chore: deploy limited test resources (#452)

* chore: provide limited test resources for deployment

* pr-fix: correct default value

* pr-fix: correct connection string key vault secret

* pr-fix: pass objectId

* pr-fix: pass secret

* temp commit

* pr-fix: use new deployed resources w/ Arcus.Testing

* pr-fix: correct temp event hub

* pr-fix: get keys from namespace

* pr-fix: correct rg token name

* pr-fix: remove unnecessary event model

* pr-fix: inject subscription ID

* pr-fix: remove unnecessary packages

* pr-fix: use correct arcus package

* pr-fix: use correct arcus package

* pr-fix: use correct arcus package

* pr-fix: use correct subscription id

* pr-fix: typo subscription id

* pr-fix: correct authentication

* pr-fix: correct key vault injection

* pr-fix: correct managed identity connection

* pr-fix: skip for now

* pr-fix: more stable assertion

build/ci-build.yml

@@ -21,6 +21,10 @@ parameters:
   - name: 'Package.Version.ManualTrigger'
     type: string
     default: 'preview'
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
 
 resources:
   repositories:
@@ -30,8 +34,6 @@ resources:
       endpoint: arcus-azure
 
 variables:
-  - group: 'Arcus Messaging - Integration Testing'
-  - group: 'Arcus - GitHub Package Registry'
   - group: 'Build Configuration'
   - template: ./variables/build.yml
   - template: ./variables/test.yml
@@ -93,35 +95,24 @@ stages:
               dotnetSdkVersion: '$(DotNet.Sdk.Version)'
               projectName: '$(Project).Tests.Unit'
 
-  - stage: SelfContainingIntegrationTests
-    displayName: Self-Containing Integration Tests
+  - stage: IntegrationTests
+    displayName: Integration Tests
     dependsOn: Build
     condition: succeeded()
-    variables:
-      - name: 'Arcus.Health.Port.Queue'
-        value: '42063'
     jobs:
-      - job: SelfContainingIntegrationTests
-        displayName: 'Run self-containing integration tests'
+      - job: RunIntegrationTests
+        displayName: 'Run integration tests'
         pool:
           vmImage: '$(Vm.Image)'
         steps:
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-          - template: test/run-integration-tests.yml@templates
+          - template: templates/integration-tests.yml
             parameters:
-              dotnetSdkVersion: '$(DotNet.Sdk.Version)'
-              includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions)
-              projectName: '$(Project).Tests.Integration'
-              category: 'Integration'
+              azureServiceConnection: ${{ parameters.azureServiceConnection }}
 
-  - stage: ReleaseToMyget
+  - stage: ReleaseToMyGet
     displayName: 'Release to MyGet'
     dependsOn:
-      [SelfContainingIntegrationTests, UnitTests]
+      [IntegrationTests, UnitTests]
     condition: succeeded()
     jobs:
       - job: PushToMyGet

build/deploy-test-resources.yml

@@ -0,0 +1,85 @@
+name: Arcus Messaging - Deploy test resources
+
+trigger: none
+pr: none
+
+parameters:
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
+  - name: resourceGroupName
+    displayName: 'Resource group name'
+    default: arcus-messaging-dev-we-rg
+  - name: keyVaultName
+    displayName: 'Key vault name'
+    default: 'arcus-messaging-kv'
+
+variables:
+  - template: ./variables/build.yml
+  - template: ./variables/test.yml
+
+resources:
+  repositories:
+    - repository: templates
+      type: github
+      name: arcus-azure/azure-devops-templates
+      endpoint: arcus-azure
+
+stages:
+  - stage: Deploy
+    jobs:
+      - job: DeployBicep
+        displayName: 'Deploy test resources'
+        pool:
+          vmImage: $(Vm.Image)
+        steps:
+          - task: AzureCLI@2
+            inputs:
+              azureSubscription: '${{ parameters.azureServiceConnection }}'
+              addSpnToEnvironment: true
+              scriptType: 'pscore'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                az deployment sub create `
+                  --location westeurope `
+                  --template-file ./build/templates/resource-group.bicep `
+                  --parameters resourceGroupName=$env:ARCUS_MESSAGING_RESOURCEGROUP_NAME `
+                  --parameters location=westeurope 
+
+                $objectId = (az ad sp show --id $env:servicePrincipalId | ConvertFrom-Json).id
+
+                az deployment group create `
+                  --resource-group $env:ARCUS_MESSAGING_RESOURCEGROUP_NAME `
+                  --template-file ./build/templates/test-resources.bicep `
+                  --parameters serviceBusNamespace=$env:ARCUS_MESSAGING_SERVICEBUS_NAMESPACE `
+                  --parameters eventHubsNamespace=$env:ARCUS_MESSAGING_EVENTHUBS_NAMESPACE `
+                  --parameters storageAccountName=$env:ARCUS_MESSAGING_STORAGEACCOUNT_NAME `
+                  --parameters keyVaultName=$env:ARCUS_MESSAGING_KEYVAULT_NAME `
+                  --parameters servicePrincipal_objectId=$objectId
+
+                $accountKey = (az storage account keys list --account-name $env:ARCUS_MESSAGING_STORAGEACCOUNT_NAME | ConvertFrom-Json)[0].value
+                az keyvault secret set `
+                  --name $env:ARCUS_MESSAGING_STORAGEACCOUNT_KEY_SECRETNAME `
+                  --value $accountKey `
+                  --vault-name ${{ parameters.keyVaultName }}
+
+                $serviceBusKeys = az servicebus namespace authorization-rule keys list `
+                  --resource-group $env:ARCUS_MESSAGING_RESOURCEGROUP_NAME `
+                  --namespace-name $env:ARCUS_MESSAGING_SERVICEBUS_NAMESPACE `
+                  --authorization-rule-name 'RootManageSharedAccessKey' `
+                  | ConvertFrom-Json
+                az keyvault secret set `
+                  --name $env:ARCUS_MESSAGING_SERVICEBUS_CONNECTIONSTRING_SECRETNAME `
+                  --value $serviceBusKeys.primaryConnectionString `
+                  --vault-name ${{ parameters.keyVaultName }}
+
+                $eventHubsKeys = az eventhubs namespace authorization-rule keys list `
+                  --resource-group $env:ARCUS_MESSAGING_RESOURCEGROUP_NAME `
+                  --namespace-name $env:ARCUS_MESSAGING_EVENTHUBS_NAMESPACE `
+                  --authorization-rule-name 'RootManageSharedAccessKey' `
+                  | ConvertFrom-Json
+                az keyvault secret set `
+                  --name $env:ARCUS_MESSAGING_EVENTHUBS_CONNECTIONSTRING_SECRETNAME `
+                  --value $eventHubsKeys.primaryConnectionString `
+                  --vault-name ${{ parameters.keyVaultName }}

build/nuget-release.yml

@@ -6,6 +6,10 @@ pr: none
 parameters:
   - name: 'Package.Version'
     type: 'string'
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
 
 resources:
   repositories:
@@ -15,9 +19,6 @@ resources:
       endpoint: arcus-azure
 
 variables:
-  - group: 'Arcus Messaging - Integration Testing'
-  - group: 'Arcus Security - Integration Testing'
-  - group: 'Arcus - GitHub Package Registry'
   - group: 'Build Configuration'
   - template: ./variables/build.yml
   - template: ./variables/test.yml
@@ -79,35 +80,24 @@ stages:
               dotnetSdkVersion: '$(DotNet.Sdk.Version)'
               projectName: '$(Project).Tests.Unit'
 
-  - stage: SelfContainingIntegrationTests
-    displayName: Self-Containing Integration Tests
+  - stage: IntegrationTests
+    displayName: Integration Tests
     dependsOn: Build
     condition: succeeded()
-    variables:
-      - name: 'Arcus.Health.Port.Queue'
-        value: '42063'
     jobs:
-      - job: SelfContainingIntegrationTests
-        displayName: 'Run self-containing integration tests'
+      - job: RunIntegrationTests
+        displayName: 'Run integration tests'
         pool:
           vmImage: '$(Vm.Image)'
         steps:
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-              includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions)
-          - template: test/run-integration-tests.yml@templates
+          - template: templates/integration-tests.yml
             parameters:
-              dotnetSdkVersion: '$(DotNet.Sdk.Version)'
-              projectName: '$(Project).Tests.Integration'
-              category: 'Integration'
+              azureServiceConnection: ${{ parameters.azureServiceConnection }}
 
   - stage: Release
     displayName: 'Release to NuGet.org'
     dependsOn:
-      [SelfContainingIntegrationTests , UnitTests]
+      [IntegrationTests , UnitTests]
     condition: succeeded()
     jobs:
       - job: PushToNuGet

build/templates/integration-tests.yml

@@ -0,0 +1,44 @@
+parameters:
+  azureServiceConnection: ''
+
+steps:
+  - task: UseDotNet@2
+    displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
+    inputs:
+      packageType: 'sdk'
+      version: '$(DotNet.Sdk.PreviousVersion)'
+
+  - task: AzureCLI@2
+    displayName: 'Import secrets from Azure Key Vault'
+    inputs:
+      azureSubscription: '${{ parameters.azureServiceConnection }}'
+      addSpnToEnvironment: true
+      scriptType: 'pscore'
+      scriptLocation: 'inlineScript'
+      inlineScript: |
+        Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
+        Install-Module -Name Arcus.Scripting.DevOps -AllowClobber -MinimumVersion 1.3.0
+
+        $subscriptionId = (az account show | ConvertFrom-Json).id
+        $objectId = (az ad sp show --id $env:servicePrincipalId | ConvertFrom-Json).id
+        Set-AzDevOpsVariable -Name 'Arcus.Infra.SubscriptionId' -Value $subscriptionId
+        Set-AzDevOpsVariable -Name 'Arcus.Infra.TenantId' -Value $env:tenantId -AsSecret
+        Set-AzDevOpsVariable -Name 'Arcus.Infra.ServicePrincipal.ObjectId' -Value $objectId
+        Set-AzDevOpsVariable -Name 'Arcus.Infra.ServicePrincipal.ClientId' -Value $env:servicePrincipalId -AsSecret
+        Set-AzDevOpsVariable -Name 'Arcus.Infra.ServicePrincipal.ClientSecret' -Value $env:servicePrincipalKey -AsSecret
+
+        $accountKey = az keyvault secret show --name $env:ARCUS_MESSAGING_STORAGEACCOUNT_KEY_SECRETNAME --vault-name $env:ARCUS_MESSAGING_KEYVAULT_NAME | ConvertFrom-Json
+        Set-AzDevOpsVariable -Name 'Arcus.Messaging.StorageAccount.Key' -Value $accountKey.value -AsSecret
+
+        $serviceBusConnectionString = az keyvault secret show --name $env:ARCUS_MESSAGING_SERVICEBUS_CONNECTIONSTRING_SECRETNAME --vault-name $env:ARCUS_MESSAGING_KEYVAULT_NAME | ConvertFrom-Json
+        Set-AzDevOpsVariable -Name 'Arcus.Messaging.ServiceBus.ConnectionString' -Value $serviceBusConnectionString.value -AsSecret
+
+        $eventHubsConnectionString = az keyvault secret show --name $env:ARCUS_MESSAGING_EVENTHUBS_CONNECTIONSTRING_SECRETNAME --vault-name $env:ARCUS_MESSAGING_KEYVAULT_NAME | ConvertFrom-Json
+        Set-AzDevOpsVariable -Name 'Arcus.Messaging.EventHubs.ConnectionString' -Value $eventHubsConnectionString.value -AsSecret
+
+  - template: test/run-integration-tests.yml@templates
+    parameters:
+      dotnetSdkVersion: '$(DotNet.Sdk.Version)'
+      includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions)
+      projectName: '$(Project).Tests.Integration'
+      category: 'Integration'

build/templates/resource-group.bicep

@@ -0,0 +1,15 @@
+// Define the name of the resource group.
+param resourceGroupName string
+
+// Define the location for the deployment of the components.
+param location string
+
+targetScope='subscription'
+
+module resourceGroup 'br/public:avm/res/resources/resource-group:0.2.3' = {
+  name: 'resourceGroupDeployment'
+  params: {
+    name: resourceGroupName
+    location: location
+  }
+}