ALM – Using “Solution Checker” in a pipeline

In my last post, I explained a Basic ALM process for CDS. In this article, I promised to write about different Quality Gates to improve a pipeline.

Today we will learn how it is possible to use the “Solution Checker” in a pipeline as a Quality Gate (QG). This kind of QG would fit in different parts of the Basic ALM process. For example, before pushing the unmanaged solution to the source control. This would secure a certain level of quality in your Source Control.

Adding the Step

To begin with we have to add a “Power Apps Checker” step to our pipeline. In this example, we will add it to our “Create Export from Dev” pipeline between the “Export Solution” and the “Unpack Solution” step.

When the step is added we have to provide some configuration. In the “Local File to Analyse” we will add the output folder of the previous export step. In our example:

$(Build.ArtifactStagingDirectory)\$(SolutionName).zip
Adding Path
Adding Path

The complex part is the “PowerApps Checker Service”.

Create a “PowerApps Checker Service”

A “PowerApps Checker Service” requires an “App registration” in the Azure Active Directory (AAD).

Create an “App registration”

There are different ways of doing this. In this post, we will do it via a PowerShell script.

To start with we have to open a PowerShell as an administrator

Open PowerShell as Admin
Open PowerShell as Admin

In the just-opened PowerShell, we have to run the following command to install the needed components.

Install-Module -Name AzureAD

During this process, the system might prompt you to trust the modules from PSGallery. You should select A (Yes to all).

The second step is to run the following script in the PowerShell.

function New-PowerAppsCheckerAzureADApplication
{
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [Guid]
        $TenantId,
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $ApplicationDisplayName
    )
    # Using AzureAD as the RM modules, AzureRm.Resource and AzureRm.Profile, do not allow for setting RequiredResourceAccess
    Import-Module AzureAD | Out-Null
    try
    {
        Connect-AzureAD -TenantId $TenantId | Out-Null
    }
    catch [Microsoft.Open.Azure.AD.CommonLibrary.AadAuthenticationFailedException]
    {
        Write-Error "Received a failure result from the connecting to AzureAD, $($_.Exception.Message). Stopping."
        return
    }
    $graphSignInAndReadProfileRequirement = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
    $acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "e1fe6dd8-ba31-4d61-89e7-88639da4683d","Scope"
    $graphSignInAndReadProfileRequirement.ResourceAccess = $acc1
    $graphSignInAndReadProfileRequirement.ResourceAppId = "00000003-0000-0000-c000-000000000000"

    $powerAppsCheckerApiRequirement = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
    $acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "d533b86d-8f67-45f0-b8bb-c0cee8da0356","Scope"
    $acc2 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "640bd519-35de-4a25-994f-ae29551cc6d2","Scope"
    $powerAppsCheckerApiRequirement.ResourceAccess = $acc1,$acc2
    $powerAppsCheckerApiRequirement.ResourceAppId = "c9299480-c13a-49db-a7ae-cdfe54fe0313"

    $application = New-AzureADApplication -DisplayName $ApplicationDisplayName -PublicClient $true -ReplyUrls "urn:ietf:wg:oauth:2.0:oob" -RequiredResourceAccess $graphSignInAndReadProfileRequirement, $powerAppsCheckerApiRequirement
    if ($application -eq $null -or $application.AppId -eq $null)
    {
        Write-Error "Unable to create the application as requested."
    }
    else
    {
        Write-Host "The application $($application.AppId):$ApplicationDisplayName was created in the tenant, $TenantId. You may need to have an administrator grant consent. If running in a userless process, you will need to add a secret or certificate in which to authenticate." 
    }
    return $application
}

# Login to AAD as your user
Connect-AzureAD

# Establish your tenant ID
$tenantId = (Get-AzureADTenantDetail).ObjectId

# Create the AAD application registration using the AzureAD module and the sample script
$newApp = New-PowerAppsCheckerAzureADApplication -ApplicationDisplayName "Power Apps Checker Client" -TenantId $tenantId

# Next step => create a secret via the Admin portal, CLI, or PowerShell module.

At the last code row at the end of the script, you can define the name the App registration should have in AAD.

The PowerShell might (it was not the case for me) ask you if you would like to run the software of this untrusted publisher. Here you should select A (Always run).

While executing the script a login popup will appear (i some cases twice). Here you should log in with a user that has enough rights to create an App registration in AAD.

At the end of the script, it will show you the application and tenant ID. Both of them are needed later, make sure to copy them.

Create a Client secret for the Application Registration

Besides the Tenant ID and the Application ID, the Pipeline Step does also need a client secret for the just created App registration.

To create this you have to log in to the Azure portal. After you have logged in you navigate to the Azure Active Directory (AAD) > App registration > click on the app you just created.

Navigate to the App registration

Here you go to “Certificates & secrets” and click on “New client secret”.

Navigate to client secrets
Navigate to client secrets

After choosing a description and when the secret should expire it will be shown in the list of secrets.

Secret
Secret

Make sure to copy the secret since Azure will only show it once.

Bring it all together in the pipeline step

You go back to your Azure DevOps and press the “New” button beside “PowerApps Checker Service”.

Adding a new Service
Adding a new Service

In the fly-in that now opens on the right side the information, we gathered in the steps before should be inserted as follows.

Configuration of the service
Configuration of the service

Under “Geography” you have to choose your region. You should give a good name to your new connection so that you can recognize it correctly in the future.

After you have saved the new connection it will automatically be chosen in the pipeline step.

The last thing to do is to choose “Solution Checker” as a “Rule Set”.

Here is the complete step configuration:

Configuration pipeline step
Configuration pipeline step
3+
Tags:

Add a Comment

Your email address will not be published. Required fields are marked *