Azure
/
ipam
зеркало из https://github.com/Azure/ipam.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updated build workflow to properly version and create a release, centralized bicep modules into a folder and made some minor changes to tooling script to support the new functionality

This commit is contained in:
Matthew Garrett 2024-02-20 10:16:43 -08:00
Родитель f7956591fc
Коммит 01f865de49
14 изменённых файлов: 202 добавлений и 212 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

113
.github/workflows/azure-ipam-build.yml поставляемый
Просмотреть файл

@ -8,18 +8,101 @@ on:
permissions: permissions:
id-token: write id-token: write
contents: read contents: write
env: env:
ACR_NAME: ${{ vars.IPAM_PROD_ACR }} ACR_NAME: ${{ vars.IPAM_PROD_ACR }}
jobs: jobs:
deploy: version:
name: Update Azure IPAM Containers name: Update Azure IPAM Version
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs:
ipamVersion: ${{ steps.updateVersion.outputs.ipamVersion }}
steps: steps:
- run: echo "Job triggered by a ${{ github.event_name }} event to main." - run: echo "Job triggered by a ${{ github.event_name }} event to main."
- name: Checkout Azure IPAM Code
uses: actions/checkout@v4
- name: "Increment Azure IPAM Version"
id: updateVersion
working-directory: tools
shell: pwsh
run: |
$commitMsg = "${{ github.event.head_commit.message }}"
$version = [regex]::matches($commitMsg, '(?<=\[version:).*(?=])').value
$major = $commitMsg -match '(?<=\[)major(?=])'
$minor = $commitMsg -match '(?<=\[)minor(?=])'
$build = $commitMsg -match '(?<=\[)build(?=])'
try {
$version = [System.Version]$version
$newVersion = "{0}.{1}.{2}" -f $version.Major, $version.Minor, $version.Build
} catch {
$newVersion = $null
}
if ($newVersion) {
./version.ps1 -Version $newVersion
} else if ($major) {
./version.ps1 -BumpMajor
} else if ($minor) {
./version.ps1 -BumpMinor
} else {
./version.ps1 -BumpBuild
}
- name: "Create Azure IPAM ZIP Asset"
id: buildZipAsset
working-directory: tools
shell: pwsh
run: |
./build.ps1 -Path ../assets/
- name: Commit Updated Azure IPAM Code
id: commitCode
run: |
git config --global user.name "GitHub Actions"
git config --global user.email "ipams@users.noreply.github.com"
git commit -a -m "Updated Azure IPAM Version"
git push
release:
name: Create Azure IPAM Release
runs-on: ubuntu-latest
steps:
- name: Checkout Azure IPAM Code
uses: actions/checkout@v4
with:
sparse-checkout: |
assets
- name: Publish Azure IPAM Release
id: publishRelease
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
tag_name: v${{ needs.version.outputs.ipamVersion }}
release_name: Release v${{ needs.version.outputs.ipamVersion }}
run: |
gh release create "$tag_name" \
--repo="$GITHUB_REPOSITORY" \
--title="$release_name" \
--notes "Azure IPAM Release"
- name: Upload Azure IPAM Release Asset
id: uploadReleaseAsset
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
tag_name: v${{ needs.version.outputs.ipamVersion }}
asset_path: ./assets/ipam.zip
run: |
gh release upload "$tag_name" "$asset_path"
update:
name: Update Azure IPAM Containers
runs-on: ubuntu-latest
steps:
- name: Azure login - name: Azure login
uses: azure/login@v1 uses: azure/login@v1
with: with:
@ -29,29 +112,21 @@ jobs:
enable-AzPSSession: true enable-AzPSSession: true
- name: Checkout Azure IPAM Code - name: Checkout Azure IPAM Code
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
sparse-checkout: | sparse-checkout: |
engine engine
ui ui
lb lb
- name: "Increment Azure IPAM Version"
id: updateVersion
shell: pwsh
run: |
$newVersion = "latest"
Write-Output "ipamVersion=$newVersion" >> $Env:GITHUB_OUTPUT
- name: Build Azure IPAM Containers - name: Build Azure IPAM Containers
env: env:
IPAM_VERSION: ${{ steps.updateVersion.outputs.ipamVersion }} IPAM_VERSION: ${{ needs.version.outputs.ipamVersion }}
run: | run: |
az acr build -r $ACR_NAME -t ipam:$IPAM_VERSION -f ./Dockerfile.deb . az acr build -r $ACR_NAME -t ipam:$IPAM_VERSION -t ipam:latest -f ./Dockerfile.deb .
az acr build -r $ACR_NAME -t ipamfunc:$IPAM_VERSION -f ./Dockerfile.func . az acr build -r $ACR_NAME -t ipamfunc:$IPAM_VERSION -t ipamfunc:latest -f ./Dockerfile.func .
az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -f ./engine/Dockerfile.deb ./engine az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -t ipam-engine:latest -f ./engine/Dockerfile.deb ./engine
az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -f ./engine/Dockerfile.func ./engine az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -t ipam-func:latest -f ./engine/Dockerfile.func ./engine
az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -f ./ui/Dockerfile.deb ./ui az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -t ipam-ui:latest -f ./ui/Dockerfile.deb ./ui
az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -f ./lb/Dockerfile ./lb az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -t ipam-lb:latest -f ./lb/Dockerfile ./lb

4
.github/workflows/azure-ipam-testing.yml поставляемый
Просмотреть файл

@ -35,7 +35,7 @@ jobs:
enable-AzPSSession: true enable-AzPSSession: true
- name: Checkout Azure IPAM Code - name: Checkout Azure IPAM Code
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
sparse-checkout: | sparse-checkout: |
deploy deploy
@ -133,7 +133,7 @@ jobs:
enable-AzPSSession: true enable-AzPSSession: true
- name: Checkout Azure IPAM Code - name: Checkout Azure IPAM Code
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
sparse-checkout: | sparse-checkout: |
tests tests

16
deploy/main.bicep
Просмотреть файл

@ -62,7 +62,7 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
} }
// Log Analytics Workspace // Log Analytics Workspace
module logAnalyticsWorkspace 'logAnalyticsWorkspace.bicep' ={ module logAnalyticsWorkspace './modules/logAnalyticsWorkspace.bicep' ={
name: 'logAnalyticsWorkspaceModule' name: 'logAnalyticsWorkspaceModule'
scope: resourceGroup scope: resourceGroup
params: { params: {
@ -72,7 +72,7 @@ module logAnalyticsWorkspace 'logAnalyticsWorkspace.bicep' ={
} }
// Managed Identity for Secure Access to KeyVault // Managed Identity for Secure Access to KeyVault
module managedIdentity 'managedIdentity.bicep' = { module managedIdentity './modules/managedIdentity.bicep' = {
name: 'managedIdentityModule' name: 'managedIdentityModule'
scope: resourceGroup scope: resourceGroup
params: { params: {
@ -82,7 +82,7 @@ module managedIdentity 'managedIdentity.bicep' = {
} }
// KeyVault for Secure Values // KeyVault for Secure Values
module keyVault 'keyVault.bicep' = { module keyVault './modules/keyVault.bicep' = {
name: 'keyVaultModule' name: 'keyVaultModule'
scope: resourceGroup scope: resourceGroup
params: { params: {
@ -98,7 +98,7 @@ module keyVault 'keyVault.bicep' = {
} }
// Cosmos DB for IPAM Database // Cosmos DB for IPAM Database
module cosmos 'cosmos.bicep' = { module cosmos './modules/cosmos.bicep' = {
name: 'cosmosModule' name: 'cosmosModule'
scope: resourceGroup scope: resourceGroup
params: { params: {
@ -113,7 +113,7 @@ module cosmos 'cosmos.bicep' = {
} }
// Storage Account for Nginx Config/Function Metadata // Storage Account for Nginx Config/Function Metadata
module storageAccount 'storageAccount.bicep' = if (deployAsFunc) { module storageAccount './modules/storageAccount.bicep' = if (deployAsFunc) {
scope: resourceGroup scope: resourceGroup
name: 'storageAccountModule' name: 'storageAccountModule'
params: { params: {
@ -127,7 +127,7 @@ module storageAccount 'storageAccount.bicep' = if (deployAsFunc) {
} }
// Container Registry // Container Registry
module containerRegistry 'containerRegistry.bicep' = if (privateAcr) { module containerRegistry './modules/containerRegistry.bicep' = if (privateAcr) {
scope: resourceGroup scope: resourceGroup
name: 'containerRegistryModule' name: 'containerRegistryModule'
params: { params: {
@ -138,7 +138,7 @@ module containerRegistry 'containerRegistry.bicep' = if (privateAcr) {
} }
// App Service w/ Docker Compose + CI // App Service w/ Docker Compose + CI
module appService 'appService.bicep' = if (!deployAsFunc) { module appService './modules/appService.bicep' = if (!deployAsFunc) {
scope: resourceGroup scope: resourceGroup
name: 'appServiceModule' name: 'appServiceModule'
params: { params: {
@ -160,7 +160,7 @@ module appService 'appService.bicep' = if (!deployAsFunc) {
} }
// Function App // Function App
module functionApp 'functionApp.bicep' = if (deployAsFunc) { module functionApp './modules/functionApp.bicep' = if (deployAsFunc) {
scope: resourceGroup scope: resourceGroup
name: 'functionAppModule' name: 'functionAppModule'
params: { params: {

4
deploy/appService.bicep → deploy/modules/appService.bicep
Просмотреть файл

@ -140,10 +140,6 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = {
name: 'SCM_DO_BUILD_DURING_DEPLOYMENT' name: 'SCM_DO_BUILD_DURING_DEPLOYMENT'
value: 'true' value: 'true'
} }
// {
// name: 'POST_BUILD_COMMAND'
// value: 'postBuild.sh'
// }
] ]
) )
} }

0
deploy/containerRegistry.bicep → deploy/modules/containerRegistry.bicep
Просмотреть файл

0
deploy/cosmos.bicep → deploy/modules/cosmos.bicep
Просмотреть файл

4
deploy/functionApp.bicep → deploy/modules/functionApp.bicep
Просмотреть файл

@ -167,10 +167,6 @@ resource functionApp 'Microsoft.Web/sites@2021-03-01' = {
name: 'SCM_DO_BUILD_DURING_DEPLOYMENT' name: 'SCM_DO_BUILD_DURING_DEPLOYMENT'
value: 'true' value: 'true'
} }
// {
// name: 'POST_BUILD_COMMAND'
// value: 'postBuild.sh'
// }
] ]
) )
} }

0
deploy/keyVault.bicep → deploy/modules/keyVault.bicep
Просмотреть файл

0
deploy/logAnalyticsWorkspace.bicep → deploy/modules/logAnalyticsWorkspace.bicep
Просмотреть файл

0
deploy/managedIdentity.bicep → deploy/modules/managedIdentity.bicep
Просмотреть файл

90
deploy/modules/storageAccount.bicep Normal file
Просмотреть файл

@ -0,0 +1,90 @@
@description('Deployment Location')
param location string = resourceGroup().location
@description('Storage Account Name')
param storageAccountName string
@description('Log Analytics Workspace ID')
param workspaceId string
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: false
}
}
resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = {
name: 'default'
parent: storageAccount
}
resource diagnosticSettingsAccount 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'diagSettingsAccount'
scope: storageAccount
properties: {
metrics: [
{
category: 'Transaction'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
]
workspaceId: workspaceId
}
}
resource diagnosticSettingsBlob 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'diagSettingsBlob'
scope: blob
properties: {
logs: [
{
category: 'StorageRead'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
{
category: 'StorageWrite'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
{
category: 'StorageDelete'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
]
metrics: [
{
category: 'Transaction'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
]
workspaceId: workspaceId
}
}
output name string = storageAccount.name

175
deploy/storageAccount.bicep
Просмотреть файл

@ -1,175 +0,0 @@
@description('Deployment Location')
param location string = resourceGroup().location
// @description('Blob Container Name')
// param containerName string = 'nginx'
// @description('Managed Identity Id')
// param managedIdentityId string
// @description('Managed Identity PrincipalId')
// param principalId string
// @description('Role Assignment GUID')
// param roleAssignmentName string = newGuid()
@description('Storage Account Name')
param storageAccountName string
@description('Log Analytics Workspace ID')
param workspaceId string
// @description('Flag to Deploy IPAM as a Function')
// param deployAsFunc bool
// var storageBlobDataContributor = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
// var storageBlobDataContributorId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', storageBlobDataContributor)
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: false
}
}
resource blob 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' existing = {
name: 'default'
parent: storageAccount
}
// resource blobContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = if (!deployAsFunc) {
// name: '${storageAccount.name}/default/${containerName}'
// }
// resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (!deployAsFunc) {
// #disable-next-line use-stable-resource-identifiers
// name: roleAssignmentName
// scope: blobContainer
// properties: {
// principalType: 'ServicePrincipal'
// roleDefinitionId: storageBlobDataContributorId
// principalId: principalId
// }
// }
// resource copyNginxConfig 'Microsoft.Resources/deploymentScripts@2020-10-01' = if (!deployAsFunc) {
// name: 'copyNginxConfig'
// location: location
// kind: 'AzurePowerShell'
// identity: {
// type: 'UserAssigned'
// userAssignedIdentities: {
// '${managedIdentityId}': {}
// }
// }
// properties: {
// azPowerShellVersion: '7.5'
// timeout: 'PT1H'
// environmentVariables: [
// {
// name: 'StorageAccountName'
// value: storageAccount.name
// }
// {
// name: 'ContainerName'
// value: containerName
// }
// {
// name: 'ResourceGroup'
// value: resourceGroup().name
// }
// {
// name: 'DeployScript'
// value: loadTextContent('../default.conf')
// }
// ]
// scriptContent: '''
// $Env:DeployScript | Out-File -FilePath ./default.conf
// $storageAccount = Get-AzStorageAccount -ResourceGroupName $Env:ResourceGroup -Name $Env:StorageAccountName
// $ctx = $storageAccount.Context
// $container = Get-AzStorageContainer -Name $Env:ContainerName -Context $ctx
// $NginxConfig = @{
// File = "./default.conf"
// Container = $Env:ContainerName
// Blob = "default.conf"
// Context = $ctx
// StandardBlobTier = "Hot"
// }
// Set-AzStorageBlobContent @NginxConfig
// '''
// cleanupPreference: 'Always'
// retentionInterval: 'PT1H'
// }
// }
resource diagnosticSettingsAccount 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'diagSettingsAccount'
scope: storageAccount
properties: {
metrics: [
{
category: 'Transaction'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
]
workspaceId: workspaceId
}
}
resource diagnosticSettingsBlob 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'diagSettingsBlob'
scope: blob
properties: {
logs: [
{
category: 'StorageRead'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
{
category: 'StorageWrite'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
{
category: 'StorageDelete'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
]
metrics: [
{
category: 'Transaction'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
]
workspaceId: workspaceId
}
}
output name string = storageAccount.name

0
tools/update.ps1 → deploy/update.ps1
Просмотреть файл

8
tools/version.ps1
Просмотреть файл

@ -47,6 +47,8 @@ New-Item -ItemType Directory -Path $logpath -Force | Out-Null
$versionLog = Join-Path -Path $logPath -ChildPath "version_$(get-date -format `"yyyyMMddhhmmsstt`").log" $versionLog = Join-Path -Path $logPath -ChildPath "version_$(get-date -format `"yyyyMMddhhmmsstt`").log"
$versionSuccess = $false
Start-Transcript -Path $versionLog | Out-Null Start-Transcript -Path $versionLog | Out-Null
try { try {
@ -144,6 +146,8 @@ try {
Write-Host "INFO: Azure IPAM versions successfully updated" -ForegroundColor Green Write-Host "INFO: Azure IPAM versions successfully updated" -ForegroundColor Green
Write-Host Write-Host
Write-Host "Updated Version -> v$updatedVersion" -ForegroundColor Yellow Write-Host "Updated Version -> v$updatedVersion" -ForegroundColor Yellow
$script:versionSuccess = $true
} }
catch { catch {
$_ | Out-File -FilePath $versionLog -Append $_ | Out-File -FilePath $versionLog -Append
@ -153,4 +157,8 @@ catch {
finally { finally {
Write-Host Write-Host
Stop-Transcript | Out-Null Stop-Transcript | Out-Null
if ($script:versionSuccess) {
Write-Output "ipamVersion=$updatedVersion" >> $Env:GITHUB_OUTPUT
}
} }