In the previous article, we discussed how to improve automation for Azure Cloud Environments. A consistent and secure approach for Azure infrastructure deployments is critical. Once we have a stable process and infrastructure templates in the source code repository, it is time to make sure that we have a consistent automation approach for application workloads in our organization.
This article will focus on the most important concepts for maintaining consistency with application workloads in Azure cloud while leveraging automation. This is the approach utilized by Formula5, for these kinds of solutions and challenges with our Modular DevSecOps framework.
Application workloads deployment automation with Azure DevOps and GitHub
DevOps platforms like GitHub or Azure DevOps help with deployment automation to Azure cloud for different kinds of application workloads. Each platform provides comprehensive templates and tools to implement CI/CD pipelines. Let’s talk a little bit about each platform’s specifics when it comes to application workloads deployment.
Azure DevOps: Deployments automation
Azure DevOps supports deployment automation with the concept of Azure Pipelines. They support continuous integration (CI) and continuous delivery (CD) to continuously test, build, and deploy application packages. We accomplish this by defining a pipeline using YAML files. With this approach, we can store Azure Pipelines in the source code repository and track changes to the deployment flows. Inside the Azure Pipelines YAML file, we define how CI/CD flow will work. We define stages, jobs, and tasks responsible for different parts of deployment like building the package, running unit tests, or deploying to the Azure cloud. Here is an example of the pipeline file with a few steps for building web app packages:
jobs: - job: 'Build' displayName: "Build Web API" pool: vmImage: 'VS2017-Win2016' steps: - task: DotNetCoreCLI@2 displayName: Restore NuGet packages inputs: command: 'restore' projects: '**/*.csproj' - task: DotNetCoreCLI@2 displayName: Build project inputs: command: 'build' projects: '**/*.csproj'
All these Azure Pipelines templates can be stored in the source code repository together with the application code:
With such an approach, we can easily track changes and make sure that we can utilize the same set of pipelines across different projects in our organization. However, there is a better way to organize templates to share them between different teams and projects to avoid copy-pasting the same code each time we define a new pipeline. It is possible to keep our core templates with repeatable steps in the dedicated repository in our Azure DevOps organization. This enables the scenario where we have a core pipeline that is utilized by application pipelines defined in other projects. We can simply put the template in a core repository and then refer to it from each application repository.
Here is an example of such an approach. This is the base template in the core repository:
# Repo: Formula5/cloud-center-of-excellence # File name: web-app-build-template.yml - job: 'build-web-app' displayName: "Build Web API" pool: vmImage: 'VS2017-Win2016' steps: - task: DotNetCoreCLI@2 displayName: Restore NuGet packages inputs: command: 'restore' projects: '**/*.csproj' - task: DotNetCoreCLI@2 displayName: Build project inputs: command: 'build' projects: '**/*.csproj'
This is the reference to the above template in another project’s CI/CD pipeline definition:
resources: repositories: - repository: core-org-templates name: Formula5/cloud-center-of-excellence endpoint: f5ServiceConnection jobs: - template: web-app-build-template.yml@core-org-templates
Deployments automation with GitHub
GitHub supports deployment automation with the concept of GitHub Actions. Similarly to Azure DevOps, GitHub provides a great way to create templates with reusable workflows. In the scenario, when for example we have different web applications and we build their packages in the same way, we can define reusable workflow instead of copying and pasting the workflows. GitHub provides the option to decide whether we want to share the workflow among different repositories within our organization.
What is more, GitHub provides composite actions that enable us to combine multiple GitHub actions into a single action that you can then insert into any GitHub workflow. With this approach, we can refactor long YAML workflow files into much smaller files and also use them across different projects within our organization.
GitHub and Azure DevOps automation with Formula5’s DevSecOps modular framework
Now we understand that we can reuse the templates created before, among different projects in our Azure DevOps organization. Based on this approach we created different kinds of reusable templates in our Formula5’s DevSecOps modular framework. Creating Azure DevOps pipelines is not hard but creating a standard set of reusable Azure Pipelines templates that can be shared within our organization can be challenging and time-consuming, especially when we have different kinds of application workloads.
As a part of Modular DevSecOps, we prepared templates (modules) that can be helpful for you at each stage of implementation of Azure DevOps pipelines. Our Modular DevSecOps framework consists of different templates containing definitions for Azure DevOps scripts, jobs, and tasks, so you can use them to extend your current base of templates within your organization.
Similarly to Azure DevOps pipeline templates (modules), as a part of Modular DevSecOps, we prepared templates (modules) that can be helpful for you at each stage of implementation of GitHub Actions Workflows. Our Modular DevSecOps framework consists of different GitHub reusable workflows, so you can use them to extend your current base of templates within your organization.
We have the right process in place when it comes to setting up sharing core templates in Azure DevOps or GitHub, and planning deployments to Azure cloud environments.
Keeping a consistent automation approach can be challenge, and implementing deployment automation can be time-consuming. We understand this so we have developed Formula5’s Modular DevSecOps framework where we focus on templates, tools, and processes to make it easier to start your secure DevOps automation journey.