Friday, June 26, 2020

Developing Azure DevOps Extension


Azure DevOps Services provides a lot of space for importing your custom extension. Work items, pipeline tasks, dashboard widgets, and other options can serve this purpose.

This article will be about developing extensions for pipeline tasks – I will describe how to create the easiest sample extension that will help organize your own continuous integration.

But first, let’s describe the whole process of hosting the extension on Azure DevOps and how it works. Then we will discuss its detailed development route.

General Azure DevOps hosting and working scheme

On the picture down below, you can see the general Azure DevOps hosting and working scheme for pipelines. 

Pic.1. DevOps process organization

As you can see in the picture, the extension is a number of tasks. Each task can be written on one of the languages: TypeScript (that complies with JavaScript) and PowerShell. TypeScript will run on all platforms, whereas PowerShell will only run on the Windows platform. The extension also has a manifest that includes:

  • the main extension file
  • icons
  • markdown file
  • supporting modules 
  • and more

To start using a developed extension in continuous integration, you need to create your own Azure DevOps Organization, then you create Pipeline. Respectively, we create tasks for Pipeline that will be further mapped against tasks from our extension.

As you see in the picture, our pipeline is associated with the source code (it can be GitHub, Bit Bucket, Azure Repos, or something else). We take the source code from the very source – it could be your project on any language or a database script folder from which we will need to deploy this database.

The pipeline is also associated with agent pool. Essentially, this is a connection with a machine on which the pipeline will be executed.

Azure DevOps Extension Anatomy

Our sample Azure DevOps extension will consist of the following files:

  • The manifest file (vss-extension.json) is the main extension file.
  • The task manifest files (task.json) that describe the task input parameters and the main entry point.
  • Powershell.ps1 files. Those are the scripts that are executed as configured in task.json.
    Note: you can either choose .js or .ps1 files. In our case, the powershell files will be used.
  • Secondary modules (for example, VstsTaskSdk).
  • Icons (.png).

The picture down below showcases the folders and files structure of our extension.

Pic.2. The structure of folders and files

Let’s shortly explain the structure of the picture above.

vss-extension.json manifest file

Vss-extension.json is the plugin basis and it describes general extension values (version, name, publisher, plugin icon, etc.). The manifest file also describes the place inside Azure DevOps where we want to embed our plugin. As it was mentioned, we embed the plugin into “pipeline tasks”. 

Task folders

As you see in the picture, every task has its folder whereas task.json is the task’s basis.

The picture shows that our plugin has 3 tasks: Build, Test, and Publish. The number of tasks can be any. For convenience’s sake, each task is located in the folders that have their names. The folder contains 3 main files: task.json, powershell.ps1, and icon.png. Task.json is the very task, it contains its name, version, entry parameters and what it should launch. In our case, it launches a powershell script that is described in a powershell.ps1 file, whereas icon.png is the task’s icon. 

Ps_modules folders

These are the folders with secondary modules and we will use the VstsTaskSdk module. We will need it to interact with parameters, in other words, interact with UI.

Readme.md file

This is an unnecessary file. But if you’re going to make your extension public, the file will come handy for describing it that users will see at Azure Marketplace.

Extension creation, publishing, and usage cycles

To make the extension reach its destination – to be used in Azure DevOps in Pipeline Tasks, we need to complete the following steps:

  • Create an Azure DevOps extension, a *.vsix file. The extension will get improved and updated further on.
  • Create a publisher (this is done just once). It will enable publishing our extension in different versions.
  • Upload it to Marketplace.
  • Share the extension to a certain organization so it could be used in its pipeline.

In this article, I will focus on creating an Azure DevOps extension for the pipeline. To get more information about creating a publisher or an organization for hosting the extension, you should follow the link.

Preparing for the extension creation

Whether you create an extension for Azure DevOps Services or for Azure Pipeline Tasks, the following software should be installed:

  • Install Node.js
  • Install the extension packaging tool (TSF Cross-Platform Command-Line Interface) by running npm install -g tfx-cli from a command prompt
  • Install the VstsTaskSdk module (by running an Install-Module -Name VstsTaskSdk -AllowClobber command)

Build Scaffolding

Let’s create a root folder for our extension, for example, DevopsExt (the root folder name doesn’t affect the final extension creation). While being in the DevopsExt root place, let’s create the following folder and empty files:

|    readme.md
|    vss-extension.json
|
+---images
|       extension-icon.png
|
\---src
+---build
    |       powershell.ps1
    |       task.json
    |
+---publish
    |       powershell.ps1
    |       task.json
    |
\---test
powershell.ps1
task.json

 

Designing a vss-extension

As mentioned before, the manifest vss-extension.json file is the main file for the extension creation. To get more info about attributes description, their values, and file limitations, you should follow this link.

Down below you will see the attributes that we use. The following script will show our manifest vss-extension.json file’s content.

{
    "manifestVersion": 1,
    "id": "demo-devOps-extention",
    "name": "Demo devOps Extention",
    "version": "1.0.0",
    "publisher": "demopublisher",
    "targets": [
{
            "id": "Microsoft.VisualStudio.Services"
}
],
    "description": "A demo extension.",
    "categories": [
        "Azure Pipelines"
],
    "icons": {
        "default": "images/extension-icon.png"
},
    "content": {
        "details": {
            "path": "readme.md"
}
},
    "files": [
{
            "path": "src/build",
            "packagePath": "build"
},
{
            "path": "src/publish",
            "packagePath": "publish"
},
{
            "path": "src/test",
            "packagePath": "test"
}
],
    "contributions": [
{
            "id": "build-task",
            "type": "ms.vss-distributed-task.task",
            "targets": [
                "ms.vss-distributed-task.tasks"
],
            "properties": {
                "name": "build"
}
},
{
            "id": "test-task",
            "type": "ms.vss-distributed-task.task",
            "targets": [
                "ms.vss-distributed-task.tasks"
],
            "properties": {
                "name": "test"
}
},
{
            "id": "publish-task",
            "type": "ms.vss-distributed-task.task",
            "targets": [
                "ms.vss-distributed-task.tasks"
],
            "properties": {
                "name": "publish"
}
}
]

}
PropertyDescription
manifestVersionA number corresponding to the version of the manifest format (1).
idThe extension’s identifier. This is a string that must be unique among extensions from the same publisher. It must start with an alphabetic or numeric character and contain ‘A’ through ‘Z’, ‘a’ through ‘z’, ‘0’ through ‘9’, and ‘-‘ (hyphen).
versionA string specifying the version of an extension. It doesn’t need to be the same version as individual tasks in the extension. Should be in the format major.minor.patch, for example, 0.1.2 or 1.0.0.
nameA short, human-readable name of the extension. Limited to 200 characters.
descriptionBrief description of the extension. It will be displayed for the plugin when it’s searched in Marketplace.
publisherThe identifier of the publisher. This identifier must match the identifier the extension is published under. See Create and manage a publisher.
categoriesAn array of strings representing the categories your extension belongs to. At least one category must be provided and there is no limit to how many categories you may include. Valid values: Azure Repos, Azure Boards, Azure Pipelines, Azure Test Plans, and Azure Artifacts. In our case, it’s Azure Pipelines.
targetsThe products and services supported by your integration or extension. See installation targets for more details.
iconsDictionary of icons representing the extension. Icon should be 128×128 pixels in size and uploaded in one of these formats: BMP, GIF, EXIF, JPG, PNG or TIFF.
files The files section is where you reference any files you wish to include in your extension. You can add both folders and individual files.

Properties for the Files section:

  • path – Path to resource on disk, which can be relative to your root directory.
  • addressable – (optional) Set to true if you want your file to be URL-addressable. Defaults to false.
  • packagePath – (optional) Path to the resource within the package. Defaults to the relative path on disk from your root directory.
contributionsEach task MUST have a corresponding contribution.

Each contribution entry has the following properties:

  • id – A reference ID (string) for the contribution. Each contribution’s ID must be unique within an extension.
  • type – The contributionType ID of this contribution.
  • description – (Optional) A string describing what the contribution is providing.
  • targets – An array of contribution IDs that the contribution is targeting (contributing to).
  • properties – (Optional) An object that includes properties for the contribution as defined in the contribution type.

For more information, see the contribution model overview.

DevOps task anatomy

As the folder structure shows, every task is located within its own subfolder. The task anatomy is the following:

|- SomeTask
|- task.json
|- icon.png
|- powershell.ps1
|- ps_modules
|- VstsTaskSdk
|- ...

Notes:

FileDescriptionNotes

icon.png

The icon image file that will be used to identify your build task in the marketplace and wherever it’s used inside Azure Devops

It should have a 32*32 size, should only be named as “icon”, and located in the same subfolder where the task.json file is located.

task.jsonThis is the only required file and the most important one. This json file describes the UI input and which scripts to execute.

It is the main task file that should only be named as task.json. The whole UI (all information entry controls) is created there and it defines which script files should be launched.

powershell.ps1This is a file that contains powershell script that launches our task

It contains all values that a user entered in user-UI control, described in task.json. Further on, the values are processed and used in a powershell launch script.

ps_modulesThis is a special folder that stores secondary modules for task’s functioning.

Now we’re using the VstsTaskSdk module that helps us get values from UI controls.

Designing task.json

As you see from in folder structure, we have three task.json files that are in three folders: build, publish, and test – these are the tasks’ manifests. 

You can see the build task script down below. The code will look the same for the other tasks, it’s just their identifiers, names, and UI entry fields that will be different.

{
    "$schema": "https://raw.githubusercontent.com/Microsoft/azure-pipelines-task-lib/master/tasks.schema.json",
    "id": "7a3fbeab-c278-458e-94f8-f8cb044d10d9",
    "name": "DemoBuild",
    "friendlyName": "Build a project",
    "instanceNameFormat": "Build a project",
    "description": "Builds your demo project",
    "helpMarkDown": "",
    "category": "Build",
    "author": "Demo Company.",
    "version": {
        "Major": 1,
        "Minor": 0,
        "Patch": 5
},
    "groups": [
{
            "name": "inputGroup",
            "displayName": "Source",
            "isExpanded": true
},
{
            "name": "outputGroup",
            "displayName": "Output",
            "isExpanded": true
}
],
    "inputs": [
{
            "name": "projectFolder",
            "type": "string",
            "label": "Project Folder",
            "defaultValue": "",
            "required": true,
            "helpMarkDown": "Enter a full path to your project",
            "groupName": "inputGroup"
},
{
            "name": "outputFolder",
            "type": "string",
            "label": "Output Folder",
            "defaultValue": "",
            "required": true,
            "helpMarkDown": "Enter output folder",
            "groupName": "outputGroup"
}
],
    "execution": {
        "PowerShell3": {
            "target": "powershell.ps1",
            "platforms": [
                "windows"
],
            "workingDirectory": "$(currentDirectory)"
}
}
}
PropertyDescription
idA unique guid of your task
name It’s a build task name that only allows alpha-numeric letters.
friendlyNameThe name displayed in the Azure DevOps pipeline UI.
instanceNameFormatThe initial task name when the task is brought to a pipeline.
descriptionA detailed description of what your task does
helpMarkDownThe information about the task displayed after a user presses the question mark icon near the task.
categoryThe category of the task.

Currently, we have the Build category installed. There can also be other categories, for example, Utility, Deploy, Package, Tool, etc.

authorThe author, you, or your company name.
versionIt’s a task version. Must be unique every time you upload.

Caution: it’s very important to increment the task during the next Marketplace uploading, otherwise the old task version will be executed. Build tasks are cached based on the version number on the agent, meanwhile the implementation based on the version number stays the same. That’s why when you change the task’s implementation and re-upload, the patch number should also be changed.

groupsAllows you to create custom groups for your UI bucket inputs. This is just a groupbox bundle for our controls.
inputsSet the UI controls
executionThe scripts the task will execute.

The file name that this task invokes. It can either be a PowerShell script or a JavaScript. In our case, we use the powershell.ps1 file, and there can be a lot of those files.

Designing powershell.ps1

We have three powershell.ps1 files that are located in three folders: build, publish, and test. These scripts are launched for our tasks. 

The powershell.ps1 script lets us get UI parameters and run the list of required powershell commands for the task. 

The following script shows a simplified example:

CmdletBinding()]

param()

$projectFolder = Get-VstsInput -Name 'projectFolder'

$outputFolder = Get-VstsInput -Name 'outputFolder'

Write-Host "Initial parameters:"

Write-Host "projectFolder = $projectFolder"

Write-Host "outputFolder = $outputFolder"

# Write your code that builds a project...

# ...

# ...

# ...

As you see in the script, we use Get-VstsInput commands from the VstsTaskSdk module to get UI parameter values. Then we can do any manipulations on these values.

Installing VstsTaskSdk

As it was mentioned, we use the VstsTaskSdk module to get the values from UI and use them in powershell.ps1 scripts. More specifically, we use the Get-VstsInput method.

To install and use this module, we need to create a ps_modules subfolder in our build, publish, and test folders. Once it’s done, your folder structure will look the following way:

|    readme.md
|    vss-extension.json
|
+---images
|        extension-icon.png
|
\---src
+---build
    |   | powershell.ps1
    |   | task.json
    |   |
    |   \---ps_modules
+---publish
    |   | powershell.ps1
    |   | task.json
    |   |
    |   \---ps_modules
\---test
        | powershell.ps1
        | task.json
        |
\---ps_modules

Now we need to install the VstsTaskSdk module from the Powershell Gallery on your computer. To do this, run the following command:

Install-Module -Name VstsTaskSdk -AllowClobber

Then we need to save this module into every ps_modules subfolder. To do this, run the following Powershell Save-Module command:

Save-Module -Name VstsTaskSdk -Path "FullPathToYour_ps_modules_Path" -Force

Once these steps are done, your folder structure will look the following way:

|   readme.md
|   vss-extension.json
|
+---images
|       extension-icon.png
|
\---src
+---build
    | | powershell.ps1
    | | task.json
    | |
    | \---ps_modules
    | \---VstsTaskSdk
    | ...
    |
+---publish
    | | powershell.ps1
    | | task.json
    | |
    | \---ps_modules
    | \---VstsTaskSdk
    | ...
    |
\---test
        | powershell.ps1
        | task.json
        |
\---ps_modules
\---VstsTaskSdk
...

Publishing and updating extensions

Now it’s time for you to start using the extension in Azure DevOps Pipeline. To do this, you need to upload and share the extension for the end-user organizations in Azure DevOps.

The extension upload is done just once, then it will be uploaded and installed in the target organization. The following uploads will only update the extension automatically for the target organization. 

You can upload the extension in two ways: manually or using the command prompt. To get the info about manually uploading the extension, please follow this link and see how it’s done.

Down below, you can see how it’s done via the command prompt. It will also be shared with the organization that will use it onwards. The command looks the following way:

tfx extension publish --publisher DemoPublisher --manifest-globs vss-extension.json --token vtl3smppxy99h9erfnjijy6u5tclf5mnbb11n1aosrci2crjibpq --rev-version --share-with demoTargetCompany

Where each parameter has its purpose:

  • “publisher” is a parameter that uploads the extension
  • “manifest-globs” is where the extension’s manifest name is specified
  • “token” is the token name that was created in the publisher’s account. This token allows for uploading the extension. You can see how to create a token here.
  • “re-version” indicates that the extension version will be automatically incremented during the next extension creation.
  • “share-with” is a parameter for specifying the organization name that should receive our extension. If the company name has already been specified and it installed the extension, the following uploads will update this extension tasks into the pipeline automatically.

Conclusion

The article shows the process of creating an extension for private usage – it doesn’t require validation from Microsoft. It allows you to quickly organize, set up, and use pipelines for your CI process in a seamless manner. 

If you want to make the extension publicly available, you’ll need to write a letter to Microsoft and go through the validation process.

Preparation Guide for Microsoft AZ-400 Microsoft Azure DevOps Solutions Certification


This article is just one another preparation guide to Microsoft exam AZ-400 (but probably the most complete). I hope it will be useful 🙂

Even you don’t plan to take the exam, all this content is really interesting to read and understand if you want to discover and improve your knowledge on DevOps on Azure.

Before starting studying, you must know very well what this certification is about and what are the prerequisites.

The topics included in this exam are the following :

  • Design a DevOps strategy (20-25%)
  • Implement DevOps development processes (20-25%)
  • Implement continuous integration (10-15%)
  • Implement continuous delivery (10-15%)
  • Implement dependency management (5-10%)
  • Implement application infrastructure (15-20%)
  • Implement continuous feedback (10-15%)

More details : https://www.microsoft.com/en-us/learning/exam-az-400.aspx

Module 0 – DevOps & Azure DevOps – basics

Module 1 – Design a DevOps strategy (20-25%)

Free ebook : effective DevOps
https://azure.microsoft.com/en-us/resources/effective-devops/

What is DevOps ?
https://docs.microsoft.com/en-us/azure/devops/learn/what-is-devops

https://docs.microsoft.com/en-us/learn/modules/get-started-with-devops/

DevOps: Bridging the gap between business and development
https://www.developer-tech.com/news/2016/jan/29/devops-bridging-gap-between-business-and-development/

Analyze existing Test Management Tools
Azure Test Plans
https://azure.microsoft.com/en-us/services/devops/test-plans/
https://docs.microsoft.com/en-us/azure/devops/test-plans/index?view=azure-devops

Cloud-based load testing service end of life
https://devblogs.microsoft.com/devops/cloud-based-load-testing-service-eol/

Analyze existing Work Management Tools
Azure Boards
https://docs.microsoft.com/en-us/azure/devops/boards/get-started

Best tool to add, update, and link work items
https://docs.microsoft.com/en-us/azure/devops/boards/work-items/best-tool-add-update-link-work-items?toc=/azure/devops/boards/get-started/toc.json&bc=/azure/devops/boards/get-started/breadcrumb/toc.json&view=azure-devops

Concurrent Pipelines (Parallel Jobs)
https://docs.microsoft.com/en-us/azure/devops/pipelines/licensing/concurrent-jobs-vsts

Design a license management strategy
https://azure.microsoft.com/en-us/services/devops/compare-features/
https://azure.microsoft.com/en-us/pricing/details/devops/azure-devops-services/

Recommend a strategy for measuring and managing technical debt
Design a quality strategy
Managing Technical Debt
https://www.youtube.com/watch?v=KM0O633KZEE
Developers’ Seven Deadly Sins
https://docs.sonarqube.org/display/SONARQUBE45/Developers%27+Seven+Deadly+Sins
Driving continuous quality of your code with SonarCloud
https://www.azuredevopslabs.com/labs/vstsextend/sonarcloud/

Design a secure development process
DevSecOps : https://www.youtube.com/watch?v=ukdW9eTv3uw
WhiteSource Bolt – Free developer tool for finding and fixing open source vulnerabilities
https://bolt.whitesourcesoftware.com/
https://bolt.whitesourcesoftware.com/azure/faq/
Managing Open-source security and license with WhiteSource
https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource

Check policy compliance with gates
https://docs.microsoft.com/en-us/azure/devops/pipelines/policies/azure-policy?view=azure-devops

Azure Blueprints & Policy to get DevOps right | Best of Microsoft Ignite 2018
https://www.youtube.com/watch?time_continue=1&v=OiOXlgFNgDo

Migrate for TFVC to Git
https://github.com/git-tfs/git-tfs

Import a Git repo
https://docs.microsoft.com/en-us/azure/devops/repos/git/import-git-repository?view=azure-devops

Bring your own repo to Azure DevOps
https://docs.microsoft.com/en-us/azure/devops/boards/github/connect-to-github?view=azure-devops
https://dailydotnettips.com/bring-your-own-git-repository-code-to-azure-devops-project/

Module 2 – Implement DevOps development processes (20-25%)

— Design a Version Control Strategy —

Azure DevOps Repo

2 kinds of repo :

  • TFVC (Team Foundation Version Control)
  • Git
  • Pull requests (for example to move new stuff in master branch)
  • Branch policies (ex: prevent people to commit change to master branch)
  • Hooks for CI/CD

Solutions like Azure Repo : Github, Gitlab, BitBucket

Recommend Branching Models
https://docs.microsoft.com/en-us/azure/devops/repos/git/git-branching-guidance
Improve code quality with branch policies
https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops

Recommend Version Control Systems
https://docs.microsoft.com/en-us/azure/devops/user-guide/source-control

git user guide
https://docs.microsoft.com/en-us/azure/devops/user-guide/code-with-git?view=azure-devops

Configure Branch Policies
https://docs.microsoft.com/en-us/azure/devops/repos/git/_img/branches/branches-page.png?view=azure-devops

Share code and collaborate on your next project using Git and pull requests hosted by Azure DevOps
https://www.youtube.com/watch?v=J_DHkUKxI0E

Azure DevOps – Maitriser le PullRequest
https://www.youtube.com/watch?v=kJN1sZlcUUw

Recommend Code Flow Strategy
https://docs.microsoft.com/en-us/azure/devops/learn/devops-at-microsoft/release-flow

Mono versus Multi repo

Git Branching Antipatterns
https://www.youtube.com/watch?v=ykZbBD-CmP8

Branching Workflow Types

Collaborating with Pull Request
1- Branch
2- Discuss
3- Merge

Azure Repos Collaborating with Pull Requests
https://www.youtube.com/watch?v=tFB_O9FCh08

GitHooks : A mechanism that allows arbitrary code to be run before, or after, certain Git lifecycle events occur
Can be used to enforce policies…
Introduction to GitHooks : https://www.youtube.com/watch?v=8-JL6NOTZOw
https://githooks.com/

GitVersion is a tool to help you achieve Semantic Versioning
Create version number with the following convention Major.Minor.Patch
Semantic Versioning os all about releases, not builds.

Getting started with InnerSource—open source workflows in the enterprise: https://www.youtube.com/watch?v=D3C12ojRcp0

Azure DevOps Team Projects can be public
https://docs.microsoft.com/en-us/azure/devops/organizations/public/about-public-projects?view=azure-devops

Azure DevOps Pipelines

  • Build Automation
  • Continuous Integration
  • Deployment automation
  • Traceability and compliance
  • Hooks for other products

Solutions like Azure DevOps Pipeline :
Build : Jenkins, TeamCity, Travis CI, Circle CI
Deploy : XebiaLabs XL Deploy, Octopus Deploy,

Azure Pipeline free for open source projects in Github public or private repo
https://github.com/marketplace/azure-pipelines

Azure DevOps Public Project is a organization-level setting

Storing Files in Git:

  • Don’t commit the binaries (especially big ones), logs, tracing output or diagnostic data
  • Use a package management system for library files, DLL and other dependent files

Git Large File Storage (LFS) :
An open source Git extension for versioning large files
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server like GitHub.com or GitHub Enterprise.
CLI : https://git-lfs.github.com/

Concepts of pipeline in DevOps

  • Build automation and Continuous Integration
  • Test automation
  • Deployment automation
  • Your Pipeline needs platform provisioning and configuration management
  • Orchestrating it all : Release and Pipeline Orchestration

Azure Pipelines combines continuous integration (CI) and continuous delivery (CD)

An Artifact is a collection of files and packages published by a build. Artifacts are made available to subsequent tasks, such as distribution or deployment

Concurrent Pipelines (Parallel Jobs)
https://docs.microsoft.com/en-us/azure/devops/pipelines/licensing/concurrent-jobs-vsts

— Implement a mobile DevOps strategy —

CI/CD DevOps Pipeline for mobile apps and services <== you must watch it !
https://azure.microsoft.com/pt-br/resources/videos/connect-2017-ci-cd-devops-pipeline-for-mobile-apps-and-services/

Deploy Azure DevOps Builds with App Center
https://docs.microsoft.com/en-us/appcenter/distribution/vsts-deploy

Using Azure DevOps for UI Testing
https://docs.microsoft.com/en-us/appcenter/test-cloud/vsts-plugin

Code signing for iOS
https://docs.microsoft.com/en-us/appcenter/build/ios/code-signing

Automating Selenium Tests in Azure Pipelines
https://www.azuredevopslabs.com/labs/vstsextend/selenium/

— Managing application configuration and secrets —

Implement a secure and compliant development process
Learn how to add continuous security validation to your CI/CD pipeline
https://docs.microsoft.com/en-us/azure/devops/migrate/security-validation-cicd-pipeline?view=azure-devops

Implement general (non-secret) configuration data
External Configuration Store pattern
https://docs.microsoft.com/en-us/azure/architecture/patterns/external-configuration-store

Manage secrets, tokens, and certificates
Use Azure Key Vault secrets in your CI build https://www.youtube.com/watch?v=jAJO3jE9qek
Azure Key Vault task
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-key-vault?view=azure-devops
Using secret in a Pipeline
https://www.azuredevopslabs.com/labs/vstsextend/azurekeyvault/
Variable Groups
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml
https://mrdevops.io/introducing-azure-key-vault-to-kubernetes-931f82364354
https://github.com/SparebankenVest/azure-key-vault-to-kubernetes

Implement tools for managing security and compliance in the pipeline
https://docs.microsoft.com/en-us/azure/devops/migrate/security-validation-cicd-pipeline?view=azure-devops#ci-continuous-integration
https://blogs.msdn.microsoft.com/secdevblog/2016/03/30/roslyn-diagnostics-security-analyzers-overview/
https://www.checkmarx.com/
https://github.com/Microsoft/binskim
Scanning 3rd party packages for vulnerabilities and OSS license usage :
https://www.whitesourcesoftware.com/
https://blogs.msdn.microsoft.com/visualstudioalmrangers/2017/06/08/manage-your-open-source-usage-and-security-as-reported-by-your-cicd-pipeline/
OWASP ZAP : https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Performing a Pen Test after each Deployment using OWASP ZAP, Azure Container Instances, and Azure DevOps
https://www.deliveron.com/blog/performing-a-pen-test-after-each-deployment-using-owasp-zap-azure-container-instances-and-azure-devops/
OWASP Zed Attack Proxy Scan
https://marketplace.visualstudio.com/items?itemName=kasunkodagoda.owasp-zap-scan
Threat Modeling
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling?SilentAuth=1
Azure Key Vault
https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates
https://www.synopsys.com/blogs/software-security/protecting-keys-and-secrets-in-microsoft-azure/

Module 3 – Implement Continuous Integration (10-15%)

— Manage code quality and security policies —

From “Technical debt” to “Technical decision”
https://startups.microsoft.com/en-us/blog/from-technical-debt-to-technical-decision/

Let’s talk about Technical Debt
https://devblogs.microsoft.com/premier-developer/lets-talk-about-technical-debt/

SonarCloud
https://sonarcloud.io/about

CICD for Automation Testers -13.4. SonarCloud setup – Cloud SonarQube version
https://www.youtube.com/watch?v=RLDo_54w0tc

Useful Tasks in Azure DevOps (includes SonarCloud)
https://www.youtube.com/watch?v=8dETmUcAl8w

ndepend
https://www.ndepend.com/

resharper
https://www.jetbrains.com/resharper/

What is a pipeline ?
https://devops.com/continuous-delivery-pipeline/

Building and Deploying your Code with Azure Pipelines
https://www.youtube.com/watch?v=NuYDAs3kNV8

Builds Pipelines in Azure DevOps : defined in YAML file or using Visual Designer
Release Pipelines in Azure DevOps : defined using Visual Designer

Azure Pipelines integrate with Azure deployment, on premises or other clouds (AWS, Google Cloud..)

Azure Pipelines
https://docs.microsoft.com/en-us/azure/devops/pipelines/?view=azure-devops

Use Azure Pipelines
https://docs.microsoft.com/en-us/azure/devops/pipelines/get-started/pipelines-get-started?view=azure-devops&tabs=yaml

Create your first pipeline
https://docs.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=tfs-2018-2

/!\ review Azure Pipelines terms
Agent, Artifact, Build, Continuous Delivery, Continuous Integration, Deployment Target, Job, Pipeline, Release, Task, Trigger

Azure DevOps Variables
https://www.synopsys.com/blogs/software-security/protecting-keys-and-secrets-in-microsoft-azure/

Azure Pipelines agents
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops
To build your code or deploy your software using Azure Pipelines you need at least one agent. As you add more code and people, you’ll eventually need more.

  • Microsoft-hosted agent (runs on a VM or in a container)
  • Self-hosted agents (MacOs, Linux, Windows, Docker)
    Azure Pipelines: https://dev.azure.com/{your_organization}/_settings/agentpools
    Agent pools : https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues?view=azure-devops
    default pool is for self-hosted agents, Hosted pool are all other agents

Create your first pipeline
https://docs.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=tfs-2018-2

Configuring CI/CD Pipelines as Code with YAML in Azure DevOps
https://www.azuredevopslabs.com/labs/azuredevops/yaml/

Continuously deploy from a Jenkins build /!\
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/integrate-jenkins-pipelines-cicd?view=azure-devops&tabs=yaml

Configuring a CD pipeline for your Jenkins CI /!\
https://www.azuredevopslabs.com/labs/vstsextend/jenkins/

Integrate Your GitHub Projects With Azure Pipelines
https://www.azuredevopslabs.com/labs/azuredevops/github-integration/

Build, test, and push Docker container apps ==> A must do !
https://docs.microsoft.com/en-us/azure/devops/pipelines/languages/docker?view=azure-devops

Use Docker multi-stage builds /!\
https://docs.docker.com/v17.09/engine/userguide/eng-image/multistage-build/

Deploy to an Azure Web App for Containers
https://docs.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-docker-webapp?view=azure-devops

Deploy a Docker container app to Azure Kubernetes Service
https://docs.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-aks?view=azure-devops

Deploying a Multi-container application to Azure Kubernetes Service – https://www.azuredevopslabs.com/labs/vstsextend/kubernetes/

Pipeline options for Git repositories
https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/pipeline-options-for-git?view=azure-devops

Module 4 – Implement continuous delivery (10-15%)

Release approvals and gates overview
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/?view=azure-devops

Release deployment control using gates
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates?view=azure-devops

YAML Release Pipelines in Azure DevOps
https://www.youtube.com/watch?v=ORy3OeqLZlE

Jenkins
https://jenkins.io

Circle CI
https://circleci.com

Azure DevOps Marketplace
https://marketplace.visualstudio.com

Azure DevOps Agents
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues?view=azure-devops

What is A/B testing ?
https://docs.microsoft.com/en-us/gaming/playfab/features/analytics/ab-testing/

Deployment Strategies Defined
http://blog.itaysk.com/2017/11/20/deployment-strategies-defined

What is canary & dark launching
https://www.functionize.com/blog/what-is-canary-testing-and-dark-launching/

Continuous Delivery and DevOps with Azure DevOps: The Big Picture (excellent content)
https://app.pluralsight.com/library/courses/continuous-delivery-azure-devops-big-picture/table-of-contents

Module 5 – Implement dependency management (5-10%)

Azure Artifacts :

  • Package management
  • Nuget
  • NPM
  • Artifact repo
  • Track usage of external packages
  • Traceability

Package Management with Azure Artifacts
https://www.azuredevopslabs.com/labs/azuredevops/packagemanagement

(Re-)Introducing Azure Artifacts – PRE05 (may 2019)
https://www.youtube.com/watch?v=M9KU0k_HRA0&list=PLlrxD0HtieHgspNIlv1x2H5_cxSRm7B17&index=14&t=0s

Whitesource Bolt
https://marketplace.visualstudio.com/items?itemName=whitesource.ws-bolt

https://bolt.whitesourcesoftware.com/azure/faq/

Module 6 – Implement application infrastructure (15-20%)

— Implement infrastructure as code (IaC) —

Nested ARM Templates: Modularity and Reuse
https://dzone.com/articles/cloud-vs-on-premise-software-deployment-whats-righ

Understand the structure and syntax of Azure Resource Manager templates
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates

Using linked and nested templates when deploying Azure resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-linked-templates

Use Azure Key Vault to pass secure parameter value during deployment
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter

Terraform with Azure
https://www.terraform.io/docs/providers/azurerm/index.html

Using Ansible on Azure
https://docs.microsoft.com/en-us/azure/ansible/ansible-overview

Ansible module for Azure
https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.html#azure

Automating Infrastructure Deployments in the Cloud with Ansible and Azure Pipelines
https://www.azuredevopslabs.com/labs/vstsextend/ansible/

—Manage Azure Kubernetes Service infrastructure —

Provisionning Azure Kubernetes Services
with Azure CLI : https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-create
with PowerShell : https://docs.microsoft.com/en-us/powershell/module/azurerm.aks/New-AzureRmAks?view=azurermps-6.13.0
with ARM template : https://azure.microsoft.com/en-us/resources/templates/101-aks/
with Ansible : https://docs.ansible.com/ansible/latest/modules/azure_rm_aks_module.html#azure-rm-aks-module
with Terraform : https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html

Deploy workload on Kubernetes
https://kubernetes.io/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/

Deploy, Scale And Upgrade An Application On Kubernetes With Helm
https://docs.bitnami.com/kubernetes/how-to/deploy-application-kubernetes-helm/

Scaling options for applications in Azure Kubernetes Service (AKS)
https://docs.microsoft.com/en-us/azure/aks/concepts-scale

— Implement infrastructure compliance and security —

Automate resources in your datacenter or cloud by using Hybrid Runbook Worker
https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker

Integrate with service hooks
https://docs.microsoft.com/en-us/azure/devops/service-hooks/overview?view=azure-devops

Azure DevOps Access levels
https://docs.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=azure-devops

Module 7 – Implement continuous feedback (10-15%)

Azure Board

  • Works items (bug, feature, task…)
  • Traceability
  • Planning
  • Backlog (list ordered by priorities)
  • Sprint
  • Kanban
  • Queries

Similar solutions like Azure Board : TrelloJira

Azure Test Plans

  • Planned and exploratory testing solution
  • Capture rich data
  • Test across web and desktop
  • Get end-to-end traceability

App Insights Metrics Dashboard
https://docs.microsoft.com/en-us/azure/azure-monitor/app/overview-dashboard

Monitor the availability of any website
https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability

Dashboards, Charts, Reports, & Widgets
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/?view=azure-devops

Configure a Burndown or Burnup widget
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/configure-burndown-burnup-widgets?view=azure-devops

Lead time and cycle time widgets
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/cycle-time-and-lead-time?view=azure-devops

Configure the Velocity widget
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/team-velocity?view=azure-devops

Teams & Azure DevOps integration
https://azuredevopslabs.com/labs/vsts/teams

Feature flag driven environment
http://blog.launchdarkly.com/feature-flag-driven-development/

Feature Flag Management with LaunchDarkly and AzureDevOps
https://www.azuredevopslabs.com/labs/vstsextend/launchdarkly

Uservoice Azure DevOps integration
https://feedback.uservoice.com/knowledgebase/articles/363410-vsts-azure-devops-integration

Release Gates
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates?view=vsts

A good incident postmortem
https://blogs.msdn.microsoft.com/bharry/2018/03/02/a-good-incident-postmortem/

Our DevOps Journey
https://stories.visualstudio.com/devops/

Additional great resources to prepare AZ 400

Azure DevOps labs (a big bunch of Azure DevOps labs)
https://azuredevopslabs.com

Azure DevOps Training Workshop 2018 (5 hours &17 minutes of video !!)
https://www.youtube.com/watch?v=6zledVXBvJs

How to Pass the AZ-400 Microsoft Azure DevOps Solutions Exam
https://azurementor.wordpress.com/2018/11/18/how-to-pass-the-az-400-microsoft-azure-devops-solutions-beta-exam

Azure DevOps AZ-400 Exam – Study Notes
https://gregorsuttie.com/2018/10/27/azure-devops-az-400-exam-study-notes/

Be prepared for questions on :

  • Azure Repos
  • TFSVC vs Git
  • Azure DevOps pipelines : Build & Release
  • Jenkins
  • Azure App Center
  • Azure Boards
  • Azure Key Vault
  • Azure Automation + PowerShell DSC
  • Azure Kubernetes Services
  • Docker Containers
  • Azure Resource Manager Templates

Hope this study guide will be useful for you. Don’t hesitate to post a comment or send me a message on Twitter @squastana or on LinkedIn
https://www.linkedin.com/in/stanislasquastana/

Last but not least, don’t forget to spend time on http://microsoft.com/learn where you can find additional materials to prepare your certification.

— Stanislas Quastana —

Free hosting web sites and features -2024

  Interesting  summary about hosting and their offers. I still host my web site https://talash.azurewebsites.net with zero cost on Azure as ...