Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make Azure location configurable #476

Merged
merged 7 commits into from
May 27, 2024
Merged

Make Azure location configurable #476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a7bfaf2
Update Bash scripts for deploying environment and cluster Azure resou…
tjementum May 24, 2024
e61e0cc
Update GitHub actions for deploying infrastructure and container apps…
tjementum May 24, 2024
bb1f0ee
Extract reusable workflow for deploying infrastructure to avoid dupli…
tjementum May 24, 2024
33e609f
Update configure-continuous-deployments CLI command to read and set t…
tjementum May 22, 2024
6ef1b74
Prompt user for location of Azure resources
tjementum May 25, 2024
32ed56c
Reintroduce check for reusing existing Azure Container Registry, ensu…
tjementum May 26, 2024
ae7f611
Show error message if GitHub workflow fails and avoid starting the ne…
tjementum May 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 37 additions & 20 deletions .github/workflows/_deploy-container.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "Deploy Container"
name: Deploy Container

on:
workflow_call:
Expand All @@ -23,10 +23,19 @@ on:
type: string

jobs:
staging-west-europe-deploy:
stage:
name: Staging
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
# environment: "staging" # Manual approval disabled
if: ${{ vars.STAGING_CLUSTER_ENABLED == 'true' && github.ref == 'refs/heads/main' }}
env:
UNIQUE_PREFIX: ${{ vars.UNIQUE_PREFIX }}
ENVIRONMENT: "stage"
CLUSTER_LOCATION_ACRONYM: ${{ vars.STAGING_CLUSTER_LOCATION_ACRONYM }}
SERVICE_PRINCIPAL_ID: ${{ vars.STAGING_SERVICE_PRINCIPAL_ID }}
TENANT_ID: ${{ vars.TENANT_ID }}
SUBSCRIPTION_ID: ${{ vars.STAGING_SUBSCRIPTION_ID }}

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand All @@ -40,12 +49,12 @@ jobs:
- name: Login to Azure
uses: azure/login@v2
with:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
client-id: ${{ secrets.AZURE_SERVICE_PRINCIPAL_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
client-id: ${{ env.SERVICE_PRINCIPAL_ID }}
tenant-id: ${{ env.TENANT_ID }}
subscription-id: ${{ env.SUBSCRIPTION_ID }}

- name: Login to ACR
run: az acr login --name ${{ vars.UNIQUE_PREFIX }}stage
run: az acr login --name ${{ env.UNIQUE_PREFIX }}${{ env.ENVIRONMENT }}

- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
Expand All @@ -57,32 +66,40 @@ jobs:
docker buildx build \
--platform linux/amd64,linux/arm64 \
--build-arg VERSION=${{ inputs.version }} \
-t ${{ vars.UNIQUE_PREFIX }}stage.azurecr.io/${{ inputs.image_name }}:${{ inputs.version }} \
-t ${{ vars.UNIQUE_PREFIX }}stage.azurecr.io/${{ inputs.image_name }}:latest \
-t ${{ env.UNIQUE_PREFIX }}${{ env.ENVIRONMENT }}.azurecr.io/${{ inputs.image_name }}:${{ inputs.version }} \
-t ${{ env.UNIQUE_PREFIX }}${{ env.ENVIRONMENT }}.azurecr.io/${{ inputs.image_name }}:latest \
-f ${{ inputs.docker_file }} \
--push .
docker buildx rm

- name: Deploy Staging West Europe cluster
- name: Deploy Container
run: |
SURFIX=$(echo "${{ inputs.version }}" | sed 's/\./-/g')
az containerapp update --name ${{ inputs.image_name }} --resource-group "${{ vars.UNIQUE_PREFIX }}-stage-weu" --image "${{ vars.UNIQUE_PREFIX }}stage.azurecr.io/${{ inputs.image_name }}:${{ inputs.version }}" --revision-suffix $SURFIX
az containerapp update --name ${{ inputs.image_name }} --resource-group "${{ env.UNIQUE_PREFIX }}-${{ env.ENVIRONMENT }}-${{ env.CLUSTER_LOCATION_ACRONYM }}" --image "${{ env.UNIQUE_PREFIX }}${{ env.ENVIRONMENT }}.azurecr.io/${{ inputs.image_name }}:${{ inputs.version }}" --revision-suffix $SURFIX

production-west-europe-deploy:
prod1:
name: Production
if: false && github.ref == 'refs/heads/main' ## Disable production for now
needs: staging-west-europe-deploy
needs: stage
environment: "production" # Force a manual approval
runs-on: ubuntu-latest
environment: "production" ## Force a manual approval
if: ${{ vars.PRODUCTION_CLUSTER1_ENABLED == 'true' && github.ref == 'refs/heads/main' }}
env:
UNIQUE_PREFIX: ${{ vars.UNIQUE_PREFIX }}
ENVIRONMENT: "prod"
CLUSTER_LOCATION_ACRONYM: ${{ vars.PRODUCTION_CLUSTER1_LOCATION_ACRONYM }}
SERVICE_PRINCIPAL_ID: ${{ vars.PRODUCTION_SERVICE_PRINCIPAL_ID }}
TENANT_ID: ${{ vars.TENANT_ID }}
SUBSCRIPTION_ID: ${{ vars.PRODUCTION_SUBSCRIPTION_ID }}

steps:
- name: Login to Azure
uses: azure/login@v2
with:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
client-id: ${{ secrets.AZURE_SERVICE_PRINCIPAL_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
client-id: ${{ env.SERVICE_PRINCIPAL_ID }}
tenant-id: ${{ env.TENANT_ID }}
subscription-id: ${{ env.SUBSCRIPTION_ID }}

- name: Deploy Production West Europe cluster
- name: Deploy Container
run: |
SURFIX=$(echo "${{ inputs.version }}" | sed 's/\./-/g')
az containerapp update --name ${{ inputs.image_name }} --resource-group "${{ vars.UNIQUE_PREFIX }}-prod-weu" --image "${{ vars.UNIQUE_PREFIX }}prod.azurecr.io/${{ inputs.image_name }}:${{ inputs.version }}" --revision-suffix $SURFIX
az containerapp update --name ${{ inputs.image_name }} --resource-group "${{ env.UNIQUE_PREFIX }}-${{ env.ENVIRONMENT }}-${{ env.CLUSTER_LOCATION_ACRONYM }}" --image "${{ env.UNIQUE_PREFIX }}${{ env.ENVIRONMENT }}.azurecr.io/${{ inputs.image_name }}:${{ inputs.version }}" --revision-suffix $SURFIX
126 changes: 126 additions & 0 deletions .github/workflows/_deploy-infrastructure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
name: Plan and Deploy Infrastructure

on:
workflow_call:
inputs:
github_environment:
required: true
type: string
include_shared_environment_resources:
required: true
type: boolean
unique_prefix:
required: true
type: string
azure_environment:
required: true
type: string
shared_location:
required: true
type: string
cluster_location:
required: true
type: string
cluster_location_acronym:
required: true
type: string
sql_admin_object_id:
required: true
type: string
domain_name:
required: true
type: string
service_principal_id:
required: true
type: string
tenant_id:
required: true
type: string
subscription_id:
required: true
type: string
deployment_enabled:
required: true
type: string

jobs:
plan:
name: "Planning"
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4

- name: Install Bicep CLI
run: |
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 &&
chmod +x ./bicep &&
sudo mv ./bicep /usr/local/bin/bicep &&
bicep --version

- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ inputs.service_principal_id }}
tenant-id: ${{ inputs.tenant_id }}
subscription-id: ${{ inputs.subscription_id }}

- name: Plan Shared Environment Resources
if: ${{ inputs.include_shared_environment_resources == true }}
run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.shared_location }} --plan

- name: Plan Cluster Resources
id: deploy_cluster
run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location }} ${{ inputs.cluster_location_acronym }} ${{ inputs.sql_admin_object_id }} ${{ inputs.domain_name }} --plan

deploy:
name: "Deploying"
if: ${{ inputs.deployment_enabled == 'true' && github.ref == 'refs/heads/main' }}
needs: plan
environment: "${{ inputs.github_environment }}"
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4

- name: Install Bicep CLI
run: |
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 &&
chmod +x ./bicep &&
sudo mv ./bicep /usr/local/bin/bicep &&
bicep --version

- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ inputs.service_principal_id }}
tenant-id: ${{ inputs.tenant_id }}
subscription-id: ${{ inputs.subscription_id }}

- name: Deploy Shared Environment Resources
if: ${{ inputs.include_shared_environment_resources == true }}
run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.shared_location }} --apply

- name: Deploy Cluster Resources
id: deploy_cluster
run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location }} ${{ inputs.cluster_location_acronym }} ${{ inputs.sql_admin_object_id }} ${{ inputs.domain_name }} --apply

- name: Refresh Azure Tokens # The previous step may take a while, so we refresh the token to avoid timeouts
uses: azure/login@v2
with:
client-id: ${{ inputs.service_principal_id }}
tenant-id: ${{ inputs.tenant_id }}
subscription-id: ${{ inputs.subscription_id }}

- name: Replace Classic sqlcmd (ODBC) with sqlcmd (GO)
run: |
sudo apt-get remove -y mssql-tools &&
curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc &&
sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/22.04/prod.list)" &&
sudo apt-get update &&
sudo apt-get install -y sqlcmd

- name: Grant Database Permissions
run: |
bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location_acronym }} 'account-management' ${{ steps.deploy_cluster.outputs.ACCOUNT_MANAGEMENT_IDENTITY_CLIENT_ID }}
bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location_acronym }} 'back-office' ${{ steps.deploy_cluster.outputs.BACK_OFFICE_IDENTITY_CLIENT_ID }}
2 changes: 2 additions & 0 deletions .github/workflows/account-management.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ jobs:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.generate_version.outputs.version }}

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down Expand Up @@ -124,6 +125,7 @@ jobs:
name: Code Style and Linting
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/app-gateway.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ jobs:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.generate_version.outputs.version }}

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down Expand Up @@ -88,6 +89,7 @@ jobs:
name: Code Style and Linting
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/back-office.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ jobs:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.generate_version.outputs.version }}

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down Expand Up @@ -124,6 +125,7 @@ jobs:
name: Code Style and Linting
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down
Loading