diff --git a/.github/workflows/azure-ipam-build.yml b/.github/workflows/azure-ipam-build.yml index a4c0a31..fb85d41 100644 --- a/.github/workflows/azure-ipam-build.yml +++ b/.github/workflows/azure-ipam-build.yml @@ -8,18 +8,101 @@ on: permissions: id-token: write - contents: read + contents: write env: ACR_NAME: ${{ vars.IPAM_PROD_ACR }} jobs: - deploy: - name: Update Azure IPAM Containers + version: + name: Update Azure IPAM Version runs-on: ubuntu-latest + outputs: + ipamVersion: ${{ steps.updateVersion.outputs.ipamVersion }} steps: - run: echo "Job triggered by a ${{ github.event_name }} event to main." + - name: Checkout Azure IPAM Code + uses: actions/checkout@v4 + + - name: "Increment Azure IPAM Version" + id: updateVersion + working-directory: tools + shell: pwsh + run: | + $commitMsg = "${{ github.event.head_commit.message }}" + $version = [regex]::matches($commitMsg, '(?<=\[version:).*(?=])').value + $major = $commitMsg -match '(?<=\[)major(?=])' + $minor = $commitMsg -match '(?<=\[)minor(?=])' + $build = $commitMsg -match '(?<=\[)build(?=])' + + try { + $version = [System.Version]$version + $newVersion = "{0}.{1}.{2}" -f $version.Major, $version.Minor, $version.Build + } catch { + $newVersion = $null + } + + if ($newVersion) { + ./version.ps1 -Version $newVersion + } else if ($major) { + ./version.ps1 -BumpMajor + } else if ($minor) { + ./version.ps1 -BumpMinor + } else { + ./version.ps1 -BumpBuild + } + + - name: "Create Azure IPAM ZIP Asset" + id: buildZipAsset + working-directory: tools + shell: pwsh + run: | + ./build.ps1 -Path ../assets/ + + - name: Commit Updated Azure IPAM Code + id: commitCode + run: | + git config --global user.name "GitHub Actions" + git config --global user.email "ipams@users.noreply.github.com" + git commit -a -m "Updated Azure IPAM Version" + git push + + release: + name: Create Azure IPAM Release + runs-on: ubuntu-latest + steps: + - name: Checkout Azure IPAM Code + uses: actions/checkout@v4 + with: + sparse-checkout: | + assets + + - name: Publish Azure IPAM Release + id: publishRelease + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + tag_name: v${{ needs.version.outputs.ipamVersion }} + release_name: Release v${{ needs.version.outputs.ipamVersion }} + run: | + gh release create "$tag_name" \ + --repo="$GITHUB_REPOSITORY" \ + --title="$release_name" \ + --notes "Azure IPAM Release" + + - name: Upload Azure IPAM Release Asset + id: uploadReleaseAsset + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + tag_name: v${{ needs.version.outputs.ipamVersion }} + asset_path: ./assets/ipam.zip + run: | + gh release upload "$tag_name" "$asset_path" + + update: + name: Update Azure IPAM Containers + runs-on: ubuntu-latest + steps: - name: Azure login uses: azure/login@v1 with: @@ -29,29 +112,21 @@ jobs: enable-AzPSSession: true - name: Checkout Azure IPAM Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: sparse-checkout: | engine ui lb - - name: "Increment Azure IPAM Version" - id: updateVersion - shell: pwsh - run: | - $newVersion = "latest" - - Write-Output "ipamVersion=$newVersion" >> $Env:GITHUB_OUTPUT - - name: Build Azure IPAM Containers env: - IPAM_VERSION: ${{ steps.updateVersion.outputs.ipamVersion }} + IPAM_VERSION: ${{ needs.version.outputs.ipamVersion }} run: | - az acr build -r $ACR_NAME -t ipam:$IPAM_VERSION -f ./Dockerfile.deb . - az acr build -r $ACR_NAME -t ipamfunc:$IPAM_VERSION -f ./Dockerfile.func . + az acr build -r $ACR_NAME -t ipam:$IPAM_VERSION -t ipam:latest -f ./Dockerfile.deb . + az acr build -r $ACR_NAME -t ipamfunc:$IPAM_VERSION -t ipamfunc:latest -f ./Dockerfile.func . - az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -f ./engine/Dockerfile.deb ./engine - az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -f ./engine/Dockerfile.func ./engine - az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -f ./ui/Dockerfile.deb ./ui - az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -f ./lb/Dockerfile ./lb + az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -t ipam-engine:latest -f ./engine/Dockerfile.deb ./engine + az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -t ipam-func:latest -f ./engine/Dockerfile.func ./engine + az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -t ipam-ui:latest -f ./ui/Dockerfile.deb ./ui + az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -t ipam-lb:latest -f ./lb/Dockerfile ./lb diff --git a/.github/workflows/azure-ipam-testing.yml b/.github/workflows/azure-ipam-testing.yml index 344eadc..fd8eed3 100644 --- a/.github/workflows/azure-ipam-testing.yml +++ b/.github/workflows/azure-ipam-testing.yml @@ -35,7 +35,7 @@ jobs: enable-AzPSSession: true - name: Checkout Azure IPAM Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: sparse-checkout: | deploy @@ -133,7 +133,7 @@ jobs: enable-AzPSSession: true - name: Checkout Azure IPAM Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: sparse-checkout: | tests diff --git a/deploy/main.bicep b/deploy/main.bicep index 3e80369..48087b5 100644 --- a/deploy/main.bicep +++ b/deploy/main.bicep @@ -62,7 +62,7 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { } // Log Analytics Workspace -module logAnalyticsWorkspace 'logAnalyticsWorkspace.bicep' ={ +module logAnalyticsWorkspace './modules/logAnalyticsWorkspace.bicep' ={ name: 'logAnalyticsWorkspaceModule' scope: resourceGroup params: { @@ -72,7 +72,7 @@ module logAnalyticsWorkspace 'logAnalyticsWorkspace.bicep' ={ } // Managed Identity for Secure Access to KeyVault -module managedIdentity 'managedIdentity.bicep' = { +module managedIdentity './modules/managedIdentity.bicep' = { name: 'managedIdentityModule' scope: resourceGroup params: { @@ -82,7 +82,7 @@ module managedIdentity 'managedIdentity.bicep' = { } // KeyVault for Secure Values -module keyVault 'keyVault.bicep' = { +module keyVault './modules/keyVault.bicep' = { name: 'keyVaultModule' scope: resourceGroup params: { @@ -98,7 +98,7 @@ module keyVault 'keyVault.bicep' = { } // Cosmos DB for IPAM Database -module cosmos 'cosmos.bicep' = { +module cosmos './modules/cosmos.bicep' = { name: 'cosmosModule' scope: resourceGroup params: { @@ -113,7 +113,7 @@ module cosmos 'cosmos.bicep' = { } // Storage Account for Nginx Config/Function Metadata -module storageAccount 'storageAccount.bicep' = if (deployAsFunc) { +module storageAccount './modules/storageAccount.bicep' = if (deployAsFunc) { scope: resourceGroup name: 'storageAccountModule' params: { @@ -127,7 +127,7 @@ module storageAccount 'storageAccount.bicep' = if (deployAsFunc) { } // Container Registry -module containerRegistry 'containerRegistry.bicep' = if (privateAcr) { +module containerRegistry './modules/containerRegistry.bicep' = if (privateAcr) { scope: resourceGroup name: 'containerRegistryModule' params: { @@ -138,7 +138,7 @@ module containerRegistry 'containerRegistry.bicep' = if (privateAcr) { } // App Service w/ Docker Compose + CI -module appService 'appService.bicep' = if (!deployAsFunc) { +module appService './modules/appService.bicep' = if (!deployAsFunc) { scope: resourceGroup name: 'appServiceModule' params: { @@ -160,7 +160,7 @@ module appService 'appService.bicep' = if (!deployAsFunc) { } // Function App -module functionApp 'functionApp.bicep' = if (deployAsFunc) { +module functionApp './modules/functionApp.bicep' = if (deployAsFunc) { scope: resourceGroup name: 'functionAppModule' params: { diff --git a/deploy/appService.bicep b/deploy/modules/appService.bicep similarity index 98% rename from deploy/appService.bicep rename to deploy/modules/appService.bicep index 5dc958d..2ba28fd 100644 --- a/deploy/appService.bicep +++ b/deploy/modules/appService.bicep @@ -140,10 +140,6 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = { name: 'SCM_DO_BUILD_DURING_DEPLOYMENT' value: 'true' } - // { - // name: 'POST_BUILD_COMMAND' - // value: 'postBuild.sh' - // } ] ) } diff --git a/deploy/containerRegistry.bicep b/deploy/modules/containerRegistry.bicep similarity index 100% rename from deploy/containerRegistry.bicep rename to deploy/modules/containerRegistry.bicep diff --git a/deploy/cosmos.bicep b/deploy/modules/cosmos.bicep similarity index 100% rename from deploy/cosmos.bicep rename to deploy/modules/cosmos.bicep diff --git a/deploy/functionApp.bicep b/deploy/modules/functionApp.bicep similarity index 98% rename from deploy/functionApp.bicep rename to deploy/modules/functionApp.bicep index 514b814..4ac9c20 100644 --- a/deploy/functionApp.bicep +++ b/deploy/modules/functionApp.bicep @@ -167,10 +167,6 @@ resource functionApp 'Microsoft.Web/sites@2021-03-01' = { name: 'SCM_DO_BUILD_DURING_DEPLOYMENT' value: 'true' } - // { - // name: 'POST_BUILD_COMMAND' - // value: 'postBuild.sh' - // } ] ) } diff --git a/deploy/keyVault.bicep b/deploy/modules/keyVault.bicep similarity index 100% rename from deploy/keyVault.bicep rename to deploy/modules/keyVault.bicep diff --git a/deploy/logAnalyticsWorkspace.bicep b/deploy/modules/logAnalyticsWorkspace.bicep similarity index 100% rename from deploy/logAnalyticsWorkspace.bicep rename to deploy/modules/logAnalyticsWorkspace.bicep diff --git a/deploy/managedIdentity.bicep b/deploy/modules/managedIdentity.bicep similarity index 100% rename from deploy/managedIdentity.bicep rename to deploy/modules/managedIdentity.bicep diff --git a/deploy/modules/storageAccount.bicep b/deploy/modules/storageAccount.bicep new file mode 100644 index 0000000..8ea0c42 --- /dev/null +++ b/deploy/modules/storageAccount.bicep @@ -0,0 +1,90 @@ +@description('Deployment Location') +param location string = resourceGroup().location + +@description('Storage Account Name') +param storageAccountName string + +@description('Log Analytics Workspace ID') +param workspaceId string + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { + name: storageAccountName + location: location + sku: { + name: 'Standard_LRS' + } + kind: 'StorageV2' + properties: { + accessTier: 'Hot' + allowBlobPublicAccess: false + } +} + +resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = { + name: 'default' + parent: storageAccount +} + +resource diagnosticSettingsAccount 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { + name: 'diagSettingsAccount' + scope: storageAccount + properties: { + metrics: [ + { + category: 'Transaction' + enabled: true + retentionPolicy: { + days: 0 + enabled: false + } + } + ] + workspaceId: workspaceId + } +} + +resource diagnosticSettingsBlob 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { + name: 'diagSettingsBlob' + scope: blob + properties: { + logs: [ + { + category: 'StorageRead' + enabled: true + retentionPolicy: { + days: 0 + enabled: false + } + } + { + category: 'StorageWrite' + enabled: true + retentionPolicy: { + days: 0 + enabled: false + } + } + { + category: 'StorageDelete' + enabled: true + retentionPolicy: { + days: 0 + enabled: false + } + } + ] + metrics: [ + { + category: 'Transaction' + enabled: true + retentionPolicy: { + days: 0 + enabled: false + } + } + ] + workspaceId: workspaceId + } +} + +output name string = storageAccount.name diff --git a/deploy/storageAccount.bicep b/deploy/storageAccount.bicep deleted file mode 100644 index 1a63e9b..0000000 --- a/deploy/storageAccount.bicep +++ /dev/null @@ -1,175 +0,0 @@ -@description('Deployment Location') -param location string = resourceGroup().location - -// @description('Blob Container Name') -// param containerName string = 'nginx' - -// @description('Managed Identity Id') -// param managedIdentityId string - -// @description('Managed Identity PrincipalId') -// param principalId string - -// @description('Role Assignment GUID') -// param roleAssignmentName string = newGuid() - -@description('Storage Account Name') -param storageAccountName string - -@description('Log Analytics Workspace ID') -param workspaceId string - -// @description('Flag to Deploy IPAM as a Function') -// param deployAsFunc bool - -// var storageBlobDataContributor = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' -// var storageBlobDataContributorId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', storageBlobDataContributor) - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { - name: storageAccountName - location: location - sku: { - name: 'Standard_LRS' - } - kind: 'StorageV2' - properties: { - accessTier: 'Hot' - allowBlobPublicAccess: false - } -} - -resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = { - name: 'default' - parent: storageAccount -} - -// resource blobContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = if (!deployAsFunc) { -// name: '${storageAccount.name}/default/${containerName}' -// } - -// resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (!deployAsFunc) { -// #disable-next-line use-stable-resource-identifiers -// name: roleAssignmentName -// scope: blobContainer -// properties: { -// principalType: 'ServicePrincipal' -// roleDefinitionId: storageBlobDataContributorId -// principalId: principalId -// } -// } - -// resource copyNginxConfig 'Microsoft.Resources/deploymentScripts@2020-10-01' = if (!deployAsFunc) { -// name: 'copyNginxConfig' -// location: location -// kind: 'AzurePowerShell' -// identity: { -// type: 'UserAssigned' -// userAssignedIdentities: { -// '${managedIdentityId}': {} -// } -// } -// properties: { -// azPowerShellVersion: '7.5' -// timeout: 'PT1H' -// environmentVariables: [ -// { -// name: 'StorageAccountName' -// value: storageAccount.name -// } -// { -// name: 'ContainerName' -// value: containerName -// } -// { -// name: 'ResourceGroup' -// value: resourceGroup().name -// } -// { -// name: 'DeployScript' -// value: loadTextContent('../default.conf') -// } -// ] -// scriptContent: ''' -// $Env:DeployScript | Out-File -FilePath ./default.conf -// $storageAccount = Get-AzStorageAccount -ResourceGroupName $Env:ResourceGroup -Name $Env:StorageAccountName -// $ctx = $storageAccount.Context -// $container = Get-AzStorageContainer -Name $Env:ContainerName -Context $ctx - -// $NginxConfig = @{ -// File = "./default.conf" -// Container = $Env:ContainerName -// Blob = "default.conf" -// Context = $ctx -// StandardBlobTier = "Hot" -// } - -// Set-AzStorageBlobContent @NginxConfig -// ''' -// cleanupPreference: 'Always' -// retentionInterval: 'PT1H' -// } -// } - -resource diagnosticSettingsAccount 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { - name: 'diagSettingsAccount' - scope: storageAccount - properties: { - metrics: [ - { - category: 'Transaction' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - ] - workspaceId: workspaceId - } -} - -resource diagnosticSettingsBlob 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { - name: 'diagSettingsBlob' - scope: blob - properties: { - logs: [ - { - category: 'StorageRead' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'StorageWrite' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'StorageDelete' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - ] - metrics: [ - { - category: 'Transaction' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - ] - workspaceId: workspaceId - } -} - -output name string = storageAccount.name diff --git a/tools/update.ps1 b/deploy/update.ps1 similarity index 100% rename from tools/update.ps1 rename to deploy/update.ps1 diff --git a/tools/version.ps1 b/tools/version.ps1 index 17f6717..39c11cf 100644 --- a/tools/version.ps1 +++ b/tools/version.ps1 @@ -47,6 +47,8 @@ New-Item -ItemType Directory -Path $logpath -Force | Out-Null $versionLog = Join-Path -Path $logPath -ChildPath "version_$(get-date -format `"yyyyMMddhhmmsstt`").log" +$versionSuccess = $false + Start-Transcript -Path $versionLog | Out-Null try { @@ -144,6 +146,8 @@ try { Write-Host "INFO: Azure IPAM versions successfully updated" -ForegroundColor Green Write-Host Write-Host "Updated Version -> v$updatedVersion" -ForegroundColor Yellow + + $script:versionSuccess = $true } catch { $_ | Out-File -FilePath $versionLog -Append @@ -153,4 +157,8 @@ catch { finally { Write-Host Stop-Transcript | Out-Null + + if ($script:versionSuccess) { + Write-Output "ipamVersion=$updatedVersion" >> $Env:GITHUB_OUTPUT + } }