From d62ec6fd1e8d18c788d749090ee6d1e0b0b6f40a Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Wed, 18 Oct 2023 16:22:47 -0700 Subject: [PATCH 1/8] Fix Tests run on daily schedule #31 --- .github/workflows/infra-validation.yaml | 36 ---------- .github/workflows/stale-bot.yml | 19 +++++ .github/workflows/template-validation.yaml | 81 ++++++++++++++++++++++ 3 files changed, 100 insertions(+), 36 deletions(-) delete mode 100644 .github/workflows/infra-validation.yaml create mode 100644 .github/workflows/stale-bot.yml create mode 100644 .github/workflows/template-validation.yaml diff --git a/.github/workflows/infra-validation.yaml b/.github/workflows/infra-validation.yaml deleted file mode 100644 index 8dc77f5..0000000 --- a/.github/workflows/infra-validation.yaml +++ /dev/null @@ -1,36 +0,0 @@ -name: Validate AZD template -on: - push: - branches: [ main ] - paths: - - "infra/**" - pull_request: - branches: [ main ] - paths: - - "infra/**" - -jobs: - build: - - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Build Bicep for linting - uses: azure/CLI@v1 - with: - inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout - - - name: Run Microsoft Security DevOps Analysis - uses: microsoft/security-devops-action@preview - id: msdo - continue-on-error: true - with: - tools: templateanalyzer - - - name: Upload alerts to Security tab - uses: github/codeql-action/upload-sarif@v2 - if: github.repository == 'Azure-Samples/azure-search-openai-demo' - with: - sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml new file mode 100644 index 0000000..44dc9ab --- /dev/null +++ b/.github/workflows/stale-bot.yml @@ -0,0 +1,19 @@ +name: 'Close stale issues and PRs' +on: + schedule: + - cron: '30 1 * * *' + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v8 + with: + stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.' + stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed.' + close-issue-message: 'This issue was closed because it has been stalled for 7 days with no activity.' + close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.' + days-before-issue-stale: 60 + days-before-pr-stale: 60 + days-before-issue-close: -1 + days-before-pr-close: -1 diff --git a/.github/workflows/template-validation.yaml b/.github/workflows/template-validation.yaml new file mode 100644 index 0000000..476746a --- /dev/null +++ b/.github/workflows/template-validation.yaml @@ -0,0 +1,81 @@ +name: Validate AZD template +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '0 0 * * *' # Run at midnight every day + +jobs: + infra: + name: "Infra Biceps Validation" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build Bicep for linting + uses: azure/CLI@v1 + with: + inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout + + - name: Run Microsoft Security DevOps Analysis + uses: microsoft/security-devops-action@preview + id: msdo + continue-on-error: true + with: + tools: templateanalyzer + + - name: Upload alerts to Security tab + uses: github/codeql-action/upload-sarif@v2 + if: github.repository == 'Azure-Samples/azure-search-openai-demo' + with: + sarif_file: ${{ steps.msdo.outputs.sarifFile }} + + frontend: + name: "Front-end validation" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build React Frontend + run: | + echo "Building front-end and merge into Spring Boot static folder. Environment [${{ steps.set-deploy-env.outputs.DEPLOY_ENVIRONMENT }}]" + cd ./app/frontend + npm install + npm run build + + backend: + name: "Backend validation" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Java version + uses: actions/setup-java@v2 + with: + distribution: 'microsoft' + java-version: '17' + cache: 'maven' + + - name: Set environment for branch + id: set-deploy-env + run: | + if [[ $GITHUB_REF_NAME == 'refs/heads/main' ]]; then + echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" + elif [[ $GITHUB_REF_NAME == 'refs/heads/develop' ]]; then + echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" + elif [[ $GITHUB_REF_NAME == 'refs/heads/release' ]]; then + echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" + else + echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" + fi + + - name: Build Spring Boot App + run: | + echo "Building Spring Boot app. Environment [${{ steps.set-deploy-env.outputs.DEPLOY_ENVIRONMENT }}]" + cd ./app/backend + ./mvnw verify From b9b2cafc82312ff2e9fcf3e66a10290a7138ec52 Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Wed, 18 Oct 2023 16:26:43 -0700 Subject: [PATCH 2/8] Push to prod only when a new tag is made --- .github/workflows/app-ci.yaml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/workflows/app-ci.yaml b/.github/workflows/app-ci.yaml index f92b36c..598353f 100644 --- a/.github/workflows/app-ci.yaml +++ b/.github/workflows/app-ci.yaml @@ -1,16 +1,10 @@ -# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy -# More GitHub Actions for Azure: https://github.com/Azure/actions -# More info on Python, GitHub Actions, and Azure App Service: https://aka.ms/python-webapps-actions - -name: App Continuous Integration pipeline +name: Deploy to Production (Azure) on: push: - branches: - - app-ci-github-actions - - main - pull_request: - branches: [ main ] + # Pattern matched against refs/tags + tags: + - '*' # Push events to every tag not containing / workflow_dispatch: jobs: From c2710bc27731d9cb3048890941266ca29f2b8417 Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Wed, 1 Nov 2023 10:09:16 -0700 Subject: [PATCH 3/8] Continuous delivery when changes are pushed to main --- .github/workflows/app-ci.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/app-ci.yaml b/.github/workflows/app-ci.yaml index 598353f..6082aea 100644 --- a/.github/workflows/app-ci.yaml +++ b/.github/workflows/app-ci.yaml @@ -2,9 +2,8 @@ name: Deploy to Production (Azure) on: push: - # Pattern matched against refs/tags - tags: - - '*' # Push events to every tag not containing / + branches: + - main workflow_dispatch: jobs: From 30615613f295c8de0de1b15a94e9a9ae4a49fff4 Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Thu, 2 Nov 2023 10:33:09 -0700 Subject: [PATCH 4/8] Update .github/workflows/template-validation.yaml Co-authored-by: Derek Keeler --- .github/workflows/template-validation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-validation.yaml b/.github/workflows/template-validation.yaml index 476746a..5b057ae 100644 --- a/.github/workflows/template-validation.yaml +++ b/.github/workflows/template-validation.yaml @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Java version uses: actions/setup-java@v2 From 22cf7c3ac917cddde3dc5d58ab58c1bb0b002509 Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Thu, 2 Nov 2023 10:33:15 -0700 Subject: [PATCH 5/8] Update .github/workflows/template-validation.yaml Co-authored-by: Derek Keeler --- .github/workflows/template-validation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-validation.yaml b/.github/workflows/template-validation.yaml index 5b057ae..259fa94 100644 --- a/.github/workflows/template-validation.yaml +++ b/.github/workflows/template-validation.yaml @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build React Frontend run: | From 5e10d85e499f7ad288a887ef85a7a778f1fe2124 Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Thu, 2 Nov 2023 10:33:21 -0700 Subject: [PATCH 6/8] Update .github/workflows/template-validation.yaml Co-authored-by: Derek Keeler --- .github/workflows/template-validation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-validation.yaml b/.github/workflows/template-validation.yaml index 259fa94..a7a27a5 100644 --- a/.github/workflows/template-validation.yaml +++ b/.github/workflows/template-validation.yaml @@ -21,7 +21,7 @@ jobs: inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout - name: Run Microsoft Security DevOps Analysis - uses: microsoft/security-devops-action@preview + uses: microsoft/security-devops-action@v1 id: msdo continue-on-error: true with: From eade701c740522ba8926f417567d6188d43f4f8a Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Thu, 2 Nov 2023 10:33:25 -0700 Subject: [PATCH 7/8] Update .github/workflows/template-validation.yaml Co-authored-by: Derek Keeler --- .github/workflows/template-validation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-validation.yaml b/.github/workflows/template-validation.yaml index a7a27a5..73f2435 100644 --- a/.github/workflows/template-validation.yaml +++ b/.github/workflows/template-validation.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build Bicep for linting uses: azure/CLI@v1 From e1a14acae41c3017b1556113217dbb1cda2846fb Mon Sep 17 00:00:00 2001 From: dantelmomsft Date: Mon, 6 Nov 2023 23:06:51 +0100 Subject: [PATCH 8/8] update based on CI/CD the long term strategy --- .github/workflows/app-ci.yaml | 14 ++- .github/workflows/infra-ci.yaml | 119 +++++++++++++++++++++ .github/workflows/template-validation.yaml | 21 +--- 3 files changed, 131 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/infra-ci.yaml diff --git a/.github/workflows/app-ci.yaml b/.github/workflows/app-ci.yaml index 6082aea..cf86c81 100644 --- a/.github/workflows/app-ci.yaml +++ b/.github/workflows/app-ci.yaml @@ -1,9 +1,13 @@ -name: Deploy to Production (Azure) +name: APP CI/CD Pipeline on: push: branches: - main + paths: + - "app/**" + tags: + - v.*.*.* workflow_dispatch: jobs: @@ -26,10 +30,10 @@ jobs: run: | if [[ $GITHUB_REF_NAME == 'refs/heads/main' ]]; then echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" - elif [[ $GITHUB_REF_NAME == 'refs/heads/develop' ]]; then - echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" - elif [[ $GITHUB_REF_NAME == 'refs/heads/release' ]]; then - echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" + elif [[ $GITHUB_REF_NAME == *'refs/heads/release'* ]]; then + echo "DEPLOY_ENVIRONMENT=Test" >> "$GITHUB_OUTPUT" + elif [[ $GITHUB_REF_NAME == *'refs/tags/v'* ]]; then + echo "DEPLOY_ENVIRONMENT=Production" >> "$GITHUB_OUTPUT" else echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" fi diff --git a/.github/workflows/infra-ci.yaml b/.github/workflows/infra-ci.yaml new file mode 100644 index 0000000..278989b --- /dev/null +++ b/.github/workflows/infra-ci.yaml @@ -0,0 +1,119 @@ +name: Infra CI Pipeline + +on: + push: + branches: + - main + paths: + - "infra/**" + + workflow_dispatch: + +# To configure required secrets for connecting to Azure, simply run `azd pipeline config` + +# Set up permissions for deploying with secretless Azure federated credentials +# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication +permissions: + id-token: write + contents: read + +jobs: + validate-bicep: + name: "Infra Biceps Validation" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Build Bicep for linting + uses: azure/CLI@v1 + with: + inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout + + - name: Run Microsoft Security DevOps Analysis + uses: microsoft/security-devops-action@v1 + id: msdo + continue-on-error: true + with: + tools: templateanalyzer + + - name: Upload alerts to Security tab + uses: github/codeql-action/upload-sarif@v2 + if: github.repository == 'Azure-Samples/azure-search-openai-demo-java' + with: + sarif_file: ${{ steps.msdo.outputs.sarifFile }} + + +# deploy: +# name: "Deploy Infra and App using azd" +# runs-on: ubuntu-latest +# environment: +# name: "Development" +# env: +# AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} +# AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} +# AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} +# AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} +# steps: +# - name: Checkout +# uses: actions/checkout@v4 + +# - name: Install azd +# uses: Azure/setup-azd@v0.1.0 + +# - name: Log in with Azure (Federated Credentials) +# if: ${{ env.AZURE_CLIENT_ID != '' }} +# run: | +# azd auth login ` +# --client-id "$Env:AZURE_CLIENT_ID" ` +# --federated-credential-provider "github" ` +# --tenant-id "$Env:AZURE_TENANT_ID" +# shell: pwsh + +# - name: Log in with Azure (Client Credentials) +# if: ${{ env.AZURE_CREDENTIALS != '' }} +# run: | +# $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable; +# Write-Host "::add-mask::$($info.clientSecret)" + +# azd auth login ` +# --client-id "$($info.clientId)" ` +# --client-secret "$($info.clientSecret)" ` +# --tenant-id "$($info.tenantId)" +# shell: pwsh +# env: +# AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + +# - name: Provision Infrastructure +# run: azd provision --no-prompt +# env: +# AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} +# AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} +# AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} +# AZURE_FORMRECOGNIZER_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }} +# AZURE_FORMRECOGNIZER_SERVICE: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }} +# AZURE_OPENAI_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_SERVICE }} +# AZURE_OPENAI_SERVICE: ${{ vars.AZURE_OPENAI_SERVICE }} +# AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }} +# AZURE_SEARCH_SERVICE: ${{ vars.AZURE_SEARCH_SERVICE }} +# AZURE_SEARCH_SERVICE_RESOURCE_GROUP: ${{ vars.AZURE_SEARCH_SERVICE_RESOURCE_GROUP }} +# AZURE_STORAGE_ACCOUNT: ${{ vars.AZURE_STORAGE_ACCOUNT }} +# AZURE_STORAGE_RESOURCE_GROUP: ${{ vars.AZURE_STORAGE_RESOURCE_GROUP }} + +# - name: Deploy Application +# run: azd deploy --no-prompt +# env: +# AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} +# AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} +# AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} +# AZURE_FORMRECOGNIZER_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }} +# AZURE_FORMRECOGNIZER_SERVICE: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }} +# AZURE_OPENAI_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_SERVICE }} +# AZURE_OPENAI_SERVICE: ${{ vars.AZURE_OPENAI_SERVICE }} +# AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }} +# AZURE_SEARCH_SERVICE: ${{ vars.AZURE_SEARCH_SERVICE }} +# AZURE_SEARCH_SERVICE_RESOURCE_GROUP: ${{ vars.AZURE_SEARCH_SERVICE_RESOURCE_GROUP }} +# AZURE_STORAGE_ACCOUNT: ${{ vars.AZURE_STORAGE_ACCOUNT }} +# AZURE_STORAGE_RESOURCE_GROUP: ${{ vars.AZURE_STORAGE_RESOURCE_GROUP }} + + diff --git a/.github/workflows/template-validation.yaml b/.github/workflows/template-validation.yaml index 73f2435..ded2185 100644 --- a/.github/workflows/template-validation.yaml +++ b/.github/workflows/template-validation.yaml @@ -1,7 +1,5 @@ name: Validate AZD template on: - push: - branches: [ main ] pull_request: branches: [ main ] schedule: @@ -29,7 +27,7 @@ jobs: - name: Upload alerts to Security tab uses: github/codeql-action/upload-sarif@v2 - if: github.repository == 'Azure-Samples/azure-search-openai-demo' + if: github.repository == 'Azure-Samples/azure-search-openai-demo-java' with: sarif_file: ${{ steps.msdo.outputs.sarifFile }} @@ -42,7 +40,7 @@ jobs: - name: Build React Frontend run: | - echo "Building front-end and merge into Spring Boot static folder. Environment [${{ steps.set-deploy-env.outputs.DEPLOY_ENVIRONMENT }}]" + echo "Building front-end and merge into Spring Boot static folder." cd ./app/frontend npm install npm run build @@ -61,21 +59,8 @@ jobs: java-version: '17' cache: 'maven' - - name: Set environment for branch - id: set-deploy-env - run: | - if [[ $GITHUB_REF_NAME == 'refs/heads/main' ]]; then - echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" - elif [[ $GITHUB_REF_NAME == 'refs/heads/develop' ]]; then - echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" - elif [[ $GITHUB_REF_NAME == 'refs/heads/release' ]]; then - echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" - else - echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT" - fi - - name: Build Spring Boot App run: | - echo "Building Spring Boot app. Environment [${{ steps.set-deploy-env.outputs.DEPLOY_ENVIRONMENT }}]" + echo "Building Spring Boot app." cd ./app/backend ./mvnw verify