properties: {
+        Application_Type: 'web'
+        publicNetworkAccessForIngestion: 'Enabled'
+        publicNetworkAccessForQuery: 'Enabled'
+        RetentionInDays: 120
+        WorkspaceResourceId: logAnalytics.id
+    }
+}
+
+output applicationInsightsConnectionString string = applicationInsights.properties.ConnectionString
+output containerEnvironmentId string = containerEnvironment.id