microsoft
/
AzureTRE
зеркало из https://github.com/microsoft/AzureTRE.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update github workflows to fix CD (#200) 

* Update GitHub workflows to fix CD
This commit is contained in:
Marcus Robinson 2021-06-09 10:17:36 +01:00 коммит произвёл GitHub
Родитель baf9f986e8
Коммит d17a613f73
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
6 изменённых файлов: 117 добавлений и 113 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

87
.github/workflows/deploy_tre.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,87 @@
name: Deploy Azure TRE
on:
schedule:
# 1am each night https://crontab.guru/#0_1_*_*_*
- cron: "0 1 * * *"
push:
branches: [ develop, main ]
workflow_dispatch:
jobs:
deploy_tre:
name: Deploy TRE
runs-on: ubuntu-latest
environment: Dev
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Install Terraform
uses: little-core-labs/install-terraform@v2.0.0
with:
version: 0.15.4
- name: Deploy TRE
shell: bash
env:
TF_VAR_tre_id: ${{ secrets.TRE_ID }}
TF_VAR_state_storage: ${{ secrets.STATE_STORAGE_ACCOUNT_NAME }}
TF_VAR_mgmt_res_group: ${{ secrets.MGMT_RESOURCE_GROUP }}
TF_VAR_state_container: ${{ secrets.TF_STATE_CONTAINER }}
TF_VAR_location: ${{ secrets.LOCATION }}
TF_VAR_acr_name: ${{ secrets.ACR_NAME }}
TF_VAR_address_space: ${{ secrets.ADDRESS_SPACE }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
run: |
export env
export USE_ENV_VARS_NOT_FILES=true
export ARM_CLIENT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientId')
export ARM_CLIENT_SECRET=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientSecret')
export ARM_SUBSCRIPTION_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.subscriptionId')
export ARM_TENANT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.tenantId')
echo $GITHUB_REF
if [ $GITHUB_EVENT_NAME == 'push' ] && [ $GITHUB_REF == 'refs/heads/develop' ]; then
TF_VAR_image_tag='develop-latest'
elif [ $GITHUB_EVENT_NAME == 'push' ] && [ $GITHUB_REF == 'refs/heads/main' ]; then
TF_VAR_image_tag='main-latest'
else
TF_VAR_image_tag=$GITHUB_SHA
fi
export TF_VAR_image_tag
make all
- name: Publish and deploy vanilla workspace bundle
shell: bash
env:
TRE_ID: ${{ secrets.TRE_ID }}
LOCATION: ${{ secrets.LOCATION }}
WORKSPACE_ID: "0001"
ADDRESS_SPACE: "10.2.1.0/24"
TF_VAR_acr_name: ${{ secrets.ACR_NAME }}
TF_VAR_tfstate_container_name: ${{ secrets.TF_STATE_CONTAINER }}
TF_VAR_tfstate_resource_group_name: ${{ secrets.MGMT_RESOURCE_GROUP }}
TF_VAR_tfstate_storage_account_name: ${{ secrets.STATE_STORAGE_ACCOUNT_NAME }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
run: |
export USE_ENV_VARS_NOT_FILES=true
export env
export ARM_CLIENT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientId')
export ARM_CLIENT_SECRET=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientSecret')
export ARM_SUBSCRIPTION_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.subscriptionId')
export ARM_TENANT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.tenantId')
curl -L https://cdn.porter.sh/latest/install-linux.sh | bash && ~/.porter/porter mixin install docker
export PATH=~/.porter/:$PATH
make workspaces-vanilla-porter-publish
make workspaces-vanilla-porter-install

23
.github/workflows/nightly-cleanup.yml поставляемый
Просмотреть файл

@ -1,23 +0,0 @@
name: Nightly Cleanup
on:
schedule:
# 1am https://crontab.guru/#0_1_*_*_*
- cron: "0 1 * * *"
workflow_dispatch:
jobs:
nightly_cleanup:
runs-on: ubuntu-latest
environment: Dev
steps:
- name: Clean management-api
uses: smartsquaregmbh/delete-old-packages@v0.3.1
with:
# Regex to delete all images created as a result of PRs, i.e. tagged with git commit SHA,
# e.g. ed6da1da779694ad13aae193dcc94ec7fa59786c to keep the package registry clean.
version-pattern: "\\b[0-9a-f]{5,40}\\b" # The regex needs to be escaped!
names: |
management-api
keep: 0

74
.github/workflows/tre-CD.yml поставляемый
Просмотреть файл

@ -1,74 +0,0 @@
name: AzureTRE Continuous Delivery
on:
push:
branches: [ develop, main ]
workflow_dispatch:
jobs:
build-and-deploy:
runs-on: ubuntu-latest
environment: Dev
env:
TF_VAR_address_space: "10.0.0.0/16"
TF_VAR_state_storage: "stgmsfttretfstate"
TF_VAR_mgmt_res_group: "rg-msft-tre-tfstate"
TF_VAR_state_container: "tfstate"
TF_VAR_location: "westeurope"
TF_VAR_image_tag: "v1"
TF_VAR_acr_name: "msfttreacr"
steps:
- uses: actions/checkout@v2
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Install Terraform
uses: little-core-labs/install-terraform@v2.0.0
with:
version: 0.14.7
- name: Make .env files
shell: bash
run: |
env_file="devops/terraform/.env"
cat <<EOF > $env_file
TF_VAR_state_storage=${{ env.TF_VAR_state_storage }}
TF_VAR_mgmt_res_group=${{ env.TF_VAR_mgmt_res_group }}
TF_VAR_state_container=${{ env.TF_VAR_state_container }}
TF_VAR_location=${{ env.TF_VAR_location }}
TF_VAR_image_tag=${{ env.TF_VAR_image_tag }}
TF_VAR_acr_name=${{ env.TF_VAR_acr_name }}
EOF
env_file="templates/core/terraform/.env"
cat <<EOF > $env_file
TF_VAR_address_space=${{ env.TF_VAR_address_space }}
EOF
- name: Make bootstrap for Terraform
shell: bash
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
run: |
export ARM_CLIENT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientId')
export ARM_CLIENT_SECRET=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientSecret')
export ARM_SUBSCRIPTION_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.subscriptionId')
export ARM_TENANT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.tenantId')
make
- name: Publish vanilla workspace bundle
shell: bash
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
run: |
export ARM_CLIENT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientId')
export ARM_CLIENT_SECRET=$(echo "$AZURE_CREDENTIALS" | jq -r '.clientSecret')
export ARM_SUBSCRIPTION_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.subscriptionId')
export ARM_TENANT_ID=$(echo "$AZURE_CREDENTIALS" | jq -r '.tenantId')
make publish-vanilla-workspace

6
devops/scripts/load_env.sh
Просмотреть файл

@ -2,8 +2,10 @@
set -e
if [ ! -f $1 ]; then
echo -e "\e[31m»»» 💥 Unable to find $1 file, please create file and try again!"
exit
if [ -z $USE_ENV_VARS_NOT_FILES ]; then
echo -e "\e[31m»»» 💥 Unable to find $1 file, please create file and try again!"
#exit
fi
else
export $(egrep -v '^#' $1 | xargs)
fi

14
docs/CD-setup.md
Просмотреть файл

@ -1,14 +0,0 @@
# Continous delivery with GitHub Actions
## Setup
Create an SPN that will be used to provision resource in your Azure subscription:
```cmd
az account set -s {SubID}
az ad sp create-for-rbac -n "MyTREAppDeployment" --role Contributor --scopes /subscriptions/{SubID} --sdk-auth
```
The output includes credentials that you must protect. Create a create a new Actions seceret in your GitHub repository and paste the JSON output.
You can now reference the seceret in your GitHub actions by setting the environment (e.g. `environment: Dev`) and then retrieving the secert: `creds: ${{ secrets.AZURE_CREDENTIALS }}`

26
docs/cd-setup.md Normal file
Просмотреть файл

@ -0,0 +1,26 @@
# Continuous Delivery with GitHub Actions
## Setup
Create an SPN that will be used to provision resources in your Azure subscription:
```cmd
az account set -s {SubID}
az ad sp create-for-rbac -n "MyTREAppDeployment" --role Owner --scopes /subscriptions/{SubID} --sdk-auth
```
Save JSON the output in a GitHub secret called `AZURE_CREDENTIALS`.
You will also need to create the following secrets:
- `TRE_ID`
- `ACR_NAME`
- `MGMT_RESOURCE_GROUP`
- `STATE_STORAGE_ACCOUNT_NAME`
- `TF_STATE_CONTAINER`
- `LOCATION`
- `ADDRESS_SPACE`
For descriptions of what each of these variables are, and example values, please review [docs/developer-quickstart.md](docs/developer-quickstart.md).
The `Deploy TRE` workflow can then be run.