-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workflow for multi-environment management + promoting releases between environments #2373
Comments
I would lean heavily into our CI providers: GitHub and Azure Pipelines, and provide a mechanism that allows |
@savannahostrowski @ellismg This likely should be required as part of our ADE integration |
Our current strategy allows you to set per environment configuration for your IAC, so at a minimum you could imagine adding a new parameter to your infrastructure on what sort of environment type (dev, prod, etc) you were deploying to and your infrastructure template could conditionalize resources on that. Or, you could just examine I think that can get us very far today. To @weikanglim's point, you can define these values in your CI system (perhaps tied to branches, perhaps now). It would be good to know where this falls over or where the rough edges are and we can start to sand them down.
This sort of surprised me - given that some of the initial design work in the ADE stream led me to believe that in ADE mode we'd only allow a single environment per project. What do you think is going to push us to figure this out for ADE, @wbreza? |
ADE is all about separating out the governance and creation of infrastructure typically required in a more structured organization or enterprise. Devs won't have access to provision resources, but if the enterprise wants to leverage ADE + AZD for integration scenarios we should have a good story here. ADE devs will likely only be working directly against lower level environment types like "dev" but outside of the dev focused scenario test/staging & prod environments still exist and should be supported in CI/CD scenarios. Most of this boils down to correct environment configuration in Azdo or Github but once that has been setup azd should be able to easily leverage this configuration where calls to |
Multiple Environment Support in Azd (Work in Progress)Proposal and use cases for multiple environment support in Use Case: Support multiple Azd environments in CICDToday azd is limited to 1 environment definition via Both Github & Azdo support the concept of "environments". The concept maps directly towards environments in
Today, Global Changes
Changes for GitHub
Changes for Azdo
Use Case: Use different infra for different environmentsQ: I want to change the infrastructure that is provisioned per environment Q: I want to use different service targets per environment. Container apps in dev, AKS in prod In this case users can author multiple versions of the This provides the ability to swap out any configuration element per environment. IaC template paths, IaC providers and even services if needed. Changes
Use Case: Promoting app code releases between environmentsFor app code promotion we typically want to take the exact version deployed from a lower environment and promote/release it to an upper environment. This is important because this is the exact version that was tested and known to be in a good working state vs just re-building from your mainline branch. Simple versionThe simpler case relies less on Azd and more on writing the correct multi-stage pipelines in your CI provider of choice. This approach will do a direct code deployment to your configured service target.
Advanced version
Service Targets
Add a |
Overall, I love the proposals here and think they are a step forward in the right direction to having A few comments based on what popped into my mind while reading.
Yeah, this seems like about the best we can do. It is interesting, I think, that when we create a repository during
No opposed to a I guess I also wonder in practice if anyone would actually do this. It feels sort of like an anti-pattern to have such a large change in the way your application is deployed between environments, not really sure how common such a thing would end up being in practice?
I wonder if instead we should support something like
I do wonder again how much of this we could infer from the target resource. Would it possible to examine an AppService resource and see if it is using deployment slots and if so deploy that way? Similar for Container Apps, could we detect when the app is configured for single vs multi-revision mode and change our strategy based on that? There's also a question longer term if we'll want a way for someone to override what "deploy" means for a service to instead use some other deployment strategy (maybe something like spinnaker or some other deployment strategy that is not strictly tied to the service). |
Is this the relevant issue to follow for deployment slots support for App Service? A developer has asked how they can deploy to a slot using azd up: Azure-Samples/azure-search-openai-demo#1278 |
I did some work around this and created this template and some documentation. These demonstrate how I'm using AZD, GHA, and Bicep to create and configure support for multiple environments. I presented this topic at the Azure User Group: https://www.youtube.com/watch?v=nSebeKFG2s8. As far as GHA is concerned, support for environment variables and secrets is needed. For AzDO, I have yet to dive as deep, but support for environments and variable groups is required. I hope this is helpful; I am happy to discuss this further. |
Are there any updates on this issue? Using azd to fastrack a developer from idea to Cloud dev environment is good, but I think there needs to be better support to take this through environments into production using pipelines or github actions with environment scoped secrets and variables. Even if it was one good example included in Awesome AZD templates similar to what jasontaylordev has done above, or with the current best approach from the azd team. |
You can have environment-scoped secrets and variables in your pipelines now, by the way. We use them in https://github.com/Azure-Samples/azure-search-openai-demo/ |
I had a review of the documentation here; https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/configure-devops-pipeline?tabs=GitHub#additional-secrets-or-variables. This new feature seems to allow us to specify additional variables or secrets to include when running This seems like a good feature, but it doesn't bring me closer to configuring multi-environment support for a GH pipeline. I would like the azd environment to be mapped directly to the pipeline environment. This way I can create variables and secrets at the GH environment scope. Ideally, I would also like some variables or secrets to be repository-scoped. Then, it's just a case of creating a multi-stage pipeline to promote releases between environments. |
Developers may want different IaC for each environment (dev, test, prod).
Note that using branches for management is sort of an anti-pattern/dated approach and there are developers who do not view this as an option (e.g. https://codefresh.io/blog/stop-using-branches-deploying-different-gitops-environments/)
The text was updated successfully, but these errors were encountered: