Configuration Mapping

The local and remote configuration will trigger a task execution based on each unique declaration of context and target, using the corresponding default task tasksRunLocal.tsk and tasksRunLocal.tsk.

context  target  deployHost
remote   UAT     vm.example.com
local    UAT     vm.example.com
remote   PROD    vm.example.com
local    PROD    vm.example.com

Customer tasks can be defined for directories customLocal and customRemote respectively, or custom if shared.

context    target  deployTaskOverride
local      DOCKER  docker-compose-test.tsk
remote     UAT     on-premise-deploy.tsk
remote     PROD    on-premise-deploy.tsk
container  PUSH    publish-production-ertefact.tsk

Note that container override tasks are made available in the customRemote directory.

Execution Engine

To alleviate the burden of argument passing, exception handling and logging, the execution engine has been provided. The execution engine will essentially execute the native interpretive language (PowerShell or bash), line by line, but each execution will be tested for exceptions (trivial in bash, significantly more complex in PowerShell).

Where is it used

In all places using .tsk files, i.e. build, package, wrap and deploy. The following operations are available to all tasks, however, some are more applicable to specific processes, see Build, Local and Remote task execution for more details of how these can be used.

Operations

The following operations are provided to simplify common tasks.

Keyword	Description	Example
ASSIGN	Display, and expand as necessary, variable assignment	ASSIGN $test="$varcontainingvar"
CMPRSS	Compress directory to file	CMPRSS packageName dirName
DCMPRS	Decompress package file	DCMPRS packageName
DECRYP	decrypt using private key (PKI)	DECRYP crypt/encrypt.dat
	decrypt using AES/GPG key	DECRYP crypt/encrypt.dat $key
DETOKN	Detokenise file with target prop	DETOKN token.yml
	Detokenise with specific file	DETOKN token.yml PROP_FILE
	Detokenise with encrypted file	DETOKN token.yml crypt/FIL $key
	Expand and reveal embedded variables and detokenise	DETOKN token.yml $TARGET reveal
	Expand but do not reveal embedded variables and detokenise	DETOKN token.yml manifest.txt resolve
EXCREM	Execute command	EXCREM hostname
	Execute script	EXCREM ./capabilities.sh
EXERTY	Execute Retry, wait 10 seconds and retry twice	EXERTY “temperamentalcommand”
	Optional, wait and retry override	EXERTY “verytemperamentalcommand” 20 5
EXITIF	Exit normally if argument set	EXITIF $ACTION
	Exit normally if set to value	EXITIF $ACTION clean
IGNORE	Execute expression, log and ignore errors	IGNORE “command arg1 arg2”
IMGTXT	Display image file as text (wrapper for jp2a in Linux)	IMGTXT sample.jpg
INVOKE	call a custom script	INVOKE ./script “Hello”
MAKDIR	Create a directory and path (opt)	MAKDIR directory/and/path
MASKED	Return an uppercase hexadecimal checksum using SHA256	MASKED $password
MD5MSK	Deprecated. Return an uppercase hexadecimal checksum	MD5MSK $password
PROPLD	Load properties as variables	PROPLD PROP_FILE
	Expand and reveal embedded variables	PROPLD $TARGET reveal
	Expand but do not reveal embedded variables	PROPLD manifest.txt resolve
REFRSH	Refresh directory contents	REFRSH manifest.txt ~/temp_dir
	clear directory contents (create if not existing)	REFRSH ~/temp_dir
REMOVE	Delete files, including wildcard	REMOVE *.war
REPLAC	Replace token in file	REPLAC fileName %token% $value
VARCHK	Variable validation using default file properties.varchk	VARCHK
	Variable validation using names file	VARCHK vars.properties
VECOPY	Verbose copy	VECOPY *.war

Notes on EXCREM use, the properties are similar to those used for remote tasks, where the minimum required is the host, if other properties are not used, must be set to NOT_SUPPLIED, i.e.

deployHost=localhost
remUser=NOT_SUPPLIED
remCred=NOT_SUPPLIED
remThb=NOT_SUPPLIED

Windows only

The following operations are only available in PowerShell version

Keyword	Description	Example
CMDTST	Returns true if command exists	CMDTST vagrant
ELEVAT	Execute as elevated NT SYSTEM	ELEVAT “$(pwd)/custom.ps1”
EXECMD	Execute in Command (CMD) shell	ELEVAT “terraform $OPT_ARG”
MSTOOL	Microsoft Build Tools, set environment variables • MS_BUILD • MS_TEST • VS_TEST • DEV_ENV • NUGET_PATH	MSTOOL

Common Variables

These are automatically set at both build and deploy time.

Variable	Description
$SOLUTIONROOT	The solution directory identified by localtion of CDAF.solution file
$SOLUTION	The solution name identified by property in CDAF.solution file
$BUILDNUMBER	The first argument passed for CI, and propagated to CD
$CDAF_CORE	Core CDAF runtime location
$TASK_NAME	The name of the task file currently executing
$TARGET	Available in both build and deploy, but derived differently, see below for details

Build-time Variables

These are automatically set at execution start-up

Variable	Description
$AUTOMATIONROOT	The installation directory of the Continuous Delivery Automation Framework
$ACTION	The second argument passed, has some hardcoded functions • clean: only remove temp files • packageonly: skip any build tasks
$TARGET	At build time, this is derived (Can be overridden, see CDAF_BUILD_ENV environment variable) • Linux: Set to WSL for Windows Subsystem, otherwise LINUX • Windows: Set to WINDOWS is on-domain, otherwise WORKGROUP
$TMPDIR	Automatically set to the temp dir
$WORKSPACE	The working directory at execution start-up

Deploy-time Variables

Variable	Description
$ENVIRONMENT	This is the first argument passed to the release, the targets are derived from this
$TARGET	All targets are processed based on pattern match $ENVIRONMENT*, the TARGET being currently executed is set in this variable
$RELEASE	Second argument passed to release
$OPT_ARG	Third argument passed to release

Environment Variables

Due to inconsistencies between Windows and Linux handling of environment variables, these have been divided between environment variables that are set before calling an entry script to alter the behaviour of CDAF, and environment variables that are set within bash scripts to make them globally available.

Control Variables

The following environment variables are available to control the behaviour of CDAF

Variable	Description
CDAF_BRANCH_NAME	Used by entry.ps1/entry.sh Override the branch name, primarily to test CI behaviour for non-default branch, i.e. main
CDAF_BUILD_ENV	Define the build environment, if not set, defaults will be used, see execution engine Build-time Variables for details
CDAF_CB_{variable_name}	Prefix used in containerBuild to supply local variables into the build time container
CDAF_CD_{variable_name}	Prefix used in containerDeploy to supply local variables into the deploy time container
CDAF_IB_{variable_name}	Prefix used in containerBuild to supply during image construction
CDAF_OPT_{any_value}	Prefix used in containerDeploy to set docker run options e.g. $env:CDAF_OPT_foo = ‘–cpu-count 2’ $env:CDAF_OPT_bar = ‘–label custom=release’
CDAF_DOCKER_REQUIRED	containerBuild will attempt to start Docker if not running and will fail if it cannot, rather than falling back to native execution
CDAF_DOCKER_RUN_ARGS	containerBuild additional run arguments, e.g. ‘–memory=2048m’
CDAF_DELIVERY	The default target environment for cdEmulate and entry, defaults are LINUX, or WINDOWS for on-domain or WORKGROUP for off-domain
CDAF_ERROR_DIAG	Dependency injected custom call if error occurs in Execution Engine
CDAF_HOME_MOUNT	to disable volume mount for containerDeploy set to ’no’, note: this can be overridden a solution level, using CDAF_HOME_MOUNT as property
CDAF_IGNORE_WARNING	If messages are logged to standard error, the Execution Engine will log but not halt, however is this is set to yes, processing will halt yes or no, default is yes
CDAF_LOG_LEVEL	Set to DEBUG for verbose logging
CDAF_OVERRIDE_TOKEN	Default marker for DETOKN or PROPLD in Execution Engine is %, i.e. %key_name%, the markers can be changed using this environment variable
CDAF_SKIP_CONTAINER_BUILD	containerBuild will not be performed if this environment variable is set to any value
CONTAINER_IMAGE	Override containerImage in containerBuild & imageBuild

Global Variables

These variables are available to child scripts, custom scripts and task execution engine, see also Build-time Variables.

Variable	Description
CDAF_CORE	CDAF helper script path
WORKSPACE_ROOT	Static for solution, WORKSPACE will change for project (build) or target (deploy)

Image Registry

These override Solution Properties properties. They are used to push the image created by dockerBuild to pull a base image from a private registry.

Variable	Description
CDAF_SKIP_PULL	Skip updating of image
CDAF_PULL_REGISTRY_URL	Image registry URL, example myregistry.local (do not set for dockerhub)
CDAF_PULL_REGISTRY_USER	Registry user, example registryuser (if not set, default is ‘.’)
CDAF_PULL_REGISTRY_TOKEN	Registry token, example xyzx9234sxsrwcqw34

These override Solution Properties properties. They are used to push the image created by imageBuild to push to a private registry.

Variable	Description
CDAF_REGISTRY_URL	Image registry URL, example myregistry.local (do not set for dockerhub)
CDAF_REGISTRY_TAG	Image tag(s), can being single value `latest` or list `latest ${BUILDNUMBER}`
CDAF_REGISTRY_USER	Registry user, example registryuser (if not set, default is ‘.’)
CDAF_REGISTRY_TOKEN	Registry token, example xyzx9234sxsrwcqw34

These override Solution Properties properties. They are used to push the image created by dockerPush to push to a private registry.

Variable	Description
CDAF_PUSH_REGISTRY_URL	Image registry URL, example myregistry.local (do not set for dockerhub)
CDAF_PUSH_REGISTRY_TAG	Image tag(s), can being single value `latest` or list `latest ${BUILDNUMBER}` (default is `latest`)
CDAF_PUSH_REGISTRY_USER	Registry user, example registryuser (if not set, default is ‘.’)
CDAF_PUSH_REGISTRY_TOKEN	Registry token, example xyzx9234sxsrwcqw34

Solution Properties

CDAF.solution : file to identify a directory as the automation solution directory where the key configuration files are placed. This file is used as the bases of the manifest.txt file while is included in the resulting CI artefact package.

See solution/CDAF.solution in CDAF automation directory.

Solution Properties

Variable	Description
solutionName	Required. Do not include spaces.
productName	Solution description, this can contain spaces.
artifactPrefix	Generate a self-extracting package script, example 0.0, mutually exclusive to productVersion
productVersion	Do a self-extracting package script, example 0.0.0
containerBuild	Dependency injection for running container based build execution
containerImage	Image to be used in the container based build execution
containerDeploy	Execute deployment from within a container, uses the storeForRemote artefact definition
imageBuild	Dependency injection for creating a container image after CI process, see the Image Registry properties below
runtimeImage	Image to used in the runtime image created by imageBuild
constructor	Directory in which container images are constructed, default action will traverse and build in all directories
defaultBranch	Used to determine feature branch functionality, default is master
defaultEnvironment	Default environment to use for CDAF Feature Branch Environments post, defaults to DOCKER
processSequence	Deployment Process Sequence, defaults to localTasks, remoteTasks and finally containerTasks

Environment Variable Substitution

The following properties can be used in place of environment variables

Variable	Description
CDAF_HOME_MOUNT	to disable volume mount for containerDeploy set to ’no'
CDAF_ERROR_DIAG	Dependency injected custom call if error occurs in Execution Engine
CDAF_DOCKER_REQUIRED	containerBuild will attempt to start Docker if not running and will fail if it cannot, rather than falling back to native execution

Image Registry

These properties are used to push the image created by dockerBuild to pull a base image from a private registry. These can be overriden by Environment Variables.

Variable	Description
CDAF_SKIP_PULL	Skip updating of image
CDAF_PULL_REGISTRY_URL	Image registry URL, example myregistry.local (do not set for dockerhub)
CDAF_PULL_REGISTRY_USER	Registry user, example registryuser (if not set, default is ‘.’)
CDAF_PULL_REGISTRY_TOKEN	Registry token, example xyzx9234sxsrwcqw34

These properties are used to push the image created by imageBuild to push to a private registry. These can be overriden by Environment Variables.

Variable	Description
CDAF_REGISTRY_URL	Image registry URL, example myregistry.local (do not set for dockerhub)
CDAF_REGISTRY_TAG	Image tag(s), can be a single value `latest` (default) or space separated list, e.g. `latest ${BUILDNUMBER}`
CDAF_REGISTRY_USER	Registry user, example registryuser (if not set, default is ‘.’)
CDAF_REGISTRY_TOKEN	Registry authentication token

These properties are used to push the image created by dockerPush to push to a private registry. These can be overriden by Environment Variables.

Variable	Description
CDAF_PUSH_REGISTRY_URL	Image registry URL, example myregistry.local (do not set for dockerhub)
CDAF_PUSH_REGISTRY_TAG	Image tag(s), can be a single value `latest` (default) or space separated list, e.g. `latest ${BUILDNUMBER}`
CDAF_PUSH_REGISTRY_USER	Registry user, example registryuser (if not set, default is ‘.’)
CDAF_PUSH_REGISTRY_TOKEN	Registry authentication token

Git Clean-up Properties

To clean-up Git branches and docker images, the following properties are used.

Variable	Description
gitRemoteURL	`https://gitserver.local/mysolution.git`
gitUserNameEnvVar	gituser
gitUserPassEnvVar	secret-pat
gitCustomCleanup	& $AUTOMATIONROOT/buildandpackage/clean.ps1 or $AUTOMATIONROOT/buildandpackage/clean.sh

Extended Processes

Optional Build Processes

By placing these files in your solution root, the processes will execute as described

File Name	Description
prebuild.tsk	Execute after Configuration Management processing, but before any build tasks
postbuild.tsk	Execute after solution and project level build tasks are complete

Optional Package Processes

By placing these files in your solution root, the processes will execute as described

File Name	Description
package.tsk	Execute after package workspace has been cleaned
wrap.tsk	Execute after package but prior to creating self-extracting release

Feature Branch Execution

Place feature-branch.properties in your SOLUTIONROOT to allow dynamic delivery execution, based on Git Branch name. This capability is limited to entry.sh/entry.bat/entry.ps1, which are Git aware, and the recommended loose coupling entry scripts for CDAF.

# Separate environments for features and bugs
feature=DEV1
bugfix=DEV2

# Hotfixes deploy to all environments
hotfix=DEV1
hotfix=DEV2

See CDAF Samples for complete implementations in Linux and Windows.

Sensitive Data Strategies

Loose Coupling

A key approach to support the principle of automation execution in a local desktop context, is the use of environment variables. It’s important to remember that environment variables do not necessarily need to be persisted, i.e. stored unencrypted on disk, it’s the global availability of the variable that makes it an environment variable.

context  target  databaseFQDN        dBpassword
local    TEST    db1.nonprod.local   $DB1_PASSWORD
local    UAT     db2.nonprod.local   $DB2_PASSWORD
local    PROD    cluster.prod.local  $PRD_PASSWORD

Variable Expansion

Variables can be referenced in preoperties files (see [Configuration Management][mydoc_basics_configuration_management]) or CDAF.solution file and then expanded at deploy time into variables or files using ASSIGN, PROPLD or DETOKN in the execution engine.

Encrypted Files

This approach is to allow secrets in a file to be stored in source control. Encryption key for Windows is an EAS key, while for Linux it’s a GPG key. This approach is used when there are a large number of secrets to cater for, and therefore only the key needs to be managed as a secret.

In early generations of secret management, the secrets would be stored as persistent environment variables, however all modern toolsets provide an encrypted store which can load secrets as environment variables.

See the DECRYP & DETOKN operations in the execution engine for guidance on usage.

Cloud Storage Integration

Toolset providers who also supply public cloud provide integration to their secret storage offerings, while these can be convenient, this does couple your automation to toolset and makes the execution of locally challenging.

Legacy Features

Remote Deployment

Machine to machine deployments are increasingly uncommon, as local agents/runners are readily available, making on-premise deployments from the build server an infrequent use case. While there is no plan to deprecate this capability, it’s complexity makes local testing i.e. shift-left complicated, especially in windows. For CDAF configuration, see Remote Tasks.

Windows Remote PowerShell

This approach uses the local host for both target (CD) and build (CI) execution. Provision the host with both roles

.\automation\provisioning\mkdir.ps1 C:\deploy
.\automation\provisioning\CredSSP.ps1 server

.\automation\provisioning\trustedHosts.ps1 *
.\automation\provisioning\CredSSP.ps1 client

Linux SSH

Generate PKI key and public certificate, and perform a loop-back connection to local host to place the public certificate in the authorised hosts configuration.

.\automation\provisioning\agent.sh deployer@localhost

Symetric Encryption

With the implementation of 12-Factor applications, secret management in files is less common, and the storage of encrypted files in source control for subsequent decryption is now uncommon. While this capability is not planned for deprecation, it is recommended to use sensitive data strategies instead.

Variable Validation

There are 5 rules available, two for plain text and three for secrets. When validating a secret against a known MD5 value, either a literal or variable can be supplied. See VARCHK in the execution engine operations

# Plain text values
OPT_ARG                                # Optional plain text
terraform_version=required             # Required plain text

# Secret values
TERRAFORM_TOKEN=optional               # Optional secret
TERRAFORM_TOKEN=secret                 # Required secret
TERRAFORM_TOKEN=$TERRAFORM_TOKEN_MASK  # Required secret verified against supplied SHA-256 value

Feature Configuration

Declarative Desired State Container Deployment using Helm

Subsections of Feature Configuration

Configuration Mapping