Skip to content

DevEx Pipeline Templates

Another pain point for developers is the plethora of Azure Pipeline templates across the various projects within MDTProductDevelopment. The goal of the PipelineTemplates repository is to consolidate those templates, and maybe rework them, into something more manageable. It's on the roadmap, but it's not the highest priority right now. That being said, there are some templates already available, and you can see them in example pipelines.

Getting Started

In order to use any of these templates, you must first include the repository at the root of you pipelines file, like so:

resources:
  repositories:
    - repository: dev-ex
      type: git
      name: developer-experience/PipelineTemplates
      ref: main

stages:
  ...

AWS

IAM Assume-Role

The aws/iam_assume_role.yaml template is designed to provide an easy way for Agents to get credentials to perform tasks they otherwise wouldn't have permissions to do. Follow these steps to get it working in your pipeline:

  1. Create an IAM Role with the permissions you need, and include this statement in that role's trust policy, so the agents can assume your role:

    json { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::ACCOUNT_ID:root" }, "Action": "sts:AssumeRole", "Condition": { "ForAnyValue:StringLike": { "aws:PrincipalArn": "arn:aws:iam::ACCOUNT_ID:role/GlobalAgentRole-*" } } }

    NOTE: Replace ACCOUNT_ID with the requisite AWS Account Number. Use 895940838762 for CRM-Linux-US, and 050061447862 for CRM-Linux-US-Ltprod

  2. Add the template as a Step in a Job before the step where you need cred:

    yaml job: job0 steps: - template: aws/iam_assume_role.yaml@dev-ex parameters: RoleArn: arn:aws:iam::0123456789:role/MyTestRole SessionName: MyTestSession - bash: ./my_bash_script.sh # Runs with creds from MyTestRole

  3. (OPTIONAL) Persist creds for all jobs across an entire stage:

    yaml stages: - stage: stage0 jobs: - job: job0 steps: - template: aws/iam_assume_role.yaml@dev-ex parameters: RoleArn: arn:aws:iam::0123456789:role/MyOtherTestRole SessionName: MyOtherTestSession PersistForStage: true - bash: ./my_other_script.sh # Runs with creds from assumed role, persists across stage. - job: job1 dependsOn: job0 variables: AWS_ACCESS_KEY_ID: $[ dependencies.job0.outputs['setVariable.AWS_ACCESS_KEY_ID'] ] AWS_SECRET_ACCESS_KEY: $[ dependencies.job0.outputs['setVariable.AWS_SECRET_ACCESS_KEY'] ] AWS_SESSION_TOKEN: $[ dependencies.job0.outputs['setVariable.AWS_SESSION_TOKEN'] ] steps: - bash: ./my_last_script.sh # Runs with creds assumed from job0

NOTE: You must set PersistForStage to true when assuming the role, and you must include the variables: for AWS credentials to use the creds in each subsequent job.

NodeJs

NodeJS versions are managed by NVM (Node Version Manager). This allows us to use multiple versions of Node on the same machine without working about collisions or overwrites.

NPM Run Commands

In order to use Node versions that are pre-installed on the Linux agents, or to use another version of Node that isn't already installed, you must use this template. The usage is fairly straight forward. Just use this as a step where you want to run any node/npm commands:

steps:
  - template: node/npm_run_commands.yaml@dev-ex
    parameters:
      NodeVersion: 18
      NpmCommands: |
        npm install cdktf-cli@0.15.5
        export PATH="$PATH:$AGENT_WORKFOLDER/node_modules/.bin"
        cdktf init

The above example would set up Node 18 (installing it if it didn't exist) and then run the commands as written.

NOTE: If you want to install any other tools (yarn, angular, etc.) and access them from the command line like the cdktf example above, you must add $AGENT_WORKFOLDER/node_modules/.bin to your PATH like in the example.

You can even include a DisplayName: in the parameters: to add more custom verbosity to your pipelines, but it's not required.