Getting Started

Getting Started

The follow guidance is language independent, i.e. does not require a development environment, and simply uses scripts to reflect a deliverable.

• Seed Solution

  Create a Release Package

• Pipeline

  Pipeline Orchestration and Capabilities

• Build

  Continuous Integration

• Package

  Build-Once/Deploy-Many

• Continuous Delivery

  Configuration Management and Automated Deployment

• Local Deployment Tasks

  Local Tasks

• Remote Deployment Tasks

  Remote Tasks {class=“children children-type-list children-sort-”}

Samples

CDAF Samples

The following samples are found in GitHub for windows and linux.

• Minimal

  Minimal Sample {class=“children children-type-list children-sort-”}

Release History

All previous releases are available for download from https://cdaf.io/static/app/downloads/LU-CDAF-<version>.tar.gz or https://cdaf.io/static/app/downloads/LU-CDAF-<version>.zip for Linux, and https://cdaf.io/static/app/downloads/WU-CDAF-<version>.zip for Windows.

3.0.1 : 19-Mar-2026 : Docker debug option

Reduce the logging verbosity, with option to reinstate original level if desired using environment variable CDAF_LOG_LEVEL.

• bootstrap scripts for gitlab and vsts have been deprecated in GitHub, with corresponding installRunner and installAgent provisioning scripts
• support for PROPLD reveal and resolve for values containing ; character (Windows)

3.0.0 : 28-Jun-2025 : Core CDAF Release

Breaking change for any solutions dependent on the inclusion of the CDAF provisioning helpers. These now need to be downloaded and run, or downloaded and executed directly in memory, from GitHub.

• Move provisioning to GitHub, for Windows and Linux
• Move sample solution to GitHub, for Windows and Linux
• Remove upgrade scripts, use installer/upgrade from GitHub, for Windows and Linux

2.8.2 : 24-Apr-2025 : CDAF_OPT_ containerDeploy Runtime Options

• Add containerDeploy feature to support docker run options as (environment variables)
• Fix dockerPush no passing registry token for login (Linux)
• Fix feature branch detection (Windows)

2.8.1 : 25-Jan-2025 : Minor Release and Deploy Fixes

• Fix getProperty split on first equal (=) character only
• Fix containerDeploy to resolve fileName variable (Linux)
• Fix self-extracting release not including error array and exit code reset (Windows)
• Include file command in dockerhub image (Linux)

2.8.0 : 16-Jul-2024 : Tech Debt - Deprecate unsupported docker version labelling

• Remove version argument from dockerBuild (see breaking changes for details)
• Consolidate default Dockerfile processing for containerBuild and imageBuild into dockerBuild
• dockerPush correct context loading for non-dockerhub registries (Linux)
• sort project directories for build process (Linux)

2.7.9 : 11-May-2024 : CDAF_DOCKER_RUN_ARGS for containerBuild engine arguments

• New environment variables for containerBuild engine arguments
• Capabilities listing for AWS CLI and extensions
• Execute wrap.tsk prior to remote package process for consistent inclusion
• SOLUTIONROOT and CDAF.solution as “global” variables (using export) in CI processing (Linux)
• Apache Tomcat default version 10.x (Linux)
• Remove specialised PM2 deployment script (Linux)
• dotnet core default version 8 (Windows)
• dockerBuild Cleanup default dockerfile (Windows)
• dockerPush correction for private registries other than Dockerhub (Windows)
• Only perform clean on orphaned branches

2.7.8 : 03-Mar-2024 : CloudFlare Wrangler v3 in CDAF Docker Images

• As at Mar 30, 2023, only version 2.0.19 works, this has since been addressed in v3 so publishing latest
• Tech Debt - ongoing error handling consistency (Windows)
• Quote wrap null or empty string tests for entry.sh (Linux)
• Do not use alpha releases of Terraform in docker image (Linux)
• Update default dotnet core to v8 in installDotNetCore.sh, and in docker images (Linux)

2.7.7 : 24-Feb-2024 : TASK_NAME alignment

• Align logging in execution engine, replacing TASKLIST in Linux and TASK_LIST in Windows
• Pass CDAF_BUILD_ENV (overrides BUILDENV) to containerBuild
• Quote wrap docker run arguments, to support arguments containing spaces
• Resolve delivery arguments if they contain variable names

2.7.6 : 17-Feb-2024 : Flexible Build TARGET Determination

• Derive BUILDENV, aligning with cdEmulate, this is passed as TARGET to build execution
• Quote wrap docker run parameters (Windows)

2.7.5 : 31-Jan-2024 : Fix DETOKN failing when used with default target outside of starting workspace

• DETOKN use absolute path for default property file
• GitLab Runner support for non-canon default image
• Property loader support for non-workspace directory
• MSTOOL reset LASTEXITCODE after tool tests (Windows)
• Return to workspace when tasks complete (Windows)
• Set TMPDIR to user environment variable, not machine (Windows)
• PROPLD validation and execution outside workspace (Windows)

2.7.4 : 29-Nov-2023 : Bugfix for buildonly CI ACTION

• buildonly action failing to skip package and clean-up process
• MSTOOL Support multiple Visual Studio product install (Windows)

2.7.3 : 03-Nov-2023 : helmfile

• Inclusion of helmfile in CDAF docker images and capabilities listing
• Replace deprecated NodeJS install script in installNodeJS.sh (Linux)

2.7.2 : 09-Oct-2023 : pass RELEASE and OPT_ARG for containerDeploy

• Pass RELEASE and OPT_ARG to containerdeploy, previous only passed TARGET
• Correctly set ENVIRONMENT for containerdeploy
• Do not fail container build on docker start failure unless CDAF_DOCKER_REQUIRED set
• Consistent behavior of EXITIF, aligning to documentation

2.7.1 : 11-Sep-2023 : runtimeFile containerDeploy

• containerdeploy runtimeFiles property supporting space separated list
• containerdeploy runtimeRetain to keep all runtime images, not just most recent
• Docker Push fails for private registry which does not have authentication
• installIIS.ps1 support for desktop (Windows)
• delivery.sh consistent usage of WORKSPACE_ROOT (Linux)

2.7.0 : 27-Aug-2023 : Replace executeRetry with EXERTY

• Deprecate separate executeRetry script, replace with EXERTY function in execution engine
• Extend capabilities script-friendly output for Chrome
• installAgent (Azure DevOps Agent installer) detect latest version for default
• Improve logging of package process, including warnings for no artefacts found

2.6.8 : 09-Aug-2023 : Capabilities Extension

• Script friendly listing of CDAF version in capabilities
• Export remaining “Global” variables (Linux)
• Consistent setting of “Global” variables in build and delivery processes (Linux)
• buildPackage WORKSPACE load correctly (Windows)
• delivery.ps1 deprecate $env:WORK_SPACE (Windows)

2.6.7 : 31-Jul-2023 : New “global” variable WORKSPACE_ROOT

• dockerPush attempt regardless of token being sent, i.e. may already be logged in
• New “global” variable WORKSPACE_ROOT set by CI and CD entry scripts
• Align DCMPRS with Windows, extracting to directory with the same name as the package (Linux)
• Python 2 install support in Fedora based releases 8 and above using DNF (Linux)
• Deprecate duplicate error handling functions, apply consistent use of ERRMSG (Windows)
• Standardise internal exception and error handling (Windows)
• Consistent handling of WORKSPACE “Global” variable (Windows)
• deploy.bat Do not load arguments as environment variables (Windows)
• installPython support for Red Hat Enterprise Linux (Linux)
• DCMPRS preserve source directory structure (Linux)

2.6.6 : 09-Jul-2023 : Maintenance Release

• Fix containerDeploy property selection process, was returning no values but proceeding (Linux)
• Ensure Deployment targets are sorted (Linux)
• Reveal/Resolve support for empty or null values (Windows)
• installAnsible support for RHEL/Rocky 8 and above (Linux)

2.6.5 : 01-Jul-2023 : SOLUTIONROOT consistent absolute path loading

• Consistent use of GLOBAL variables for all entry points
• Strings with Comma for resolve and reveal PROPLD (Windows)

2.6.4 : 29-Jun-2023 : GitLab Runner and Azure DevOps Agent Alignment

• Azure DevOps Agent support for organisation name containing hyphen (Linux)
• Remove deprecated GitLab Runner option “name” (Linux)
• CM & PV support for values containing comma separated list (Windows)

2.6.3 : 26-Jun-2023 : Paths with Spaces

• Support for paths with spaces
• Make uppercase variables, “Global” variables (replace build.properties in (Linux))
• Consistent handling of Environment variables
• Support for custom ciProcess in entry
• Update GitLab runner after tag CLI deprecation
• Remove install packages from /solution of CDAF image
• Windows Container support after DockerMsftProvider deprecation (Windows)

2.6.2 : 13-Jun-2023 : Default Immutable Deployment into imageBuild

• Correct default imageBuild immutable deployment in construction process
• Apply consistent handling of CDAF_DOCKER_REQUIRED
• Log CDAF_CORE in delivery
• Align ci & entry logging to Windows (Linux)

2.6.1 : 07-Jun-2023 : Default Container Image Processes

• Provide a default dockerfile when containerDeploy directory does not exist
• Provide default containerBuild process when containerImage specified
• Provide a default dockerfile when processing containerBuild
• Provide default imageBuild process using new buildImage property
• Provide a default dockerfile when processing imageBuild
• Remove Readme.md from package root
• Optional post build, pre-packaging process (Linux, aligning with existing Windows functionality)
• CDAF in PATH for docker container (Linux)
• Add JQ to cdaf/linux docker image (Linux)

2.6.0 : 30-May-2023 : Cascading Properties

• Deprecate DOCKER-HUB for Push registry
• CDAF_REGISTRY_ property overrides environment variable for imageBuild
• CDAF_PULL_REGISTRY_ for dockerBuild
• CDAF_PUSH_REGISTRY_ for dockerPush
• Default value for docker registry push to ’latest'
• Introduce CDAF_CORE environment variable for path to helpers
• imageBuild override container image if explicit image passed
• Replace AUTOMATIONHELPER cascading search with explicit CDAF_CORE environment variable
• pushFeatureBranch for imageBuild to push image from non-default branch
• ImageBuild feature branch logic self-contained
• Fix DETOKN with ‘reveal’ does not work with properties containing whitespace (Linux)
• Remove dependency on Git for default revision in BuildPackage (Windows)
• postBuild process prior to, and independent of, imageBuild (Windows)
• Consistent branch name cleansing, e.g. main (cleansed from refs/heads/main)

2.5.7 : 07-May-2023 : Introduction of packageFeatures

• packageFeatures Support for reduced number of helper scripts to be included in release package
• dockerLog check for exact match, with support for trimming white space
• dockerBuild environment variable CDAF_SKIP_PULL to skip pull attempt of local registry image
• packageMethod support for tarball package (Windows)

2.5.6 : 26-Feb-2023 : VARCHK Build Process Support

• VARCHK support in Build process
• Align containerDeploy ID to other docker helpers
• Ensure all tests are posix compliant (Linux)
• Ensure Docker is available after starting daemon when CDAF_DOCKER_REQUIRED set (Linux)
• Volume mount support for Podman (Linux)
• Support for version as an argument for Azure DevOps installAgent.sh (Linux)
• Flexible Red Hat Enterprise Linux version support in installAnsible.sh, InstallNodeJS.sh and installPython.sh (Linux)
• Support for self-hosted docker executor for GitLab installRunner.sh (Linux)
• Do not fail on workspace clean-up (Linux)
• Only attempt exited container clean-up in containerBuild where exited containers exist (Linux)
• imageBuild support for list of tags for registry push (Linux)
• Ensure REVISION is always set for buildPackage.ps1 (Windows)
• Consistent use of WORKING_DIRECTORY variable, vs. $env:WORK_SPACE environment variable in delivery.ps1 (Windows)
• Correct version test for ant and kubectl in capabilities.ps1 (Windows)
• Support for long build number in dockerClean.ps1 (Windows)
• Discontinue –password-stdin usage in docker login as not supported in Windows Server (Windows)
• Use Write-Warning in execute.ps1 (Windows)
• Check for vstest.console.exe on PATH when setting $env:VS_TEST in msTools.ps1 (Windows)
• Web Deploy v4 support for provisioning and capabilities listing (Windows)

2.5.5 : 09-Nov-2022 : CDAF_ERROR_DIAG Default as Solution Property

• If CDAF_ERROR_DIAG environment variable not set, use CDAF.solution property (if set)
• Add Kubectl, Helm and Helmsman to capabilities listing
• Default for CI entry point set to “revision”
• Ensure current Docker image is available for containerBuild
• Fix global property loader when CDAF.solution does not have a closing EOL (Linux)
• Update default ant version to 1.10.12 in installApacheAnt.sh provisioner (Linux)
• Update default dotnet version to 6 (Windows)
• Include Hugo in capabilities (Windows)
• Correct dockerRun argument validation (Windows)

2.5.4 : 30-Oct-2022 : VARVHK default

• VARVHK default properties file properties.varchk
• Extend the CDAF Docker Images as Build Images with Azure DevOps Agent Binaries Pre-installed
• Quote wrap resolution of REVISION in execute engine (Windows)
• Trap missing Dockerfile in containerBuild (Windows)
• Azure DevOps Agent version can be set by argument (Windows)
• Support for deploymentgroup in installAgent.ps1 (Windows)
• Cater for spaces and special characters in resolveContent (Windows)
• Remove ambiguous provisioners, now supported by base.ps1 (Windows)
• Ensure Deployment scripts are executable (Linux)
• Install unzip as default base install (Linux)
• Update default ADO agent version for installAgent.ps1 (Linux)
• Update default tomcat version to latest for installApacheTomcat.ps1 (Linux)
• Disable user interaction for Debian install of PostGreSQL (Linux)
• Change Default user to current user for SetNoPassSUDO (Linux)
• Add IMGTXT wrapper for jp2a (Linux)
• Make Solution Properties available to build process (Linux)

2.5.3 : 19-Jul-2022 : Optional Volume Mount for containerDeploy

• CDAF_HOME_MOUNT environment (and property) to disable volume mount for containerDeploy
• Feature Branch Environment Deploy based on “contains” test
• buildPackage provide a default value when REVISION is not passed (Windows)
• Do not initialise $env:CONTAINER_IMAGE before deploy (Windows)

2.5.2 : 05-Jun-2022 : MASKED using SHA256

• Default masking using SHA256 with new MASKED operation
• Ensure REVISION is always set in buildPackage.ps1 (Windows)
• Do not initialise CONTAINER_IMAGE environment variable in delivery.ps1 (Windows)
• PROPLD “reveal” support for numbers (Windows)

2.5.1 : 02-May-2022 : Resolve Á Reveal

• Resolve and optional reveal in PROPLD and DETOKN
• Resolve and reveal nested variables in ASSIGN
• Standardise propertiesForContainerTasks check to align with Local and Remote (Linux)
• Correct Git workspace detection for entry & buildPackage (Windows)

2.5.0 : 05-Apr-2022 : Multiple TARGET support for containerDeploy ENVIRONMENT

• containerDeploy environment prefix used in the same way as localDeploy and remoteDeploy
• Do not attempt to execute CI process if solution not found
• Remove out-of-date configuration guidance from cdEmulate
• Replace hyphen with underscore in solution name in containerDeploy
• dotNET.ps1 default version 4.8 (Windows)
• Support for Choco downgrade (Windows)
• EnableFileAndPrintSharing.ps1 include File-Services (Windows)
• IISAddApp.ps1 include New-WebApplication (Windows)
• imageBuild include support for DOCKER-HUB as registryURL (Windows)

2.4.6 : 21-Feb-2022 : Variable Validation

• Variable Validation VARCHK Operation
• For Feature Branch Environments, only execute default if defaultEnvironment is defined
• installApacheAnt.sh default version raised to 1.10.11 (Linux)

2.4.5 : 01-Feb-2022 : Feature Branch Environment Deploy

• feature-branch.properties mapping branch name prefix to environment
• Update default tomcat install from 8.5.32 to 9.0.54 (Linux)
• Support for CLEAN operation in build process (Windows)
• Do not force choco upgrade (Windows)
• newDC provisioning correction for temporary directory (Windows)
• IISSSL provisioner correction for existing SSL binding (Windows)
• execution exception unique logging key (Windows)

2.4.4 : 19-Sep-2021 : Pre & Post Build Task Support

• Pre and Post Build task support, primarily for containerBuild pre-processing
• Include standard error when watching docker logs
• Use consistent gitRemoteURL when processing Git branch clean-up (Linux)
• VECOPY create parent directory if it does not exist for file copy (Windows)
• Correct branch clean processor (Windows)
• Correct IMGTXT file processor (Windows)

2.4.3 : 27-Jun-2021 : CDAF Docker Image

• dockerPush as discrete atomic function, separate to that used in imageBuild
• Set $WORKSPACE in execute function
• imageBuild constructor support as solution property
• Replace hardcoded “master” with defaultBranch proprty in BuildPackage
• dotnet 3 & 5 support in installDotNetCode provisioner
• Extend capabilities listing to include docker-compose and terraform
• Add skip_container_build action support for capable agents
• Do not resolve symlinks when establishing AUTOMATIONROOT (Linux)
• Use consistent gitRemoteURL when processing Git branch clean-up (Linux)
• Read first element only when processing name/value properties (Linux)
• Fix : Not processing hidden directory for containerBuild (Linux)
• Fix : Do not attempt to process prefix for imageBuild (Linux)

2.4.2 : 12-Apr-2021 : ERRMSG & MD5MSK Execute Functions

• New MD5MSK execution function for secret masking
• ERRMSG internal and external execution function
• Provide native PowerShell entry-point (Windows)
• Provide CDAF_DELIVERY_FAILURE response on deployment error (Windows)
• Apply file missing trap in REPLAC execution function (Windows)
• Align containerDeploy non-root user with containerBuild (Linux)

2.4.1 : 07-Mar-2021 : Support CM & PV properties with spaces

• Properties with spaces supported, wrapped in either single or double quotes
• Replace imageBuild temp directory with solution name in imageBuild

2.4.0 : 21-Feb-2021 : containerDeploy

• containerDeploy feature to complete the self-host delivery workload Epic
• Set and return to WORK_SPACE during delivery
• Separation of Image Build and Container Build environment variables, using CDAF_IB_ and CDAF_CB_
• Solution specific Container Build environment variables, using CDAF_${solution}IB and CDAF_${solution}CB
• Extend dockerRun to perform clean-up (Linux)
• Cannot define artefacts using wildcard, suppress globbing to support the same pattern as Windows (Linux)
• IIS poolPassword not being applied when not MSA, corrected to use the parameter when passed (Windows)
• IIS optional hostHeader added to TLS binding (Windows)
• MD5 masking of passwords in provisioning scripts (Windows)

2.3.1 : 18-Dec-2020 : containerBuild Variables

• Make CDAF environment variables available to containerBuild
• Reset CDAF_AUTOMATION_ROOT at deploy time
• Do not fail build on check-out branch clean-up attempt
• Support user defined default branch and environment
• Support for CDAF_DELIVERY over-ride (Linux, aligning with Windows)
• Remove dot filter from transform (Windows)
• Make CDAF environment variables available to containerBuild
• Check for URL Resolution when attempting branch clean

2.3.0 : 23-Nov-2020 : Git Branch Clean-up

• Remove dockerClean from imageBuild, allow user to decide when to clean
• Apply consistent naming for all CDAF docker images
• Use absolute path for SOLUTIONROOT (consistent with AUTOMATIONROOT)
• Do not expand properties when loading
• Branch based clean-up with default action for docker
• Volume mount user home directory in containerBuild
• Load all CDAF_CB_ prefix environment variables in containerBuild
• Set explicit extension to container build image
• Determine branch from workspace when not passed to entry
• entry point use CDAF_BRANCH_NAME if branch name not passed
• Extend certificate import for PFX file (Windows)
• Provide flexible placement for IIS certificate (Windows)
• Update Docker version to 1.27.4 (Windows)

2.2.0 : 01-Nov-2020 : Container Image Build

• Opinionated Image construction with registry push and “publish”
• Resolve and trim path prefix from revision (branch name)
• CredSSP & InstallDotNetCore support for Windows Server 2019 (Windows)
• Use –no-pager for script safe service logging (Linux)
• Use non-keyboard separator character for REPLAC function (Linux)
• Correct transformDirectory to recursively create directories (Linux)
• Fix copyLand process lock on slow systems (Windows)
• Support for Windows Server 2019 warning messages in delivery and provisioning (Windows)

2.1.4 : 23-Aug-2020 : Maintenance Release

• deploy.ps1 clear error array after logging warning message (Windows)
• processor\entry.ps1 process release.ps1 to align with root version (Windows)
• CredSSP & InstallDotNetCore support for Windows Server 2019 (Windows)
• ci.sh support for special characters in branch name (Linux)
• installAgent.sh correct http proxy detection (Linux)

2.1.3 : 08-Aug-2020 : Azure DevOps Deployment Groups

• Register with Deployment Group for Azure DevOps (installAgent)
• Consistent setting of TLS1.2 (Windows)
• installSQLServer include complete log on error (Windows)
• nuget.ps processor upgrade for server 2019 (Windows)
• removeUser provisioning update for server 2019 (Windows)
• setSPN update for server 2019 (Windows)
• sqlPermit update for server 2019 (Windows)
• msTools explicit nuget fulfillment (Windows)
• Support for defaultIP in addHOSTS provisioning (Linux)
• installNodeJS provide robust APT interaction (Linux)
• Correct filename logging in replaceInFile (Linux)

2.1.2 : 29-Jul-2020 : Self-extracting release in containerBuild

• Self-extracting release package support in containerBuild
• installDocker parameterise docker compose version
• addUserToLocalGroup support for warning messages (Windows)
• setEnv secret masking (Windows)
• Standardise logging (Linux)
• addPath support, aligning with Windows (Linux)
• Daily update lock release in base.sh for Debian (Linux)
• Trap false positive when deploy user missing in deployer.sh (Linux)
• getMedia.sh wget fallback (Linux)
• remove hyphen from hostname for ADO Agent (Linux)
• installNodeJS.sh lock release logic for Debian (Linux)
• Add IGNORE function to execute engine (Linux)
• replaceInFile.sh extend for delete line support (Linux)

2.1.1 : 04-Jul-2020 : Self-extracting Installer

• Self-extracting CDAF install script
• Include Git in capabilities listing
• FIX: ci.sh self-extract script detection syntax error (Linux)
• Explicit workspace path use in release creation (Windows)

2.1.0 : 29-Jun-2020 : Self-extracting Release

• Self-extracting release script
• BREAKING CHANGE : align SOLUTIONROOT to absolute path (Linux)
• BREAKING CHANGE : Align remote crypt files with local matching relative path (Linux)
• Replace -n with ! -z when testing variables for Mac OS/X (Linux)
• Internal function renaming of executeExpression to executeRetry (Linux)
• FIX Case insensitive match for artifact recursive copy (Windows)
• Correct warning processing in addComputerDelegation provisioner (Windows)
• Change media default from c:.provision to $env:TEMP (Windows)
• Replace “smart” characters in applyWindowsUpdates (Windows)
• Provide default protocol to update existing IISWebSite (Windows)
• Warning processor for installRunner (Windows)
• Support for setting directory owner in mkdir (Windows)
• Extend IGNORE function to execute an expression (Windows)

2.0.9 : 07-Jun-2020 : CI Entry Point

• Add CI entry point provided in root of CDAF
• Provide a default value when deployLand is not supplied
• addPath support for User level path (Windows)
• New feature IMGTXT in execute engine for printing images on console (Windows)
• Standard error handling consistent between Server 2016 to 2019 (Windows)
• Improve ELEVAT logging and error handling in execute engine (Windows)
• FIX Variable expansion in transform (PROPLD) feature (Windows)
• installMySQL remove Ubuntu specific bind process (Linux)
• mySQLAddDB improved logging and post provisioning diagnostics (Linux)

2.0.8 : 27-May-2020 : Function Fix (Linux)

• Add REFRSH and REMOVE regression tests
• FIX false negative halting without exit code (Linux)
• FIX MySQL DB create leaking secrets (Linux)

2.0.7 : 23-May-2020 : Github Actions

• Github Actions Support and Samples
• Add HOSTS by FQDN for transient DNS (Windows)
• Cater for warning messages in InstallIIS (Windows)
• Initialise LASTEXITCODE and Error array in NewComputer (Windows)
• Change DC default from sky.net to mshome.net (Windows)
• SetDNS support for FQDN and optional DC verification (Windows)
• SQLSetInstanceBind extended to ensure TCP/IP enabled (Windows)
• WebDeploy from TEMP directory as fails with 1619 if on SMB share (Windows)
• Support for Environment Variable credentials for Remote Tasks (Windows)
• Change default IP (i.e. VirtualBox) to 172.16.17.98 to allow for server scaling (Windows)
• GitHub Actions support (Windows)

2.0.6 : 09-May-2020 : Manifest Variable Loader in Packager (Linux)

• If source is a directory REFRSH will copy the contents
• CentOS no longer returns exit code 100 on check-update (Linux)
• Make manifest contents available as variables when packaging (Linux)
• Trap missing artifacts during package process (Linux)
• Correct automation root determination in new entry script (Linux)
• Log warning messages for Error array when LASTEXITCODE is zero (Windows)
• Use MD5 check is passed in getMedia when media exists (Windows)
• installMSI logfile correction and enable interactive output (Windows)
• Include OS Release, Edition and Build details in capabilities listing (Windows)

2.0.5 : 15-Apr-2020 : Automation Root determination (Windows Only)

• Apply consistent format for automationroot (Windows)
• Ensure CDAF_DOCKER_REQUIRED is consistently applied (Windows)

2.0.4 : 11-Apr-2020 : Refresh Function

• REFRSH function to create/clear directory with optional content copy
• Support execution of entry script from CDAF root
• Hyper-V “Default Switch” utilisation in sample solution
• Warn on standard error when last exit code is zero (Windows)
• Correction to Ubuntu distribution detection in capabilities.sh (Linux)
• Support for GPG2 (CentOS) in decryptKey.sh (Linux)
• REMOVE and MAKDIR as functions in execute.sh to align with Windows (Linux)

2.0.3 : 06-Apr-2020 : containerBuild Optional Arguments

• Allow additional build arguments to be supplied to containerBuild
• Include CDAF in capabilities listing if in context
• Fix Hidden solution directory not being detected (Linux)
• Failure to detect all CM & PV driver files (Linux)
• Apply more robust measures to ensure apt has released locks (Linux)
• Change MAKDIR and REPLAC into functions (Linux)
• Extend MySQL install to cater for remote connections (Linux)
• Mask secrets when persisting environment variables (Linux)
• Fix base.ps1 Incorrect handling of reboot status (3010) (Windows)
• Add support for inbuilt system account used for Azure DevOps agent (Windows)
• Fix Install-PackageProvider requires TLS1.1 or above (Windows)
• Add support for testing for command existence in execute engine (Windows)
• Extend legacy searches in MS Tools utility (Windows)

2.0.2 : 26-Jan-2020 : Automation root determination

• Flexible (absolute) AUTOMATIONROOT paths
• Apply error trap in log and docker watch (Linux feature equivalence with windows 2.0.1)
• Conditional Docker Start-up (Linux feature equivalence with windows 2.0.1 CDAF_DOCKER_REQUIRED)
• Capabilities update, improve distribution detection in containers (Linux)
• Remove retry for Choco to avoid false possitive (Windows)
• Explicit PowerShell module loading (Windows)
• TLS 1.2 for Chocolatey and deprecation of legacy Chocolatey script (Windows)
• MSA support for IIS Pools (Windows)
• Optional Non-Admin user provisioning for Docker (Windows)
• Mule default changed from 3.8.3 to 3.9.3 (Windows)
• Additional DC Provisioning corrections (Windows)
• Automatic fulfillment of parent requirements for Forest creation (Windows)
• Local User support for removeUser provisioner (Windows)
• SQL Permission list provisioning support (Windows)
• New MSTOOL determination function in execution engine(Windows)

2.0.1 : 01-Dec-2019 : CDAF Emulation Delivery

• Change emulation variable environmentDelivery to CDAF_DELIVERY
• Do not purge working directory in package process
• Add or Replace HOSTS entries with addHOSTS
• Conditional Docker Start-up (Windows)
• Provide user controlled restart of 3010 exit code in base.ps1 (Windows)
• Support for IIS administrator credentials in installIIS.ps1 (Windows)
• Include named package install via PiP in installPython.ps1 (Windows)
• .NET 4.7.1, 4.7.2 and 4.8 support in capabilites.ps1 (Windows)
• Error trap in Docker and Log watchers (Windows)
• Include REVISION in manifest (Linux)
• Correct local working directory usage when passed (Linux)
• Support re-run for installAgent.sh (Linux)
• Deprecate Ubuntu 14.04 support in installPython.sh (Linux)

2.0.0 : 24-Aug-2019 : Symmetrical Encryption

• Support for common encrypted file directory
• Symmetric file encryption and detokenisation support
• Update GitLab-Runner provisioner from gitlab-ci-multi-runner
• Update Maven provisioner default version from 3.5.0 to 3.6.1 (Linux)

1.9.4 : 04-Jul-2019 : Runner Version

• GitLab runner provisioning support for explicit version
• Correct runas exception logging (Windows)
• Support property values containing # (Windows)
• MSTools support for multiple NuGet install locations (Windows)

1.9.3 : 27-Jun-2019 : Pivoted Properties Table

• Add support for pivoted properties, environment columns with properties as rows
• Correct python install for Ubuntu 16.04+ (Linux)
• Correct logging of solution build exception trap (Windows)
• Restore CD emulation revision to “master”, not “dev” (Windows)
• Set IIS default root as default target for ACL (Windows)
• Improve transform performance (Windows)

1.9.2 : 20-Jun-2019 : Enhanced Log Watching

• Log watcher to report wait time when timeout occurs
• Update the default executable URL for Database.exe in GetExecutable.ps1 (Windows)
• Clear LASTEXITCODE in get media provisioner (Windows)
• Agent verification for Web Deploy provisioner (Windows)

1.9.1 : 04-Jun-2019 : Azure DevOps agent upgrade

• Update Azure DevOps agent to 2.150.3
• Set default emulation to use ‘dev’ branch
• Pass OPT_ARG to override script deploy tasks (Linux)
• Fix NodeJS provisioner (Linux)
• Fix PiP 3 listing in Python provisioner (Linux)
• Correct log watch listing information (Linux)

1.9.0 : 28-Apr-2019 : Deprecate Oracle Java

• Deprecate Oracle Java provisioner
• Remove Vagrantfile and Readme from CDAF package
• Set default solution level PROJECT value (ROOT) (Windows)
• Revise BuildMaster Pipeline Instructions (Windows)
• CDAF Provisioning Executor argument correction (ACTION, not OPT_ARG) (Windows)
• Update Apache Tomcat default from 8.5.32 to 8.5.40 (Windows)
• Restore PROJECT setting in build process (Windows)

1.8.15 : 13-Apr-2019 : In-memory Project Breakfix (Linux)

• In-memory multiple project loading fix (Linux only)

1.8.14 : 12-Apr-2019 : In-memory Processing

• In Memory load of project and property processing
• Set Oracle Java download TLS minimum version (Windows)
• Force alphabetical sorting of environment targets (Linux)
• Read all properties even if last line does not contain LF (Linux)

1.8.13 : 01-Apr-2019 : Update SoapUI Download URL

• Update dotnet provisioning default from 2.1 to 2.2
• Correct emulation support for conditional named automation directory (Windows)
• IIS Binding Test before attempting to create (Windows)

1.8.12 : 25-Mar-2019 : Update SoapUI Download URL

• Change default SoapUI version from 5.2.1 to 5.5.0
• Apply retry logic for base (Chocolatey) provisioning (Windows)
• Correct IIS Certificate Binding (Windows)
• Support Azure DevOps/TFS Pool names containing spaces (Windows)
• Check for DISM log file when installing IIS (Windows)
• nextFreePort provisioning utility, supporting TCP and UDP (Windows)
• Explicit support for named instance in SQL Server provisioning (Windows)
• Introduce ignoreWarning support for execution engine (Windows)

1.8.11 : 25-Feb-2019 : Multi-file Configuration Management

• Extend Configuration Management to support multiple definition files
• Apply retry logic to base (Choco) provisioning (Windows)
• Include required features when provisioning ASP.NET (Windows)
• Include user and working directory in capabilities listing (Windows)
• Add support for UDP when opening firewall port (Windows)

1.8.10 : 11-Feb-2019 : Flexibility

• Unary operator correction (affected logging only) (Linux)
• Support for passing native Chocolatey parameters (Windows)
• Make openFirewallPort container safe, do not attempt changes if firewall not enabled (Windows)
• Support HTTP_PROXY in upgrade script (Windows)
• Container build fall-back support (docker-for-windows) (Windows)
• New setInternetProxy provisioner (Windows)
• Create ACL root directory if missing (Windows)
• Chocolatey additional argument support in base.ps1 (Windows)
• Support optional arguments for Docker container and image build (Windows)

1.8.9 : 17-Jan-2019 : Oracle Java 8 update 201

• Java 8 update from 192 to 291
• Pass ACTION from entry.bat to buildPackage.bat (Windows)
• Change URL to URI in installRunner.ps1 for Windows Defender false positive (Windows)
• Deprecate curl.ps1 in favour of “base.ps1 curl” for Windows Defender false positive (Windows)

1.8.8 : 08-Jan-2019 : False Possitive in Windows Defender

• Arbitrary change to installDotNetCore for Windows Defender false positive (Windows)
• Correct diagnostic logging when artefact copy fails (Linux)

1.8.7 : 07-Jan-2019 : False Possitive in Windows Defender

• False Possitive for Trojan in installRunner (Windows)

1.8.6 : 03-Jan-2019 : buildImage Targetless CD

• Targetless CD branch support via entry script
• Make firewall, tomcat and soapui provisioning docker safe (Linux)
• PostGreSQL provisioning correction for Yum cache check exit codes (Linux)

1.8.5 : 18-Dec-2018 : buildImage Targetless CD

• Image Build utility for targetless CD using centralised image definition
• Provide fault tolerance for tar creating timing (Linux)
• Apply proxy support for package manager, Java and Maven (Linux)
• Proxy support for Java, Maven and SoapUI (Windows)
• Remove curl.exe dependency from Java download (Windows)

1.8.4 : 11-Dec-2018 : Targetless CD

• container image centralised definition
• Capture REVISION in manifest
• Support for checksum ignore in Chocolatey (Windows)
• Adjust URL creation to avoid false positive in MS Defender (Windows)
• Enrich MS Build and Test lookup (Windows)
• New IIS install for Windows 10 and Server 2016 (Windows)

1.8.3 : 14-Nov-2018 : Multi-branch Container Build

• Multi-branch Container Build,, defaulting to previous container_build tag if not passed
• Proxy support for getExecutable (Windows)
• Add proxy and self-signed certificate support for GetMedia (Windows)
• Add support for named provider and version for InstallDocker (Windows)
• Ensure InstallEXE remains in current windows (Windows)
• Docker Build using system level http_proxy (Windows)
• Trap missing log file in logWatch (Windows)

1.8.2 : 12-Nov-2018 : Oracle Java 8 update 192

• Java 8 update from 191 to 192
• Load Environment Variable after persisting (Windows)
• Minor logging corrections and improvement for dockerBuild (Windows)

1.8.1 : 08-Nov-2018 : Evaluation Execution Logging

• Evaluate variables in logging of execute engine
• Apply default artifact copy mode (-Recurse) (Windows)
• Proxy support for base (Choco) application install (Windows)
• Proxy support for dotnet core install (Windows)

1.8.0 : 27-Oct-2018 : Windows Base for curl

• Remove curl provisioner (Windows)
• Pass OPT_ARG to delivery tasks (Windows)

1.7.9 : 17-Oct-2018 : TFS/Azure DevOps Docker Agent

• Oracle Java 8 update from 181 to 191
• TFS/VSTS Agent install for Docker (Windows)
• Detect NodeJS and NPM capabilities (Windows)
• In-memory task processing (Linux)

1.7.8 : 30-Sep-2018 : Centralised Configuration

• Properties generation from single configuration management file
• Apply Staging file support (primarily for BlueMix and Azure DevOps)

1.7.7 : 9-Sep-2018 : Agent and Runner Maintenance

• Correct TFS/VSTS Agent Registration
• Support SVN workspaces for upgrades
• Correct PiP 2 execution (Windows)
• Add Ruby and Puppet to capability tests (Linux)

1.7.6 : 23-Aug-2018 : Watcher

• Change Docker and File Log Watch to in-memory
• Add Docker and File Log Watcher (Windows)

1.7.5 : 19-Aug-2018 : Run As and Upgrade

• New Runas utility
• CDAF Upgrade script
• Active Directory Named Host Delegation for double-hop authentication (Windows)

1.7.4 : 16-Aug-2018 : August Refresh

• Provide scaleable Vagrant template
• Upgrade VSTS/TFS Agent 2.136.1
• dotnet core update to 2.1
• Oracle Java update to 8u181
• Update Maven to 3.5.3
• Apache Tomcat update to 8.5.32
• System Level Outbound Proxy Support (Windows)
• Proxy support for Docker install (Windows)
• Support for Python 2 install, 3 remains default (Windows)
• Include REVISION when calling build.sh (Linux)
• Do not set defaults for addHOSTS, instead fail (Linux)
• RHEL Support for Python, Ansible, Docker and NodeJS (Linux)
• environment variable load post install for Ant and Maven (Linux)
• Change PostGreSQL default auth to MD5 (Linux)
• Add UDP support for firewall configuration, default is TCP (Linux)
• Add support for global deploy properties, predeploy.properties (Linux)

1.7.3 : 18-Apr-2018 : Deploy Flexibility

• Processing of multiple tasks in override
• Support for custom processSequence in delivery process
• Include REVISION and ACTION in container build
• Provide generic custom script folder (local and remote)
• Default Oracle Java install version 8 update 171

1.7.2 : 27-Mar-2018 : Media Fetch

• Update curl from 7.50.3 to 7.53.1 (Windows)
• Update GetMedia to use TLS 1.1 or TLS 1.2 only for GitHub (Windows)
• Provide media fetch for default version (3.5.0) of Maven (Windows)
• Support for idempotent GitLab Runner Install (Windows)
• Include media fetch for default SoapUI version (5.2.1) (Windows)
• Correct Docker error handling logic and ensure Docker service is running (Windows)
• Ignore properties containing a period (’.’) in the name (Windows)
• Standardise default media cache (Linux)
• Provide media cache support for MuleESB install (Linux)

1.7.1 : 11-Mar-2018 : Apache Ant

• Apache Ant Provisioning default 1.9.10
• Standardise Windows Service parameter logging (Windows)

1.7.0 : 6-Mar-2018 : Standardised Entry Point

• Standardised Entry point for Container Build
• Multiple Task execution
• CD Emulation Build Number Counter in user profile
• Add ELEVAT execute engine function to run as NT SYSTEM (Windows)
• Support for shared custom script directory (Windows)
• Apply consistent exception trapping at point-of-origin (Windows)
• Certificate Key lookup in both user and machine level (Windows)
• Fallback support for inaccessible file system (Windows)
• Update TLS versions for installing Docker (Windows)
• dotnet core provisioner (Windows)
• Extend Windows Service install to support service account (Windows)
• Fix Incorrect user and group applied when defaults not used for addUser (Linux)

1.6.6 : 24-Jan-2018 : Java 8 default set to update 161

• Java download alignment between Windows and Linux
• MSI/MSU exception handling improvements (Windows)

1.6.5 : 21-Jan-2017 : Selective Emulation Phases

• Support for Build or Package only in emulation
• Install Chocolatey if missing when provisioning using base.ps1 (Windows)
• Support replacement strings with spaces in execute engine to align with windows (Linux)

1.6.4 : 10-Jan-2017 : GitLab Runner

• Unattended GitLab Runner installation and registration
• Initialise LASTEXITCODE in batch entry points (Windows)
• Support service login provisioning based on NTLM formatted user name (Windows)

1.6.3 : 27-Dec-2017 : VSTS Agent

• VSTS Unattended agent install
• Improve exception handling for REPLAC in Execute Engine (Windows)

1.6.2 : 23-Dec-2017 : Execute Retry

• Support for retry () in execute engine
• Automatic detection of container build in CD emulation
• Certificate Creation Provisioner
• Correct Docker Image clean logic to test for integers
• Force clean of images to support multiple tags
• Improve Package Logging (Windows)
• .NET developer environments loading (Windows)
• Artefact replace lock contention (Windows)
• Reload PATH after installing Chocolatey (Windows)
• Provisioner for trusting PowerShell Gallery (Windows)

1.6.1 : 11-Nov-2017 : Container Build

• Provision Docker Image and Execute Container Build
• Correct image clean calculation based on integer (Windows)
• Deprecate SQL.ps1 provisioner [breaking change] (Windows)
• Package files using full path (Windows)
• Use parameters instead of arguments in delivery to support working directory without optional argument (Windows)
• Include Python install to align with Linux (Windows)
• Disable regex when replacing strings in files [breaking change] (Windows)
• Evaluate properties that contain variable names (Windows)
• Provisioning support for root without sudo (Linux)

1.5.8 : 16-Sep-2017 : Badge

• Derive workstation properties from domain join (Windows)
• Apache Tomcat to 8.5.20 with MD5 check (Windows)
• Use Docker “Insider” provider to support unattended install (Windows)
• Java update 144 (Windows)
• SQL Server install using Managed Service Account (Windows)
• MAKDIR, DCMPRS and DETOKN changed from keywords to functions (Windows)
• Standardise opinionated configuration determination (Linux)
• PostGreSQL support for Docker (Linux)

1.5.7 : 23-Aug-2017 : Selective Emulation

• Emulation support for buildonly and deliveryonly (Linux and Windows)
• Support alternative automation root directory (Linux)
• False possitive when local or remote task file not found (Linux)
• Support base provisioning in Docker (Linux)
• Java Tools upgrade defaults (Linux)
• VSTS Nuget Package credential manager (Windows)
• Add support CDAF certificate at machine level (Windows)
• Service Account (password not expiring) support (Windows)
• Service Account Login Allowed (Windows)
• Windows Service create, delete and start support (Windows)

1.5.6 : 24-Jul-2017 : Desktop Delivery Environment

• Support for override script to calculate delivery environment (Linux and Windows)
• New provisioner for dotnetcore (Linux)
• New provisioner for installing GitLab Runner (Windows)
• Add trap for pending restart when provisioning DISM (Windows)
• Support upgrading .NET runtime to SDK (Windows)
• Support extraction of VSTS Agent without installing (Windows)
• Include zip package file name in listing (Windows)
• Override Script support for setting Delivery Environment in CD Emulation (Windows)
• Support for creating local user account for domain joined host (Windows)
• Support Transform of properties where value contains = character (Windows)

1.5.5 : 2-Jul-2017 : Incrimental Counter

• cdEmulate build number change from timestamp to incrimental counter (Linux and Windows)
• cdEmulate returning false positive (Windows)
• .NET 4.7 Provisioning and listing support (Windows)
• Consistent DISM logging (Windows)
• Trap exit codes for EXE installation provisioner (Windows)
• Visual Studio 2017 offline installer provisioning (Windows)
• Execute Engine trap missing task file (Windows)
• Support NuGet arbitrary package download (Windows)

1.5.4 : 14-May-2017 : Docker Image Management

• Docker “Version” Label for Image Management (Linux and Windows)
• Incorrect argument processing for computer delegation provisioning (Windows)
• False positive on CDAF emulation wrapper when executing as named user (Windows)
• Provisioning false positives when using start-process (Windows)
• SQL Server Service Account password being logged in clear text (Windows)
• Execute Engine returning false positives (Windows)
• Reduce Provisioning Retry count (Windows)
• Add provisioning for IIS Web Sites and Bindings (Windows)
• VSTS Unattended agent install (Windows)
• Domain Join retry logic (Windows)
• Add Provisioning support for SQL Server authentication mode (Windows)

1.5.3 : 14-Apr-2017 : SQL LocalDB

• Windows Updates (Server 2016 and above) outside executeExpression (Windows)
• CDAF Provisioning Wrapper returns false positive (Windows)
• SQL Add User not processing type (Windows)
• Standalone DISM provisioner (Windows)
• Portable Provisioning Script Builder (Windows)
• .NET SDK provisioning support (Windows)
• Support MD5 check for getMedia (Windows)
• Initialise exitCode for IIS provisioning (Windows)
• MSU runner (Windows)
• MountImage support existing local ISO (Windows)
• Support for LocalDB instance creation (Windows)
• Extend SQL provisioning for Logins/Roles (Windows)
• Extend webdeploy to support current release 3.6 (Windows)
• Include Docker in Capabilities listing (Windows)
• Active Directory provisioning not trapping failure (Windows)
• When properties not found, do not echo error (Linux)

1.5.2 : 19-Mar-2017 : SQL Server

• Add sqlRoles provisioner (Windows)
• Apply Windows Update (Server 2016 and above) (Windows)
• Java and Tomcat default version update (8u121 8.5.11) (Linux)
• Silent install of GitLab runner (Linux)
• Add Cached Media support for Apache Ant install (Linux)
• Provide fallback to file share if imageMount fails on HTTP (Windows)
• sqlAddUser not loading instance (Windows)
• sqlPermit does not set permissions (Windows)
• IIS provisioning failing on exit code 3010 (Windows)
• SQL Server install returning false positive (Windows)
• Web Deploy not setting path correctly (Windows)
• Add Exception trap for Microsoft.SqlServer.Smo (Windows)

1.5.1 : 06-Mar-2017 : DISM Fall-back support

• Rancher Provisioning support (Linux)
• Typo on cdaf.io/windows.html: Incrimental Database (Windows)
• DISM provisioning not falling back to WSUS/Internet (Windows)
• Don’t delete requirements.txt (Windows)
• Correct whitespace in sample Jenkinsfile (Windows)
• Update Vagrant image to Windows Server 2016 (Windows)
• Media Mount download from HTTP support (Windows)
• Load Visual Studio command line environment variables (Windows)

1.5.0 : 22-Feb-2017 : Resilience

• [Breaking Change] SQL Server user creation, support local machine user (Windows)
• Update VSTS instructions for solution in repo root (Windows)
• Check for last exit code (Windows)
• Remove 7za dependancy from storeArtefacts (Windows)
• Support off-domain user / group management (Windows)
• Provide robust support for .NET 3.5 install (Windows)
• CI/CD agent support (Windows)
• Windows Docker install (windows image on windows host)
• Robust AD Forest provisioning within Vagrant / VritualBox (Windows)
• New User retry failure trap (Windows)
• Provide stand alone WinRM connectivity test helper script (Windows)
• Update VSTS instructions for solution in repo root (Linux)
• Package clean correction for Dockerfile and requirements.txt (Linux)
• Support passing of optional arguments to docker run (Linux)

1.4.6 : 04-Feb-2017 : Rancher

• Add support for cattle registration to Rancher (Linux)
• Add support for install of GitLab runner (Linux)
• Check that APT-GET is available when installing Python in Ubuntu (Linux)
• SoupUI Provisioning for Windows (Windows)
• Additional Diagnostics for decryption and connection (Windows)

1.4.5 : 18-Jan-2017 : Provisioning Regression

• Correct string tests in capabilities (Linux)
• InstallEXE fails when no optional argument passed (Windows)
• Add trap to capture Choco standard error (Windows)
• Correct run-as CDAF provisioning (Windows)
• .NET provisioning failing silently (Windows)
• IIS provisioning failing silently (Windows)
• Active Directory provisioning failing silently (Windows)
• Supplied media not used for Visual Studio versions greater than 2010 (Windows)
• Remove deprecated -f flag for docker tagging (Linux)
• Support Docker prior and after 1.12.0 (Linux)
• Ubuntu intsall of PostGreSQL terminate daily checks if running (Linux)
• Apply Mule 3.8.3 (Windows)
• Change default media cache to C:.provision (Windows)
• Extend IIS Application provisioning to support named application pool and user (Windows)
• Add exception trap for directory creation (Windows)
• When new name not supplied for domain add, set and log hostname explicitly (Windows)
• Perform explicit load of ActiveDirectory when provisioning new user (Windows)
• Extend capabilities to include domain or workgroup name (Windows)
• Support executable replacement if found in cache (Windows)
• Upgrade MuleESB install defaults (Windows)
• Attempt to download Apache Ant binary from archive if not found in cache (Linux)
• Do not use PIP for System Wide Ansible install on CentOS (Linux)
• Silent download of Python media (Linux)

1.4.4 : 24-Dec-2016 : NodeJS

• Add support for NodeJS process management (Linux)
• Provide alternative media source for SoapUI (Linux)
• Check and stop daily update when provisioning from apt-get (Ubuntu)
• Correct Java compiler and Maven version listings (Windows)
• Capabilities triggering error when executed as task (Windows)

1.4.3 : 11-Dec-2016 : Jenkins 2

• Suppress deprecation warnings in Ansible playbook capabilities listing (Linux)
• Utilise relative path for provisioning media (Linux)
• Add “hop” support for Vagrant hosts (Linux)
• Add Ansible Installation for system wide or user (Python virtualenv) (Linux)
• Apply Retry logic for provsioning downloads (Linux)
• Provide Jenkins 2 Pipeline template (Linux)
• Add Apache Reverse Proxy (Linux)
• Enable SSH host trust (Linux)
• Add support for PIP module install (Linux)
• Include hostname and IP addresses in capabilities listing (Linux)
• Extend Apache Ant install to support media cache (Linux)
• Test for media existing before attempting delete (Windows)
• Include hostname and IP addresses in capabilities listing (Windows)

1.4.2 : 06-Nov-2016 : Capabilities

• Fix and Complete firewall port opening (Linux)
• Setting Deployer trust, allow support for “hop” configuration (Linux)
• Do not Attempt python install if already installed (Linux)
• Set existing user as passwordless SUDOER access (Linux)
• Apply tags to all Jobs in GitLab template (Windows)
• Correct curl provisioning (Windows)
• Change Mulesoft ESB installer to user zip media (Windows)

1.4.1 : 30-Oct-2016 : GitLab configuration

• Apply BASH runner tag to GitLab template (Linux)
• Apply BATCH runner tag to GitLab template (Windows)
• Add Logical Volume expansion (Linux)
• Include TARGET_DEPLOY variable name in logging as coded documentation (Linux)

1.4.0 : 14-Oct-2016 : Convention over Configuration

• BREAKING CHANGE : Reorganise mandatory arguments to support Convention over Configuration
• Extend toolset support to include GitLab
• Wildcard artefacts not resolving (Windows)
• Set the webapps folder to be group writable (Linux)
• Docker : Registry provisioning with an initial image (Linux)
• Docker : Stopped containers not removed when rest (Linux)

1.3.3 : 06-Oct-2016 : More Provisioning

• Provide TFS/VSTS Environment Name guidance (no spaces)
• Test for source before attempting reload (Linux)
• Support for Docker Registry (Linux)
• Add support for S/FTP provisioning (Linux)
• Provide PostGreSQL provisioning for JDBC (Linux)
• Provisioning inbound port ignores name (Windows)
• Execution engine keyword test includes partial match (Windows)
• Template Vagrantfile for windows has incorrect Capabilities definition (Windows)
• Test for 7z when provisioning curl.exe (Windows)

1.3.2 : 24-Sep-2016 : Artefact Management

• Wildcard artefact retention fails when performing recursive copy (Windows)
• Add capabilities listing to Vagrantfile template (Linux)

1.3.1 : 14-Sep-2016 : Solution Build

• Support solution level build process
• Remove VSTS working folder from build process
• Artefact retention pattern for ThoughtWorks Go

1.3.0 : 06-Sep-2016 : Tomcat Provisioning

• Add Provisioning for Apache Tomcat
• Remove unused “automationroot” from CD process (see breaking change summary)
• Capabilities listing not processing Java or Ant (Linux)
• Execution fails on warning (Windows)
• Move Capabilities to Remote Tasks (Windows)
• .NET 4.6.1 provisioning support and WMF 5 legacy support (Windows)

1.2.6 : 16-Aug-2016 : Maven Installer

• Add Provisioning for Maven (add Oracle Java, default 8 update 101)
• Add base provisioner based on Chocolatey (Windows)
• Extend WMF support to include version 5 (Windows)

1.2.5 : 10-Aug-2016 : Maintenance

• Database Server Provisioning (Linux)
• Add Capabilities feature (Linux)
• executeExpression exception handler not listing exception details (Windows)
• Deployment instructions for Bamboo are wrong (Windows)
• New provisioning function to remove vagrant user (removeUser) (Windows)

1.2.4 : 4-Aug-2016 : Maintenance

• The buildProjects file is not loaded if Solution is moved to root (Windows)
• Oracle Java Install setting home to include /bin (Linux)
• Extend DockerRun process to support tag and environment separation (Docker/Linux)
• Provide Docker Image and Instance management by product and environment (Docker/Linux)

1.2.3 : 30-Jul-2016 : Landing Housekeeping

• Provide Housekeeping for landing directory of Remote Tasks
• Add Container (instance) remove by environment (Docker/Linux)
• Package file not created when only storeForRemote exists (Windows)

1.2.2 : 23-Jul-2016 : Provisioner Enhancements

• Tripple Hop Domain Provisioning (Windows)
• Docker binary provisioner with no-start support (Linux)
• Environment Variable (setenv) to be discrete script (Linux)
• Oracle Java Provisioning export environment varable after install (Linux)

1.2.1 : 19-Jul-2016 : Docker and Execute

• Add remote command or script execution (EXCREM) from execution engine
• Add getMedia provisioner (Linux)
• Support for LocalTasks package (gz) based on zipLocal property (Linux)
• BREAKING CHANGE Implement Docker Runtime Management using Environment Label (Linux)
• Remove Zip/Unzip provisioning from Linux Vagrant file (Linux)
• Add gzip package support for OS/X (Mac)
• CredSSP Provisioning Failure on mrwock 0.5.3 image (Windows)
• BREAKING CHANGE Remove Implicit Execute based on variables (Windows)
• Add DCMPRS task execution support (Windows)

1.1.0 : 11-Jul-2016 : CD Release Configuration

• BREAKING CHANGE : Replace Build Environment with Project name, ensuring SOLUTION is consistent
• Provide Generic exectuable installer (Linux)
• Provision SPN for double hop authentication (Linux)
• Replace REVISION with RELEASE in CD processes
• Update TFS XAML configuration instructions for single integration point
• Remove add user to group and extend addUser to support existing user (Windows)
• Provide Docker Image clean and Purge based on prefix (Linux)
• Resolve Variables passed within arguments (Linux)
• Include OPT_ARG in deliverProcess (Linux)
• Include Python Provisioner (Linux)

1.0.6 : 1-Jul-2016 : CD Release Configuration

• Correct Bamboo CI configuration instruction
• Replace REVISION with RELEASE in CD processes
• NuGet push failing with 403 (Windows)
• Add nuget.exe provisioner (Windows)
• DOS carriage return in shell scripts (Linux)
• Add Firewall management script (Linux)
• Add CNTLM installer and Extend Docker install from binary (Linux)

1.0.5 : 26-Jun-2016 : Configuration for Single Point of Integration

• Include delivery process in local tasks
• Add Cross Platform (Linux) support for TFS/VSTS

1.0.4 : 22-Jun-2016 : Provisioning and Package Refinement

• SVN hidden folders included in ZIP package (Linux)
• Include ReadMe in Package
• Provisioning failures not being trapped (Windows)
• Include NuGet push wrapper (Windows)
• Database Server Provisioning (SQL Server, Windows)

1.0.1 : 3-Jun-2016 : Vagrant Provisioning Simplification

• Single Vagrant box definition for BuildServer and target

1.0.0 : 2-Jun-2016 : General Availability with Vagrantfile

• solutionName not being used in windows emulation
• Loading of BUILD properties fails if there is a directory called build
• Test Media when creating new Active Directory forest
• Vagrant Provisioning for Desktop Testing
• Portable Decryption
• Eclipse Project file included in CDAF published bundle
• Scalable Deployment Process
• Support (optional) local package zip creation
• Add CMPRSS keyword to execution engine to create zip (win) or tarball (linux)
• Optional Argument Passing
• Support Build and Task Environment override
• Create Remote Artefact Package (zip) if properties folder or artefact list exist

0.9.5 : 20-Feb-2016 : Targets and Mac (nix) Encryt (win)

• Multiple Targets not working (Linux)
• Allow creation of Zip package by defining storeForRemote
• Add function DECRYP Task Execution Feature (extended to windows)
• Add function DETOKN Task Execution Feature (extended windows)
• Add function REPLAC in file function based on variable
• Add support for verbose recursive copy (VECOPY extended in windows)
• Helper feature for file copy via WinRM (windows)
• Add function MAKDIR to create directories

0.9.4 : 04-Dec-2015 : Task Execution Feature Extensions

• Linux -flat and -recurse processing for artefacts not working
• Missing script or task reports false positive
• Add EXITIF Task Execution Feature
• Add PROPLD Task Execution Feature
• Allow non standard port definition for ssh

0.9.3 : 18-Nov-2015 : CDAF Product Version logging

• Invoke Function fails on System.Management.Automation.CommandNotFoundException
• Include CDAF product version in entry point logging

0.9.2 : 15-Nov-2015 : Standardisation utilise Task Execution engine enhancements

• Move the artefact retention information to the end of the CI process
• Add support for CD taskOverride function
• Seed the manifest file with solution properties
• Logging of properties and helper scripts are not separated
• Provide logging for solution name in emulation
• Improve artefact configuration guide
• Linux - Dynamic Host target support
• Get Property returns commented properties

0.9.1 : 30-Oct-2015 : Standardisation utilise Task Execution engine enhancements

• Remote Tasks in 0.9.0 is not compatible with updated execute process
• Task Execution Templates
• Windows Package cannot clear hidden/read only files
• Local Tasks Properties not available in execution root
• Windows Provide Verbose Copy and Delete
• Linux Remaining PIPESTATUS not compatible with Elastic Bamboo agent

0.9.0 : 26-Oct-2015 : Breaking Release, affecting Remote Task Execution, view readme for details.

• Allow zip creation (remote packaging) to be optional
• Apply automation root detection to all components
• Add support for “invoke” in task driver

0.8.4 : 22-Oct-2015

• Add support for Elastic Bamboo images
• Allow a variable to be set in Windows, compatible to linux

0.8.3 : 20-Oct-2015

• Admin Command shortcut missing Target
• Alter CD Emulator build number to be symantic compliant

0.8.2 : 23-Aug-2015

• Add Support for post package tasks

0.8.1 : 8-May-2015

• Prepackage loadProperties function fails

0.8.0 : 7-May-2015

• Provide cdEmulate component execution flexibility
• Include deploy task override property in log
• Remove unused build.bat from CDAF
• CopyLand.ps1 throws an OutOfMemory exception for moderate-to-large package files
• Remove redistribution of 7zip executable (windows)
• Redeployment Not Renaming Existing Package
• LU-CDM fails when no properties files exist
• Remove 7za.exe path reference in storeArtifacts.ps1

0.7.4 : 23-Mar-2015

• Generate CDAF Release using Jenkins Pipeline
• Support URI for Remote PowerShell

0.7.3 : 13-Mar-2015

• Apply CD to TFS 2010
• Win Form Thick Client
• Blank line in StoreFor files causes package to fail

0.7.2 : 4-Mar-2015

• Optional PrePackage Process

0.7.1 : 4-Mar-2015

• Provide example task files utilising features of CDAF 0.7

0.7.0 : 3-Mar-2015

• Linux - Improve Manual Trigger
• Windows - Improve Manual Trigger
• CDAF branding
• Optional Decoupling of User Defined solution

0.6.6 : 27-Feb-2015

• Provided coded properties loader in execute function

0.6.5 : 26-Feb-2015

• Add optional TaskFile property support for Windows (WU-CDM)
• Add optional TaskFile property support for Linux (LU-CDM)
• Add ‘development progress’ argument to build scripts
• buildTag definition file - windows
• buildTag definition file - linux
• Error in log output of cdEmulate.bat
• Error when defaulting ENVIRONMENT variable in build.bat
• Move Zip file creation out of packageCopyArtefacts.ps1

0.6.4 : 25-Feb-2015

• Linux - Include artefact “flatting” on copy

0.6.3 : 23-Feb-2015

• Project being passed to build script instead of Solution

0.6.2 : 19-Feb-2015

• Apply argument driven Database script path
• Linear Deploy
• Add build.tsk support to Windows (WU-CDM)
• Add argument validation to windows entry (BAT)

0.5.7 : 19-Dec-2014

• Upgrade Selenium Server to 2.42.2
• Provide message for empty artefacts to check for line feed
• Add message to check for DOS carriage return when artefact processing fails
• Change Artefact packaging to support wildcard and path
• List Available Parameters for Remote Tasks template
• Allow support for on domain and off domain Remote Exection
• Add Encrypted Password support

Loose Coupling

As mentioned in the Continuous Delivery Automation Framework (CDAF) introduction, this is one of the founding principles…

• Loose Coupling : Designed for workstation implementation first, with no tight coupling to any given automation tool-set
• Lowest Common Denominator : Using the minimum of the tool-chain plugins & capabilities, to ensure loose coupling
• Package Portability : Package Task execution designed for automated push / pull or manual deployment

While this approach protects the pipeline from degredation due to plugin issues, and allows the author to control behaviour, e.g. logging, retry, it is fundamentally important from an ownership, portability and reusability perspective.

Shift-Left & Failing Fast

Shift-left is the principle of bringing solution aspects closer to the developer, as the cost of failing early is exponentially less costly than failing in production. While this discipline is commonly associated with software development, it should be considered a fundamental objective for all aspects of the solution, including infrastructure and configuration management.

Consistent Ways of Working

Infrastructure, Application and Testing automation should follow the same patterns of delivery. By doing so, a full, tested, solution can be delivered repeatabily and predictably.

Contributor Ownership

By constructing and testing the automation locally, the contributor can ensure it is healthy prior to comitting to source control and executing in the pipline. The more features that are performed within the automation itself, and the less dependency on any given pipeline, reduces the friction of changing vendor should that be required or desired. See the do nothing pipeline for an elaboration on automation health.

Reusable Asset

By creating Infrastructure, Application and Testing automation output that is portable and autonomous, it can be used for not only the pipeline deployment, but for local execution, allowing the creation of production like environments at will. See the feedback loop realisation for a detailed example, based on the feedback loop approach.

Do Nothing Pipeline

To embed automation into the feature development lifecycle, a pipeline should exist at the earliest possible time, configured to initially “do nothing” at deploy time.

Enough to make it run

A key principle of the Continuous Delivery Automation Framework (CDAF) is loose coupling. The intention is that the same automation that will be performed by the pipeline, can be developed and tested on the local workstation. Once the minimum automation is available, then the pipeline should be created.

Do-Nothing Pipeline

Ensure the pipeline runs successfully through all stages, e.g. if you have, test, staging and production stages, execute a do-nothing process in each to ensure the basic wiring of your pipeline is sound.

Fail Successfully

Intentionally push a change which causes the pipeline to fail, to ensure contributors can be confident that the pipeline is not giving false positives.

What Does It look Like

Based on the seeded solution getting started guide or using the CDAF samples for Linux or Windows, an operational pipeline can be created quickly.

What is Sprint-0

A do nothing pipeline ensures an automation-first approach, with early detection of build failures, however, this can be taken further. Making your first deployed environment Production!

Typically pipelines deploy to the development or test environments first, and eventually progress to production; discovering issues later in the software development lifecycle (SDCL). To realise a fail-fast approach, deploy nothing to production first. By nothing, the absolute bare minimum is the objective, typically something that displays the build number. This allows test teams to verify they are working with the correct build, and importantly, proving the delivery pipeline immediately.

The production environment can be scaled down as the proving ground for the solution architecture. Only when concurrency is required in your SDLC, should non-production environments be instantiated, based on your production environment, ideally via automation. See release train for an elaboration of how to combine automation of infrastructure, configuration management and software delivery.

Realising the Feedback Loop

Continuous Delivery to Shift-Left

While the DevOps Feedback-Loop, along with finding issues early by moving production-like environments closer to the developer (Shift-Left), are key principles, there is commonly no tangible way of achieving this.

In the typically incremental progression of continuous delivery implementations, eventually automation is built to deliver to production, and typically, that is where the story ends.

Before describing the realisation of the feedback loop, it’s important to highlight the underlying framework approaches that make this possible, which are:

• Release Portability : the output of the build (Continuous Integration) process is a single, self-contained, deployable artefact
• Loose Coupling : delivery orchestration does not use any proprietary mechanisms to deploy, the pipeline tool simply calls the deployable artefact
• Artefact Registry : a store of immutable artefacts, not code (repository). These are strictly versioned and ideally offer the ability to download the latest version.

In my Sprint Zero approach, I espouse the creation of an end-to-end, do-nothing pipeline before any development begins. The final stage of this pipeline should be to push the deployable artefact to the Artefact Registry.

By doing this, a known production state is available as feedback to the developers and testers, by getting the latest version from the Artefact Registry.

Consistent Ways of Working

If this approach is applied consistently between your infrastructure, configuration management and software developers, an automated view of the Production environment is automatically available, without having to inspect the current state of each contributing pipeline.

By combining these deployable assets, users have the ability to create a full-stack, production-like environment on demand. This could be wrapped in a graphical user interface or simply run from the command-line.

Artefact Registries

Each registry vendor has different names for general purpose stores, in Azure DevOps it’s called Universal, in GitLab it’s called Generic and in Nexus it’s called Raw.

Closing note: in the above example provided, there is an Infrastructure-as-Code (IaC)/configuration management deployment package (AZT) and software deployment package (KAT). The software deployment package is a manifest driven, desired state, deployment of containers, the container image publication is not captured in the artefact store as the image build pipeline does not reflect any target environment state.

For detailed example the creation and usage of the release artefacts in this article see Terraform Cloud Release Train.

Development & Release

DevOps is not a role or product, it’s a principle. With competing desires, i.e. autonomous vs. authoritative, Development and Operations can have different perspectives and these tools can help provide a viewpoint for operations, driven from a “source of truth”.

Development Pipelines

When speaking of Continuous Integration and Continuous Deployment (CI/CD), the conversations are typically developer centric. However, in enterprise environments, Continuous Delivery is more likely the reality, and it is desirable to be able to deliver a release without the involvement of the feature developers, as there may be many different teams contributing to the solution. Orchestrating these individuals for a release deployment can be a scheduling challenge and distracts those teams from their core purpose.

To gather these distributed concerns, it is common to try and apply processes, procedures, governance and standardisation at the development level, which is an Agile anti-pattern. So to provide developer freedom with the release predictability required, these two concerns are divided in autonomy and authority.

Autonomous Development

The key difference from developer centric approaches is that the development teams do not deploy to user environments, instead the end of the development delivery pipeline results in pushing an immutable image to the registry. The development teams can use whatever source control and branch strategy they choose, e.g. Git Flow, Simple Branch Plans, Feature Branches, etc. In this example the development team are using GitHub Actions to build (Docker), test (docker-compose) and publish their component, see Containers at Scale, A Containers Journey.

The published image may not the build image, but it must be the production ready (optimised and hardened) image which was verified in the test process.

Each component or micro service is delivered to the central catalogue, in this example, Docker Hub, but this could be any Open Container Initiative (OCI) Registry, either public or private.

Delivery Pipelines

With the Container Registry being the nexus of the autonomous development teams, now the release definition at a solution level can be declared. This codifies the release, whereas a manual release may involve spreadsheets and workbook documents, the implementation of the release is abstracted by the automation tool, in this case Terraform.

Infrastructure as Code (IaC)

This is the common use case of Terraform. In this example, the delivery of the Kubernetes platform is executed from an Azure DevOps pipeline using a 12-Factor approach, with feature branch development. Releases to production are only based on master and implemented with gating. When a feature is complete and the pull request (PR) processed, the environment created for the feature branch is destroyed (“clean-up Dev”).

Authoritative Deployment

While Terraform is considered an infrastructure tool, what it actually is, is a flexible, declarative desired state engine. So while it can be utilised to deliver and manage a Kubernetes platform in Azure, it can also be used to deploy applications to the resulting Kubernetes platform. The components are declared as a desired state and applied via the solution pipeline, which may deploy one or more images from the development teams. In this example, the solution deployment development is performed using feature branches and pull requests.

In this example, the solution delivery is executed from a, GitLab Pipeline with approval gates.

Viewpoints

Each of the viewpoints above are development oriented, so where is the operations pane-of-glass? This is where the intermediary adds value. All solutions in Terraform require a persistent store for state. There are many choices from the default local file system, to public cloud, however the Terraform Cloud offering provides the following advantages:

• persistent storage independent of any provider, e.g. to use AWS you need to create an S3 bucket, which is infrastructure, which you should do via code, but the code would then need an S3 bucket, therein lies a paradox
• SaaS offering, no maintenance required
• Execution visibility, regardless of source

The last advantage provides the operational visibility. All of the delivery pipelines send their requests, be it IaC or solution via the Terraform Cloud, therefore a complete view of all executions, regardless of pipeline, are visible to the operations team.

Secret management for all solution are combined into the Terraform SaaS, satisfying any separation of duty requirements, and any dynamically generated attributes that the development team would need to handover to operations is defined as code, and available to authenticated users.

Conclusion

Exploit your available tools to provide separation of concerns while providing transparency.

Don’t let governance stifle creativity, while ensuring freedom doesn’t lead to anarchy.

Plan for scale and complexity, “we’ll automate that later” commonly leads to “automation never”, after all the building is only as sound as it’s foundations.

What Next?

See Declarative Release for implementation examples, which incorporate intermediary tools such Ansible Tower, Puppet Enterprise and Terraform Cloud.

Branch Plans

Alternate Branch Strategies

Different branch plans do not explicitly define deployment approaches, however, there are common associative methods for each plan, which are described in the subsequent pages. This page provides the baseline terminology that will be used in the remainder of this material.

Trunk Based

Commonly referred to as Trunk Based Development. This is the simplest strategy and is commonly synonymous with Continuous Delivery (more on this to come). The only long running branch is main.

Simple Branch Plans

This branch strategy has been promoted by Microsoft, and is fundamental in their deploy process within Visual Studio. with two (or sometimes more) long-lived branches, e.g. main being used for test and release being used for production. Each additional environment requires another branch.

GitFlow

Originating from distributed source control systems, with prolonged disconnection. The majority of source control tools provided now are centralised server solutions, which obfuscate the underlying distributed architecture. GitFlow has continued, while being adjusted to use Pull Request/Merge Request to merge between branches. This typically has many long-lived branches, e.g. main, develop, release, hot-fix.

From Atlassian https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow

ASP.NET Classic Example

Build, Package and Deploy with Internet Information Services

This article matures the material authored by Troy Hunt, You’re deploying it wrong! In his article, the simple branch plan method was prevalent, as prescribed by Microsoft. This article lays the implementation foundations for trunk based delivery.

The key principle for trunk based delivery is build-once, deploy-many. The following steps achieve this using the Continuous Delivery Automation Framework (CDAF). The legacy features of Azure DevOps are used in this example.

• Tokenisation

  Abstraction of Application Settings

• Continuous Integration (CI)

  Build & Package Once

• Continuous Delivery (CD)

  Deploy Many {class=“children children-type-list children-sort-”}

Java and Maven Example

Build, Package and Deploy with Tomcat

This article lays the implementation foundations for Release Train delivery. The key principle is Autonomous Development, Authoritative Release, with this material describing an autonomous development pipeline. The following steps achieve this using the Continuous Delivery Automation Framework (CDAF).

• Continuous Integration (CI)

  Build & Package Once

• Continuous Delivery (CD)

  Deploy Many {class=“children children-type-list children-sort-”}

Static Content

Build, Package and Deploy with GTM ID

In this example, a React App, with Typescript, is built and package, then deployed to a Content Delivery Network. As there is no server side component to configure for environment differences, an alternate strategy is used.

• Tokenisation

  Abstraction of Application Settings

• Continuous Integration (CI)

  Build & Package Once

• Continuous Delivery (CD)

  Deploy Many {class=“children children-type-list children-sort-”}

Autonomous Development

The examples provided in this section are based on the motivations of Autonomous Development, Authoritative Release.

Imperative Build, Declarative Deployment

Creating an artefact for compiled languages is well understood, and is an integral part of software delivery for languages such as .NET, Java and Typescript, however, for interpretive languages (Python, Ruby, PHP, Javascript), because the code in source control can be run without a “build”, it is tempting to deploy from source control. This has the following challenges:

• Fulfilling dependencies in production environment, can have network issues and, even with lock files, can result is different runtime outcomes.
• Manual steps are required as branches are used to separate environments, e.g. test, staging, production. Which requires deploy-time developer effort and can lead to errors, i.e. untested code being merged into production.

Package & Publish

Resolving dependencies at build time, adding any other runtime components and creating an immutable package for deployment can be achieved using the CDAF technology agnostic package mechanism. The “build” artefact completes the development teams Continuous Integration (CI) stage.

The Continuous Delivery (CD) would be limited to automated testing of the package, and then publication. Publication can be to a Container Registry, Package Registry (Nexus, Artifactory, Azure DevOps, GitLab, GitHub, etc.) or a proprietary asset registry such as Octopus Deploy or Mulesoft AnyPoint Exchange. The following example uses a Container Registry.

The following overview has two examples, one using the CDAF release package with automated testing, and one performing direct image build and push.

• PiP resolves Python dependencies, and gathers these, along with helper scripts, to produce a release package. The release package is then used to construct a runtime image, which in turn is smoke tested using docker-compose. The tested image is then pushed to the registry.

• NPM resolves NodeJS dependencies, builds an image and pushes it to the registry.

graph LR

  subgraph python["Python"]
    python-git[(Git)]
    python-build-artefact[(Build)]
    python-release.ps1
    subgraph docker-compose
      image-container
      test-container
    end
    push
  end

  subgraph node["NodeJS"]
    node-git[(Git)]
    node-build
    node-push["push"]
  end

  registry[(Docker Registry)]

  python-git -- "CI (PiP)" -->
  python-build-artefact -- "CD" --> 
  python-release.ps1 -->
  image-container -->
  push --> registry
  test-container -. "smoke test" .-> image-container

  node-git -- "CI (NPM)" -->
  node-build -->
  node-push --> registry

classDef dashed stroke-dasharray: 5, 5
class python,node dashed

classDef dotted stroke-dasharray: 2, 2
class docker-compose dotted

classDef blue fill:#007FFF
class registry blue

Note: the Python release.ps1 is an intermediary artefact, and not used to deploy to the runtime environments.

How to Helm

Declarative Desired State Container Deployment using Helm

This approach is based on Autonomous Development, Authoritative Release which decouples the development process from the release process.

This is an alternative implementation to Terraform Application Stack, using Helm instead of Terraform, but with the same core principles of runtime versioning and desired state.

The Application Stack can be defined once, and deployed many times into separate namespaces, e.g. development, test and production.

graph TD

  subgraph k8s["Kubernetes"]
    subgraph ns1["Dev namespace"]
      ns1-ingress["ingress"]
      subgraph ns1-pod-1["Pod"]
        ns1-con-a["container"]
      end
      subgraph ns1-pod-2["Pod"]
        ns1-con-b["container"]
        ns1-con-c["container"]
      end
    end
    subgraph ns2["Test namespace"]
      ns2-ingress["ingress"]
      subgraph ns2-pod-1["Pod"]
        ns2-con-a["container"]
      end
      subgraph ns2-pod-2["Pod"]
        ns2-con-b["container"]
        ns2-con-c["container"]
      end
    end
    subgraph ns3["Production namespace"]
      ns3-ingress["ingress"]
      subgraph ns3-pod-1["Pod"]
        ns3-con-a["container"]
      end
      subgraph ns3-pod-2["Pod"]
        ns3-con-b["container"]
        ns3-con-c["container"]
      end
    end
  end

  client -->
  ns1-ingress --> ns1-con-a
  ns1-ingress --> 
  ns1-con-b --> ns1-con-c

  client -->
  ns2-ingress --> ns2-con-a
  ns2-ingress --> 
  ns2-con-b --> ns2-con-c

  client -->
  ns3-ingress --> ns3-con-a
  ns3-ingress --> 
  ns3-con-b --> ns3-con-c

classDef external fill:lightblue
class client external
 
classDef dashed stroke-dasharray: 5, 5
class ns1,ns2,ns3 dashed
 
classDef dotted stroke-dasharray: 2, 2
class ns1-pod-1,ns1-pod-2,ns2-pod-1,ns2-pod-2,ns3-pod-1,ns3-pod-2 dotted

• Helm

  Helm for Kubernetes

• Desired State Release

  Full Stack Release Helm/Kubernetes {class=“children children-type-list children-sort-”}

Terraform Kubernetes

Full Stack Release using Terraform

This approach implements the Autonomous Development, Authoritative Release principle, to orchestrate a full stack release, i.e. the automated coordination of Infrastructure as Code, Configuration Management and Application deployment.

This is an alternative implementation to How to Helm, using Terraform instead of Helm, but with the same core principles of runtime versioning and desired state, and the inclusion of the Kubernetes Infrastructure as Code, using a single language, i.e. Terraform.

The Application Stack can be defined once, and deployed many times into separate namespaces, e.g. development, test and production.

graph TD

  subgraph k8s["Kubernetes"]
    subgraph ns1["Dev namespace"]
      ns1-ingress["ingress"]
      subgraph ns1-pod-1["Pod"]
        ns1-con-a["container"]
      end
      subgraph ns1-pod-2["Pod"]
        ns1-con-b["container"]
        ns1-con-c["container"]
      end
    end
    subgraph ns2["Test namespace"]
      ns2-ingress["ingress"]
      subgraph ns2-pod-1["Pod"]
        ns2-con-a["container"]
      end
      subgraph ns2-pod-2["Pod"]
        ns2-con-b["container"]
        ns2-con-c["container"]
      end
    end
    subgraph ns3["Production namespace"]
      ns3-ingress["ingress"]
      subgraph ns3-pod-1["Pod"]
        ns3-con-a["container"]
      end
      subgraph ns3-pod-2["Pod"]
        ns3-con-b["container"]
        ns3-con-c["container"]
      end
    end
  end

  client -->
  ns1-ingress --> ns1-con-a
  ns1-ingress --> 
  ns1-con-b --> ns1-con-c

  client -->
  ns2-ingress --> ns2-con-a
  ns2-ingress --> 
  ns2-con-b --> ns2-con-c

  client -->
  ns3-ingress --> ns3-con-a
  ns3-ingress --> 
  ns3-con-b --> ns3-con-c

classDef external fill:lightblue
class client external
 
classDef dashed stroke-dasharray: 5, 5
class ns1,ns2,ns3 dashed
 
classDef dotted stroke-dasharray: 2, 2
class ns1-pod-1,ns1-pod-2,ns2-pod-1,ns2-pod-2,ns3-pod-1,ns3-pod-2 dotted

• Manifest

  Declare Container Deployment as Terraform Package

• Terraform Build

  Immutable Release Package

• Configuration Management

  Tokens and Properties

• Deploy

  Deploy-time Detokenisation

• Feedback Loop

  Realising the Feedback Loop {class=“children children-type-list children-sort-”}

Custom State Management

Custom Desired State Management Solution

This example provides desired state management to the Mulesoft AnyPoint Cloudhub 2 platform. As at time of writing, a Terraform provider existed, but was incomplete, having no mechanism to deploy the runtime.

The application stack is made up of individual API definitions, each paired with a runtime component.

graph TD

  subgraph dc["Mulesoft Anypoint Plaform"]
    subgraph vm1["Test"]
      vm1-in-a["API Managment"]
      vm1-con-a["Application Runtime"]
      vm1-in-b["API Managment"]
      vm1-con-b["Application Runtime"]
    end
    subgraph vm2["Production"]
      vm2-in-a["API Managment"]
      vm2-con-a["Application Runtime"]
      vm2-in-b["API Managment"]
      vm2-con-b["Application Runtime"]
    end
  end

  client -->
  vm1-in-a --> vm1-con-a
  client -->
  vm1-in-b --> vm1-con-b

  client -->
  vm2-in-a --> vm2-con-a
  client -->
  vm2-in-b --> vm2-con-b

classDef external fill:lightblue
class client external
 
classDef dashed stroke-dasharray: 5, 5
class vm1,vm2,cf1,cf2 dashed

• Manifest

  Declare Anypoint Components as Package

• Custom State Build

  Custom State Release Package

• Configuration Management

  Building Desired State from Properties

• Desired State

  Determining Change {class=“children children-type-list children-sort-”}

Azure DevOps (ADO) Release

Orchestrated Component Deploy

The Application Stack in this example deploys two components, static content and an API.

graph TD

  Agent["🌐"] 

  subgraph vm1["☁️ CloudFlare"]
    content["Static Content"]
    API
  end

  Agent --> content
  Agent --> API

classDef external fill:lightblue
class Agent external

classDef dashed stroke-dasharray: 5, 5
class vm1,vm2,vm3,vm4 dashed
 
classDef dotted stroke-dasharray: 2, 2
class vm1-pod-1,vm1-pod-2,vm2-pod-1,vm2-pod-2,vm3-pod-1,vm3-pod-2,vm4-pod-1,vm4-pod-2 dotted

Each component publishes a self-contained release package to the Azure DevOps (ADO) artefact store. The ADO Release orchestrates these package deployments for each environment, ensuring the complete stack is promoted through each environment with aligned package versions.

graph LR

  subgraph static["Static Content"]
    Sbuild["Build"] -->
    Stest["Test"] -->
    Spublish["Publish"]
  end
  subgraph API
    Abuild["Build"] -->
    Atest["Test"] -->
    Apublish["Publish"]
  end

  subgraph Release
    TEST
    PROD
  end

  store[(ADO Store)]

  Apublish --> store
  Spublish --> store
  store --> TEST
  TEST --> PROD

classDef release fill:lightgreen
class TEST,PROD release

• Component CI

  Autonomous Component Build & Test

• Component CD

  Autonomous Component Deploy

• Component Publish

  Autonomous Component Publication

• Release

  Full Stack Release {class=“children children-type-list children-sort-”}

Ansible Automation Platform

Full Stack Release using Ansible Automation Platform

Ansible Automation Platform is the replacement for Ansible Tower.

The Application Stack is a combination of Podman containers with an Apache reverse proxy for ingress.

This implementation does not include infrastructure, i.e. the creation of the host and related networking is not included in the automation, however, it does combine configuration management and software delivery.

graph TD
  client["🌐"]:::transparent

  subgraph dc["Data Center"]
    subgraph vm["Host"]
      Apache
      subgraph Podman
        vm1-con-a["Rails"]
        vm1-con-b["Spring"]
        vm1-con-c["Python"]
      end
    end
  end

  client -->
  Apache --> vm1-con-a
  Apache --> vm1-con-b
  Apache --> vm1-con-c

classDef transparent fill:none,stroke:none,color:black

classDef dashed stroke-dasharray: 5, 5
class dc dashed
 
classDef dotted stroke-dasharray: 2, 2
class Podman dotted

The configuration of the host and deployment of the application are defined once, and deployed many times, e.g. test and production.

graph LR

  subgraph Rails
    Rbuild["Build"] -->
    Rtest["Test"] -->
    Rpublish["Publish"]
  end
  subgraph Python
    Pbuild["Build"] -->
    Ptest["Test"] -->
    Ppublish["Publish"]
  end
  subgraph Spring
    Sbuild["Build"] -->
    Stest["Test"] -->
    Spublish["Publish"]
  end

  subgraph Release
    TEST:::release
    PROD:::release
  end

  store1[(GitLab Docker Registry)]
  store2[(Nexus Docker Registry)]

  Rpublish --> store1
  Spublish --> store1
  Ppublish --> store2
  store1 --> TEST
  store2 --> TEST
  TEST --> PROD

classDef release fill:lightgreen

• Component Pipelines

  Autonomous Development

• Manifest

  Application Stack Declaration

• Ansible Build

  Immutable Release Package

• Ansible Deploy

  Detokenisation and Release {class=“children children-type-list children-sort-”}

Octopus Deploy

Release Orchestration using Octopus Deploy

Octopus Deploy is a dedicated release orchestration tool which does not have build capabilities and does not natively integrate with source control, instead it provides a repository to which build artefacts can be pushed. The following scenario is a stack which comprises a customer-facing application (React) front-end and Platform-as-a-Service (Mulesoft Anypoint) back-end.

The back-end deployment is itself an authoritative release solution with a source-driven manifest (see Custom Desired State Management Solution). The client will retrieve the static content from the content delivery network (CloudFlare).

graph TD
  client["🌐"]:::transparent

  subgraph cf["CloudFlare"]
    react-a["Static Content"]
  end

  subgraph ch["CloudHub"]
    patient["Patient API"]
    Admissions["Admissions API"]
  end

  client --> react-a
  client --> patient
  patient --> Admissions

classDef external fill:lightblue
class client external
 
classDef dashed stroke-dasharray: 5, 5
class cf,ch dashed

Octopus creates a release whenever either the state management or user interface packages are pushed, but this is not deployed into test until the release manager approves. The API construction and registration with AnyPoint exchange is not described here, this is treated as a prerequisite, see Custom Desired State Management Solution for a detailed breakdown of that process.

graph LR

  subgraph "Patient API"
    Rbuild["Build"] -->
    Rtest["Test"] -->
    Rpublish["Publish"]
  end
  subgraph "AnyPoint Desired State Management"
    Pbuild["Build"] -->
    Ptest["Test"] -->
    Ppublish["Publish"]
  end
  subgraph "Admissions API"
    Sbuild["Build"] -->
    Stest["Test"] -->
    Spublish["Publish"]
  end
  subgraph "CloudFlare Pages"
    Abuild["Build"] -->
    Atest["Test"] -->
    Apublish["Publish"]
  end

  subgraph Release
    TEST:::release
    PROD:::release
  end

  store1[(Anypoint Exchange)]
  store2[(Octopus Package Registry)]

  Rpublish --> store1
  Spublish --> store1
  Ppublish --> store2
  Apublish --> store2

  store1 --> TEST
  store2 --> TEST
  TEST --> PROD

classDef release fill:lightgreen

• Octopus Pane of Glass

  Overview of Stack Components

• Decoupled Deployment

  Orchestrated Release

• Business Visibility

  Non-techincal Release View {class=“children children-type-list children-sort-”}

Terraform Cloud

Full Stack Release using Terraform Cloud

This Release Train extends the Terraform Kubernetes authoritative release, combining the application stack deployment with the Infrastructure-as-Code solution.

graph TD
  client["🌐"]:::transparent

  apim["API Gateway"]

  subgraph k8s["Kubernetes"]
    subgraph ns1["Dev namespace"]
      ns1-ingress["ingress"]
      subgraph ns1-pod-1["Pod"]
        ns1-con-a["container"]
      end
      subgraph ns1-pod-2["Pod"]
        ns1-con-b["container"]
        ns1-con-c["container"]
      end
    end
  end

  client -->
  apim -->
  ns1-ingress --> ns1-con-a
  ns1-ingress --> 
  ns1-con-b --> ns1-con-c

classDef external fill:lightblue
class client external
 
classDef dashed stroke-dasharray: 5, 5
class ns1,ns2,ns3 dashed
 
classDef dotted stroke-dasharray: 2, 2
class ns1-pod-1,ns1-pod-2,ns2-pod-1,ns2-pod-2,ns3-pod-1,ns3-pod-2 dotted

Each component publishes a self-contained release package to the Azure DevOps (ADO) artefact store. The ADO Release orchestrates these package deployments for each environment, ensuring the complete stack is promoted through each environment with aligned package versions.

graph LR

  subgraph Components
    Sbuild["Build"] -->
    Stest["Test"] -->
    Spublish["Publish"]
  end
  subgraph Infrastructure
    Abuild["Build"] -->
    Atest["Test"] -->
    Apublish["Publish"]
  end

  subgraph Release
    TEST
    PROD
  end

  store[(ADO Store)]

  Apublish --> store
  Spublish --> store
  store --> TEST
  TEST --> PROD

classDef release fill:lightgreen
class TEST,PROD release

• Manifest

  Declare Container Deployment as Terraform Package

• Terraform Build

  Immutable Release Package

• Configuration Management

  Tokens and Properties

• Release

  Release Construction

• Intermediary

  Terraform Cloud intermediary

• Deploy

  Deploy-time Detokenisation

• Feedback Loop

  Realising the Feedback Loop {class=“children children-type-list children-sort-”}

Framework Implementation

CDAF Core Component Specifications

This section provides a detailed breakdown of the Continuous Delivery Automation Framework (CDAF) itself.

• Entry Points

  CDAF Entry Scripts

• Task Processing

  Execution Engine {class=“children children-type-list children-sort-”}

Feature Configuration

Declarative Desired State Container Deployment using Helm

This section provides a detailed breakdown of the Continuous Delivery Automation Framework (CDAF) feature configuration options. For a step-by-step usage guide see getting started.

• Configuration Mapping

  Configuration Mapping

• Execution Engine

  Execution Engine

• Environment Variables

  Environment Variables

• Solution Properties

  Solution Properties

• Extended Processes

  Extended Processes

• Feature Branch Execution

  Feature Branch Execution

• Sensitive Data Strategies

  Sensitive Data Strategies

• Legacy Features

  Legacy Features

• Variable Validation

  Variable Validation {class=“children children-type-list children-sort-”}