Azure Microsoft Cloud Account: Build silky CI/CD automation simulation based on Azure DevOps GitHub Actions

In the daily development of many R & D teams, we can often see a kind of ridiculous "stitching monster" famous scene:

The project management uses expensive Jira, the code is hosted in the locally built GitLab, the automated build (CI) uses patch stacks, Jenkins that are often hung up due to memory overflow, and the final project re-disk and documents are stuffed into Microsoft Teams or SharePoint. As soon as the new version was released, the product manager urged it frantically in Jira, the development Request Merge in GitLab with trepidation, the operation and maintenance manually went to the Jenkins to "build" while worshipping God, and finally there was a Bug. Everyone was frantically throwing pots and running around between different platforms.

This "universal brand" tool chain, not only the maintenance cost is frighteningly high, the "information island" between the various systems is separated, but also the first killer of team agility.

In fact, after Microsoft acquired GitHub and drastically refactored Azure, it has already welded a ruling modern DevOps closed loop around the world. In the top structure of the big factory, there is a "Microsoft family barrel combination fist" that is regarded as the efficiency ceiling ":

Use Azure Boards to get the agile project kanban, deadlock the code in the GitHub warehouse, use the cloud native computing power Actions by GitHub to bomb CI (continuous integration), and finally smoothly photograph the compiled products into the Azure App Service (continuous deployment, CD).

The whole assembly line is as smooth as silk, and the whole line goes through Microsoft's self-built high-security backbone network, completely ending cross-platform pulling. Today we reject any official preaching, not the concept of boring. Starting directly from scratch, you can use serverless (Serverless) architecture to build a high-rise building on the ground in 10 minutes to build a large factory-level CI/CD automatic assembly line.

The first stage: deep dismantling, the "four-dimensional space-time linkage model" of the whole family barrel"

Before you get to the console, you have to build a running model of the physical world at the bottom of this family bucket in your head. Many people think that if there are too many tools, there will be chaos. In fact, Microsoft's chess game is extremely exquisite and each performs its own duties:

Command Hub: Azure Boards: This is the "brain" of the project ". The product manager writes down the User Story here, and the architect disassembles the Task. Most importantly, each work item (Work Item) here has a unique ID (such as #45).

Code Asset Library: GitHub Enterprise (flesh hosting): After the development receives the #45 task, write the code locally. When they push the code git push to GitHub, they just write the Fixes AzureBoards in the Commit message.

#45,GitHub and Azure Boards will instantly open the space-time tunnel, the card on the kanban will automatically flash from "under development" to "completed", and the code change history will be automatically mounted to the bottom of the demand sheet to realize pixel-level audit tracking.

Heavy Fire Bomber: GitHub Actions (Continuous Integration, CI): As long as the code is incorporated into the main branch, the fully hosted virtual machine (Runner) in the GitHub background will be awakened instantly. You don't need to match your own server, it will automatically pull up the environment, run unit tests, and package it into binary compression packages.

End-point catcher: Azure App Service (continuous deployment, CD): the compiled package is directly and seamlessly injected into the Azure-hosted Web container through a secure Microsoft intranet secret-free channel, and users around the world can see the new function online in seconds.

The second stage: actual combat exercise 1-the junction of the two boundaries, opening up the space-time tunnel between Boards and GitHub

Make sure you already have a GitHub account and an Azure account.

1. Build your Agile Command

Log in to the Azure DevOps portal, create a new organization, and create a new project called project-omega, with a process selection of Scrum or Agile.

After entering the project, click "Project settings" (project settings) in the lower left corner.

Find GitHub connections in the menu on the left and click Connect your GitHub account ".

After completing the authorization, accurately check the GitHub private warehouse (such as omega-web-app) you prepared for this experiment, and click Save.

2. Write code with "code"

Now, go to Azure Boards

Boards

Create a new task in, assuming that the ID automatically assigned to it by the system is

5

.

For local use. NET 8 or Java to write a few lines of simple web page code. When submitting code on the command line, deliberately type the following Commit code for the big factory specification:

Bash

git add.

git commit -m "feat: core login interface development completed, linked to Boards AB#5"

git push origin main

The miracle happened:

At this time, you return to the Azure Boards page and refresh it. You will find that the ID is

5

The internal Development area of the card has automatically pulled over the GitHub submission and even which lines of code have been changed. The two worlds are completely open!

The third stage: actual combat exercise II

-Write GitHub Actions hard core pipeline, direct to the cloud

The code is already lying in GitHub. Now we are going to pull up the GitHub Actions and let it automatically photograph the finished product on the Azure App Service at the moment the code is merged.

Step 1: Go to Azure to apply for a "Secret Free Pass" (Publish Profile)

Large factory architecture is strictly prohibited to write the administrator account password in the cloud in the code. We want to use the most secure stream of credentials.

Log in to the Azure console and go to the details page of the Azure App Service (App Service) that you built in advance.

In the menu bar directly above, click Get publish profile.

At this point, your computer will automatically download a file containing a complex encryption key. PublishSettings a text file. Open and select all to copy it.

Go back to your GitHub repository page and click "Settings"-> "Secrets and variables"-> "Actions".

Click "New repository secret" and the name is AZURE_WEBAPP_PUBLISH_PROFILE. paste the copied content into it and click Save. Safety gate lock!

Step 2: Hand blade YAML, arrange automatic assembly line

Under the root directory of the local project, create a new hidden directory

.github/workflows/

, build a called inside

deploy.yml

The file.

This file is our "steel seal blueprint". We need to use pure declarative syntax to make GitHub Actions automatically bring power to the battle:

name: Omega modern automatic CI-CD assembly line

# Trigger condition: as long as the main branch has code to push up, all guns will be fired immediately.

on:

push:

branches: ["main"]

jobs:

build-and-deploy:

Runs-on: ubuntu-latest# the latest Linux bomber with GitHub official free hosting

steps:

#1. Pull the code to the virtual machine build environment

-name: Step 1: Pull the latest source code

uses: ac

tions/checkout@v4

#2. Inject. NET runtime environment (if it is Java, replace it with actions/setup-java)

-name: Step 2: Initialize Microsoft Core. NET environment

uses: actions/setup-dotnet@v4

with:

dotnet-version: '8.0.x'

#3. Dependency Recovery and Core Compilation

-name: Step 3: Dependency Recovery and Industrial Compilation

run: |

dotnet restore

dotnet publish -c Release -o ./publish-folder

#4. Cross-border seamless delivery to Azure

-name: Step 4: Cross-border Seamless Delivery to Azure App Service

uses: azure/webapps-deploy@v3

with:

app-name: 'your-azure-webapp-name'# Change to your real Web App name on Azure

publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}# retrieve the security credentials that we locked on GitHub

package: ./publish-folder

Save this file directly

git push

Bombing into GitHub.

The fourth stage: witness the miracle of the moment-hands off the keyboard, quietly enjoy the automation of the storm

The moment the code is pushed up, immediately open your GitHub repository and click on the top

“Actions”

Tab.

You will see a golden progress circle spinning wildly. Click in and you can see that the four steps just written in YAML are lighting up like a military parade with green ticks (

✓

).

Build segment: The Ubuntu virtual machine hosted by GitHub pulled and compiled the code in less than 15 seconds.

Deployment segment: The compiled binary package is directly injected into the Microsoft cloud container through the PUBLISH_PROFILE key channel that was buried just now, crossing the public network defense.

Usually the whole process only takes

45 seconds to 1 minute

. When the last item lights up, you open the browser and enter your Azure site domain name. The new business function has been perfectly presented to the world.

Looking back at the Azure Boards board, since you buried the secret code in Commit, the ID is

5

The task has been automatically archived to the "online" column with great elegance. The whole process team did not hold an alignment meeting, did not go to the console to click the mouse once, pure code trigger, silky and extremely comfortable.

The fifth stage: the history of avoiding the pit and tears under the enterprise-level family bucket architecture.

This Microsoft family bucket program is extremely refreshing to use and is born with the blood of a big factory. But to survive in the real multi-person collaboration, high-frequency submission of the commercial battlefield, as the chief architect, you must immediately weld the following two bottom line specifications to the team:

1. Cut off the original style of "main branch streaking" (Branch Protection)

When many novice teams first used this assembly line, they found it too convenient, so both senior developers and newly-entered interns in the team went directly to the local area every day.

main

On branch

push

Code.

Disaster: If one day an intern accidentally writes a dead loop or forces the code that doesn't run through, GitHub Actions will be extremely honest and ruthless to automatically compile and release this pile of junk code to the production environment within one minute, directly causing extensive paralysis of the online system.

Large factory standard pit avoidance operation: "Branch Protection Rules" must be turned on ". Enter the GitHub repository settings and forcibly lock the main branch. Executive Order: No one is allowed to push the main branch directly! The function branch must be built locally first, and the Pull Request (PR) must be submitted after writing. And configured in GitHub: the code has the right to enter the master branch only when the GitHub Actions's continuous integration (running unit tests) results are green and at least one senior architect has the naked eye Review to sign. Use the process to block low-level mistakes.

2. Beware of "matrix construction" resulting in computing power overruns.

GitHub Actions is very strong.

large, it supports a called

strategy: matrix

The black technology allows you to write a few lines of code and use it on Windows, Linux and macOS at the same time. NET 6, 7, 8 several different versions

Simultaneous parallel compilation tests of 9 combinations

.

Insider exposure: Microsoft provides a limited amount of GitHub Actions power to each free account (usually 2000 minutes per month). If you blindly start matrix construction in a large enterprise-level project, every time someone mentions PR, it will consume 9 times the virtual machine time, and in a few days, it will burn out the free calculation power of the month, causing the entire CI/CD assembly line to go on strike.

Hardcore reinforcement specification: in the daily development branch (Feature Branch), the basic test is strictly run only in ubuntu-latest, the cheapest and fastest environment; Only when the code really needs to be tagged and released, or when it is integrated into the release branch for production, will the high-specification audit compilation of the full matrix be triggered.

Summary

Using Microsoft family barrels to build CI/CD automation assembly line, the core industrial essence is actually simplified into 16 words:

Kanban guide, code matchmaking, cloud compilation, credential escort.

You have completely bid farewell to the original operation and maintenance state of stitching up third-party tools everywhere, losing hair every day to Jenkins plug-in conflicts, and completely missing requirements and code. Trust all the complicated infrastructure and circulation to the seamless brain that is fully opened up at the big factory level. Sitting in front of the computer, put one hundred percent of your mind on polishing the business code and writing one

git push

, the rest of the things, gracefully to the speed of light flashing cloud native pipeline.