Skip to content

Commit

Permalink
Merge pull request #15 from johanneswuerbach/main
Browse files Browse the repository at this point in the history 
feat: azure support
  • Loading branch information
@johanneswuerbach
johanneswuerbach authored Feb 20, 2024
2 parents d851e92 + 2c37f46 commit dc6e20b
Show file tree
Hide file tree
Showing 8 changed files with 121 additions and 5 deletions.
24 changes: 21 additions & 3 deletions .github/workflows/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ env:
# CLOUD_PROVIDER: aws
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
# CLOUD_PROVIDER: azure
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
# CLOUD_PROVIDER: gcp
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
Expand All @@ -29,7 +34,7 @@ jobs:
contents: write

env:
DOCKER_BUILDKIT: "1"
DOCKER_BUILDKIT: '1'

if: ${{ vars.CLOUD_PROVIDER }}

Expand All @@ -48,7 +53,6 @@ jobs:
with:
file_pattern: 'catalog-info.yaml templates/*.yaml'


- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
Expand All @@ -64,12 +68,26 @@ jobs:
mask-password: 'true'

- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: "set CONTAINER_REGISTRY env var"
name: set CONTAINER_REGISTRY env var
run: |
echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}

- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: configure azure credentials
uses: azure/login@v1
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: configure gcp credentials
uses: google-github-actions/auth@v1
Expand Down
12 changes: 12 additions & 0 deletions packages/backend/src/actions/get-environment.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ export function createGetEnvironmentAction({ orgId, awsRegion, cloudProvider }:
},
cloudProvider: {
type: 'string'
},
githubOIDCCustomization: {
type: 'object'
}
}
}
Expand All @@ -29,6 +32,15 @@ export function createGetEnvironmentAction({ orgId, awsRegion, cloudProvider }:
ctx.output('orgId', orgId);
ctx.output('awsRegion', awsRegion);
ctx.output('cloudProvider', cloudProvider);

let githubOIDCCustomization
if (cloudProvider === 'azure') {
githubOIDCCustomization = {
"useDefault": false,
"includeClaimKeys": ["repository_owner"]
}
}
ctx.output('githubOIDCCustomization', githubOIDCCustomization);
},
});
}
21 changes: 21 additions & 0 deletions templates/node-service/content/.github/workflows/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,13 @@ env:
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
Expand Down Expand Up @@ -62,6 +69,20 @@ jobs:
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
- name: configure azure credentials
uses: azure/login@v1
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
- name: configure gcp credentials
Expand Down
23 changes: 22 additions & 1 deletion templates/node-service/content/.github/workflows/pull_request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,13 @@ env:
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
Expand Down Expand Up @@ -80,6 +87,20 @@ jobs:
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
- name: configure azure credentials
uses: azure/login@v1
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
- name: configure gcp credentials
Expand Down Expand Up @@ -163,7 +184,7 @@ jobs:
--app ${{ env.APP_NAME }} \
--env ${{ env.ENVIRONMENT_ID }} -o json \
| jq -r '. | map(. | select(.metadata.type == "dns")) | map((.metadata.res_id | split(".") | .[1]) + ": [" + .status.resource.host + "](https://" + .status.resource.host + ")") | join("\n")')
DEPLOYMENT_ERRORS=$(humctl get deployment-error \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
Expand Down
1 change: 1 addition & 0 deletions templates/node-service/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ spec:
repoUrl: github.com?owner=humanitec-architecture&repo=${{ parameters.componentName }}
repoVisibility: public
protectDefaultBranch: false
oidcCustomization: ${{ steps.environment.output.githubOIDCCustomization }}

- id: humanitec-create-app
name: Create Humanitec App
Expand Down
21 changes: 21 additions & 0 deletions templates/podinfo-example/content/.github/workflows/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,13 @@ env:
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
Expand Down Expand Up @@ -62,6 +69,20 @@ jobs:
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
- name: configure azure credentials
uses: azure/login@v1
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
- name: configure gcp credentials
Expand Down
23 changes: 22 additions & 1 deletion templates/podinfo-example/content/.github/workflows/pull_request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,13 @@ env:
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
Expand Down Expand Up @@ -80,6 +87,20 @@ jobs:
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
{% endraw %}
{%- elif values.cloudProvider === "azure" -%}
{% raw %}
- name: configure azure credentials
uses: azure/login@v1
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
{% endraw %}
{%- elif values.cloudProvider === "gcp" -%}
{% raw %}
- name: configure gcp credentials
Expand Down Expand Up @@ -163,7 +184,7 @@ jobs:
--app ${{ env.APP_NAME }} \
--env ${{ env.ENVIRONMENT_ID }} -o json \
| jq -r '. | map(. | select(.metadata.type == "dns")) | map((.metadata.res_id | split(".") | .[1]) + ": [" + .status.resource.host + "](https://" + .status.resource.host + ")") | join("\n")')
DEPLOYMENT_ERRORS=$(humctl get deployment-error \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
Expand Down
1 change: 1 addition & 0 deletions templates/podinfo-example/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ spec:
repoUrl: github.com?owner=humanitec-architecture&repo=${{ parameters.componentName }}
repoVisibility: public
protectDefaultBranch: false
oidcCustomization: ${{ steps.environment.output.githubOIDCCustomization }}

- id: humanitec-create-app
name: Create Humanitec App
Expand Down

0 comments on commit dc6e20b

Please sign in to comment.