Showing posts from April, 2020

Following azure best practices and naming conventins

nuget commonly used command

nuget config -set http_proxy.password= nuget config -set http_proxy="http://@proxycompletename" nuget config -set http_proxy.user=""nuget sources add -name MyPackageSource -source -username username -password password

Maven separates repository between plugin and package repositories.

The following example illustrate how we can setup plugin and package repository. Maven tends to separate this out individually.

Setting up git to use Azure Devops over proxy

The following provide a configuration that you need to update when you're trying to use git over a proxy to hit into Azure DevOps.

[user] email = name = Jeremy.Woo password = mypassword [http ""] proxy = http://jeremywo:mypassword@myproxyserver:80 [credential] helper = store

Azure CMK for storage account

If we were to use key rotation in Azure storage account, then we can do it by setting up our Azure KeyVault and tying it to a storage account. The problem with this approach is that, it will be harder because right now, we're trying to manage key ourselves.

Typically this is an answer to 'how can i apply key rotation to Azure storage account'.

Azure Devops - how to build pipeline that uses npm securely for docker images

This is a setup for npm, docker images and react app (This doesn't matter i guess)

In this post, we are going to be building a secure pipeline. When we say secure, we mean

a) No PAT token is saved in source code or as a insecure variable. No credential is leak We also separate the pipeline and allow it to evolve independently.

b) No token is written into docker image. User wil not be able to use docker inspect  / docker history to obtain PAT token.

In a nutshell, we use Azure Devops and build machine to install npm packages. Then copy all the files, assets and node_modules into docker for next steps to build it.

I know some of you might say, we want a full containerized build. This is a good way too, if you think about it. you don't have to generate user .npmrc file and somehow maintain that in variable group. It just make the steps so much simpler.

This is the Azure Devops build pipeline setup

Let's look at the dockerfile setup

azure devops build pipeline template : using if macro

Did you know that you can actullly use template with abit of if macro magic as shown below :-