Skip to content

ops: add ADO pipeline configurations synced from ADO repo Fixes AB#2102 #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
emmanuelknafo merged 1 commit into from
Mar 26, 2026
Merged

ops: add ADO pipeline configurations synced from ADO repo Fixes AB#2102 #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .azuredevops/pipelines/a11y-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,9 @@ steps:
pathToPublish: 'results'
artifactName: 'CodeAnalysisLogs'
displayName: 'Publish to Scans tab - $(siteName)'

- task: AdvancedSecurity-Publish@1
condition: always()
inputs:
SarifsInputDirectory: '$(Build.SourcesDirectory)/results'
displayName: 'Publish SARIF to Advanced Security - $(siteName)'
157 changes: 157 additions & 0 deletions .azuredevops/pipelines/ci-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
trigger:
branches:
include:
- main

pool:
vmImage: 'ubuntu-latest'

variables:
- group: wiki-access
- name: serviceConnection
value: 'AODA-svc-conn'
- name: appName
value: 'a11y-scan-demo'
- name: resourceGroup
value: 'rg-a11y-scan-demo'
- name: location
value: 'canadacentral'
- name: imageTag
value: '$(Build.BuildId)'

stages:
- stage: Build
displayName: 'Build & Push Image'
jobs:
- job: BuildAndPush
displayName: 'Deploy infra, build and push to ACR'
steps:
- checkout: self

- task: AzureCLI@2
displayName: 'Deploy infrastructure'
inputs:
azureSubscription: '$(serviceConnection)'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
set -e
az group create --name $(resourceGroup) --location $(location)
az deployment group create \
--resource-group $(resourceGroup) \
--name infra-deploy \
--template-file infra/main.bicep \
--parameters infra/main.parameters.json \
--parameters imageTag=$(imageTag)

- task: AzureCLI@2
displayName: 'Build and push Docker image'
inputs:
azureSubscription: '$(serviceConnection)'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
set -e
ACR_NAME=$(az deployment group show \
--resource-group $(resourceGroup) \
--name infra-deploy \
--query 'properties.outputs.acrName.value' -o tsv)
echo "ACR: $ACR_NAME"
az acr build \
--registry "$ACR_NAME" \
--image $(appName):$(imageTag) .

- stage: Deploy
displayName: 'Deploy to Azure'
dependsOn: Build
jobs:
- deployment: DeployWebApp
displayName: 'Deploy container to Web App'
environment: 'deploy'
strategy:
runOnce:
deploy:
steps:
- checkout: self

- task: AzureCLI@2
name: deployStep
displayName: 'Update Web App container'
inputs:
azureSubscription: '$(serviceConnection)'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
WEB_APP_NAME=$(az deployment group show \
--resource-group $(resourceGroup) \
--name infra-deploy \
--query 'properties.outputs.webAppName.value' -o tsv)
ACR_LOGIN=$(az deployment group show \
--resource-group $(resourceGroup) \
--name infra-deploy \
--query 'properties.outputs.acrLoginServer.value' -o tsv)
az webapp config container set \
--name $WEB_APP_NAME \
--resource-group $(resourceGroup) \
--container-image-name "$ACR_LOGIN/$(appName):$(imageTag)"
az webapp restart \
--name $WEB_APP_NAME \
--resource-group $(resourceGroup)
SITE_URL="https://$WEB_APP_NAME.azurewebsites.net"
echo "Deployed to: $SITE_URL"
echo "##vso[task.setvariable variable=siteUrl;isOutput=true]$SITE_URL"

- script: |
echo "Waiting for app to warm up..."
sleep 30
npx --yes playwright install --with-deps chromium
npx playwright screenshot \
--viewport-size="1280,900" \
--wait-for-timeout=5000 \
--full-page \
"$(deployStep.siteUrl)" \
screenshot.png
echo "Screenshot captured"
displayName: 'Capture deployment screenshot'

- script: |
set -e
WIKI_REPO="https://$(WIKI_PAT)@dev.azure.com/MngEnvMCAP675646/AODA%20WCAG%20compliance/_git/AODA-WCAG-compliance.wiki"
SITE_URL="$(deployStep.siteUrl)"
APP="$(appName)"
BUILD_NUM="$(Build.BuildNumber)"
BUILD_ID="$(Build.BuildId)"
BUILD_URL="https://dev.azure.com/MngEnvMCAP675646/AODA%20WCAG%20compliance/_build/results?buildId=$BUILD_ID"
ATTACH_NAME="${APP}-${BUILD_ID}.png"

git clone --depth 1 "$WIKI_REPO" wiki
mkdir -p wiki/.attachments wiki/Deployments
cp screenshot.png "wiki/.attachments/$ATTACH_NAME"

cat > "wiki/Deployments/${APP}.md" <<EOF
# ${APP}

**Latest Deployment:** ${BUILD_NUM}

**Date:** $(date -u '+%Y-%m-%d %H:%M UTC')

**Site:** [${SITE_URL}](${SITE_URL})

**Pipeline:** [Build ${BUILD_ID}](${BUILD_URL})

---

![Deployment Screenshot](/.attachments/${ATTACH_NAME})
EOF
sed -i 's/^ //g' "wiki/Deployments/${APP}.md"

cd wiki
git config user.email "pipeline@dev.azure.com"
git config user.name "Azure Pipeline"
git add -A
git diff --cached --quiet && echo "No wiki changes" || {
git commit -m "Update deployment screenshot for ${APP} (build ${BUILD_ID})"
git push origin wikiMaster
echo "Wiki updated: /Deployments/${APP}"
}
displayName: 'Update wiki with deployment screenshot'
167 changes: 167 additions & 0 deletions .azuredevops/pipelines/deploy-all.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
# Orchestrating pipeline: Deploy all demo apps and teardown after demo
# Manually triggered - deploys all 6 apps in parallel, then tears down with approval
trigger: none

resources:
repositories:
- repository: app001
type: git
name: a11y-demo-app-001
- repository: app002
type: git
name: a11y-demo-app-002
- repository: app003
type: git
name: a11y-demo-app-003
- repository: app004
type: git
name: a11y-demo-app-004
- repository: app005
type: git
name: a11y-demo-app-005

pool:
vmImage: 'ubuntu-latest'

variables:
serviceConnection: 'AODA-svc-conn'
location: 'canadacentral'

stages:
# ── Deploy demo apps 001-005 (all in parallel) ──
- template: templates/deploy-app-stage.yml
parameters:
stageId: 'Deploy_001'
stageName: 'Deploy App 001 (Rust)'
appName: 'a11y-demo-app-001'
resourceGroup: 'rg-a11y-demo-app-001'
repository: 'app001'
containerPort: '8080'

- template: templates/deploy-app-stage.yml
parameters:
stageId: 'Deploy_002'
stageName: 'Deploy App 002 (C#)'
appName: 'a11y-demo-app-002'
resourceGroup: 'rg-a11y-demo-app-002'
repository: 'app002'
containerPort: '8080'

- template: templates/deploy-app-stage.yml
parameters:
stageId: 'Deploy_003'
stageName: 'Deploy App 003 (Java)'
appName: 'a11y-demo-app-003'
resourceGroup: 'rg-a11y-demo-app-003'
repository: 'app003'
containerPort: '8080'

- template: templates/deploy-app-stage.yml
parameters:
stageId: 'Deploy_004'
stageName: 'Deploy App 004 (Python)'
appName: 'a11y-demo-app-004'
resourceGroup: 'rg-a11y-demo-app-004'
repository: 'app004'
containerPort: '8080'

- template: templates/deploy-app-stage.yml
parameters:
stageId: 'Deploy_005'
stageName: 'Deploy App 005 (Go)'
appName: 'a11y-demo-app-005'
resourceGroup: 'rg-a11y-demo-app-005'
repository: 'app005'
containerPort: '8080'

# ── Deploy scan demo app (self repo, parallel with others) ──
- stage: Deploy_ScanDemo
displayName: 'Deploy Scan Demo App (Next.js)'
dependsOn: []
jobs:
- job: DeployApp
displayName: 'Deploy a11y-scan-demo'
steps:
- checkout: self

- task: AzureCLI@2
displayName: 'Deploy infrastructure'
inputs:
azureSubscription: '$(serviceConnection)'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
set -e
az group create \
--name rg-a11y-scan-demo \
--location $(location)
az deployment group create \
--resource-group rg-a11y-scan-demo \
--name infra-deploy \
--template-file infra/main.bicep \
--parameters infra/main.parameters.json \
--parameters imageTag=$(Build.BuildId)

- task: AzureCLI@2
displayName: 'Build and push Docker image'
inputs:
azureSubscription: '$(serviceConnection)'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
set -e
ACR_NAME=$(az deployment group show \
--resource-group rg-a11y-scan-demo \
--name infra-deploy \
--query 'properties.outputs.acrName.value' -o tsv)
echo "ACR: $ACR_NAME"
az acr build \
--registry "$ACR_NAME" \
--image a11y-scan-demo:$(Build.BuildId) .

- task: AzureCLI@2
displayName: 'Deploy container to Web App'
inputs:
azureSubscription: '$(serviceConnection)'
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
set -e
WEB_APP_NAME=$(az deployment group show \
--resource-group rg-a11y-scan-demo \
--name infra-deploy \
--query 'properties.outputs.webAppName.value' -o tsv)
ACR_LOGIN=$(az deployment group show \
--resource-group rg-a11y-scan-demo \
--name infra-deploy \
--query 'properties.outputs.acrLoginServer.value' -o tsv)
az webapp config container set \
--name $WEB_APP_NAME \
--resource-group rg-a11y-scan-demo \
--container-image-name "$ACR_LOGIN/a11y-scan-demo:$(Build.BuildId)"
az webapp restart \
--name $WEB_APP_NAME \
--resource-group rg-a11y-scan-demo
SITE_URL=$(az deployment group show \
--resource-group rg-a11y-scan-demo \
--name infra-deploy \
--query 'properties.outputs.webAppUrl.value' -o tsv)
echo "Deployed scan demo app to: $SITE_URL"

# ── Teardown (requires approval on 'teardown' environment) ──
- template: templates/teardown-stage.yml
parameters:
dependsOn:
- Deploy_001
- Deploy_002
- Deploy_003
- Deploy_004
- Deploy_005
- Deploy_ScanDemo
resourceGroups:
- 'rg-a11y-demo-app-001'
- 'rg-a11y-demo-app-002'
- 'rg-a11y-demo-app-003'
- 'rg-a11y-demo-app-004'
- 'rg-a11y-demo-app-005'
- 'rg-a11y-scan-demo'
Loading
Loading