Azure
/
azure-spring-apps-reference-architecture
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
azure-spring-apps-reference.../.github/workflows/deploy_enterprise.yml

656 строки
28 KiB
YAML
Исходник Постоянная ссылка Ответственный История

name: Deploy Azure Spring Apps Enterprise with ACME Fitness
on: workflow_dispatch
permissions:
id-token: write
contents: read
env:
# === Deploy Firewall ===:
DEPLOY_FIREWALL_ENTERPRISE: false
# === Destroy All ==
DESTROY_ENTERPRISE: false
# === Baseline Parameters ====:
REGION: eastus
NAME_PREFIX: springent
ENVIRONMENT: dev
# === Spring Apps Service ===:
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
JUMP_BOX_USERNAME: lzadmin
JUMP_BOX_PASSWORD: ${{ secrets.JUMP_BOX_PASSWORD }}
# Specify the Object ID for the "Azure Spring Apps Resource Provider" service principal in the customer's Azure AD Tenant
# Use this command to obtain:
# az ad sp show --id e8de9221-a19c-4c81-b814-fd37c6caf9d2 --query id --output tsv
SPRINGAPPS_SPN_OBJECT_ID: ${{ vars.SPRINGAPPS_SPN_OBJECT_ID }}
# ==== Terraform Backend ===:
TFSTATE_RG: ${{ vars.TFSTATE_RG }}
STORAGEACCOUNTNAME: ${{ vars.STORAGEACCOUNTNAME }}
CONTAINERNAME: ${{ vars.CONTAINERNAME_ENTERPRISE }}
# ==== Terraform Azure Login ===:
ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
jobs:
conditions:
runs-on: ubuntu-latest
outputs:
deploy_firewall: "${{ env.DEPLOY_FIREWALL_ENTERPRISE }}"
destroy: "${{ env.DESTROY_ENTERPRISE }}"
name_prefix: ${{ env.NAME_PREFIX}}
environment: ${{ env.ENVIRONMENT}}
region: ${{env.REGION}}
jumpbox_username: ${{ env.JUMP_BOX_USERNAME}}
steps:
- name: Deploy Firewall Override
if: ${{vars.DEPLOY_FIREWALL_ENTERPRISE != 0 }}
run: echo "DEPLOY_FIREWALL_ENTERPRISE=${{ vars.DEPLOY_FIREWALL_ENTERPRISE }}" >> $GITHUB_ENV
- name: Destroy Override DESTROY_ENTERPRISE
if: ${{vars.DESTROY_ENTERPRISE != 0 }}
run: echo "DESTROY_ENTERPRISE=${{ vars.DESTROY_ENTERPRISE }}" >> $GITHUB_ENV
- name: Override Deployment Region
if: ${{vars.REGION_ENTERPRISE != 0 }}
run: echo "REGION=${{ vars.REGION_ENTERPRISE }}" >> $GITHUB_ENV
- name: Override Name Prefix
if: ${{vars.NAME_PREFIX_ENTERPRISE != 0 }}
run: echo "NAME_PREFIX=${{ vars.NAME_PREFIX_ENTERPRISE }}" >> $GITHUB_ENV
- name: Override Environment Token
if: ${{vars.ENVIRONMENT_ENTERPRISE != 0 }}
run: echo "ENVIRONMENT=${{ vars.ENVIRONMENT_ENTERPRISE }}" >> $GITHUB_ENV
- name: Override Jump Box Username
if: ${{vars.JUMP_BOX_USERNAME != 0 }}
run: echo "JUMP_BOX_USERNAME=${{ vars.JUMP_BOX_USERNAME }}" >> $GITHUB_ENV
deploy_hub_network:
name: Deploy 02 Hub Network
needs: conditions
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/02-Hub-Network
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
run: terraform apply my.plan
deploy_lz_network:
needs: [deploy_hub_network, conditions]
name: Deploy 03 LZ Network
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/03-LZ-Network
outputs:
spoke_vnet_name: ${{ steps.output.outputs.spoke_vnet_name }}
spoke_rg: ${{ steps.output.outputs.spoke_rg }}
private_dns_rg: ${{ steps.output.outputs.private_dns_rg }}
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
run: terraform apply my.plan
- name: Terraform Output
id: output
run: |
echo spoke_vnet_name=$(terraform output -raw spoke_vnet_name) >> $GITHUB_OUTPUT
echo spoke_rg=$(terraform output -raw spoke_rg) >> $GITHUB_OUTPUT
echo private_dns_rg=$(terraform output -raw private_dns_rg) >> $GITHUB_OUTPUT
deploy_lz_shared:
needs: [deploy_lz_network, conditions]
name: Deploy 04 LZ Shared Resources
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
JUMP_BOX_USERNAME: ${{ needs.conditions.outputs.jumpbox_username}}
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/04-LZ-SharedResources
outputs:
shared_rg: ${{ steps.output.outputs.shared_rg }}
jump_host_name: ${{ steps.output.outputs.jump_host_name }}
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}" \
-var="jump_host_admin_username=${{ env.JUMP_BOX_USERNAME }}" \
-var="jump_host_password=${{ env.JUMP_BOX_PASSWORD}}"
- name: Terraform Apply
run: terraform apply my.plan
- name: Terraform Output
id: output
run: |
echo shared_rg=$(terraform output -raw shared_rg) >> $GITHUB_OUTPUT
echo jump_host_name=$(terraform output -raw jump_host_name) >> $GITHUB_OUTPUT
deploy_hub_firewall:
needs: [deploy_hub_network, deploy_lz_shared, conditions]
name: Deploy 05 Hub Firewall
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/05-Hub-AzureFirewall
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
if: needs.conditions.outputs.deploy_firewall == 'true'
run: terraform apply my.plan
deploy_lz_enterprise:
needs:
[deploy_hub_network, deploy_lz_shared, deploy_hub_firewall, conditions]
name: Deploy 06 LZ Spring Apps Enterprise
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
outputs:
spring_apps_service_name: ${{ steps.output.outputs.spring_apps_service_name }}
spring_apps_rg: ${{ steps.output-apps-rg.outputs.spring_apps_rg }}
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/06-LZ-SpringApps-Enterprise
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
run: terraform apply my.plan
- name: Terraform Output
id: output
run: echo spring_apps_service_name=$(terraform output -raw spring_apps_service_name) >> $GITHUB_OUTPUT
- name: Terraform Output
id: output-apps-rg
run: echo spring_apps_rg=$(terraform output -raw spring_apps_rg) >> $GITHUB_OUTPUT
deploy_acme_fitness_infra:
name: Deploy ACME Fitness Store Infrastructure
needs: [deploy_lz_enterprise, deploy_lz_shared,deploy_lz_network, conditions]
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
defaults:
run:
working-directory: Scenarios/sample-apps/fitness-store/terraform
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -out my.plan \
-var="spring_cloud_service=${{ needs.deploy_lz_enterprise.outputs.spring_apps_service_name }}" \
-var="subscription_id=${{ env.SUBSCRIPTION_ID}}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="private_zones_resource_group_name=${{ needs.deploy_lz_network.outputs.private_dns_rg }}" \
-var="resource_group=${{ needs.deploy_lz_network.outputs.spoke_rg }}" \
-var="spring_cloud_resource_group_name=${{ needs.deploy_lz_enterprise.outputs.spring_apps_rg }}" \
-var="shared_rg=${{ needs.deploy_lz_shared.outputs.shared_rg }}"
- name: Terraform Apply
run: terraform apply my.plan
build:
name: Build and Deploy ACME Fitness Microservices
needs: [deploy_acme_fitness_infra, deploy_lz_enterprise, conditions]
runs-on: ubuntu-latest
env:
SPRING_APPS_SERVICE_NAME: ${{ needs.deploy_lz_enterprise.outputs.spring_apps_service_name }}
SPRING_APPS_RESOURCE_GROUP: ${{ needs.deploy_lz_enterprise.outputs.spring_apps_rg }}
steps:
- name: Checkout ACME Fitness sample
uses: actions/checkout@v3
with:
repository: Azure-Samples/acme-fitness-store.git
path: fitness-store
ref: Azure
- name: Azure CLI Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set up Azure Spring Extension
run: |
az extension add --name spring
az account set --subscription ${{ env.ARM_SUBSCRIPTION_ID }}
az configure --defaults group=${{ env.SPRING_APPS_RESOURCE_GROUP }} spring=${{env.SPRING_APPS_SERVICE_NAME}}
- name: Deploy apps/acme-catalog
run: |
az spring app deploy \
--name catalog-service \
--build-env "BP_JVM_VERSION=17" \
--jvm-options='-XX:MaxMetaspaceSize=148644K' \
--source-path ${{ github.workspace }}/fitness-store/apps/acme-catalog \
--config-file-pattern catalog
- name: Deploy apps/acme-payment
run: |
az spring app deploy \
--name payment-service \
--build-env "BP_JVM_VERSION=17" \
--jvm-options='-XX:MaxMetaspaceSize=148644K' \
--source-path ${{ github.workspace }}/fitness-store/apps/acme-payment \
--env "SPRING_DATASOURCE_AZURE_PASSWORDLESSENABLED=true" \
--config-file-pattern payment
- name: Deploy apps/acme-order
run: |
az spring app deploy \
--name order-service \
--source-path ${{ github.workspace }}/fitness-store/apps/acme-order
- name: Deploy apps/acme-cart
run: |
az spring app deploy \
--name cart-service \
--env "CART_PORT=8080" \
--source-path ${{ github.workspace }}/fitness-store/apps/acme-cart
- name: Deploy apps/acme-shopping
run: |
az spring app deploy \
--name frontend \
--source-path ${{ github.workspace }}/fitness-store/apps/acme-shopping
prepare_destroy:
needs: [conditions, build, deploy_lz_enterprise, deploy_lz_shared]
name: Prepare Spring Enterprise for Destroy
runs-on: ubuntu-latest
if: needs.conditions.outputs.destroy == 'true'
env:
SPRING_APPS_SERVICE_NAME: ${{ needs.deploy_lz_enterprise.outputs.spring_apps_service_name }}
SPRING_APPS_RESOURCE_GROUP: ${{ needs.deploy_lz_enterprise.outputs.spring_apps_rg }}
SHARED_RESOURCE_GROUP: ${{ needs.deploy_lz_shared.outputs.shared_rg}}
JUMP_HOST_NAME: ${{ needs.deploy_lz_shared.outputs.jump_host_name}}
steps:
- name: Azure CLI Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set Defaults
run: |
az account set --subscription ${{ env.ARM_SUBSCRIPTION_ID }}
az configure --defaults group=${{env.SPRING_APPS_RESOURCE_GROUP}} spring=${{ env.SPRING_APPS_SERVICE_NAME }} location=${{ env.REGION }}
az extension add --name spring
- name: Remove Ip from API
run: az spring api-portal update -g ${{needs.deploy_lz_enterprise.outputs.spring_apps_rg}} -s ${{needs.deploy_lz_enterprise.outputs.spring_apps_service_name}} --assign-endpoint false
- name: Remove Ip from gateway
run: az spring gateway update -g ${{needs.deploy_lz_enterprise.outputs.spring_apps_rg}} -s ${{needs.deploy_lz_enterprise.outputs.spring_apps_service_name}} --assign-endpoint false
- name: Delete Route Configs
run: |
az spring gateway route-config remove --name catalog-service
az spring gateway route-config remove --name frontend
az spring gateway route-config remove --name cart-service
az spring gateway route-config remove --name order-service
az spring gateway route-config remove --name identity-service
az vm start -g ${{ env.SHARED_RESOURCE_GROUP}} -n ${{env.JUMP_HOST_NAME}}
destroy_sample_app_infra:
name: Destroy Fitness Store Infrastructure
needs:
[
conditions,
deploy_lz_enterprise,
deploy_lz_shared,
deploy_lz_network,
deploy_acme_fitness_infra,
prepare_destroy
]
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
if: needs.conditions.outputs.destroy == 'true'
defaults:
run:
working-directory: Scenarios/sample-apps/fitness-store/terraform
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -destroy -out my.plan \
-var="spring_cloud_service=${{ needs.deploy_lz_enterprise.outputs.spring_apps_service_name }}" \
-var="subscription_id=${{ env.SUBSCRIPTION_ID}}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="private_zones_resource_group_name=${{ needs.deploy_lz_network.outputs.private_dns_rg }}" \
-var="resource_group=${{ needs.deploy_lz_network.outputs.spoke_rg }}" \
-var="spring_cloud_resource_group_name=${{ needs.deploy_lz_enterprise.outputs.spring_apps_rg }}" \
-var="shared_rg=${{ needs.deploy_lz_shared.outputs.shared_rg }}"
- name: Terraform Apply
run: terraform apply my.plan
destroy_lz_enterprise:
needs: [conditions, prepare_destroy,destroy_sample_app_infra]
name: Destroy 06 LZ Spring Apps Enterprise
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
if: needs.conditions.outputs.destroy == 'true'
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/06-LZ-SpringApps-Enterprise
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -destroy -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
run: terraform apply my.plan
destroy_hub_firewall:
needs: [ destroy_lz_enterprise, conditions]
name: Destroy 05 Hub Firewall
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
if: needs.conditions.outputs.destroy == 'true'
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/05-Hub-AzureFirewall
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -destroy -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
run: terraform apply my.plan
destroy_lz_shared:
needs: [destroy_hub_firewall, conditions]
name: Destroy 04 LZ Shared Resources
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
JUMP_BOX_USERNAME: ${{ needs.conditions.outputs.jumpbox_username }}
if: needs.conditions.outputs.destroy == 'true'
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/04-LZ-SharedResources
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -destroy -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}" \
-var="jump_host_admin_username=${{ env.JUMP_BOX_USERNAME }}" \
-var="jump_host_password=${{ env.JUMP_BOX_PASSWORD}}"
- name: Terraform Apply
run: terraform apply my.plan
destroy_lz_network:
needs: [destroy_lz_shared, conditions]
name: Destroy 03 LZ Network
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
if: needs.conditions.outputs.destroy == 'true'
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/03-LZ-Network
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -destroy -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
run: terraform apply my.plan
destroy_hub_network:
name: Destroy 02 Hub Network
needs: [destroy_lz_network, conditions]
runs-on: ubuntu-latest
env:
NAME_PREFIX: ${{needs.conditions.outputs.name_prefix}}
ENVIRONMENT: ${{needs.conditions.outputs.environment}}
REGION: ${{ needs.conditions.outputs.region}}
if: needs.conditions.outputs.destroy == 'true'
defaults:
run:
working-directory: Scenarios/ASA-Secure-Baseline/Terraform/02-Hub-Network
steps:
- name: Checkout this repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_wrapper: false
terraform_version: 1.5.7
- name: Terraform Init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TFSTATE_RG }}" \
-backend-config="storage_account_name=${{ env.STORAGEACCOUNTNAME }}" \
-backend-config="container_name=${{ env.CONTAINERNAME }}"
- name: Terraform Plan
run: |
terraform plan -destroy -out my.plan \
-var="state_sa_rg=${{ env.TFSTATE_RG }}" \
-var="state_sa_name=${{ env.STORAGEACCOUNTNAME }}" \
-var="state_sa_container_name=${{ env.CONTAINERNAME }}" \
-var="location=${{ env.REGION }}" \
-var="name_prefix=${{ env.NAME_PREFIX }}" \
-var="environment=${{ env.ENVIRONMENT }}" \
-var="SPRINGAPPS_SPN_OBJECT_ID=${{ env.SPRINGAPPS_SPN_OBJECT_ID }}"
- name: Terraform Apply
run: terraform apply my.plan
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку