Version: v6.0.0

Framework Release Pipeline

The release pipeline will use the artifacts created from the build pipeline and publish this to the stage(s) you define. Each stage will deploy the resources to the Azure subscription and resource group you specify in the deployment tasks.

Variable Group

Create a variable group named {prefix}.Invictus.{stage} for all the stages (environments) and add at least one variable (eg: Invictus.Secrets.ApiKey1.Name = apikey1).

Make sure the Project Collection Build Service has Administrator access to these variable groups (Pipelines > Library > Security)

Library Security

YAML Pipeline

Next step is to add a YAML pipeline to release the Invictus for Azure Framework. Change the framework.release.yaml file according to your needs, for example change the needed environments and change the name of the build pipeline trigger:

resources:
  pipelines:
    # Name of the pipeline resource inside this workflow. Used to reference the pipeline resources later on (e.g. download artifacts).
  - pipeline: _build
    # Name of the build pipeline in Azure Pipelines
    source: 'customer.azure.invictus.framework.build' 
    trigger: true

Also make sure to change the bicep template parameters according to your needs.

If you need to overwrite more bicep template parameters make sure to add this to the deployScriptParameters. A complete list of bicep template parameters can be found here.

Afterwards add the framework.release.yaml in your DevOps environment as a pipeline.

Deploy Script Parameters

The following script parameters are used in the deploy script:

Mandatory Parameters

Argument name	Description
`artifactsPath`	Path on the DevOps agent where the downloaded Invictus artifacts are stored (publish and download build artifacts)
`devOpsObjectId`	Object ID of the service principal that's connected to the DevOps service connection, which will get the necessary role definitions to interact with Invictus' deployed resources (i.e. Key vault, Container registry) (Azure CLI task)
`resourcePrefix`	Prefix used for deployed Azure resources (i.e. `invictus-{prefix}-vlt`)
`resourceGroupName`	Name of Azure resource group where Invictus should be deployed
`variableGroupName`	DevOps variable group to write the Bicep outputs to (i.e. Invictus_CosmosDb_DbName)
`identityProviderApplicationId`	See Container App authentication
`identityProviderClientSecret`	See Container App authentication

Optional Parameters

Argument name	Default value	Description
`resourceGroupLocation`	'West Europe'	Azure location where resources should be deployed
`additionalTemplateParameters`	`[]`	Additional named parameters for the Bicep template you wish to override. More on this below.

override bicep parameters

The AdditionalTemplateParameters can be used to override the default values used by the Bicep template. You simply name the argument as the parameter. For example if you want to use a different servicePlanSku you would add -eventHubSkuName "Standard" to the parameters of the powershell script.

Full YAML task example

- task: AzureCLI@2
  displayName: 'Azure CLI'
  env:
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)
  inputs:
    azureSubscription: '[YOUR_SERVICE_CONNECTION]'
    addSpnToEnvironment: true
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: |

      # Determine where the the provided Invictus 'Deploy.ps1' script is located
      $artifactsPath = ${{ variables['Pipeline.Workspace'] }} + '/_build/framework' 
      $scriptPath = $artifactsPath + '/Deploy.ps1'

      # Use your service connection's service principal Object ID
      $objectId = (az ad sp show --id $env:servicePrincipalId | ConvertFrom-Json).id

      & $scriptPath `
        -artifactsPath $artifactsPath `
        -version ${{parameters.Version}} `
        -useBeta false `
        -acrPath "invictusreleases.azurecr.io" `
        -acrUsername 'admin' `
        -acrPassword '<pass>' `
        -resourcePrefix 'dev' `
        -resourceGroupName 'my-client-dev-rg' `
        -variableGroupName 'My.Client.Dev' `
        -devOpsObjectId $objectId `
        -identityProviderApplicationId '4b559bfb-871a-4013-bce9-829e3aeb6bdd' `
        -identityProviderClientSecret '<pass>' `

Bicep Template Parameters

The below tables lists the parameters accepted by the Bicep template.

Show VNET options

Top-level parameters

Resource-independent parameters that affect all resources in the deployed resource group.

Parameter	Required	Default	Description
`resourcePrefix`	Yes		used as part of the default names for most resources.
`devOpsObjectId`	Yes		The object-id associated with the service principal of the enterprise application that's connected to the service connection on DevOps

App service parameters

Parameters related to the Azure Functions applications that are deployed.

Function names

Parameter	Required	Default	Description
`timesequencerFunctionName`	No	`invictus-{resourcePrefix}-timesequencer`	Name for the time sequencer function
`sequenceControllerFunctionName`	No	`invictus-{resourcePrefix}-sequencecontroller`	Name for the Sequence Controller function
`xmlJsonConverterFunctionName`	No	`invictus-{resourcePrefix}-xmljsonconverter`	Name for the XmlJson Converter function
`xsdValidatorFunctionName`	No	`invictus-{resourcePrefix}-xsdvalidator`	Name for the XSD Validator function
`regexTranslatorFunctionName`	No	`invictus-{resourcePrefix}-regextranslator`	Name for the Regex Translator function
`transcoV2FunctionName`	No	`invictus-{resourcePrefix}-transco-v2`	Name for the TranscoV2 function
`pubsubV2FunctionName`	No	`invictus-{resourcePrefix}-pubsub-v2`	Name for the PubSubV2 function
`exceptionHandlerFunctionName`	No	`invictus-{resourcePrefix}-exceptionhandler`	Name for the Exception Handler function

Function deployment

Parameter	Required	Default	Description
`servicePlanName`	No	`invictus-{resourcePrefix}-appplan`	Name for the service plan which will host the APIs

Storage parameters

Parameters related to data that is stored during the component's interaction.

Parameter	Required	Default	Description
`storageAccountName`	No	`invictus{resourcePrefix}store`	Name for the Azure Storage Account resource. Any dashes (-) will be removed from `{resourcePrefix}`
`blobContainerPrefix`	No	`invictus`	Prefix set for Azure Blob Storage containers for pubsub
`storageAccountType`	No	`Standard_LRS`	The Storage account `StorageAccountSkuType`

Messaging parameters

Parameters related to the messaging components, like PubSub.

Parameter	Required	Default	Description
`serviceBusNamespaceName`	No	`invictus-{resourcePrefix}-sbs`	Name for the Service Bus Namespace resource
`serviceBusSkuName`	No	`Standard` or `Premium` if VNET enabled	Name for the Service Bus SKU
`serviceBusMessageTimeToLiveMinutes`	No	`-1`	Time messages should be stored on Service Bus before being archived

Secret parameters

Parameters related to the security and secret management of the deployed applications.

Parameter	Required	Default	Description
`keyVaultName`	No	`invictus-{resourcePrefix}-vlt`	Name for the Key Vault Service Namespace resource
`keyVaultEnablePurgeProtection`	No	`null`	If true, enables key vault purge protection. Once enabled, this property can never be disabled.
`identityProviderClientSecret`	Yes		AAD App Registration client secret required for Azure Container Apps Identity Provider authentication
`identityProviderApplicationId`	Yes		AAD Application ID for MSI Authentication of Azure Container Apps

Observability parameters

Parameters related to telemetry tracking of the deployed applications.

Parameter	Required	Default	Description
`appInsightsName`	No	`invictus-{resourcePrefix}-appins`	Name for the Application Insights resource

Scaling parameters

Azure Container Apps allow for flexible scaling customization. In Invictus we have provided default scaling values which can be customized according to your scenario.

Container Apps have the ability to scale down to zero replicas. This is a great cost-saving option especially for components which are not used at all. A container app scaled to zero will automatically scale out when triggered, however this may take up to a few minutes to complete. This could prove to be an issue in scenarios with limited timeout e.g. logic apps with 120 seconds timeout. In such cases there is no option but to set a minimum replica count of 1.

Parameter	Required
`timeSequencerScaling`	No
`exceptionHandlerScaling`	No
`pubSubV2Scaling`	No
`regexTranslatorScaling`	No
`sequenceControllerScaling`	No
`transcoV2Scaling`	No
`xmlJsonConverterScaling`	No
`xsdValidatorScaling`	No

Each of the above parameters accepts an object:

{
  scaleMinReplicas: int
  scaleMaxReplicas: int
  cpuResources: string
  memoryResources: string
}

Parameter value	Default	Description
`scaleMinReplicas`	`0`	The lowest number of replicas the Container App will scale in to.
`scaleMaxReplicas`	`1`	The highest number of replicas the Container App will scale out to.
`cpuResources`	`0.5`	The amount of cpu resources to dedicate for the container resource. See here for allowed values.
`memoryResources`	`1.0Gi`	The amount of memory resources to dedicate for the container resource. See here for allowed values.
`concurrentRequests`	`10`	When the number of HTTP requests exceeds this value, then another replica is added. Replicas continue to add to the pool up to the maxReplicas amount. See here fore allowed values.

Variable Group​

YAML Pipeline​

Deploy Script Parameters​

Mandatory Parameters​

Optional Parameters​

Bicep Template Parameters​

Top-level parameters​

Function names​

Function deployment​