[Rollout] Production rollout 2024-10-17 (#4064)

.vault-config/product-construction-int.yaml

@@ -4,28 +4,7 @@ storageLocation:
     subscription: e6b5f9f5-0ca4-4351-879b-014d78400ec2
     name: ProductConstructionInt
 
-references:
-  helixkv:
-    type: azure-key-vault
-    parameters:
-      subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
-      name: helixkv
-
-  engkeyvault:
-    type: azure-key-vault
-    parameters:
-      subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
-      name: engkeyvault
-
 secrets:
-  BotAccount-dotnet-bot-repo-PAT:
-    type: github-access-token
-    parameters:
-      gitHubBotAccountSecret: 
-        location: engkeyvault
-        name: BotAccount-dotnet-bot
-      gitHubBotAccountName: dotnet-bot
-
   github:
     type: github-app-secret
     parameters:

.vault-config/product-construction-prod.yaml

@@ -0,0 +1,28 @@
+storageLocation:
+  type: azure-key-vault
+  parameters:
+    subscription: fbd6122a-9ad3-42e4-976e-bccb82486856
+    name: ProductConstructionProd
+
+references:
+  engkeyvault:
+    type: azure-key-vault
+    parameters:
+      subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
+      name: engkeyvault
+
+secrets:
+  BotAccount-dotnet-bot-repo-PAT:
+    type: github-access-token
+    parameters:
+      gitHubBotAccountSecret: 
+        location: engkeyvault
+        name: BotAccount-dotnet-bot
+      gitHubBotAccountName: dotnet-bot
+
+  github:
+    type: github-app-secret
+    parameters:
+      hasPrivateKey: true
+      hasWebhookSecret: false
+      hasOAuthSecret: true

Directory.Packages.props

@@ -37,7 +37,7 @@
     <PackageVersion Include="FluentAssertions" Version="6.12.0" />
     <PackageVersion Include="FluentValidation.AspNetCore" Version="8.6.2" />
     <PackageVersion Include="Humanizer.Core" Version="2.14.1" />
-    <PackageVersion Include="LibGit2Sharp" Version="0.27.2" />
+    <PackageVersion Include="LibGit2Sharp" Version="0.30.0" />
     <PackageVersion Include="Microsoft.ApplicationInsights" Version="2.22.0" />
     <PackageVersion Include="Microsoft.AspNet.WebApi.Client" Version="5.2.7" />
     <PackageVersion Include="Microsoft.AspNetCore.ApiPagination" Version="$(MicrosoftAspNetCoreApiPaginationVersion)" />

NuGet.config

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
     <clear />
@@ -213,4 +213,5 @@
       <package pattern="sn" />
     </packageSource>
   </packageSourceMapping>
+  <disabledPackageSources />
 </configuration>

azure-pipelines-product-construction-service.yml

@@ -3,6 +3,7 @@ trigger:
   branches:
     include:
       - main
+      - production
 
 pr:
   branches:
@@ -47,10 +48,35 @@ variables:
     value: "Darc: Maestro Staging"
   - name: MaestroAppId
     value: $(MaestroStagingAppClientId)
-  - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
+  - name: redisConnectionString
+    value: "product-construction-service-redis-int.redis.cache.windows.net:6380,ssl=true"
+- ${{ else }}:
+    - name: subscriptionId
+      value: fbd6122a-9ad3-42e4-976e-bccb82486856
+    - name: containerappName
+      value: product-construction-prod
+    - name: containerjobNames
+      value: sub-triggerer-twicedaily-prod,sub-triggerer-daily-prod,sub-triggerer-weekly-prod,longest-path-updater-job-prod,feed-cleaner-prod
+    - name: containerRegistryName
+      value: productconstructionprod
+    - name: containerappEnvironmentName
+      value: product-construction-service-env-prod
+    - name: containerappWorkspaceName
+      value: product-construction-service-workspace-prod
+    - name: dockerRegistryUrl
+      value: productconstructionprod.azurecr.io
+    - name: serviceConnectionName
+      value: ProductConstructionServiceDeploymentProd
+    - name: authServiceConnection
+      value: "Darc: Maestro Production"
+    - name: MaestroAppId
+      value: $(MaestroAppClientId)
+    - name: redisConnectionString
+      value: "product-construction-service-redis-prod.redis.cache.windows.net,ssl=true"
+- ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
     - name: devBranchSuffix
       value:
-  - ${{ else }}:
+- ${{ else }}:
     - name: devBranchSuffix
       value: -dev
 
@@ -199,7 +225,7 @@ stages:
                   --azCliPath "$(azCliPath)" `
                   --isCi true `
                   --entraAppId $(MaestroAppId) `
-                  --redisConnectionString "product-construction-service-redis-int.redis.cache.windows.net:6380,ssl=true"
+                  --redisConnectionString $(redisConnectionString)
             displayName: Deploy container app
 
           - task: AzureCLI@2

eng/Version.Details.xml

@@ -91,29 +91,29 @@
     </Dependency>
   </ProductDependencies>
   <ToolsetDependencies>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24475.3">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24508.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>69abe6b2063083c0b35fc3a5b16cb2bdbaf5e8b0</Sha>
+      <Sha>e5b13e054339e41d422212a0ecaf24fec20cb5a1</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.SignTool" Version="8.0.0-beta.24475.3">
+    <Dependency Name="Microsoft.DotNet.SignTool" Version="8.0.0-beta.24508.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>69abe6b2063083c0b35fc3a5b16cb2bdbaf5e8b0</Sha>
+      <Sha>e5b13e054339e41d422212a0ecaf24fec20cb5a1</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Build.Tasks.Feed" Version="8.0.0-beta.24475.3">
+    <Dependency Name="Microsoft.DotNet.Build.Tasks.Feed" Version="8.0.0-beta.24508.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>69abe6b2063083c0b35fc3a5b16cb2bdbaf5e8b0</Sha>
+      <Sha>e5b13e054339e41d422212a0ecaf24fec20cb5a1</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.SwaggerGenerator.MSBuild" Version="8.0.0-beta.24475.3">
+    <Dependency Name="Microsoft.DotNet.SwaggerGenerator.MSBuild" Version="8.0.0-beta.24508.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>69abe6b2063083c0b35fc3a5b16cb2bdbaf5e8b0</Sha>
+      <Sha>e5b13e054339e41d422212a0ecaf24fec20cb5a1</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Git.IssueManager" Version="8.0.0-beta.24475.3">
+    <Dependency Name="Microsoft.DotNet.Git.IssueManager" Version="8.0.0-beta.24508.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>69abe6b2063083c0b35fc3a5b16cb2bdbaf5e8b0</Sha>
+      <Sha>e5b13e054339e41d422212a0ecaf24fec20cb5a1</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.VersionTools" Version="8.0.0-beta.24475.3">
+    <Dependency Name="Microsoft.DotNet.VersionTools" Version="8.0.0-beta.24508.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>69abe6b2063083c0b35fc3a5b16cb2bdbaf5e8b0</Sha>
+      <Sha>e5b13e054339e41d422212a0ecaf24fec20cb5a1</Sha>
     </Dependency>
     <Dependency Name="Microsoft.DncEng.SecretManager" Version="1.1.0-beta.24474.1">
       <Uri>https://github.com/dotnet/dnceng</Uri>

eng/Versions.props

@@ -9,11 +9,11 @@
     <UsingToolNetFrameworkReferenceAssemblies>true</UsingToolNetFrameworkReferenceAssemblies>
     <MicrosoftNetFrameworkReferenceAssembliesVersion>1.0.0-preview.1</MicrosoftNetFrameworkReferenceAssembliesVersion>
     <!-- Libs -->
-    <MicrosoftDotNetSignToolVersion>8.0.0-beta.24475.3</MicrosoftDotNetSignToolVersion>
-    <MicrosoftDotNetBuildTasksFeedVersion>8.0.0-beta.24475.3</MicrosoftDotNetBuildTasksFeedVersion>
-    <MicrosoftDotNetSwaggerGeneratorMSBuildVersion>8.0.0-beta.24475.3</MicrosoftDotNetSwaggerGeneratorMSBuildVersion>
-    <MicrosoftDotNetGitIssueManagerVersion>8.0.0-beta.24475.3</MicrosoftDotNetGitIssueManagerVersion>
-    <MicrosoftDotNetVersionToolsVersion>8.0.0-beta.24475.3</MicrosoftDotNetVersionToolsVersion>
+    <MicrosoftDotNetSignToolVersion>8.0.0-beta.24508.1</MicrosoftDotNetSignToolVersion>
+    <MicrosoftDotNetBuildTasksFeedVersion>8.0.0-beta.24508.1</MicrosoftDotNetBuildTasksFeedVersion>
+    <MicrosoftDotNetSwaggerGeneratorMSBuildVersion>8.0.0-beta.24508.1</MicrosoftDotNetSwaggerGeneratorMSBuildVersion>
+    <MicrosoftDotNetGitIssueManagerVersion>8.0.0-beta.24508.1</MicrosoftDotNetGitIssueManagerVersion>
+    <MicrosoftDotNetVersionToolsVersion>8.0.0-beta.24508.1</MicrosoftDotNetVersionToolsVersion>
     <MicrosoftNetTestSdkVersion>17.4.1</MicrosoftNetTestSdkVersion>
     <MicrosoftDotNetInternalLoggingVersion>1.1.0-beta.24376.1</MicrosoftDotNetInternalLoggingVersion>
     <MicrosoftAspNetCoreApiPaginationVersion>1.1.0-beta.24376.1</MicrosoftAspNetCoreApiPaginationVersion>

eng/common/tools.ps1

@@ -892,7 +892,7 @@ function IsWindowsPlatform() {
 }
 
 function Get-Darc($version) {
-  $darcPath  = "$TempDir\darc\$(New-Guid)"
+  $darcPath  = "$TempDir\darc\$([guid]::NewGuid())"
   if ($version -ne $null) {
     & $PSScriptRoot\darc-init.ps1 -toolpath $darcPath -darcVersion $version | Out-Host
   } else {

eng/service-templates/ProductConstructionService/container-environment.bicep

@@ -4,6 +4,8 @@ param containerEnvironmentName string
 param productConstructionServiceSubnetId string
 param infrastructureResourceGroupName string
 param applicationInsightsName string
+param containerAppsManagedEnvironmentsContributor string
+param deploymentIdentityPrincipalId string
 
 resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = {
   name: logAnalyticsName
@@ -57,5 +59,15 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
     }
 }
 
+resource deploymentSubscriptionTriggererContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    scope: containerEnvironment
+    name: guid(subscription().id, resourceGroup().id, containerAppsManagedEnvironmentsContributor)
+    properties: {
+        roleDefinitionId: containerAppsManagedEnvironmentsContributor
+        principalType: 'ServicePrincipal'
+        principalId: deploymentIdentityPrincipalId
+    }
+  }
+
 output applicationInsightsConnectionString string = applicationInsights.properties.ConnectionString
 output containerEnvironmentId string = containerEnvironment.id

eng/service-templates/ProductConstructionService/managed-identities.bicep

@@ -4,6 +4,7 @@ param pcsIdentityName string
 param subscriptionTriggererIdentityName string
 param longestBuildPathUpdaterIdentityName string
 param feedCleanerIdentityName string
+param contributorRole string
 
 resource deploymentIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
   name: deploymentIdentityName
@@ -30,6 +31,16 @@ resource feedCleanerIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2
   location: location
 }
 
+resource pcsIdentityContributorRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: pcsIdentity
+  name: guid(subscription().id, resourceGroup().id, contributorRole)
+  properties: {
+      roleDefinitionId: contributorRole
+      principalType: 'ServicePrincipal'
+      principalId: deploymentIdentity.properties.principalId
+  }
+}
+
 output pcsIdentityPrincipalId string = pcsIdentity.properties.principalId
 output pcsIdentityId string = pcsIdentity.id
 output deploymentIdentityPrincipalId string = deploymentIdentity.properties.principalId

eng/service-templates/ProductConstructionService/production.bicepparam

@@ -0,0 +1,55 @@
+using 'provision.bicep'
+
+param location = 'westus2'
+
+param containerRegistryName = 'productconstructionprod'
+
+param containerCpuCoreCount = '1.0'
+
+param containerMemory = '2Gi'
+
+param aspnetcoreEnvironment = 'Production'
+
+param applicationInsightsName = 'product-construction-service-ai-prod'
+
+param keyVaultName = 'ProductConstructionProd'
+
+param azureCacheRedisName = 'product-construction-service-redis-prod'
+
+param logAnalyticsName = 'product-construction-service-workspace-prod'
+
+param containerEnvironmentName = 'product-construction-service-env-prod'
+
+param productConstructionServiceName = 'product-construction-prod'
+
+param storageAccountName = 'productconstructionprod'
+
+param pcsIdentityName = 'ProductConstructionServiceProd'
+
+param deploymentIdentityName = 'ProductConstructionServiceDeploymentProd'
+
+param containerImageName = 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+
+param virtualNetworkName = 'product-construction-service-vnet-prod'
+
+param productConstructionServiceSubnetName = 'product-construction-service-subnet'
+
+param subscriptionTriggererIdentityName = 'SubscriptionTriggererProd'
+
+param subscriptionTriggererWeeklyJobName = 'sub-triggerer-weekly-prod'
+
+param subscriptionTriggererTwiceDailyJobName = 'sub-triggerer-twicedaily-prod'
+
+param subscriptionTriggererDailyJobName = 'sub-triggerer-daily-prod'
+
+param longestBuildPathUpdaterIdentityName = 'LongestBuildPathUpdaterProd'
+
+param longestBuildPathUpdaterJobName = 'longest-path-updater-job-prod'
+
+param feedCleanerJobName = 'feed-cleaner-prod'
+
+param feedCleanerIdentityName = 'FeedCleanerProd'
+
+param networkSecurityGroupName = 'product-construction-service-nsg-prod'
+
+param infrastructureResourceGroupName = 'product-construction-service-ip-prod'