lawrencegripper · March 15, 2021 15:08
diff --git a/.Dockerfile b/.Dockerfile
 # Very basic devcontainer, see line 15 copying in build agent start script
 # https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/dotnet/dotnet-core-tools.Dockerfile
 FROM mcr.microsoft.com/azure-functions/dotnet:3.0-dotnet3-core-tools

 # To make it easier for build and release pipelines to run apt-get,
 # configure apt to not require confirmation (assume the -y argument by default)
 ENV DEBIAN_FRONTEND=noninteractive
 RUN echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes

 # Install system tools
 RUN apt-get update \
    && apt-get -y install --no-install-recommends apt-utils nano unzip curl icu-devtools bash-completion jq

 # Add AzureDevops build agent script
 COPY ./buildagentstart.sh .
diff --git a/buildagentstart.sh b/buildagentstart.sh
 #!/bin/bash
 set -e

 # This script comes from the following documentation
 # See https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops

 if [ -z "$AZP_URL" ]; then
  echo 1>&2 "error: missing AZP_URL environment variable"
  exit 1
 fi

 if [ -z "$AZP_TOKEN_FILE" ]; then
  if [ -z "$AZP_TOKEN" ]; then
    echo 1>&2 "error: missing AZP_TOKEN environment variable"
    exit 1
  fi

  mkdir -p /azp/
  AZP_TOKEN_FILE=/azp/.token
  echo -n $AZP_TOKEN > "$AZP_TOKEN_FILE"
 fi

 unset AZP_TOKEN

 if [ -n "$AZP_WORK" ]; then
  mkdir -p "$AZP_WORK"
 fi

 rm -rf /azp/agent
 mkdir /azp/agent
 cd /azp/agent

 export AGENT_ALLOW_RUNASROOT="1"

 cleanup() {
  if [ -e config.sh ]; then
    print_header "Cleanup. Removing Azure Pipelines agent..."

    ./config.sh remove --unattended \
      --auth PAT \
      --token $(cat "$AZP_TOKEN_FILE")
  fi
 }

 print_header() {
  lightcyan='\033[1;36m'
  nocolor='\033[0m'
  echo -e "${lightcyan}$1${nocolor}"
 }

 # Let the agent ignore the token env variables
 export VSO_AGENT_IGNORE=AZP_TOKEN,AZP_TOKEN_FILE

 print_header "1. Determining matching Azure Pipelines agent..."

 AZP_AGENT_RESPONSE=$(curl -LsS \
  -u user:$(cat "$AZP_TOKEN_FILE") \
  -H 'Accept:application/json;api-version=3.0-preview' \
  "$AZP_URL/_apis/distributedtask/packages/agent?platform=linux-x64")

 if echo "$AZP_AGENT_RESPONSE" | jq . >/dev/null 2>&1; then
  AZP_AGENTPACKAGE_URL=$(echo "$AZP_AGENT_RESPONSE" \
    | jq -r '.value | map([.version.major,.version.minor,.version.patch,.downloadUrl]) | sort | .[length-1] | .[3]')
 fi

 if [ -z "$AZP_AGENTPACKAGE_URL" -o "$AZP_AGENTPACKAGE_URL" == "null" ]; then
  echo 1>&2 "error: could not determine a matching Azure Pipelines agent - check that account '$AZP_URL' is correct and the token is valid for that account"
  exit 1
 fi

 print_header "2. Downloading and installing Azure Pipelines agent..."

 curl -LsS $AZP_AGENTPACKAGE_URL | tar -xz & wait $!

 source ./env.sh

 print_header "3. Configuring Azure Pipelines agent..."

 ./config.sh --unattended \
  --agent "${AZP_AGENT_NAME:-$(hostname)}" \
  --url "$AZP_URL" \
  --auth PAT \
  --token $(cat "$AZP_TOKEN_FILE") \
  --pool "${AZP_POOL:-Default}" \
  --work "${AZP_WORK:-_work}" \
  --replace \
  --acceptTeeEula & wait $!

 print_header "4. Running Azure Pipelines agent..."

 trap 'cleanup; exit 130' INT
 trap 'cleanup; exit 143' TERM

 # To be aware of TERM and INT signals call run.sh
 # Running it with the --once flag at the end will shut down the agent after the build is executed
 ./run.sh & wait $!
diff --git a/main.tf b/main.tf

 variable azp_docker_image {
  description = "The docker image to use when running the build agent. This defaults to a build of ./.devcontainer pushed to the ACR container"
  type        = string
  default     = "your_repo_name_here.azurecr.io/devcontainer:buildagent"
 }

 variable azp_token {
  description = "The token used for the azure pipelines build agent to connect to Azure Devops"
  type        = string
  default     = ""
 }

 variable azp_url {
  description = "The url of the Azure Devops instance for the agent to connect to eg: https://dev.azure.com/yourOrg"
  type        = string
  default     = "https://dev.azure.com/your_org_here"
 }

 variable "docker_registry_username" {
  description = "Docker registry to be used for containers"
  default     = "your_repo_name_here"
 }

 variable "docker_registry_password" {
  description = "Docker registry password"
 }

 variable "subnet_id" {
  description = "Azure subnet ID the build agent should be deployed onto"
 }

 variable "docker_registry_url" {
  description = "Docker registry url"
  default     = "your_repo_here.azurecr.io"
 }

 resource "azurerm_resource_group" "env" {
  location = var.resource_group_location
  name     = var.resource_group_name
  tags     = var.tags
 }

 resource "azurerm_network_profile" "buildagent" {
  name                = "acg-profile"
  location            = azurerm_resource_group.env.location
  resource_group_name = azurerm_resource_group.env.name

  container_network_interface {
    name = "acg-nic"

    ip_configuration {
      name      = "aciipconfig"
      subnet_id = var.subnet_id
    }
  }
 }

 resource "azurerm_container_group" "build_agent" {
  name                = "buildagent"
  location            = azurerm_resource_group.env.location
  resource_group_name = azurerm_resource_group.env.name
  tags                = var.tags

  network_profile_id = azurerm_network_profile.buildagent.id
  ip_address_type    = "Private"

  os_type = "Linux"

  image_registry_credential {
    username = var.docker_registry_username
    password = var.docker_registry_password
    server   = var.docker_registry_url
  }

  container {
    name     = "buildagent"
    image    = var.azp_docker_image
    cpu      = "1"
    memory   = "2"
    commands = ["bash", "-f", "./buildagentstart.sh"]

    ports {
      port     = 443
      protocol = "TCP"
    }

    environment_variables = {
      // The URL of the Azure DevOps or Azure DevOps Server instance.
      AZP_URL = var.azp_url
      // Personal Access Token (PAT) with Agent Pools (read, manage) scope, created by a user who has permission to configure agents, at AZP_URL.
      AZP_TOKEN = var.azp_token
      // Agent name (default value: the container hostname).
      AZP_AGENT_NAME = local.shared_env.rg.name
      // Agent pool name (default value: Default).
      AZP_POOL = local.shared_env.rg.name
      // Work directory (default value: _work).
      AZP_WORK = "_work"
    }
  }
 }
	# Very basic devcontainer, see line 15 copying in build agent start script
	# https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/dotnet/dotnet-core-tools.Dockerfile
	FROM mcr.microsoft.com/azure-functions/dotnet:3.0-dotnet3-core-tools

	# To make it easier for build and release pipelines to run apt-get,
	# configure apt to not require confirmation (assume the -y argument by default)
	ENV DEBIAN_FRONTEND=noninteractive
	RUN echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes

	# Install system tools
	RUN apt-get update \
	&& apt-get -y install --no-install-recommends apt-utils nano unzip curl icu-devtools bash-completion jq

	# Add AzureDevops build agent script
	COPY ./buildagentstart.sh .
	#!/bin/bash
	set -e

	# This script comes from the following documentation
	# See https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops

	if [ -z "$AZP_URL" ]; then
	echo 1>&2 "error: missing AZP_URL environment variable"
	exit 1
	fi

	if [ -z "$AZP_TOKEN_FILE" ]; then
	if [ -z "$AZP_TOKEN" ]; then
	echo 1>&2 "error: missing AZP_TOKEN environment variable"
	exit 1
	fi

	mkdir -p /azp/
	AZP_TOKEN_FILE=/azp/.token
	echo -n $AZP_TOKEN > "$AZP_TOKEN_FILE"
	fi

	unset AZP_TOKEN

	if [ -n "$AZP_WORK" ]; then
	mkdir -p "$AZP_WORK"
	fi

	rm -rf /azp/agent
	mkdir /azp/agent
	cd /azp/agent

	export AGENT_ALLOW_RUNASROOT="1"

	cleanup() {
	if [ -e config.sh ]; then
	print_header "Cleanup. Removing Azure Pipelines agent..."

	./config.sh remove --unattended \
	--auth PAT \
	--token $(cat "$AZP_TOKEN_FILE")
	fi
	}

	print_header() {
	lightcyan='\033[1;36m'
	nocolor='\033[0m'
	echo -e "${lightcyan}$1${nocolor}"
	}

	# Let the agent ignore the token env variables
	export VSO_AGENT_IGNORE=AZP_TOKEN,AZP_TOKEN_FILE

	print_header "1. Determining matching Azure Pipelines agent..."

	AZP_AGENT_RESPONSE=$(curl -LsS \
	-u user:$(cat "$AZP_TOKEN_FILE") \
	-H 'Accept:application/json;api-version=3.0-preview' \
	"$AZP_URL/_apis/distributedtask/packages/agent?platform=linux-x64")

	if echo "$AZP_AGENT_RESPONSE" \| jq . >/dev/null 2>&1; then
	AZP_AGENTPACKAGE_URL=$(echo "$AZP_AGENT_RESPONSE" \
	\| jq -r '.value \| map([.version.major,.version.minor,.version.patch,.downloadUrl]) \| sort \| .[length-1] \| .[3]')
	fi

	if [ -z "$AZP_AGENTPACKAGE_URL" -o "$AZP_AGENTPACKAGE_URL" == "null" ]; then
	echo 1>&2 "error: could not determine a matching Azure Pipelines agent - check that account '$AZP_URL' is correct and the token is valid for that account"
	exit 1
	fi

	print_header "2. Downloading and installing Azure Pipelines agent..."

	curl -LsS $AZP_AGENTPACKAGE_URL \| tar -xz & wait $!

	source ./env.sh

	print_header "3. Configuring Azure Pipelines agent..."

	./config.sh --unattended \
	--agent "${AZP_AGENT_NAME:-$(hostname)}" \
	--url "$AZP_URL" \
	--auth PAT \
	--token $(cat "$AZP_TOKEN_FILE") \
	--pool "${AZP_POOL:-Default}" \
	--work "${AZP_WORK:-_work}" \
	--replace \
	--acceptTeeEula & wait $!

	print_header "4. Running Azure Pipelines agent..."

	trap 'cleanup; exit 130' INT
	trap 'cleanup; exit 143' TERM

	# To be aware of TERM and INT signals call run.sh
	# Running it with the --once flag at the end will shut down the agent after the build is executed
	./run.sh & wait $!

	variable azp_docker_image {
	description = "The docker image to use when running the build agent. This defaults to a build of ./.devcontainer pushed to the ACR container"
	type = string
	default = "your_repo_name_here.azurecr.io/devcontainer:buildagent"
	}

	variable azp_token {
	description = "The token used for the azure pipelines build agent to connect to Azure Devops"
	type = string
	default = ""
	}

	variable azp_url {
	description = "The url of the Azure Devops instance for the agent to connect to eg: https://dev.azure.com/yourOrg"
	type = string
	default = "https://dev.azure.com/your_org_here"
	}

	variable "docker_registry_username" {
	description = "Docker registry to be used for containers"
	default = "your_repo_name_here"
	}

	variable "docker_registry_password" {
	description = "Docker registry password"
	}

	variable "subnet_id" {
	description = "Azure subnet ID the build agent should be deployed onto"
	}

	variable "docker_registry_url" {
	description = "Docker registry url"
	default = "your_repo_here.azurecr.io"
	}

	resource "azurerm_resource_group" "env" {
	location = var.resource_group_location
	name = var.resource_group_name
	tags = var.tags
	}

	resource "azurerm_network_profile" "buildagent" {
	name = "acg-profile"
	location = azurerm_resource_group.env.location
	resource_group_name = azurerm_resource_group.env.name

	container_network_interface {
	name = "acg-nic"

	ip_configuration {
	name = "aciipconfig"
	subnet_id = var.subnet_id
	}
	}
	}

	resource "azurerm_container_group" "build_agent" {
	name = "buildagent"
	location = azurerm_resource_group.env.location
	resource_group_name = azurerm_resource_group.env.name
	tags = var.tags

	network_profile_id = azurerm_network_profile.buildagent.id
	ip_address_type = "Private"

	os_type = "Linux"

	image_registry_credential {
	username = var.docker_registry_username
	password = var.docker_registry_password
	server = var.docker_registry_url
	}

	container {
	name = "buildagent"
	image = var.azp_docker_image
	cpu = "1"
	memory = "2"
	commands = ["bash", "-f", "./buildagentstart.sh"]

	ports {
	port = 443
	protocol = "TCP"
	}

	environment_variables = {
	// The URL of the Azure DevOps or Azure DevOps Server instance.
	AZP_URL = var.azp_url
	// Personal Access Token (PAT) with Agent Pools (read, manage) scope, created by a user who has permission to configure agents, at AZP_URL.
	AZP_TOKEN = var.azp_token
	// Agent name (default value: the container hostname).
	AZP_AGENT_NAME = local.shared_env.rg.name
	// Agent pool name (default value: Default).
	AZP_POOL = local.shared_env.rg.name
	// Work directory (default value: _work).
	AZP_WORK = "_work"
	}
	}
	}