Merge pull request #29 from nginxinc/zaowang/add-azure-pipeline-repo

added azure_pipeline in this repo

Author: zaowang-ms

.github/workflows/azure-pipeline-build.yml

@@ -0,0 +1,37 @@
+name: Build and Release for Azure Pipeline
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v2
+      with:
+        node-version: '14'
+
+    - name: Install dependencies and build
+      run: |
+        cd ./azure-pipeline/src
+        npm install
+        cd ..
+
+    - name: Install tfx-cli
+      run: |
+        npm install -g tfx-cli
+
+    - name: Create extension
+      run: |
+        tfx extension create --manifest-globs vss-extension.json
+
+    - name: Upload VSIX file
+      uses: actions/upload-artifact@v2
+      with:
+        name: VSIX file
+        path: ./azure-pipeline/*.vsix

azure-pipeline/.gitignore

@@ -0,0 +1,4 @@
+node_modules
+dist
+package-lock.json
+coverage

azure-pipeline/example.yml

@@ -0,0 +1,16 @@
+trigger:
+- main
+
+pool:
+  vmImage: ubuntu-latest
+
+steps:  
+- task: nginx-config-push@0
+  inputs:
+    serviceConnectionName: '(Enter the name of the service connection to Azure)'
+    resourceGroupName: '(Enter the name of the Azure resource group of the deployment)'
+    subscriptionId: '(Enter the Azure subscription ID of the deployment)'
+    deploymentName: '(Enter the name for this deployment)'
+    configDirectoryInRepo: '(Enter the relative path to the Nginx configuration directory in the repository)'
+    configDirectoryInDeployment: '(Enter the target path for the Nginx configuration directory in the deployment environment, e.g., /etc/nginx)'
+    rootConfigFileName: '(Enter the name of the root configuration file and make sure it is in the config directory. e.g., nginx.conf)'

azure-pipeline/images/extension-icon.png

@@ -0,0 +1,8 @@
+module.exports = {
+  roots: ['<rootDir>/src'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest',
+  },
+  testRegex: '(/__tests__/.*|(\\.|/)(test|spec))\\.tsx?$',
+  moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx', 'json', 'node'],
+};

azure-pipeline/images/readme-guidline-01.png

@@ -0,0 +1,33 @@
+{
+  "name": "nginx-for-azure-config-sync",
+  "version": "2.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "start": "tsc && node src/dist/index.js",
+    "test": "jest src/test --verbose --coverage"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "@azure/identity": "^2.1.0",
+    "@types/tar": "^6.1.1",
+    "axios": "^0.27.2",
+    "azure-pipelines-task-lib": "^4.0.0-preview",
+    "fs-extra": "^10.1.0",
+    "gunzip-maybe": "^1.4.2",
+    "tar": "^6.1.11",
+    "tar-fs": "^2.1.1"
+  },
+  "devDependencies": {
+    "@types/gunzip-maybe": "^1.4.0",
+    "@types/jest": "^29.5.3",
+    "@types/mocha": "^9.1.1",
+    "@types/node": "^18.0.4",
+    "@types/q": "^1.5.5",
+    "jest": "^29.6.2",
+    "sync-request": "^6.1.0",
+    "ts-jest": "^29.1.1"
+  }
+}

azure-pipeline/images/readme-guidline-02.png

@@ -0,0 +1,94 @@
+# Azure Pipeline task: NGINX for Azure Configuration Push
+
+## Overview
+
+This is a customed Azure pipeline task that automates the process of synchronizing NGINX configuration files. With this pipeline, the configuration files that are stored and managed in Azure DevOps or GitHub repositories can now be automatically packaged and uploaded to NGINX for Azure deployments.
+
+When creating and updating the configuration of a NGINX for Azure deployment, an automated pipeline task would be very helpful. There are three main advantages of a pipeline task compared to a manual updation:
+
+##### 1. Automation.
+
+A pipeline task can be triggered immediately if designated NGINX coniguration files have changes. This would increase effectiveness when there are frequent modifications and updates.
+
+##### 2. Version control.
+
+NGINX configuration files could be stored in GitHub or Azure DevOps repositories. In this way, all configure changes would be able to be traced and rolled back if there is a mistake.
+
+##### 3. Security.
+Pipelines are running in secured and reliable agents, where data is transmitted within Azure services, hence reduced unnecessary data distribution and delivery.
+
+NGINX for Azure currently supports both **GitHub Action** pipeline and **Azure DevOps** pipeline task. While there are some authentication and repository supporting difference, the purpose and functionality of the two pipelines have no essential distinction. For details on GitHub Action pipeline, please check out NGINX for Azure Deployment Action for more details. For Azure DevOps pipeline task, please follow the instructions below.
+
+### Pipeline Task Set-up Guideline
+
+Basically, all that the pipeline task needed is a .yml task written as follows,
+
+```yaml
+# example.yml
+
+trigger:
+- main
+
+pool:
+  vmImage: ubuntu-latest
+
+steps:  
+- task: nginx-config-push@0
+  inputs:
+    serviceConnectionName: '(Enter the name of the service connection to Azure)'
+    resourceGroupName: '(Enter the name of the Azure resource group of the deployment)'
+    subscriptionId: '(Enter the Azure subscription ID of the deployment)'
+    deploymentName: '(Enter the name for this deployment)'
+    configDirectoryInRepo: '(Enter the relative path to the Nginx configuration directory in the repository)'
+    configDirectoryInDeployment: '(Enter the target path for the Nginx configuration directory in the deployment environment, e.g., /etc/nginx/)'
+    rootConfigFileName: '(Enter the name of the root configuration file and make sure it is in the config directory. e.g., nginx.conf)'
+
+```
+ 
+What is needed right now is to get values of the needed variables with following steps:
+
+
+##### 1. Get your NGINX configuration file ready in the repository.
+
+Upload your NGINX configuration files onto any folder of your Azure DevOps repository. Then update the ‘configDirectoryInRepo’ to the path of the configuration folder in your repository. 
+
+![Image](images/readme-guidline-01.png)
+
+ 
+##### 2. Make sure your NGINX for Azure deployment is working properly.
+
+Deploy a NGINX for Azure resource. See Deploy NGINX for Azure | NGINX for Azure Docs. Once your deployment is ready, you will be able to fill in the “resourceGroupName”, “subscriptionId” and the “deploymentName” variable from the portal overview board.
+
+![Image](images/readme-guidline-02.png)
+ 
+
+
+##### 3. Create a service connetion and grant permission for the pipeline.
+
+This part would require a little bit more work to set up.
+A service connection gives you access to resources in your Azure subscription from your Azure DevOps project.
+1.	In Azure DevOps, go to the project that contains your target pipeline. In the lower-left corner, select Project settings.
+2.	Under Pipelines, select Service connections. In the upper-right corner, select New service connection.
+3.	In New service connection, select Azure Resource Manager.
+ 
+![Image](images/readme-guidline-03.png)
+
+4.	In the Authentication method dialog, select Service principal (automatic) to create a new service principal or select Service principal (manual) to use an existing service principal.
+5.	Enter your subscription and resource and a name for your service connection.
+
+Also, you may need to assign a proper role assignment to the service connection so that our pipeline can access NGINX for azure deployments. You can add Contributor as your role assignment to this service connection.
+
+![Image](images/readme-guidline-04.png)
+ 
+
+Go back to the Azure DevOps project settings and click into the “service connection” tab. Remember the name displayed in the service connections list. This will be the value of ‘serciveConnectionName’ in the .yml file.
+
+![Image](images/readme-guidline-05.png)
+ 
+
+##### 4. Install the pipeline task and fill all the needed variables into the .yml file on Azure DevOps.
+
+Go to marketplace and search our pipeline task. Once you have the extension installed on your Azure DevOps organization, you will be able to create a pipeline task with the stated .yml file template and use our customized task conveniently. You can also use text editor of the pipeline to utilize a simple UI of this pipeline task.
+
+
+That's it! Once you have all the above settings done and a pipeline created on the Azure DevOps, your NGINX configuration will be automatically updated to your designated NGINX for Azure deployment resource once you have any changes to the files in the repository and the pipeline is triggered. 

azure-pipeline/images/readme-guidline-03.png

@@ -0,0 +1,130 @@
+import taskLib = require('azure-pipelines-task-lib/task');
+import { AxiosRequestConfig  } from "axios";
+import { updateUserConfig } from './utils/api';
+import {
+    API_VERSION,
+    SCOPE,
+    OUTPUT_PATH,
+    INPUT,
+} from './utils/constants';
+import {
+    FileHandler,
+} from './utils/file-handler';
+import {
+    validatedEnvVar,
+    validatedAuthParams,
+} from './utils/validation';
+import { 
+    ClientSecretCredential,
+    AuthenticationError,
+} from '@azure/identity';
+import { info } from 'console';
+
+/**
+ * Class ConfigUpdater is responsible for updating the Nginx configuration.
+ * It provides methods to authenticate, compress, and upload user-specific configurations
+ * using Azure identity and other utilities.
+*/
+class ConfigUpdater {
+
+    private f = new FileHandler;
+
+    /**
+     * Retrieves the authorization token for later authentication by using Azure identity.
+     * @returns {Promise<any>} The authorization token.
+     * @throws {Error} If the authorization parameters validation fails.
+     * @throws {AuthenticationError} If the access token fetch fails.
+    */
+    private getAuthorizationTokenFromKey = async (
+        tenantID: string,
+        clientID: string,
+        servicePrincipalKey: string
+    ) => {
+        try {
+            const clientSecretCredential: ClientSecretCredential = new ClientSecretCredential(
+                tenantID, clientID, servicePrincipalKey
+            );
+            const accessToken = await clientSecretCredential.getToken(SCOPE);
+            if (!accessToken) {
+                throw new AuthenticationError(0, {
+                    error: 'Access token fetch failed'
+                });
+            }
+            return accessToken;
+        } catch (e) {
+            throw new Error("Authorization parameters validation failed");   
+        }
+    }
+
+    /**
+     * Compresses the configuration file folder and prepares it for sending to the backend.
+     * @returns {Promise<Object>} An object containing properties related to the compressed file.
+     */
+    private getConvertedFileObject = async () => {
+        const file = await this.f.compressFile(
+            validatedEnvVar(INPUT.source),
+            validatedEnvVar(INPUT.target),
+            OUTPUT_PATH,
+        );
+        return {
+            properties: {
+                rootFile: `${validatedEnvVar(INPUT.target)}/${validatedEnvVar(INPUT.rootFile)}`.replace(/\/\/+/g, '/'),
+                package: {
+                    data: this.f.convertFileToBase64String(file),
+                }
+            }
+        };
+    }
+
+    /**
+     * Constructs the request configuration, including the bearer token from the user's input.
+     * @returns {Promise<AxiosRequestConfig>} The request configuration.
+     */
+    private getRequestConfig = async () => {
+        const token = await this.getAuthorizationTokenFromKey(
+            validatedAuthParams('tenantid'),
+            validatedAuthParams('servicePrincipalId'),
+            validatedAuthParams('servicePrincipalKey'),
+        );
+        const config: AxiosRequestConfig = { headers: {
+            Authorization: `Bearer ${token.token}`,
+        }}
+        return config;
+    }
+
+    /**
+     * Constructs the required parameters for the uploading API request.
+     * @returns {Object} An object containing the required parameters for the request,
+     * including subscription ID, resource group name, deployment name, and API version.
+     */
+    private getRequestResource = () => {
+        return {
+            subscriptionId: validatedEnvVar(INPUT.subscription),
+            resourceGroupName: validatedEnvVar(INPUT.resource),
+            deploymentName: validatedEnvVar(INPUT.deployment),
+            apiVersion: API_VERSION,
+        }
+    }
+
+    /**
+     * Main function to compress the file, retrieve authentication info, and call the API to update the Nginx configuration.
+     * @throws {Error} If the Nginx configuration uploading fails.
+    */
+    updateNginxConfig = async () => {
+        console.log('updateNginxConfig...')
+        try {
+            const res = await updateUserConfig(
+                this.getRequestResource(),
+                await this.getConvertedFileObject(),
+                await this.getRequestConfig(),
+            );
+            console.log('Nginx config successfully uploaded!');
+        } catch (error) {
+            taskLib.setResult(taskLib.TaskResult.Failed, error as any);
+            throw new Error("Nginx config uploading failed!"); 
+        }
+    };
+}
+
+const updater = new ConfigUpdater();
+updater.updateNginxConfig();