devend

DevEnd - Azure DevOps Service Endpoint Manager

DevEnd is a command-line interface (CLI) tool designed to manage Azure DevOps Service Endpoints. It allows for efficient deployment and configuration of service endpoints in Azure DevOps environments.

Features

• Deploy and manage Azure DevOps Service Endpoints
• Remove obsolete credentials
• Customizable logging levels
• Configurable through command-line options or environment variables

Supported Endpoint Types

DevEnd supports a variety of endpoint types for Azure DevOps, offering flexible configurations to meet different needs:

• Azure RM (Resource Manager):
  • Using service principal key authentication
  • Using OpenID Connect (OIDC) authentication
• Snyk: Integration with Snyk for vulnerability management
• SonarCloud: Configuration for SonarCloud code quality checks
• Sharing Existing Endpoints: Capability to share existing service endpoints across different Azure DevOps projects

Supported Credential Sources

DevEnd supports various credential sources, providing flexibility for different endpoint types:

• KeyVault:

  • Available for all endpoint types
  • Secure storage and retrieval of credentials from Azure KeyVault

• Environment Variable:

  • Applicable to all endpoint types
  • Utilize environment variables for credentials, enabling easy integration with CI/CD pipelines

• Workload Federation/OIDC (OpenID Connect):

  • Exclusive to Azure RM endpoints
  • Provides secure authentication using OIDC

• Service Principal Key:

  • Exclusive to Azure RM endpoints
  • Enables authentication using Azure service principal keys
  • Supports rotation of credentials
  • Automatically removes expired credentials created by DevEnd

These credential sources enhance security and ease of configuration across various environments.

Usage

DevEnd is available as an npm package. You can run it directly using npx without needing to install it globally:

devend deploy [options]
-t, --azure-devops-token <token>: Set the Azure DevOps token. Alternatively, use DEVEND_AZDEV_TOKEN environment variable.
-l, --logging-level <level>: Set the logging level (info, verbose, debug). Can also be set with DEVEND_LOGGING_LEVEL.
-u, --azure-devops-url <url>: Set the Azure DevOps URL. Use DEVEND_AZDEV_URL as an alternative.
-p, --projects-configuration-path <path>: Specify the path to the projects configuration file. Can also be set with DEVEND_PROJECTS_CONFIGURATION_PATH. Defaults to ./projects.yml
-e, --endpoints-configuration-path <path>: Specify the path to the endpoints configuration file. Alternatively, use DEVEND_ENDPOINTS_CONFIGURATION_PATH. Defaults to /endpoints.yml

Refer to Runtime configuration guide for more details

Example Usages

Simplest Usage

Run the orchestrator using just the Azure DevOps URL and token:

npx devend deploy --azure-devops-url "https://dev.azure.com/your_organization" --azure-devops-token "your_token"

Usage with Azure Resources

When using Azure KeyVaults, Service Principal Keys or configuring OIDC authentication, you will need to authenticate using az login before running DevEnd.

az login

npx devend deploy --azure-devops-url "https://dev.azure.com/your_organization" --azure-devops-token "your_token"

Configuration

Please refer to the Endpoints configuration guide and Projects configuration guide for details on how to setup your configuration files.

Contributing

Contributions to DevEnd are welcome. Please refer to the contributing guidelines for more information.

License

This project is licensed under the GNU General Public License version 3 (GPL-3.0). For more details, see the LICENSE file in the repository.

Author

Sam Beardman