Azure DevOps Pipelines and Bicep

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we deploy resources from an azure devops pipeline using bicep templates [Music] hello everyone i'm travis and this is cerraltos in this video we deploy resources from an azure devops pipeline using pipeline jobs and bicep files before that please like subscribe to this channel let me know your thoughts in the comments below and become a member of the channel for early access to content also check out my courses on azure virtual desktop and hybrid identities with azure id at udemy.com your support is appreciated okay back to it we're getting more advanced in this pipeline compared to the powershell pipeline we created in the last video we deploy resources to azure with bicep template files for this example we deploy a v-net and then a bastion host on that v-net in order for the pipeline to work we create a service connection so our pipeline can access azure we'll create multiple pipeline jobs for this example a job is a series of steps that run sequentially it allows us to organize the pipeline one job will deploy resources with a template deployment task and the other will remove the resources with an azure cli task we also include dependencies so that the second job won't run unless the first one finishes successfully we run the pipeline along the way to verify functionality to follow along you'll need an azure subscription with rights to create a service principle on that subscription let's start by quickly reviewing the bicep files we'll deploy with the azure devops pipeline this example has a repo setup in azure devops cloned to vs code we're working out of the dev branch let's quickly go over the files we're deploying for this example this is a simple v-net and azure bastion host deployment it uses modules for the v-net and bastion host deployment modules in bicept are essentially directories if you'd like to know more about creating bicep files i have a series that goes over creating them the link is on the screen or below the main.bicep file is at the root it's the parent deployment file it accepts a few input parameters we've got location tags the v-net name an array of address prefixes and ip subnets and then we have the bastion host public ip name and the bastion host name after that it calls the v-net module passing in the location tag and list of subnets the v-net name and the address prefix let's take a look at that file here it accepts all those input parameters it then creates a v-net it uses a loop for the subnet that way we can add a single subnet or multiple subnets the bicep template will create each subnet we supply it's not locked into any specific number of subnets doing it this way makes this module more portable then it outputs the v-net id this is required for the next step let's go back to main.bicep the last module creates the bastion host it passes in the bastion host name and the public ip name along with location and tags it also passes in the output from the vnet module we have to supply a subnet for the azure bastion host deployment let's take a look at the module here it accepts the input parameters from main.bicep we also have a variable we pass in the vnetid that was the output from the vnet module but azure bastion needs the subnet id the variable adds forward slash subnets forward slash azure bastion subnet to the vnetid to create a subnet id it's safe to hard code the subnet name in this case because the requirements for deploying an azure bastion host is the subnet has to be named azure bastion subnet next it creates a public ip address and then the bastion host one more thing in the last video with powershell pipelines we added variables in the pipeline file i wanted to do something similar in this example but adding complex variables such as arrays of objects required for the list of subnets is not straightforward with the ammo files adding a parameter file is a cleaner option bicep files are easy to create and understand compared to json arm templates but the parameter file still has to be in json format there's no bicep equivalent to a parameter file it's not too difficult to create a parameter file we can create it by right clicking on our main.bicep file and select generate parameters file that gives us the parameter file we then update it with the values for this deployment just like that it's updated we'll reference this parameter file during the deployment all these files are available at a github repo if you want to follow along or just take a look the link is on the screen or below someplace save the file then commit and we'll push the changes to devops let's go to our azure devops project and set up a service connection next here we are in our project in azure devops in the last video we simply ran some powershell commands that's interesting but the usefulness is limited in this example we're deploying resources to azure in order to do that we first create a service connection the service connection provides authentication from the pipeline to azure allowing devops to deploy resources to set this up go to project settings then go to service connections we'll create a new service connection select azure resource manager scroll down and we can click next there are a couple options for authentication methods select the recommended service principle and click next authenticate when prompted this account needs rights to set up a service connection in the azure subscription we'll leave the scope set to subscription make sure the correct subscription is selected we could scope it down to the resource group leave that blank for this example we're creating a resource group so we needed scope to the subscription give the service connection a name add a description if you'd like and leave grant access permissions at all pipelines checked and click save this sets up the service principle so our pipeline can deploy resources in our subscription let's create the pipeline next we'll go to repos here we are in repos and just a heads up i did have to switch web browsers i was running into a problem with a step coming up and it seems like switching web browsers actually took care of it verify you're in the correct branch in the repo this example uses the dev branch with the goal of validating the code before it goes into main to create the pipeline we'll go to setup build and if you click that button and get a blank page try switching browsers we'll use a starter pipeline let's make a couple changes right away first i don't want the pipeline to run every time i commit a change in this demonstration to prevent that remove the dash dev under trigger and specify none right after trigger remove dev and add none this is optional some environments may want to run a build every time there's a commit for this example i want to control when it happens next remove steps and everything below it now type jobs colon to start the job section jobs lets us break up the deployment into sections giving us more control and visibility into the pipeline next we'll create our first job we have to add this right under jobs where the dash is if you don't have a dash go two spaces from the left on the bottom line and add a dash and then job job colon next we'll call this job deploy press enter on the next line move the cursor under j and jobs and type steps remember that formatting is important with yaml and if the tab to complete doesn't work you may be working in the wrong location tabbing to complete moves the cursor to the next line and adds a dash remove the dash and leave the cursor in that spot so we'll do backspace we need to be in this location to add a task we're now in the right spot to add our deployment task if it's not showing already click show assistant search for azure and select arm template deployment this will help us create a deployment task leave the deployment scope set to resource group select the service connection we previously configured select our subscription under action leave it set to create or update resource group we'll add the resource group devtest demo rg01 for this example we don't have to select an existing one as action specifies you'll either create or update resource groups set your location central us for this example we'll scroll down next we need to supply the template location note you can point to a url if the template is not part of the devops repo provide the template name main.bicep for this example this is the parent file that will run the modules provide the parameter file main.parameters.json for this example if these were in subdirectories we would need to add the path we can override parameters if we need to finally let's look at deployment mode this is a dev branch in this example we just want to see if it deploys without an error we don't actually need to deploy the resources we have two options we can run a validation that's a what if that validates the template without actually deploying a resource or we can deploy the resource and clean up or remove the resource if it deploys correctly why would we deploy one over the other i'm not 100 sure these are just a couple of options for running the deployment pick whatever suits your environment best i will note that i have seen validations or what-ifs complete without errors but an actual deployment of the same file fails for this first example we'll start with simply validating the template our last example will run a full deployment and then a cleanup job so change the deployment mode to validation only and click add and before we finish up with this add a line under task and add a display name once your job is set we can save and run let's save the file that will do a commit we'll get a message about issues with a pipeline trigger that's because we remove the trigger we'll run the pipeline next make sure the branch is set to the same branch we're working in deb for this example and select run let's look at the job activity that finished successfully that means our template files were validated let's go back to the pipeline that validates the files and for some that may be enough to trigger a pull request to main but we're going to take this a step further first let's configure the job to actually deploy a resource we'll take two steps first change the deployment mode to incremental next we have a resource group name hardcoded into the job let's change that to a variable so we can use it in our cleanup job start by copying the name of the resource group next add a line under pool vm image add a variable section we'll add a variable called rg and add the value of the resource group name we just copied next modify the resource group name in the first job to use the variable good now we're ready to set up the second job to create a cleanup job go to the end of the file at the beginning of a new line move the cursor two spots from the left and add dash space job call it cleanup go to the next line and add steps colon under jobs remove any dashes that the tab to complete added the next step does a simple clean up by removing the resource group we do this with an azure cli task go to tasks and search for azure select azure cli select the connection we set up previously set the script type to shell change the script location to inline script and for this we'll use an azcli command to remove the resource group enter az space group space delete space dash dash name and then add the variable for the resource group and then dash dash yes this will delete the resource group the yes at the end confirms the deletion notice we use the resource group variable for this command let's add make sure there's no red or yellow marks indicating a problem if so verify formatting and spacing there's a couple modifications we need before we move on first under task add a display name clean up resources in this pretend scenario we only want to verify the deployment completed without an issue if it deploys correctly we can delete the resource group but if not we may want to see the artifacts that were created and look at the deployment history on the resource group those would be gone if the resource group was deleted we're going to add a dependency so the second job will only run if the first job runs successfully add a line under the second job so right under cleanup go over two spaces and add depends on space enter deploy that's the name of the first job and remember in the pipelines capitalization does matter with this configuration the second job will only run if the first job finishes successfully let's save the file next we'll run the deployment first i want to verify the second job won't run if there's an error in the first let's go back to our repos verify you're in the correct branch let's go into the v-net directory we'll open up v-net.bicept let's edit the file comment out location comments are two forward slashes this will create an error and we should see that the second job does not run commit the change and go back to the pipeline run the pipeline specifying the correct branch and run notice we have two jobs now a deploy job and a cleanup job let's go into the first job and we get an error right away let's go back to the pipeline we got an error that the first job failed the second job the cleanup was skipped that's what we expected let's go back to repose we'll go back to v-net open our vnet.bicep file edit it and remove the comments we'll commit that once we've removed the comment in front of location and committed the file let's go back to pipelines and we'll run this pipeline again select the correct branch and run open the job if you'd like to see the progress deploying the azure bastion service takes a few minutes removing the resource group can also take some time you can verify the resources are created and then removed in the portal i'll pause here and come back once this is finished that completed successfully the resources were created and removed now that it's validated successfully we could issue a pull request to have our code added to a test or a main branch i hope that helps you better understand azure pipeline jobs dependencies and deploying azure bicep templates with a pipeline thanks for watching

Info

Channel: Travis Roberts

Views: 11,153

Rating: undefined out of 5

Keywords: Repos, Repositories, Azure repos, DevOps repos, CI/CD, Continuous development, continuous integration, pipeline, DevOps Pipeline, DevOps, Azure DevOps, Git, GitHub, Teams Foundation Server, TFS, Server, Code, Cloud, Cloud Services, Iot, IaC, Infrastructure as Code, azure devops tutorial for beginners, Bicep, DevOps Job, job, dependency, dependencies, parameter file, Azure Template, ARM Deployment, service connection, Azure CLI

Id: Q2HZdwTAWG0

Channel Id: undefined

Length: 17min 39sec (1059 seconds)

Published: Sun Jul 24 2022