堆栈内存溢出
  简体   繁体   English

Azure DevOps CI/CD 和从源代码管理中分离连接字符串

[英]Azure DevOps CI/CD and Separating Connection Strings from Source Control

 原文  2019-02-08 22:13:58       git/ visual-studio/ azure/ continuous-integration/ azure-devops

问题描述

So I've been following many different idea/strategies through many blogs/SO posts but I haven't been able to find my idea solution.所以我一直在通过许多博客/SO 帖子关注许多不同的想法/策略,但我一直无法找到我的想法解决方案。

What I'm Using我在用什么

  • Visual Studio 2017 v15.9.6 Visual Studio 2017 v15.9.6
  • Git (source control) Git(源代码管理)
  • Azure DevOps CI/CD Azure DevOps CI/CD
  • Azure App Service (to host the Web API) Azure 应用服务(用于托管 Web API)

Goal目标

The goal is to use the Azure DevOps tools to commit my project changes, push (via Git) the changes to Azure DevOps repo, have the CI/CD build the projected follow the pipeline rules to deploying to dev/production/etc.目标是使用 Azure DevOps 工具提交我的项目更改,将更改(通过 Git)推送到 Azure DevOps 存储库,让 CI/CD 构建投影遵循管道规则部署到开发/生产/等。 All this while, keep connection strings out of source control.在此期间,将连接字符串置于源代码控制之外。

Currently, I got a website (legacy Web Application) that has local connection string definitions on an external connection string file (based on this article Connection Strings and Configuration Files ).目前,我有一个网站(旧版 Web 应用程序),它在外部连接字符串文件(基于这篇文章连接字符串和配置文件)上具有本地连接字符串定义。 It's hosted as an App Service on Azure.它作为应用服务托管在 Azure 上。 Within my .gitignore file I made Git ignore the specific connection strings file so that it's not in source control.在我的.gitignore文件中,我让 Git 忽略了特定的连接字符串文件,因此它不在源代码管理中。 Using Azure's deployment from GitHub feature, the site gets updated with the source in GitHub.使用 Azure 的 GitHub 部署功能,该站点使用 GitHub 中的源进行更新。 However, I had to manually upload the connection string file with false/bad data.但是,我必须手动上传带有错误/错误数据的连接字符串文件。 I use Azure's application settings to define the connection strings themselves.我使用 Azure 的应用程序设置来定义连接字符串本身。 This process works perfectly fine.这个过程工作得很好。

The Problem问题

I have a new .Net Web API project started at .Net Framework 4.7.2.我有一个新的 .Net Web API 项目,从 .Net Framework 4.7.2 开始。 I also followed the article to separate the connection strings into a separate files so that I can also ignore the file in source control.我也跟着文章把连接字符串分成单独的文件,这样我也可以在源代码管理中忽略该文件。 When the Azure DevOps builds the project it fails saying:当 Azure DevOps 构建项目时,它失败说:

C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Enterprise\\MSBuild\\Microsoft\\VisualStudio\\v15.0\\Web\\Microsoft.Web.Publishing.targets(2603,5): Error : Copying file ConnectionStrings.config to obj\\Release\\Package\\PackageTmp\\ConnectionStrings.config failed. C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Enterprise\\MSBuild\\Microsoft\\VisualStudio\\v15.0\\Web\\Microsoft.Web.Publishing.targets(2603,5): 错误:将文件 ConnectionStrings.config 复制到obj\\Release\\Package\\PackageTmp\\ConnectionStrings.config 失败。 Could not find file 'ConnectionStrings.config'.找不到文件“ConnectionStrings.config”。

Obviously, because I'm not adding this file to source control.显然,因为我没有将此文件添加到源代码管理中。 Mainly because even during development I need to put actual connection string usernames/password.主要是因为即使在开发过程中我也需要输入实际的连接字符串用户名/密码。

Question

What other solutions/features exist that can help accomplish this scenario?存在哪些其他解决方案/功能可以帮助完成此场景?

3 个解决方案

解决方案1
 5 已采纳  2019-02-09 00:08:29

Short answer: Don't put secrets in configuration files. 简短回答:不要在配置文件中放置秘密。

If all your resources reside in Azure, use Managed Service Identities so that you don't need to bother with connection strings. 如果所有资源都驻留在Azure中,请使用托管服务标识,这样您就不必费心使用连接字符串。

If not, use ARM templates and key vault-linked parameters to manage your Azure infrastructure. 如果没有,请使用ARM模板和密钥保管库链接参数来管理Azure基础结构。 Azure Web Apps allow you to override configuration files with app settings/connection strings within the web app . Azure的Web应用程序允许您重写与web应用程序内的应用程序设置/连接字符串配置文件。 So simply use key vault to manage that stuff, and tell the web app to pull the values from key vault. 因此,只需使用密钥保管库来管理这些内容,并告诉Web应用程序从密钥保险库中提取值。

解决方案2
 1  2019-02-09 00:15:19

VSRM task to publish Web Apps supports overriding values in Web.config. 发布Web应用程序的VSRM任务支持覆盖Web.config中的值。 You can keep your secrets in VSRM and replace them in the deployment time. 您可以将您的秘密保存在VSRM中,并在部署时间内替换它们。 See File transforms and variable substitution reference # XML variable substitution 请参阅文件转换和变量替换参考#XML变量替换

解决方案3
 0  2021-11-08 13:55:16

If you do need to put your actual connectionstring-file in your project for debug, and therefore add your path for connectionString in .gitignore, you could let Pipeline create a dummy connectionstring before the task VSBuild.如果您确实需要将实际的连接字符串文件放在项目中进行调试,并因此在 .gitignore 中添加连接字符串的路径,您可以让 Pipeline 在任务 VSBuild 之前创建一个虚拟连接字符串。 This can be done with the File Creator who is available at Visual Studio Marketplace .这可以通过Visual Studio Marketplace 上提供的File Creator来完成。 After that, you simply insert the actual connectionstring into the Configuration for the App Service in Azure.之后,您只需将实际的连接字符串插入 Azure 中应用服务的配置中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure DevOps:1 个解决方案多项目 CI/CD - Azure DevOps: 1 Solution Multiple Projects CI/CD kubernetes 和 azure Devops 在 CI/CD 方面的区别 - What it the difference between kubernetes and azure Devops in terms of CI/CD CI/CD 管道 Azure devops 部署发布后自动合并 - CI/CD pipelines Azure devops automatic merge after deploy release 无法使用 CI 管道从 Azure DevOps 中的外部 Git 触发源代码的自动构建 - Unable to trigger automatic build of source code from external Git in Azure DevOps Using CI pipeline Azure DevOps 中的多个 CI 管道? - Multiple CI pipelines in Azure DevOps? 从 CI/CD 提交到存储库 - Committing from CI/CD into repository 使用 Powershell 脚本在 Azure 上配置 CI/CD 管道 - configuration CI/CD pipeline on Azure with Powershell Script Azure DevOps 的源代码控制文件未显示在 VS for Mac 中 - Source Controlled Files from Azure DevOps not showing up in VS for Mac 从任务中设置 azure devops 管道版本控制标签 - set azure devops pipeline version control tag from task 从源代码管理部署Web角色到azure - deploy web role to azure from source control
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM