Devops Archives - GeralexGR

Posted on September 28, 2023September 28, 2023 by geralexgr — Leave a comment

Publish coverage report on SonarQube for dotnet test

When you create coverage reports for your .NET projects you have the ability to use the native logger mechanism in order to export a trx report with your results.

An example of this native functionality can be found below as the logger parameter is used along with dotnet test.

dotnet test keyvault.sln  --logger "trx;logfilename=mytests.trx"

However if you try to upload this trx file in a sonarqube in order to get your coverage report result, this will fail with the below error message.

Error message:

WARN: Could not import coverage report ‘.\Keyvault_MI_Pod\Tests\TestProject1\TestResults\mytests.trx’ because ‘Only dotCover HTML reports which start with “” are supported.’. Troubleshooting guide: https://community.sonarsource.com/t/37151

Using the below sonarqube documentation page you will find all the available methods that are supported for the coverage reporting. When you need to upload your coverage results in sonarqube you will need to use a tool from the list and upload the file that this tool generates.

.NET test coverage (sonarsource.com)

In my case I will use dotCover and create the relevant report file.

In the teamcity task (begin analysis) you will need to add in the additional parameters where you export your report.

Then in the pipeline you will need to add the dotnet test task as shown from the documentation.

dotnet dotcover test --dcReportType-HTML

In the finish task you will see the coverage report type is now compatible and can be parsed from sonarqube.

Finally you will have your coverage report inside sonarqube.

Posted on September 14, 2023September 14, 2023 by geralexgr — Leave a comment

Access Managed Identity from container inside VM – Azure

Managed identity is the best practice regarding security when accessing resources on Azure. There are many ways you can use it for service to service communication. Sometimes though you can use nested managed identity in more complex scenarios like the one demonstrated below. In this guide we will enable managed identity on a virtual machine and we will access this managed identity within a container that runs on that specific virtual machine. This case can be useful in complex deployment scenarios where you have multiple containers inside a virtual machine and you want to deploy using managed identity on azure.

The first thing you will need is the system assigned managed identity on the virtual machine.

Then you can run your containers inside the virtual machine. In my case the containers are windows based as a result I will use the route print command to show the routing table.

Run the following Commands to expose the managed identity endpoint

$gateway = (Get-NetRoute | Where { $_.DestinationPrefix -eq '0.0.0.0/0' } | Sort-Object RouteMetric | Select NextHop).NextHop

$ifIndex = (Get-NetAdapter -InterfaceDescription "Hyper-V Virtual Ethernet*" | Sort-Object | Select ifIndex).ifIndex

New-NetRoute -DestinationPrefix 169.254.169.254/32 -InterfaceIndex $ifIndex -NextHop $gateway -PolicyStore ActiveStore # metadata API

After the successful add of the route the managed identity endpoint should be redirected in the gateway and from there you will be able to authenticate.

We can verify the procedure by executing a key vault managed identity secret retrieval.

$token = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Headers @{Metadata="true"} -UseBasicParsing
$tokenvalue = ($token.Content | ConvertFrom-Json).access_token

Retrieve secret:

Invoke-WebRequest -Uri "https://test.vault.azure.net/secrets/testsecret/d9ce520dfdfdf4bdc9a41f5572069708c?api-version=7.3" -Headers @{Authorization = "Bearer $tokenvalue"} -UseBasicParsing

At last you can login using Managed Identity from the container using the powershell module.

References:

Co authored with Giannis Anastasiou @ Vivawallet

Posted on September 1, 2023September 1, 2023 by geralexgr — Leave a comment

Integrate SonarQube with Teamcity

Sonarqube is a self-managed, automatic code review tool that systematically helps you deliver clean code. SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. In this article we will examine how to integrate it with Teamcity in order to scan our workflows during build.

First you will need to install the sonar runner for your teamcity installation. You should go in the administration tab

and then plugins

Then browse plugin directory and install the sonar runner.

After that you should go in root project and integrate sonar tool with teamcity.

Press add a new server and provide Name, URL and the Token. Token can be retrieved from your sonar installation. Under Administration select security and create a new token with an expiry date.

Finally you can create a new build definition and use the sonar scanner plugin.

Posted on July 25, 2023July 25, 2023 by geralexgr — Leave a comment

Tasks, jobs, stages templates combined for Azure DevOps

In this article we will examine the power of templates for Azure DevOps pipelines. Templates let you define reusable content, logic, and parameters and function in two ways. You can insert reusable content with a template or you can use a template to control what is allowed in a pipeline.

When you build complex automation scenarios for your organizations, you will need to use stages, jobs and tasks as they would contain multiple environments and configuration settings.

You can find some of the reasons why you would need to follow this approach on my previous article

Azure DevOps best practices – jobs and stages

In this article we will examine a azure devops pipeline which contains stages, jobs and tasks. Those will be created inside templates and they will be called from the main pipeline. A high level view of the architecture can be found in the below picture.

My code structure is shown below. There is a folder for the appropriate templates and a main pipeline which is located in another folder and will refer the templates folder.

stage.yml
The stage.yml file will contain the template code for the stages. It has as parameter the name which will be given in the stage.

parameters:
  name: ''

stages:

- stage: ${{ parameters.name }}
  jobs:    
  - template: job.yml
    parameters:
      name: ${{ parameters.name }}_build_job

job.yml
The job.yml file will contain the template code for the jobs. It has as parameter the name which will be given in the job and also a variable sign which will indicate if a task will be executed.

parameters:
  name: ''
  sign: false

jobs:

- job: ${{ parameters.name }}
  displayName: running ${{ parameters.name }} 
  steps:

  - template: step.yml
    parameters:
      name: task1

  - ${{ if eq(parameters.sign, 'true') }}:
    - script: echo sign is requested
      displayName: sign task

step.yml
The step.yml file will contain the template code for the steps. It has as parameter the name which will be given in the task.

parameters:
  name: ''

steps:

- script: echo ${{ parameters.name }}
  displayName: running  ${{ parameters.name }}

main.yml
The main.yml file is the main reference of the pipeline and the one that will be called. If you need to add more stages on it, you would only have to add another -template section under the stages.

trigger:
- none

variables:
- template: templates/vars.yml  
pool:
  vmImage: $(myagent)

stages:
- template: templates/stage.yml  
  parameters:
    name: "App_Env1"

By executing the pipeline we can locate that we have one stage that is not visible (as it is the only one) and under this stage a job has been created for the task1 which we added on our template.

Find more about azure devops templates on my Udemy course:

Mastering Azure Devops CI/CD Pipelines with YAML | Udemy