зеркало из https://github.com/Azure/ipam.git
Updated build workflow to properly version and create a release, centralized bicep modules into a folder and made some minor changes to tooling script to support the new functionality
This commit is contained in:
Matthew Garrett
Родитель
f7956591fc
Коммит
01f865de49
|
|
@ -8,18 +8,101 @@ on:
|
|||
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: read
|
||||
contents: write
|
||||
|
||||
env:
|
||||
ACR_NAME: ${{ vars.IPAM_PROD_ACR }}
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Update Azure IPAM Containers
|
||||
version:
|
||||
name: Update Azure IPAM Version
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
ipamVersion: ${{ steps.updateVersion.outputs.ipamVersion }}
|
||||
steps:
|
||||
- run: echo "Job triggered by a ${{ github.event_name }} event to main."
|
||||
|
||||
- name: Checkout Azure IPAM Code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: "Increment Azure IPAM Version"
|
||||
id: updateVersion
|
||||
working-directory: tools
|
||||
shell: pwsh
|
||||
run: |
|
||||
$commitMsg = "${{ github.event.head_commit.message }}"
|
||||
$version = [regex]::matches($commitMsg, '(?<=\[version:).*(?=])').value
|
||||
$major = $commitMsg -match '(?<=\[)major(?=])'
|
||||
$minor = $commitMsg -match '(?<=\[)minor(?=])'
|
||||
$build = $commitMsg -match '(?<=\[)build(?=])'
|
||||
|
||||
try {
|
||||
$version = [System.Version]$version
|
||||
$newVersion = "{0}.{1}.{2}" -f $version.Major, $version.Minor, $version.Build
|
||||
} catch {
|
||||
$newVersion = $null
|
||||
}
|
||||
|
||||
if ($newVersion) {
|
||||
./version.ps1 -Version $newVersion
|
||||
} else if ($major) {
|
||||
./version.ps1 -BumpMajor
|
||||
} else if ($minor) {
|
||||
./version.ps1 -BumpMinor
|
||||
} else {
|
||||
./version.ps1 -BumpBuild
|
||||
}
|
||||
|
||||
- name: "Create Azure IPAM ZIP Asset"
|
||||
id: buildZipAsset
|
||||
working-directory: tools
|
||||
shell: pwsh
|
||||
run: |
|
||||
./build.ps1 -Path ../assets/
|
||||
|
||||
- name: Commit Updated Azure IPAM Code
|
||||
id: commitCode
|
||||
run: |
|
||||
git config --global user.name "GitHub Actions"
|
||||
git config --global user.email "ipams@users.noreply.github.com"
|
||||
git commit -a -m "Updated Azure IPAM Version"
|
||||
git push
|
||||
|
||||
release:
|
||||
name: Create Azure IPAM Release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Azure IPAM Code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
sparse-checkout: |
|
||||
assets
|
||||
|
||||
- name: Publish Azure IPAM Release
|
||||
id: publishRelease
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
tag_name: v${{ needs.version.outputs.ipamVersion }}
|
||||
release_name: Release v${{ needs.version.outputs.ipamVersion }}
|
||||
run: |
|
||||
gh release create "$tag_name" \
|
||||
--repo="$GITHUB_REPOSITORY" \
|
||||
--title="$release_name" \
|
||||
--notes "Azure IPAM Release"
|
||||
|
||||
- name: Upload Azure IPAM Release Asset
|
||||
id: uploadReleaseAsset
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
tag_name: v${{ needs.version.outputs.ipamVersion }}
|
||||
asset_path: ./assets/ipam.zip
|
||||
run: |
|
||||
gh release upload "$tag_name" "$asset_path"
|
||||
|
||||
update:
|
||||
name: Update Azure IPAM Containers
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Azure login
|
||||
uses: azure/login@v1
|
||||
with:
|
||||
|
|
@ -29,29 +112,21 @@ jobs:
|
|||
enable-AzPSSession: true
|
||||
|
||||
- name: Checkout Azure IPAM Code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
sparse-checkout: |
|
||||
engine
|
||||
ui
|
||||
lb
|
||||
|
||||
- name: "Increment Azure IPAM Version"
|
||||
id: updateVersion
|
||||
shell: pwsh
|
||||
run: |
|
||||
$newVersion = "latest"
|
||||
|
||||
Write-Output "ipamVersion=$newVersion" >> $Env:GITHUB_OUTPUT
|
||||
|
||||
- name: Build Azure IPAM Containers
|
||||
env:
|
||||
IPAM_VERSION: ${{ steps.updateVersion.outputs.ipamVersion }}
|
||||
IPAM_VERSION: ${{ needs.version.outputs.ipamVersion }}
|
||||
run: |
|
||||
az acr build -r $ACR_NAME -t ipam:$IPAM_VERSION -f ./Dockerfile.deb .
|
||||
az acr build -r $ACR_NAME -t ipamfunc:$IPAM_VERSION -f ./Dockerfile.func .
|
||||
az acr build -r $ACR_NAME -t ipam:$IPAM_VERSION -t ipam:latest -f ./Dockerfile.deb .
|
||||
az acr build -r $ACR_NAME -t ipamfunc:$IPAM_VERSION -t ipamfunc:latest -f ./Dockerfile.func .
|
||||
|
||||
az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -f ./engine/Dockerfile.deb ./engine
|
||||
az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -f ./engine/Dockerfile.func ./engine
|
||||
az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -f ./ui/Dockerfile.deb ./ui
|
||||
az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -f ./lb/Dockerfile ./lb
|
||||
az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -t ipam-engine:latest -f ./engine/Dockerfile.deb ./engine
|
||||
az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -t ipam-func:latest -f ./engine/Dockerfile.func ./engine
|
||||
az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -t ipam-ui:latest -f ./ui/Dockerfile.deb ./ui
|
||||
az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -t ipam-lb:latest -f ./lb/Dockerfile ./lb
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ jobs:
|
|||
enable-AzPSSession: true
|
||||
|
||||
- name: Checkout Azure IPAM Code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
sparse-checkout: |
|
||||
deploy
|
||||
|
|
@ -133,7 +133,7 @@ jobs:
|
|||
enable-AzPSSession: true
|
||||
|
||||
- name: Checkout Azure IPAM Code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
sparse-checkout: |
|
||||
tests
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
|
|||
}
|
||||
|
||||
// Log Analytics Workspace
|
||||
module logAnalyticsWorkspace 'logAnalyticsWorkspace.bicep' ={
|
||||
module logAnalyticsWorkspace './modules/logAnalyticsWorkspace.bicep' ={
|
||||
name: 'logAnalyticsWorkspaceModule'
|
||||
scope: resourceGroup
|
||||
params: {
|
||||
|
|
@ -72,7 +72,7 @@ module logAnalyticsWorkspace 'logAnalyticsWorkspace.bicep' ={
|
|||
}
|
||||
|
||||
// Managed Identity for Secure Access to KeyVault
|
||||
module managedIdentity 'managedIdentity.bicep' = {
|
||||
module managedIdentity './modules/managedIdentity.bicep' = {
|
||||
name: 'managedIdentityModule'
|
||||
scope: resourceGroup
|
||||
params: {
|
||||
|
|
@ -82,7 +82,7 @@ module managedIdentity 'managedIdentity.bicep' = {
|
|||
}
|
||||
|
||||
// KeyVault for Secure Values
|
||||
module keyVault 'keyVault.bicep' = {
|
||||
module keyVault './modules/keyVault.bicep' = {
|
||||
name: 'keyVaultModule'
|
||||
scope: resourceGroup
|
||||
params: {
|
||||
|
|
@ -98,7 +98,7 @@ module keyVault 'keyVault.bicep' = {
|
|||
}
|
||||
|
||||
// Cosmos DB for IPAM Database
|
||||
module cosmos 'cosmos.bicep' = {
|
||||
module cosmos './modules/cosmos.bicep' = {
|
||||
name: 'cosmosModule'
|
||||
scope: resourceGroup
|
||||
params: {
|
||||
|
|
@ -113,7 +113,7 @@ module cosmos 'cosmos.bicep' = {
|
|||
}
|
||||
|
||||
// Storage Account for Nginx Config/Function Metadata
|
||||
module storageAccount 'storageAccount.bicep' = if (deployAsFunc) {
|
||||
module storageAccount './modules/storageAccount.bicep' = if (deployAsFunc) {
|
||||
scope: resourceGroup
|
||||
name: 'storageAccountModule'
|
||||
params: {
|
||||
|
|
@ -127,7 +127,7 @@ module storageAccount 'storageAccount.bicep' = if (deployAsFunc) {
|
|||
}
|
||||
|
||||
// Container Registry
|
||||
module containerRegistry 'containerRegistry.bicep' = if (privateAcr) {
|
||||
module containerRegistry './modules/containerRegistry.bicep' = if (privateAcr) {
|
||||
scope: resourceGroup
|
||||
name: 'containerRegistryModule'
|
||||
params: {
|
||||
|
|
@ -138,7 +138,7 @@ module containerRegistry 'containerRegistry.bicep' = if (privateAcr) {
|
|||
}
|
||||
|
||||
// App Service w/ Docker Compose + CI
|
||||
module appService 'appService.bicep' = if (!deployAsFunc) {
|
||||
module appService './modules/appService.bicep' = if (!deployAsFunc) {
|
||||
scope: resourceGroup
|
||||
name: 'appServiceModule'
|
||||
params: {
|
||||
|
|
@ -160,7 +160,7 @@ module appService 'appService.bicep' = if (!deployAsFunc) {
|
|||
}
|
||||
|
||||
// Function App
|
||||
module functionApp 'functionApp.bicep' = if (deployAsFunc) {
|
||||
module functionApp './modules/functionApp.bicep' = if (deployAsFunc) {
|
||||
scope: resourceGroup
|
||||
name: 'functionAppModule'
|
||||
params: {
|
||||
|
|
|
|||
|
|
@ -140,10 +140,6 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = {
|
|||
name: 'SCM_DO_BUILD_DURING_DEPLOYMENT'
|
||||
value: 'true'
|
||||
}
|
||||
// {
|
||||
// name: 'POST_BUILD_COMMAND'
|
||||
// value: 'postBuild.sh'
|
||||
// }
|
||||
]
|
||||
)
|
||||
}
|
||||
|
|
@ -167,10 +167,6 @@ resource functionApp 'Microsoft.Web/sites@2021-03-01' = {
|
|||
name: 'SCM_DO_BUILD_DURING_DEPLOYMENT'
|
||||
value: 'true'
|
||||
}
|
||||
// {
|
||||
// name: 'POST_BUILD_COMMAND'
|
||||
// value: 'postBuild.sh'
|
||||
// }
|
||||
]
|
||||
)
|
||||
}
|
||||
|
|
@ -0,0 +1,90 @@
|
|||
@description('Deployment Location')
|
||||
param location string = resourceGroup().location
|
||||
|
||||
@description('Storage Account Name')
|
||||
param storageAccountName string
|
||||
|
||||
@description('Log Analytics Workspace ID')
|
||||
param workspaceId string
|
||||
|
||||
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
|
||||
name: storageAccountName
|
||||
location: location
|
||||
sku: {
|
||||
name: 'Standard_LRS'
|
||||
}
|
||||
kind: 'StorageV2'
|
||||
properties: {
|
||||
accessTier: 'Hot'
|
||||
allowBlobPublicAccess: false
|
||||
}
|
||||
}
|
||||
|
||||
resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = {
|
||||
name: 'default'
|
||||
parent: storageAccount
|
||||
}
|
||||
|
||||
resource diagnosticSettingsAccount 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
|
||||
name: 'diagSettingsAccount'
|
||||
scope: storageAccount
|
||||
properties: {
|
||||
metrics: [
|
||||
{
|
||||
category: 'Transaction'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
]
|
||||
workspaceId: workspaceId
|
||||
}
|
||||
}
|
||||
|
||||
resource diagnosticSettingsBlob 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
|
||||
name: 'diagSettingsBlob'
|
||||
scope: blob
|
||||
properties: {
|
||||
logs: [
|
||||
{
|
||||
category: 'StorageRead'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
{
|
||||
category: 'StorageWrite'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
{
|
||||
category: 'StorageDelete'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
]
|
||||
metrics: [
|
||||
{
|
||||
category: 'Transaction'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
]
|
||||
workspaceId: workspaceId
|
||||
}
|
||||
}
|
||||
|
||||
output name string = storageAccount.name
|
||||
|
|
@ -1,175 +0,0 @@
|
|||
@description('Deployment Location')
|
||||
param location string = resourceGroup().location
|
||||
|
||||
// @description('Blob Container Name')
|
||||
// param containerName string = 'nginx'
|
||||
|
||||
// @description('Managed Identity Id')
|
||||
// param managedIdentityId string
|
||||
|
||||
// @description('Managed Identity PrincipalId')
|
||||
// param principalId string
|
||||
|
||||
// @description('Role Assignment GUID')
|
||||
// param roleAssignmentName string = newGuid()
|
||||
|
||||
@description('Storage Account Name')
|
||||
param storageAccountName string
|
||||
|
||||
@description('Log Analytics Workspace ID')
|
||||
param workspaceId string
|
||||
|
||||
// @description('Flag to Deploy IPAM as a Function')
|
||||
// param deployAsFunc bool
|
||||
|
||||
// var storageBlobDataContributor = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
|
||||
// var storageBlobDataContributorId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', storageBlobDataContributor)
|
||||
|
||||
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
|
||||
name: storageAccountName
|
||||
location: location
|
||||
sku: {
|
||||
name: 'Standard_LRS'
|
||||
}
|
||||
kind: 'StorageV2'
|
||||
properties: {
|
||||
accessTier: 'Hot'
|
||||
allowBlobPublicAccess: false
|
||||
}
|
||||
}
|
||||
|
||||
resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = {
|
||||
name: 'default'
|
||||
parent: storageAccount
|
||||
}
|
||||
|
||||
// resource blobContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = if (!deployAsFunc) {
|
||||
// name: '${storageAccount.name}/default/${containerName}'
|
||||
// }
|
||||
|
||||
// resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (!deployAsFunc) {
|
||||
// #disable-next-line use-stable-resource-identifiers
|
||||
// name: roleAssignmentName
|
||||
// scope: blobContainer
|
||||
// properties: {
|
||||
// principalType: 'ServicePrincipal'
|
||||
// roleDefinitionId: storageBlobDataContributorId
|
||||
// principalId: principalId
|
||||
// }
|
||||
// }
|
||||
|
||||
// resource copyNginxConfig 'Microsoft.Resources/deploymentScripts@2020-10-01' = if (!deployAsFunc) {
|
||||
// name: 'copyNginxConfig'
|
||||
// location: location
|
||||
// kind: 'AzurePowerShell'
|
||||
// identity: {
|
||||
// type: 'UserAssigned'
|
||||
// userAssignedIdentities: {
|
||||
// '${managedIdentityId}': {}
|
||||
// }
|
||||
// }
|
||||
// properties: {
|
||||
// azPowerShellVersion: '7.5'
|
||||
// timeout: 'PT1H'
|
||||
// environmentVariables: [
|
||||
// {
|
||||
// name: 'StorageAccountName'
|
||||
// value: storageAccount.name
|
||||
// }
|
||||
// {
|
||||
// name: 'ContainerName'
|
||||
// value: containerName
|
||||
// }
|
||||
// {
|
||||
// name: 'ResourceGroup'
|
||||
// value: resourceGroup().name
|
||||
// }
|
||||
// {
|
||||
// name: 'DeployScript'
|
||||
// value: loadTextContent('../default.conf')
|
||||
// }
|
||||
// ]
|
||||
// scriptContent: '''
|
||||
// $Env:DeployScript | Out-File -FilePath ./default.conf
|
||||
// $storageAccount = Get-AzStorageAccount -ResourceGroupName $Env:ResourceGroup -Name $Env:StorageAccountName
|
||||
// $ctx = $storageAccount.Context
|
||||
// $container = Get-AzStorageContainer -Name $Env:ContainerName -Context $ctx
|
||||
|
||||
// $NginxConfig = @{
|
||||
// File = "./default.conf"
|
||||
// Container = $Env:ContainerName
|
||||
// Blob = "default.conf"
|
||||
// Context = $ctx
|
||||
// StandardBlobTier = "Hot"
|
||||
// }
|
||||
|
||||
// Set-AzStorageBlobContent @NginxConfig
|
||||
// '''
|
||||
// cleanupPreference: 'Always'
|
||||
// retentionInterval: 'PT1H'
|
||||
// }
|
||||
// }
|
||||
|
||||
resource diagnosticSettingsAccount 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
|
||||
name: 'diagSettingsAccount'
|
||||
scope: storageAccount
|
||||
properties: {
|
||||
metrics: [
|
||||
{
|
||||
category: 'Transaction'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
]
|
||||
workspaceId: workspaceId
|
||||
}
|
||||
}
|
||||
|
||||
resource diagnosticSettingsBlob 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
|
||||
name: 'diagSettingsBlob'
|
||||
scope: blob
|
||||
properties: {
|
||||
logs: [
|
||||
{
|
||||
category: 'StorageRead'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
{
|
||||
category: 'StorageWrite'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
{
|
||||
category: 'StorageDelete'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
]
|
||||
metrics: [
|
||||
{
|
||||
category: 'Transaction'
|
||||
enabled: true
|
||||
retentionPolicy: {
|
||||
days: 0
|
||||
enabled: false
|
||||
}
|
||||
}
|
||||
]
|
||||
workspaceId: workspaceId
|
||||
}
|
||||
}
|
||||
|
||||
output name string = storageAccount.name
|
||||
|
|
@ -47,6 +47,8 @@ New-Item -ItemType Directory -Path $logpath -Force | Out-Null
|
|||
|
||||
$versionLog = Join-Path -Path $logPath -ChildPath "version_$(get-date -format `"yyyyMMddhhmmsstt`").log"
|
||||
|
||||
$versionSuccess = $false
|
||||
|
||||
Start-Transcript -Path $versionLog | Out-Null
|
||||
|
||||
try {
|
||||
|
|
@ -144,6 +146,8 @@ try {
|
|||
Write-Host "INFO: Azure IPAM versions successfully updated" -ForegroundColor Green
|
||||
Write-Host
|
||||
Write-Host "Updated Version -> v$updatedVersion" -ForegroundColor Yellow
|
||||
|
||||
$script:versionSuccess = $true
|
||||
}
|
||||
catch {
|
||||
$_ | Out-File -FilePath $versionLog -Append
|
||||
|
|
@ -153,4 +157,8 @@ catch {
|
|||
finally {
|
||||
Write-Host
|
||||
Stop-Transcript | Out-Null
|
||||
|
||||
if ($script:versionSuccess) {
|
||||
Write-Output "ipamVersion=$updatedVersion" >> $Env:GITHUB_OUTPUT
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче