adding azdo pipelines

damienjburks · damienjburks · commit 59fcd7ac7a2a · 2025-08-19T23:06:24.000-05:00
diff --git a/.azdo-pipelines/azure-pipelines.yml b/.azdo-pipelines/azure-pipelines.yml
@@ -0,0 +1,40 @@
+### Manual workflow triggers are built-in to the pipeline
+### No need for the workflow_dispatch trigger like in GitHub Actions
+## This is the main pipeline file
+## This file is used to call all the other templates
+variables:
+  - group: Infrastructure Pipeline Variables 
+  - name: ACR_SERVICE_CONNECTION
+  - name: image_repo
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+stages:
+  - stage: build_image
+    displayName: 'Build Docker Image'
+    jobs:
+      - template: "pipeline_templates/build-image.yml"
+
+  - stage: lint_formating
+    displayName: 'Lint and Format'
+    jobs:
+      - template: pipeline_templates/linting.yml
+        parameters:
+          python_version: '3.12.6'
+
+
+  - stage: unit_and_security_testing
+    displayName: 'Unit security testing'
+    jobs:
+      - template: "pipeline_templates/unit-sec-scan.yml"
+
+
+  - stage: push_image
+    displayName: 'Push Docker Image'
+    jobs:
+      - template: "pipeline_templates/push-image.yml"
+
+
+
+               
diff --git a/.azdo-pipelines/pipeline_templates/build-image.yml b/.azdo-pipelines/pipeline_templates/build-image.yml
@@ -0,0 +1,19 @@
+## Build Docker Image
+# parameters:
+#   - name: imageName
+#     type: string
+#     default: 'awesome-fastapi'
+
+
+
+jobs:
+  - job:
+    steps:
+      - checkout: self
+        displayName: 'Checkout repo'
+     
+      - script: |
+          echo "Building Docker image..."
+          docker build -t awesome-fastapi:$(Build.SourceVersion).
+        displayName: 'Build Docker Image'
+
diff --git a/.azdo-pipelines/pipeline_templates/linting.yml b/.azdo-pipelines/pipeline_templates/linting.yml
@@ -0,0 +1,37 @@
+
+  ### Linting and Formatting checks
+parameters:
+  - name: python_version
+    type: string
+    default: '3.12.6'
+
+jobs:
+  - job: lint_formating
+    displayName: 'Lint and Format'
+    pool:
+      vmImage: 'ubuntu-latest'
+    steps:
+      - checkout: self
+
+      - task: UsePythonVersion@0
+        inputs:
+          versionSpec: ${{ parameters.python_version }}
+
+      - script: |
+          echo "Installing dependencies..."
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - script: |
+          echo "Running pylint..."
+          pylint .
+
+      - script: |
+          echo "Running black..."
+          black --check .
+
+
+# /.azdo-pipelines/pipeline_templates/linting.yml (Line: 8, Col: 1): While parsing a block mapping, did not find expected key. == "SyntaxError: while parsing a block mapping"
+
+# /.azdo-pipelines/pipeline_templates/linting.yml (Line: 15, Col: 25): A sequence was not expected == ' I did not need the matric and stratgey when using parameters in the template file. I should have used 'parameters' instead of 'matrix' and 'strategy'.'
+# /.azdo-pipelines/azure-pipelines.yml (Line: 20, Col: 26): Unexpected parameter 'pythonVersion' == "pythonVersion in the main yaml file was not matching with the one in the template file. It should be 'python-version' instead of 'pythonVersion'."
diff --git a/.azdo-pipelines/pipeline_templates/push-image.yml b/.azdo-pipelines/pipeline_templates/push-image.yml
@@ -0,0 +1,27 @@
+
+jobs:
+  - job: push_image
+    displayName: 'Build and Push Docker Image'
+    pool:
+      vmImage: 'ubuntu-latest'
+    steps:
+      - checkout: self
+        displayName: 'Checkout repo'
+### Push the Docker image to Azure Container Registry ### 
+      - task: Docker@2
+        displayName: 'Build and Push Docker Image to ACR'
+        inputs:
+            command: buildAndPush
+            containerRegistry: $(ACR_SERVICE_CONNECTION)  # name of your ADO service connection to ACR  
+            repository: $(image_repo)                # e.g. myacr.azurecr.io/myapp
+            dockerfile: $(src/Dockerfile)                # e.g. src/Dockerfile
+            tags: |
+              latest
+              $(Build.BuildId)
+                
+                
+# /.azdo-pipelines/pipeline_templates/push-image.yml (Line: 9, Col: 25): While parsing a block mapping, did not find expected key.
+
+
+# Job push_image: Step input containerRegistry references service connection $(dockerRegistryServiceConnection) which could not be found. The service connection does not exist,
+#  has been disabled or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.
diff --git a/.azdo-pipelines/pipeline_templates/sample-push.yml b/.azdo-pipelines/pipeline_templates/sample-push.yml
@@ -0,0 +1,58 @@
+name: Push Docker Image
+
+
+on:
+    workflow_call:
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  IMAGE_NAME: 'awesome-fastapi'
+
+
+jobs:
+  Push_Image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Set up Docker Buildx
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 
+
+       # Extract metadata (tags, labels) for Docker
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+         images: ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+
+      # Login against a Docker registry 
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      # Build and tag Docker Image    
+      - name: Build Docker Image
+        run: |
+         docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} .
+        
+      - name: Tag Docker Image
+        run: |
+          docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
+          docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing
+
+
+      # Push the Docker image to the registry
+      - name: Push Docker Image to GHCR
+        run: |
+          docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+          docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
+          docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing
diff --git a/.azdo-pipelines/pipeline_templates/unit-sec-scan.yml b/.azdo-pipelines/pipeline_templates/unit-sec-scan.yml
@@ -0,0 +1,98 @@
+
+
+jobs:
+    - job: testing_phase
+      displayName: 'Run unit test'
+      pool:
+        vmImgae: ubuntu-latest
+
+        steps:
+         - checkout: self
+           displayName: 'Checkout repo'
+
+         
+         - script: 
+         - bash:  |
+              echo "installing dependencies..."
+              pip install -r requirements.txt
+           displayName: 'Install dependencies'
+         
+           
+         - script: 
+            echo "running py tests..."
+            pytest test/
+           displayName: 'Run python tests'
+
+    - job: trivy_scan
+      displayName: 'Run Trivy security scanner against the image'
+      pool: 
+        vmImage: ubuntu-latest
+        
+        steps:
+          - checkout: self
+            displayName: 'Checkout repo'
+
+          - script: |
+              echo "Building Docker image..."
+              docker build -t awesome-fastapi:$(Build.SourceVersion).
+            displayName: 'Build Docker Image'
+
+          - task: trivy@2
+            inputs:
+              version: 'latest'
+              type: 'image'
+              image: awesome-fastapi:$(Build.SourceVersion).
+              severities: 'HIGH, CRITICAL'
+              reports: 'sarif'
+              publish: true
+            displayName: 'Run Trivy Vulnerability Scanner'
+            env:
+              GITHUB_TOKEN: $(GITHUB_TOKEN)
+
+    - job: owasp_zap_scan
+      pool:
+        vmImage: ubuntu-latest
+      displayName: 'Run OWASP ZAP security scanner'
+      steps:
+        - checkout: self
+          displayName: 'Checkout repo'
+          
+          # Build and Tag Image
+          # Run Docker Image in detached mode
+        - script: |
+            echo "Building Docker image..."
+            docker build -t awesome-fastapi:$(Build.SourceVersion) .
+            docker run -d -p 8080:80 awesome-fastapi:$(Build.SourceVersion) .
+          displayName: 'Build Docker Image'
+
+        - script: sleep 30
+          displayName: 'Wait for Docker container to be ready'
+
+        - script: docker ps
+          displayName: 'Confirm Docker container is running'
+        - script: |
+             docker run --rm -v $(System.DefaultWorkingDirectory):/zap/wrk/:rw \
+             owasp/zap2docker-stable zap-full-scan.py \
+             -t http://host.docker.internal:8080 \
+             -x zap-report.xml \
+             -r zap-report.html \
+             || true
+          displayName: 'Run OWASP ZAP Security Scanner'
+        ### work in progress
+       #  - task: OwaspZapScan@0
+       #     inputs:
+       #       ZapApiUrl: 'http://localhost:$(ProxyPort)'
+       #       TargetUrl: 'http://0.0.0.0:8080'
+       #       NewContext: true
+       #       zapImageName: 'awesome-fastapi:$(Build.SourceVersion) .'
+       #       ShowContextListConfig: true
+       #       ExecuteAjaxSpiderScan: true
+       #       ExecuteSpiderScan: true
+       #    displayName: 'Run OWASP ZAP Security Scanner
+        - task: PublishTestResults@2
+          inputs:
+            testResultsFormat: 'NUnit'
+            testResultsFiles: '**/zap-full-scan.xml'
+            failIfNoTests: true
+          displayName: 'Publish OWASP ZAP Test Results'
+ 
