Our Thoughts on Modern Configuration and Secrets Management

Inject Config into Azure DevOps Pipelines | CloudTruth

Written by Michael Levan | Aug 31, 2022 4:46:34 PM

When you're working with the CloudTruth CLI, you'll most likely want a way to automate the process unless you're testing something specific on your local terminal. To create repeatable processes with the CloudTruth CLI, you can combine it with any CICD platform.

This blog post will teach you how to use CloudTruth to inject config into Azure DevOps pipelines.

Prerequisites

Before getting started, ensure that you have the following:

  • A CloudTruth API key
  • An Azure DevOps project

You can generate the CloudTruth API key under Organization —> Access Control —> API Tokens.

If you don't already have an Azure DevOps organization to use, you can go to https://dev.azure.com/your_organization_name and create a new project from the home screen.

Getting Started

Let's dive into configuring a pipeline and utilizing CloudTruth.

First, log into Azure DevOps and go to your Project.

Under the Pipelines category, click on Pipelines.

Click the blue New pipeline button.

Choose where you want your repository to come from. Regardless of which option you choose, the steps in this blog post stay the same. If you aren't already authenticated to one of the source control options, you'll have to authenticate.

For the pipeline option, choose Starter pipeline.

You'll now see sample code on your YAML pipeline that echos a "Hello World.

Replace the sample code with the following pipeline, which does the following:

  • Triggers the pipeline for the main branch.
Uses the ubuntu-latest container image to run the pipeline (managed by Azure DevOps).
Uses two steps which:
  • Installs the CloudTruth CLI.
  • Uses the CloudTruth CLI to get a list of projects.

trigger:
- main

pool:
  vmImage: ubuntu-latest

steps:
- script: |
    CLOUDTRUTH_CLI_VERSION=$(curl --silent "https://api.github.com/repos/cloudtruth/cloudtruth-cli/releases/latest" | grep "tag_name" | sed -E 's/.*"([^"]+)".*/\1/')
    curl -sLOJ https://github.com/cloudtruth/cloudtruth-cli/releases/download/${CLOUDTRUTH_CLI_VERSION}/cloudtruth_${CLOUDTRUTH_CLI_VERSION}_amd64.deb
    sudo dpkg -i cloudtruth_${CLOUDTRUTH_CLI_VERSION}_amd64.deb
  displayName: 'Install CloudTruth CLI'

- script: |
    cloudtruth --api-key $(CTAPI) projects list
  displayName: 'Get a list of projects'

On line 15 of the code above, you'll see two things:

  • The projects list command itself, which you can change to any CloudTruth CLI command as long as the API key you're using has access.
  • An environment variable called upon for the API token. The environment variable is $(CTAPI).

To use that variable, you'll have to create it in the pipeline. Click the Variables button as shown in the screenshot below.

Click the blue New variable button.

Give your variable a name, which can be any name, but ensure that you use the proper environment variable name in your pipeline. Also, make sure that the variable is a secret so it's encrypted.

Once complete, click the blue OK button.

Click the blue Save button to save the variable.

With the pipeline YAML created and the secret variable created, you're now ready to run the pipeline.

Click the blue Save and run button.

You should now see the pipeline queued up.

Click the Job and once complete, you'll see output containing the list of the CloudTruth projects in your CloudTruth org.

Congrats! You have successfully configured CloudTruth and Azure DevOps.

Here's a screencast 

 
View full post