From e7bcf1cf0aa7f5f0355f3fd1f29c030649335537 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Fri, 23 Aug 2024 12:13:08 +0100 Subject: [PATCH 01/37] 1901: Adding template for workflow labelling 1901: Adding template for workflow labelling 1901: Adding template for workflow labelling 1901: Adding template for workflow labelling 1901: Adding template for workflow labelling 1901: Adding template for workflow labelling 1901: Adding template for workflow labelling --- .github/workflows/build-and-deploy.yml | 23 +++- .github/workflows/delete-review-app.yml | 140 ++++------------------ Makefile | 84 ++++++------- terraform/application/.terraform.lock.hcl | 84 +++++++++++++ 4 files changed, 171 insertions(+), 160 deletions(-) create mode 100644 terraform/application/.terraform.lock.hcl diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 56ead3c4..e7c012f2 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -44,7 +44,7 @@ jobs: deploy_review_app: name: Deploy to review environment runs-on: ubuntu-latest - if: contains(github.event.pull_request.labels.*.name, 'deploy') + if: contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks') concurrency: deploy_review_${{ github.event.pull_request.number }} needs: [build_image] environment: @@ -53,8 +53,10 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/deploy-environment + - name: Deploy environment (standard) + uses: ./.github/actions/deploy-environment id: deploy + if: contains(github.event.pull_request.labels.*.name, 'deploy') with: environment_name: review image_name_tag: ${{ needs.build_image.outputs.image_name_tag }} @@ -63,8 +65,19 @@ jobs: site_up_retries: 150 startup_command: "sh /app/bin/start-review-app.sh" + - name: Deploy to AKS + uses: ./.github/actions/deploy-environment + id: deploy_aks + if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') + with: + environment: review + docker-image: ${{ needs.build_image.outputs.image_name_tag }} + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + pull-request-number: ${{ github.event.number }} + - name: Post URL to Pull Request comment uses: marocchino/sticky-pull-request-comment@v2 + if: success() && (contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks')) with: message: | Review app deployed to <${{ steps.deploy.outputs.environment_url }}> @@ -92,7 +105,7 @@ jobs: concurrency: deploy_${{ matrix.environment }} needs: [build_image, set_matrix] strategy: - fail-fast: false # this is necessary to prevent early terminiation of terraform deployments that will result in tfstate locks + fail-fast: false # this is necessary to prevent early termination of terraform deployments that will result in tfstate locks max-parallel: 3 matrix: ${{ fromJson(needs.set_matrix.outputs.deployment_matrix) }} environment: @@ -144,9 +157,9 @@ jobs: name: Notify Slack of failures runs-on: ubuntu-latest needs: [build_image, deploy_review_app, set_matrix, deploy_non_prod, deploy_prod] - environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} + environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} env: - ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} + ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} if: failure() steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index d7711e29..a398c51d 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -1,131 +1,43 @@ -name: Delete Review App +name: Delete Review App on AKS on: pull_request: - types: [closed] - branches: [main] - workflow_dispatch: - inputs: - pr_number: - description: PR number of review app to delete - required: true - type: string + branches: + - main + types: + - closed + jobs: delete-review-app: name: Delete Review App ${{ github.event.pull_request.number }} - concurrency: deploy_review_${{ github.event.pull_request.number }} + concurrency: deploy-review-${{ github.event.pull_request.number }} runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} environment: review - steps: - - uses: actions/checkout@v4 - - name: Extract configuration from tfvars - id: config - run: | - if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - PR_NUMBER=${{ github.event.inputs.pr_number }} - else - PR_NUMBER=${{ github.event.pull_request.number }} - fi - - if [ -z "$PR_NUMBER" ]; then - echo "::error ::Failed to extract PR_NUMBER" - exit 1 - fi - - RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - DEV_TFVARS=workspace_variables/dev.tfvars.json - TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - - if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - exit 1 - fi - - if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - echo "::error ::Failed to extract storage_account_name from $TFVARS" - exit 1 - fi - - if [ -z "$TERRAFORM_VERSION" ]; then - echo "::error ::Failed to extract terraform_version from terraform.tf" - exit 1 - fi - - if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - exit 1 - fi - - if [ -z "$TF_STATE_CONTAINER" ]; then - echo "::error ::Failed to extract tf_state_container from terraform.tf" - exit 1 - fi - - echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - shell: bash - env: - TFVARS: workspace_variables/review.tfvars.json - working-directory: terraform - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - run: | - TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - shell: bash + steps: + - name: Checkout + uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v3 with: - terraform_version: ${{ env.terraform_version }} - terraform_wrapper: false - - - name: Check resource group exists - run: | - GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - if [[ "$GROUP" =~ "true" ]]; then - echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - fi + terraform-version: 1.6.4 + terraform-wrapper: false - - name: Set Environment variables - if: env.REVIEW_APP_EXISTS == 'true' - run: | - TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} \ - --prefix $TF_STATE_FILE --query "[].name" -o tsv) - if [ -n "$pr_state_file" ]; then - echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - fi + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} - - name: Terraform - if: env.TF_STATE_EXISTS == 'true' - id: terraform + - name: Terraform Destroy run: | - make ci review terraform-destroy pr_id=${{ env.pr_number }} + make ci review terraform-destroy env: - ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - TF_VAR_aytq_docker_image: ${{ github.sha }} - shell: bash + PR_NUMBER: ${{ github.event.pull_request.number }} - - name: Delete tf state file - if: env.TF_STATE_EXISTS == 'true' - run: | - az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} + - name: Post Pull Request Comment + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + Review app track and pay deployed to was deleted. + Review app school placements deployed to was deleted. diff --git a/Makefile b/Makefile index 21536218..d2c49106 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,14 @@ -.DEFAULT_GOAL :=help -SHELL :=/bin/bash +.DEFAULT_GOAL := help +SHELL := /bin/bash ### AKS ### -TERRAFILE_VERSION=0.8 -ARM_TEMPLATE_TAG=1.1.10 -RG_TAGS={"Product" : "Access Your Teaching Qualifications"} -REGION=UK South -SERVICE_NAME=access-your-teaching-qualifications -SERVICE_SHORT=aytq -DOCKER_REPOSITORY=ghcr.io/dfe-digital/access-your-teaching-qualifications +TERRAFILE_VERSION = 0.8 +ARM_TEMPLATE_TAG = 1.1.10 +RG_TAGS = {"Product" : "Access Your Teaching Qualifications"} +REGION = UK South +SERVICE_NAME = access-your-teaching-qualifications +SERVICE_SHORT = aytq +DOCKER_REPOSITORY = ghcr.io/dfe-digital/access-your-teaching-qualifications ### AKS ### .PHONY: help @@ -19,7 +19,7 @@ help: ## Show this help ##@ Set environment and corresponding configuration .PHONY: dev -dev: ## set the dev enironment variables +dev: ## Set the dev environment variables $(eval DEPLOY_ENV=dev) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) $(eval RESOURCE_NAME_PREFIX=s165d01) @@ -29,7 +29,7 @@ dev: ## set the dev enironment variables $(eval RESOURCE_ENV=${ENV_SHORT}) .PHONY: test -test: ## set the test enironment variables +test: ## Set the test environment variables $(eval DEPLOY_ENV=test) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) $(eval RESOURCE_NAME_PREFIX=s165t01) @@ -39,7 +39,7 @@ test: ## set the test enironment variables $(eval RESOURCE_ENV=${ENV_SHORT}) .PHONY: preprod -preprod: ## set the pre-production enironment variables +preprod: ## Set the pre-production environment variables $(eval DEPLOY_ENV=preprod) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) $(eval RESOURCE_NAME_PREFIX=s165t01) @@ -49,7 +49,7 @@ preprod: ## set the pre-production enironment variables $(eval RESOURCE_ENV=${ENV_SHORT}) .PHONY: production -production: ## set the production enironment variables +production: ## Set the production environment variables $(eval DEPLOY_ENV=production) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production) $(eval RESOURCE_NAME_PREFIX=s165p01) @@ -67,7 +67,7 @@ review-init: $(eval ENV_TAG=dev) .PHONY: review -review: review-init set-azure-resource-group-tags +review: review-init set-azure-resource-group-tags ## Set the review environment variables $(eval DEPLOY_ENV=review) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) $(eval RESOURCE_NAME_PREFIX=s165d01) @@ -82,14 +82,14 @@ review: review-init set-azure-resource-group-tags $(eval RESOURCE_ENV=${DEPLOY_ENV}${ENV}) .PHONY: domain -domain: +domain: ## Set the production environment variables for domain operations $(eval DEPLOY_ENV=production) $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production) $(eval RESOURCE_NAME_PREFIX=s165p01) $(eval ENV_SHORT=pd) $(eval ENV_TAG=prod) -set-azure-resource-group-tags: ##Tags that will be added to resource group on it's creation in ARM template +set-azure-resource-group-tags: ## Tags that will be added to resource group on its creation in ARM template $(eval RG_TAGS=$(shell echo '{"Portfolio": "Early Years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Access Your Teaching Qualifications", "Service Line": "Teaching Workforce", "Service": "Teacher Training and Qualifications", "Service Offering": "Access Your Teaching Qualifications", "Environment" : "${ENV_TAG}"}' | jq . )) set-azure-template-tag: @@ -111,44 +111,44 @@ install-fetch-config: ## Install the fetch-config script, for viewing/editing se && chmod +x bin/fetch_config.rb \ || true -edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make edit-keyvault-secret - edit (with default editor) keyvault secret for INFRASTRUCTURE +edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## Edit (with default editor) Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \ -e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c -create-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make create-keyvault-secret - create and edit INFRASTRUCTURE secret +create-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## Create and edit Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \ -i -e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c -print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make print-keyvault-secret - print out keyvault secret for INFRASTRUCTURE +print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## Print out Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml validate-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -d quiet \ && echo Data in ${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} looks valid -terraform-init: ## make terraform-init - run terraform init against the environment +terraform-init: ## Run terraform init against the environment $(if ${IMAGE_TAG}, , $(eval export IMAGE_TAG=main)) [[ "${SP_AUTH}" != "true" ]] && az account set -s ${AZURE_SUBSCRIPTION} || true terraform -chdir=terraform init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars ${backend_config} -upgrade -reconfigure -terraform-plan: terraform-init ## make terraform-plan - run terraform init against the environment +terraform-plan: terraform-init ## Run terraform plan against the environment terraform -chdir=terraform plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json -terraform-apply: terraform-init ## make terraform-apply - run terraform init against the environment +terraform-apply: terraform-init ## Run terraform apply against the environment terraform -chdir=terraform apply -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} -terraform-destroy: terraform-init ## ## make terraform-destroy - run terraform init against the environment +terraform-destroy: terraform-init ## Run terraform destroy against the environment terraform -chdir=terraform destroy -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} -deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make deploy-azure-resources AUTO_APPROVE=1 - setup store for terraform state and keyvault storage, use AUTO_APPROVE=1 +deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## Setup store for terraform state and Key Vault storage, use AUTO_APPROVE=1 $(if ${AUTO_APPROVE}, , $(error can only run with AUTO_APPROVE)) az deployment sub create --name "resourcedeploy-aytq-$(shell date +%Y%m%d%H%M%S)" -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}aytqtfstate${ENV_SHORT}" "tfStorageContainerName=aytq-tfstate" \ "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" \ - "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" + "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" -validate-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make validate-azure-resources - runs a '--what-if' +validate-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## Runs a '--what-if' against Azure resources az deployment sub create --name "resourcedeploy-aytq-$(shell date +%Y%m%d%H%M%S)" -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}aytqtfstate${ENV_SHORT}" "tfStorageContainerName=aytq-tfstate" \ @@ -156,20 +156,21 @@ validate-azure-resources: set-azure-account set-azure-template-tag set-azure-res "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" \ --what-if -domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make domain domain-azure-resources AUTO_APPROVE=1 +domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## Setup store for terraform state for domains, use AUTO_APPROVE=1 $(if ${AUTO_APPROVE}, , $(error can only run with AUTO_APPROVE)) az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytqdomains-rg" 'tags=${RG_TAGS}' "environment=${DEPLOY_ENV}" \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}aytqdomainstf" "tfStorageContainerName=aytqdomains-tf" "keyVaultName=${RESOURCE_NAME_PREFIX}-aytqdomains-kv" -az-console: set-azure-account +az-console: set-azure-account ## Access the Azure console az container exec \ --name=${RESOURCE_NAME_PREFIX}-aytq-${NAME_ENV}-wkr-cg \ --resource-group=${RESOURCE_NAME_PREFIX}-aytq-${RESOURCE_ENV}-rg \ --exec-command="bundle exec rails c ${CONSOLE_OPTIONS}" + ### END: Legacy infrastructure - delete after AKS migration ### -ci: ## Run in automation environment +ci: ## Run in automation environment $(eval DISABLE_PASSCODE=true) $(eval AUTO_APPROVE=-auto-approve) $(eval SP_AUTH=true) @@ -179,16 +180,17 @@ ci: ## Run in automation environment # with the existing Azure deployment files: # ./global_config/ # ./terraform/application -set-azure-account: + +set-azure-account: ## Set the Azure account based on environment settings [ "${SKIP_AZURE_LOGIN}" != "true" ] && az account set -s ${AZURE_SUBSCRIPTION} || true .PHONY: aks-review -aks-review: test-cluster +aks-review: test-cluster ## Setup review environment for AKS $(if ${PR_NUMBER},,$(error Missing PR_NUMBER)) $(eval ENVIRONMENT=pr-${PR_NUMBER}) $(eval include global_config/review.sh) -composed-variables: +composed-variables: ## Compose variables needed for deployments $(eval RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg) $(eval KEYVAULT_NAMES='("${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv", "${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv")') $(eval STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}${CONFIG_SHORT}tfsa) @@ -198,7 +200,7 @@ bin/terrafile: ## Install terrafile to manage terraform modules curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \ | tar xz -C ./bin terrafile -aks-terraform-init: composed-variables bin/terrafile set-azure-account +aks-terraform-init: composed-variables bin/terrafile set-azure-account ## Initialize terraform for AKS $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=main)) ./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile @@ -216,27 +218,27 @@ aks-terraform-init: composed-variables bin/terrafile set-azure-account $(eval export TF_VAR_docker_image=${DOCKER_REPOSITORY}:${DOCKER_IMAGE_TAG}) $(eval export TF_VAR_resource_group_name=${RESOURCE_GROUP_NAME}) -aks-terraform-plan: aks-terraform-init +aks-terraform-plan: aks-terraform-init ## Plan terraform changes for AKS terraform -chdir=terraform/application plan -var-file "config/${CONFIG}.tfvars.json" -aks-terraform-apply: aks-terraform-init +aks-terraform-apply: aks-terraform-init ## Apply terraform changes for AKS terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" -aks-terraform-destroy: aks-terraform-init +aks-terraform-destroy: aks-terraform-init ## Destroy terraform resources for AKS terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" -test-cluster: +test-cluster: ## Set up the test cluster variables for AKS $(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg) $(eval CLUSTER_NAME=s189t01-tsc-test-aks) -production-cluster: +production-cluster: ## Set up the production cluster variables for AKS $(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg) $(eval CLUSTER_NAME=s189p01-tsc-production-aks) -set-what-if: +set-what-if: ## Set the 'what-if' option for ARM deployment validation $(eval WHAT_IF=--what-if) -arm-deployment: composed-variables set-azure-account +arm-deployment: composed-variables set-azure-account ## Deploy ARM resources $(if ${DISABLE_KEYVAULTS},, $(eval KV_ARG=keyVaultNames=${KEYVAULT_NAMES})) $(if ${ENABLE_KV_DIAGNOSTICS}, $(eval KV_DIAG_ARG=enableDiagnostics=${ENABLE_KV_DIAGNOSTICS} logAnalyticsWorkspaceName=${LOG_ANALYTICS_WORKSPACE_NAME}),) @@ -253,6 +255,6 @@ deploy-arm-resources: arm-deployment ## Validate ARM resource deployment. Usage: validate-arm-resources: set-what-if arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources -get-cluster-credentials: set-azure-account +get-cluster-credentials: set-azure-account ## Get AKS cluster credentials az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME} kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli) diff --git a/terraform/application/.terraform.lock.hcl b/terraform/application/.terraform.lock.hcl new file mode 100644 index 00000000..9e188f41 --- /dev/null +++ b/terraform/application/.terraform.lock.hcl @@ -0,0 +1,84 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/eppo/environment" { + version = "1.3.5" + constraints = "1.3.5" + hashes = [ + "h1:pceowuRAKcjLd+g4noIJdX6CBIWavlM4BvRTsGfH0uQ=", + "zh:00e7a6bf7f0f09cc4871d7f4fee2c943ce61c05b9802365a97703d6c2e63e3dc", + "zh:018d92e621177d053ed5c32e8220efa8c019852c4d60cc7539683bac28470d9b", + "zh:12ca5162286b80b7f46bd013ae2007641132d201af12bc6adb872f9a0ff85b7a", + "zh:2991085432bd4dc718aadfb37b2cdb6201ef73a8a0e5661411f46d9ec782e678", + "zh:2a8f6801266f89b816ebfdb441411e53f4cf1e0278e853715fb561946ad5a575", + "zh:8783a8dc846d3e71b38ca470066f506dde8040f149402f0d348e5dca7f012909", + "zh:8bc8f61e496e96c81c46e1aa59bf2155b6acc80db1ea462f2ddd665748fcda7f", + "zh:95fb102fecceb3a5b44dbe9fbe262494a0abdb6805addf1286c5d92cd4b0f779", + "zh:a158837ec561c161d3c47068e30bca341e5e4c7abff7fa72b9522438b85af4ac", + "zh:a738a7b2e953ee8059f9e68d48ae954175d001a5480f29e22d717bee9fd93f7f", + "zh:bac4b3a38eed35c91269cd008ad88862f47be99474de85e9a2efcce6564e0c24", + "zh:cd56a12eef3515fa5a5845d550be2f67989c8e65563e8fa9f5060666c0728a7c", + "zh:e3e895bc8b557b36bfa03f251df429aa0fba068f4c7ef0ed6ac551b7cba9ff86", + "zh:e959a9e826e3c33242bf4492ee12e5f8be023cf2461702c43d1833c4a8516232", + "zh:f41d9d60b205e6d536881e4af7bb9fc85ae90858bfddf695f95fbd68e01e0ad3", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.104.2" + constraints = "3.104.2" + hashes = [ + "h1:1J+ajk1s1qfjViKYSOYDb8HLOh2RIn/TAK/2s3orPuE=", + "zh:05b4a3572ce2b881fef5ec64756b060e8ce6c24c260182acf4adec38a6b29204", + "zh:0d5118f6ad64278a52b720cdbf1a6b7ab7ea1ad5bd3d9607cb558d8d25280906", + "zh:2196f49d73bf862a046b24e143f5d658bbb01bfb4e8582a88eb3907ff4f69730", + "zh:285c1a65bf3b70859110c2bbafefa4483d450840282a57f349b81b17367bbb26", + "zh:2efbd00970952761d60043c41e983dc6930678ef179de2b27ed00437fa711703", + "zh:6b7e26e6ba3a639e2a26b2e64f4629e28a44a9572f4203c30cb1c611f37ddb21", + "zh:8149b7aada49cac3ef49d7595d2fc2e3a573f4c01d272a6a4111efa089f2e44f", + "zh:9674f741d7be268778a0f0a59174130800f8977747ef16a1dd6446031c7ae8d4", + "zh:aed0e78df3c5de8eaa8c8cacb4e3c48ec26683f2e35dd42eabc1242592fad247", + "zh:c0c97188d9a5a26c5ce2dbcc1c6b31fb73469bb2e422e64a1dda25c9355c341c", + "zh:e883eca472593e34f2f93282973c148114eab19fceb8348fc82e91293b247118", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.32.0" + constraints = "2.32.0" + hashes = [ + "h1:3j4XBR5UWQA7xXaiEnzZp0bHbcwOhWetHYKTWIrUTI0=", + "zh:0e715d7fb13a8ad569a5fdc937b488590633f6942e986196fdb17cd7b8f7720e", + "zh:495fc23acfe508ed981e60af9a3758218b0967993065e10a297fdbc210874974", + "zh:4b930a8619910ef528bc90dae739cb4236b9b76ce41367281e3bc3cf586101c7", + "zh:5344405fde7b1febf0734052052268ee24e7220818155702907d9ece1c0697c7", + "zh:92ee11e8c23bbac3536df7b124456407f35c6c2468bc0dbab15c3fc9f414bd0e", + "zh:a45488fe8d5bb59c49380f398da5d109a4ac02ebc10824567dabb87f6102fda8", + "zh:a4a0b57cf719a4c91f642436882b7bea24d659c08a5b6f4214ce4fe6a0204caa", + "zh:b7a27a6d11ba956a2d7b0f7389a46ec857ebe46ae3aeee537250e66cac15bf03", + "zh:bf94ce389028b686bfa70a90f536e81bb776c5c20ab70138bbe5c3d0a04c4253", + "zh:d965b2608da0212e26a65a0b3f33c5baae46cbe839196be15d93f70061516908", + "zh:f441fc793d03057a17af8bdca8b26d54916645bc5c148f54e22a54ed39089e83", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.2" + hashes = [ + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + ] +} From 036a3f4efb6b67b5e0c0c951b5ceb3d63e0fcfd0 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 27 Aug 2024 16:09:43 +0100 Subject: [PATCH 02/37] 1901: Adding seperate deploy action for AKS and modifying commands to match existing makefile 1901: correcting deploy action reference 1901: correcting deploy action reference 1901: correcting deploy action reference --- .../actions/deploy-environment-aks/action.yml | 76 +++++++++++++++++++ .github/workflows/build-and-deploy.yml | 31 ++++++-- 2 files changed, 99 insertions(+), 8 deletions(-) create mode 100644 .github/actions/deploy-environment-aks/action.yml diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml new file mode 100644 index 00000000..d466ec92 --- /dev/null +++ b/.github/actions/deploy-environment-aks/action.yml @@ -0,0 +1,76 @@ +name: Deploy environment to AKS +description: Deploys an application environment to AKS + +inputs: + environment: + description: The name of the environment + required: true + docker-image: + description: The Docker image to deploy + required: true + azure-credentials: + description: JSON object containing a service principal that can read from Azure Key Vault + required: true + pull-request-number: + description: The pull request number which triggered this deploy. + required: false + +runs: + using: composite + + steps: + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ inputs.azure-credentials }} + + - name: Terraform Apply + shell: bash + run: | + make ci ${{ inputs.environment }} aks-terraform-apply + env: + DOCKER_IMAGE_TAG: ${{ inputs.docker-image }} + PR_NUMBER: ${{ inputs.pull-request-number }} + + - name: Extract Terraform outputs + shell: bash + id: set_outputs + run: | + output=$(terraform -chdir=terraform/application output -json ingress_hostnames) + echo "HOSTNAMES=$output" >> $GITHUB_ENV + + # # Check new site is up + # - run: | + # echo "Checking new site is up" + # attempt_counter=0 + # max_attempts=$RETRIES + + # HEALTH_URL="${{ env.app_fqdn }}/health/all.json" + # HEALTH_RESPONSE=$(curl $HEALTH_URL --silent) + # APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*") + # APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line') + # APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line') + # echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS" + # until [[ "$EXPECTED_SHA" == "$APP_SHA" && "$APP_STATUS" == "true" && "$APP_DATABASE_STATUS" == "true" ]]; do + # if [ ${attempt_counter} -eq ${max_attempts} ];then + # echo "Max attempts reached" + # exit 1 + # fi + # echo "Attempt $attempt_counter: new site not up, retrying in 5 seconds ..." + # sleep 5 + # attempt_counter=$(($attempt_counter+1)) + + # HEALTH_RESPONSE=$(curl $HEALTH_URL --silent) + # APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*") + # APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line') + # APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line') + # echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS" + # done + # shell: bash + # env: + # EXPECTED_SHA: ${{ inputs.image_tag }} + # RETRIES: ${{ inputs.site_up_retries }} diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index e7c012f2..a8e8c0b3 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -44,7 +44,7 @@ jobs: deploy_review_app: name: Deploy to review environment runs-on: ubuntu-latest - if: contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks') + if: contains(github.event.pull_request.labels.*.name, 'deploy') concurrency: deploy_review_${{ github.event.pull_request.number }} needs: [build_image] environment: @@ -53,10 +53,8 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Deploy environment (standard) - uses: ./.github/actions/deploy-environment + - uses: ./.github/actions/deploy-environment id: deploy - if: contains(github.event.pull_request.labels.*.name, 'deploy') with: environment_name: review image_name_tag: ${{ needs.build_image.outputs.image_name_tag }} @@ -65,19 +63,36 @@ jobs: site_up_retries: 150 startup_command: "sh /app/bin/start-review-app.sh" + - name: Post URL to Pull Request comment + uses: marocchino/sticky-pull-request-comment@v2 + with: + message: | + Review app deployed to <${{ steps.deploy.outputs.environment_url }}> + + deploy_review_app_aks: + name: Deploy to review environment for AKS + runs-on: ubuntu-latest + if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') + concurrency: deploy_review_${{ github.event.pull_request.number }} + needs: [build_image] + environment: + name: aks-review + + steps: + - uses: actions/checkout@v4 + - name: Deploy to AKS - uses: ./.github/actions/deploy-environment + uses: ./.github/actions/deploy-environment-aks id: deploy_aks - if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') with: - environment: review + environment: aks-review docker-image: ${{ needs.build_image.outputs.image_name_tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} pull-request-number: ${{ github.event.number }} - name: Post URL to Pull Request comment uses: marocchino/sticky-pull-request-comment@v2 - if: success() && (contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks')) + if: success() with: message: | Review app deployed to <${{ steps.deploy.outputs.environment_url }}> From 10bb8b3b23f5a1bd6b4c7aa1edc7a5aeb54323e5 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 27 Aug 2024 17:01:36 +0100 Subject: [PATCH 03/37] 1901: Adding autoapprove --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d2c49106..48589198 100644 --- a/Makefile +++ b/Makefile @@ -222,7 +222,7 @@ aks-terraform-plan: aks-terraform-init ## Plan terraform changes for AKS terraform -chdir=terraform/application plan -var-file "config/${CONFIG}.tfvars.json" aks-terraform-apply: aks-terraform-init ## Apply terraform changes for AKS - terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" + terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} aks-terraform-destroy: aks-terraform-init ## Destroy terraform resources for AKS terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" From 72474b3f6cb8d50f1ad4e611e9cdb40c8b0adb10 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 27 Aug 2024 17:18:08 +0100 Subject: [PATCH 04/37] 1901: Correcting image tag reference 1901: Correcting image tag reference --- .github/actions/deploy-environment-aks/action.yml | 6 +++--- .github/workflows/build-and-deploy.yml | 2 +- Makefile | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml index d466ec92..2a984604 100644 --- a/.github/actions/deploy-environment-aks/action.yml +++ b/.github/actions/deploy-environment-aks/action.yml @@ -5,8 +5,8 @@ inputs: environment: description: The name of the environment required: true - docker-image: - description: The Docker image to deploy + image-tag: + description: The image tag to deploy required: true azure-credentials: description: JSON object containing a service principal that can read from Azure Key Vault @@ -33,7 +33,7 @@ runs: run: | make ci ${{ inputs.environment }} aks-terraform-apply env: - DOCKER_IMAGE_TAG: ${{ inputs.docker-image }} + DOCKER_IMAGE_TAG: ${{ inputs.image-tag }} PR_NUMBER: ${{ inputs.pull-request-number }} - name: Extract Terraform outputs diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index a8e8c0b3..603f485f 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -86,7 +86,7 @@ jobs: id: deploy_aks with: environment: aks-review - docker-image: ${{ needs.build_image.outputs.image_name_tag }} + image-tag: ${{ github.sha }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} pull-request-number: ${{ github.event.number }} diff --git a/Makefile b/Makefile index 48589198..66cb02b0 100644 --- a/Makefile +++ b/Makefile @@ -225,7 +225,7 @@ aks-terraform-apply: aks-terraform-init ## Apply terraform changes for AKS terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} aks-terraform-destroy: aks-terraform-init ## Destroy terraform resources for AKS - terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" + terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} test-cluster: ## Set up the test cluster variables for AKS $(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg) From 07dc8aa0aedfe2d2672751b14d10e26152994deb Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 27 Aug 2024 17:38:53 +0100 Subject: [PATCH 05/37] 1901: Setting URLs 1901: Setting URLs statically --- .github/actions/deploy-environment-aks/action.yml | 2 +- .github/workflows/build-and-deploy.yml | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml index 2a984604..bf676007 100644 --- a/.github/actions/deploy-environment-aks/action.yml +++ b/.github/actions/deploy-environment-aks/action.yml @@ -40,7 +40,7 @@ runs: shell: bash id: set_outputs run: | - output=$(terraform -chdir=terraform/application output -json ingress_hostnames) + output=$(terraform -chdir=terraform/application output -json urls) echo "HOSTNAMES=$output" >> $GITHUB_ENV # # Check new site is up diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 603f485f..71933c33 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -63,11 +63,18 @@ jobs: site_up_retries: 150 startup_command: "sh /app/bin/start-review-app.sh" - - name: Post URL to Pull Request comment + - name: Post comment to Pull Request ${{ github.event.number }} + if: ${{ github.event_name == 'pull_request' }} uses: marocchino/sticky-pull-request-comment@v2 with: + header: aks message: | - Review app deployed to <${{ steps.deploy.outputs.environment_url }}> + ### Deployments + + | App | URL | + | ----------------- | ---------------------------------------------------------------------------------------------------------------| + | Track & Pay | | + | School Placements | | deploy_review_app_aks: name: Deploy to review environment for AKS From 2e38fcfac05a3122c5c7d9a1d82958f04e51b61a Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 27 Aug 2024 17:54:18 +0100 Subject: [PATCH 06/37] 1901: Correcting job stage 1901: Correcting job stage --- .github/workflows/build-and-deploy.yml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 71933c33..68ee5a3e 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -63,18 +63,11 @@ jobs: site_up_retries: 150 startup_command: "sh /app/bin/start-review-app.sh" - - name: Post comment to Pull Request ${{ github.event.number }} - if: ${{ github.event_name == 'pull_request' }} + - name: Post URL to Pull Request comment uses: marocchino/sticky-pull-request-comment@v2 with: - header: aks message: | - ### Deployments - - | App | URL | - | ----------------- | ---------------------------------------------------------------------------------------------------------------| - | Track & Pay | | - | School Placements | | + Review app deployed to <${{ steps.deploy.outputs.environment_url }}> deploy_review_app_aks: name: Deploy to review environment for AKS @@ -97,12 +90,17 @@ jobs: azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} pull-request-number: ${{ github.event.number }} - - name: Post URL to Pull Request comment + - name: Post comment to Pull Request ${{ github.event.number }} uses: marocchino/sticky-pull-request-comment@v2 - if: success() with: + header: aks message: | - Review app deployed to <${{ steps.deploy.outputs.environment_url }}> + ### Deployments + + | App | URL | + | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------| + | Access Your Teaching Qualifications | | + | Check A Teacher's Record | | set_matrix: name: Set deployment matrix From 119640b1b3864aa22d72243f8f830b4249940914 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 27 Aug 2024 21:41:15 +0100 Subject: [PATCH 07/37] Changes for delete review app --- .github/workflows/delete-review-app.yml | 95 +++++++++++++++++-------- 1 file changed, 65 insertions(+), 30 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index a398c51d..4f6a8356 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -1,43 +1,78 @@ -name: Delete Review App on AKS +name: Delete review app on AKS on: pull_request: branches: - - main + - main types: - - closed + - closed jobs: delete-review-app: name: Delete Review App ${{ github.event.pull_request.number }} - concurrency: deploy-review-${{ github.event.pull_request.number }} + concurrency: deploy_review_${{ github.event.pull_request.number }} runs-on: ubuntu-latest - if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} environment: review + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Terraform Destroy + run: | + make ci review terraform-destroy + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + + - name: Post Pull Request Comment + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + Review app track and pay deployed to was deleted + Review app school placements deployed to was deleted + + delete-review-app-aks: + name: Delete Review App ${{ github.event.pull_request.number }} + concurrency: deploy_review_${{ github.event.pull_request.number }} + runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} + environment: aks-review steps: - - name: Checkout - uses: actions/checkout@v4 - - - uses: hashicorp/setup-terraform@v3 - with: - terraform-version: 1.6.4 - terraform-wrapper: false - - - uses: DFE-Digital/github-actions/set-kubelogin-environment@master - with: - azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} - - - name: Terraform Destroy - run: | - make ci review terraform-destroy - env: - PR_NUMBER: ${{ github.event.pull_request.number }} - - - name: Post Pull Request Comment - uses: marocchino/sticky-pull-request-comment@v2 - with: - header: aks - message: | - Review app track and pay deployed to was deleted. - Review app school placements deployed to was deleted. + - name: Checkout + uses: actions/checkout@v4 + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Terraform Destroy + run: | + make ci aks-review aks-terraform-destroy + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + + - name: Post Pull Request Comment ${{ github.event.number }} + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + Review app Access Your Teaching Qualifications deployed to was deleted + Review app Check A Teacher's Record deployed to was deleted From 652459903c7539ddf7321d65ed3a20c36f45a1ed Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 27 Aug 2024 21:46:06 +0100 Subject: [PATCH 08/37] Testing smoke tests --- .github/actions/deploy-environment-aks/action.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml index bf676007..6e6b8b37 100644 --- a/.github/actions/deploy-environment-aks/action.yml +++ b/.github/actions/deploy-environment-aks/action.yml @@ -43,6 +43,18 @@ runs: output=$(terraform -chdir=terraform/application output -json urls) echo "HOSTNAMES=$output" >> $GITHUB_ENV + - name: Run smoke tests + shell: bash + run: | + # Parse the JSON array of URLs into a Bash array + urls=$(echo "$HOSTNAMES" | jq -r '.[]') + + # Loop over each URL and perform the curl check on the /health/all.json endpoint + for url in $urls; do + echo "Check health for $url/health/all.json..." + curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url" + done + # # Check new site is up # - run: | # echo "Checking new site is up" From 0672e40ad486ce0e06117ca9108a402966bca059 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 28 Aug 2024 13:25:58 +0100 Subject: [PATCH 09/37] Linting --- .../actions/deploy-environment-aks/action.yml | 32 ------------------- 1 file changed, 32 deletions(-) diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml index 6e6b8b37..36669a5b 100644 --- a/.github/actions/deploy-environment-aks/action.yml +++ b/.github/actions/deploy-environment-aks/action.yml @@ -54,35 +54,3 @@ runs: echo "Check health for $url/health/all.json..." curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url" done - - # # Check new site is up - # - run: | - # echo "Checking new site is up" - # attempt_counter=0 - # max_attempts=$RETRIES - - # HEALTH_URL="${{ env.app_fqdn }}/health/all.json" - # HEALTH_RESPONSE=$(curl $HEALTH_URL --silent) - # APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*") - # APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line') - # APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line') - # echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS" - # until [[ "$EXPECTED_SHA" == "$APP_SHA" && "$APP_STATUS" == "true" && "$APP_DATABASE_STATUS" == "true" ]]; do - # if [ ${attempt_counter} -eq ${max_attempts} ];then - # echo "Max attempts reached" - # exit 1 - # fi - # echo "Attempt $attempt_counter: new site not up, retrying in 5 seconds ..." - # sleep 5 - # attempt_counter=$(($attempt_counter+1)) - - # HEALTH_RESPONSE=$(curl $HEALTH_URL --silent) - # APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*") - # APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line') - # APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line') - # echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS" - # done - # shell: bash - # env: - # EXPECTED_SHA: ${{ inputs.image_tag }} - # RETRIES: ${{ inputs.site_up_retries }} From 76b36e6c3ec5917c50eb150e1c64330f56bb2a62 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 28 Aug 2024 14:38:30 +0100 Subject: [PATCH 10/37] Linting with Prettier --- .../actions/deploy-environment-aks/action.yml | 70 +++++++------- .github/workflows/delete-review-app.yml | 93 +++++++++---------- 2 files changed, 81 insertions(+), 82 deletions(-) diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml index 36669a5b..83d8199a 100644 --- a/.github/actions/deploy-environment-aks/action.yml +++ b/.github/actions/deploy-environment-aks/action.yml @@ -19,38 +19,38 @@ runs: using: composite steps: - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.6.4 - terraform_wrapper: false - - - uses: DFE-Digital/github-actions/set-kubelogin-environment@master - with: - azure-credentials: ${{ inputs.azure-credentials }} - - - name: Terraform Apply - shell: bash - run: | - make ci ${{ inputs.environment }} aks-terraform-apply - env: - DOCKER_IMAGE_TAG: ${{ inputs.image-tag }} - PR_NUMBER: ${{ inputs.pull-request-number }} - - - name: Extract Terraform outputs - shell: bash - id: set_outputs - run: | - output=$(terraform -chdir=terraform/application output -json urls) - echo "HOSTNAMES=$output" >> $GITHUB_ENV - - - name: Run smoke tests - shell: bash - run: | - # Parse the JSON array of URLs into a Bash array - urls=$(echo "$HOSTNAMES" | jq -r '.[]') - - # Loop over each URL and perform the curl check on the /health/all.json endpoint - for url in $urls; do - echo "Check health for $url/health/all.json..." - curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url" - done + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ inputs.azure-credentials }} + + - name: Terraform Apply + shell: bash + run: | + make ci ${{ inputs.environment }} aks-terraform-apply + env: + DOCKER_IMAGE_TAG: ${{ inputs.image-tag }} + PR_NUMBER: ${{ inputs.pull-request-number }} + + - name: Extract Terraform outputs + shell: bash + id: set_outputs + run: | + output=$(terraform -chdir=terraform/application output -json urls) + echo "HOSTNAMES=$output" >> $GITHUB_ENV + + - name: Run smoke tests + shell: bash + run: | + # Parse the JSON array of URLs into a Bash array + urls=$(echo "$HOSTNAMES" | jq -r '.[]') + + # Loop over each URL and perform the curl check on the /health/all.json endpoint + for url in $urls; do + echo "Check health for $url/health/all.json..." + curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url" + done diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 4f6a8356..16dc904d 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -3,9 +3,9 @@ name: Delete review app on AKS on: pull_request: branches: - - main + - main types: - - closed + - closed jobs: delete-review-app: @@ -15,33 +15,32 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} environment: review steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.6.4 - terraform_wrapper: false + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false - - uses: DFE-Digital/github-actions/set-kubelogin-environment@master - with: - azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} - - name: Terraform Destroy - run: | - make ci review terraform-destroy - env: - PR_NUMBER: ${{ github.event.pull_request.number }} - - - name: Post Pull Request Comment - if: ${{ github.event_name == 'pull_request' }} - uses: marocchino/sticky-pull-request-comment@v2 - with: - header: aks - message: | - Review app track and pay deployed to was deleted - Review app school placements deployed to was deleted + - name: Terraform Destroy + run: | + make ci review terraform-destroy + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + - name: Post Pull Request Comment + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + Review app track and pay deployed to was deleted + Review app school placements deployed to was deleted delete-review-app-aks: name: Delete Review App ${{ github.event.pull_request.number }} @@ -50,29 +49,29 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} environment: aks-review steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.6.4 - terraform_wrapper: false + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false - - uses: DFE-Digital/github-actions/set-kubelogin-environment@master - with: - azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} - - name: Terraform Destroy - run: | - make ci aks-review aks-terraform-destroy - env: - PR_NUMBER: ${{ github.event.pull_request.number }} + - name: Terraform Destroy + run: | + make ci aks-review aks-terraform-destroy + env: + PR_NUMBER: ${{ github.event.pull_request.number }} - - name: Post Pull Request Comment ${{ github.event.number }} - if: ${{ github.event_name == 'pull_request' }} - uses: marocchino/sticky-pull-request-comment@v2 - with: - header: aks - message: | - Review app Access Your Teaching Qualifications deployed to was deleted - Review app Check A Teacher's Record deployed to was deleted + - name: Post Pull Request Comment ${{ github.event.number }} + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + Review app Access Your Teaching Qualifications deployed to was deleted + Review app Check A Teacher's Record deployed to was deleted From cf2195efbd4845df3b7ec244a3d8466a8e1d55a6 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 28 Aug 2024 16:14:37 +0100 Subject: [PATCH 11/37] Makefile linting --- Makefile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 66cb02b0..a55f1dfb 100644 --- a/Makefile +++ b/Makefile @@ -111,36 +111,36 @@ install-fetch-config: ## Install the fetch-config script, for viewing/editing se && chmod +x bin/fetch_config.rb \ || true -edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## Edit (with default editor) Key Vault secret for INFRASTRUCTURE +edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make edit-keyvault-secret - Edit (with default editor) Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \ -e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c -create-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## Create and edit Key Vault secret for INFRASTRUCTURE +create-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make create-keyvault-secret - Create and edit Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \ -i -e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c -print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## Print out Key Vault secret for INFRASTRUCTURE +print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account ## make print-keyvault-secret - Print out Key Vault secret for INFRASTRUCTURE bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml validate-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -d quiet \ && echo Data in ${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} looks valid -terraform-init: ## Run terraform init against the environment +terraform-init: ## make terraform-init - Run terraform init against the environment $(if ${IMAGE_TAG}, , $(eval export IMAGE_TAG=main)) [[ "${SP_AUTH}" != "true" ]] && az account set -s ${AZURE_SUBSCRIPTION} || true terraform -chdir=terraform init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars ${backend_config} -upgrade -reconfigure -terraform-plan: terraform-init ## Run terraform plan against the environment +terraform-plan: terraform-init ## make terraform-plan - Run terraform plan against the environment terraform -chdir=terraform plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json -terraform-apply: terraform-init ## Run terraform apply against the environment +terraform-apply: terraform-init ## make terraform-apply - Run terraform apply against the environment terraform -chdir=terraform apply -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} -terraform-destroy: terraform-init ## Run terraform destroy against the environment +terraform-destroy: terraform-init ## make terraform-destroy - Run terraform destroy against the environment terraform -chdir=terraform destroy -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} -deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## Setup store for terraform state and Key Vault storage, use AUTO_APPROVE=1 +deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make deploy-azure-resources AUTO_APPROVE=1 - Setup store for terraform state and Key Vault storage $(if ${AUTO_APPROVE}, , $(error can only run with AUTO_APPROVE)) az deployment sub create --name "resourcedeploy-aytq-$(shell date +%Y%m%d%H%M%S)" -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \ @@ -148,7 +148,7 @@ deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resou "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" \ "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" -validate-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## Runs a '--what-if' against Azure resources +validate-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make validate-azure-resources - Runs a '--what-if' against Azure resources az deployment sub create --name "resourcedeploy-aytq-$(shell date +%Y%m%d%H%M%S)" -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}aytqtfstate${ENV_SHORT}" "tfStorageContainerName=aytq-tfstate" \ @@ -156,7 +156,7 @@ validate-azure-resources: set-azure-account set-azure-template-tag set-azure-res "keyVaultName=${RESOURCE_NAME_PREFIX}-aytq-${ENV_SHORT}-kv" \ --what-if -domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## Setup store for terraform state for domains, use AUTO_APPROVE=1 +domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## make domain domain-azure-resources AUTO_APPROVE=1 - Setup store for terraform state for domains $(if ${AUTO_APPROVE}, , $(error can only run with AUTO_APPROVE)) az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-aytqdomains-rg" 'tags=${RG_TAGS}' "environment=${DEPLOY_ENV}" \ From 9d3bf820a6ca940dca01ecb3388910d0ab7c9d81 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Fri, 30 Aug 2024 14:28:22 +0100 Subject: [PATCH 12/37] Correcting post pull request comment --- .github/workflows/delete-review-app.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 16dc904d..bf4be762 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -37,10 +37,9 @@ jobs: if: ${{ github.event_name == 'pull_request' }} uses: marocchino/sticky-pull-request-comment@v2 with: - header: aks message: | - Review app track and pay deployed to was deleted - Review app school placements deployed to was deleted + Review app Access Your Teaching Qualifications deployed to was deleted + Review app Check A Teacher's Record deployed to was deleted delete-review-app-aks: name: Delete Review App ${{ github.event.pull_request.number }} From b186681ad49e1fd1cf483d128aeb00868a242256 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Fri, 30 Aug 2024 17:07:36 +0100 Subject: [PATCH 13/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index bf4be762..8ec98891 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -66,6 +66,13 @@ jobs: env: PR_NUMBER: ${{ github.event.pull_request.number }} + - name: Delete tf state file + if: env.TF_STATE_EXISTS == 'true' + run: | + az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} + - name: Post Pull Request Comment ${{ github.event.number }} if: ${{ github.event_name == 'pull_request' }} uses: marocchino/sticky-pull-request-comment@v2 From addedde642e2380180d7c11245067e7a6c84d19e Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:10:32 +0100 Subject: [PATCH 14/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 215 ++++++++++++++++++++++-- 1 file changed, 203 insertions(+), 12 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 8ec98891..de53efd2 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -51,27 +51,111 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - uses: actions/checkout@v4 + - name: Extract configuration from tfvars + id: config + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + + if [ -z "$PR_NUMBER" ]; then + echo "::error ::Failed to extract PR_NUMBER" + exit 1 + fi + + RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + DEV_TFVARS=workspace_variables/dev.tfvars.json + TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + exit 1 + fi + + if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + echo "::error ::Failed to extract storage_account_name from $TFVARS" + exit 1 + fi + + if [ -z "$TERRAFORM_VERSION" ]; then + echo "::error ::Failed to extract terraform_version from terraform.tf" + exit 1 + fi + + if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + exit 1 + fi + + if [ -z "$TF_STATE_CONTAINER" ]; then + echo "::error ::Failed to extract tf_state_container from terraform.tf" + exit 1 + fi + + echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + shell: bash + env: + TFVARS: workspace_variables/review.tfvars.json + working-directory: terraform + + - uses: Azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - run: | + TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + shell: bash + - uses: hashicorp/setup-terraform@v3 with: - terraform_version: 1.6.4 + terraform_version: ${{ env.terraform_version }} terraform_wrapper: false - - uses: DFE-Digital/github-actions/set-kubelogin-environment@master - with: - azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + - name: Check resource group exists + run: | + GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + if [[ "$GROUP" =~ "true" ]]; then + echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + fi - - name: Terraform Destroy + - name: Set Environment variables + if: env.REVIEW_APP_EXISTS == 'true' run: | - make ci aks-review aks-terraform-destroy - env: - PR_NUMBER: ${{ github.event.pull_request.number }} + TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} \ + --prefix $TF_STATE_FILE --query "[].name" -o tsv) + if [ -n "$pr_state_file" ]; then + echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + fi - - name: Delete tf state file + - name: Terraform if: env.TF_STATE_EXISTS == 'true' + id: terraform run: | - az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} + make ci review terraform-destroy pr_id=${{ env.pr_number }} + env: + ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + TF_VAR_aytq_docker_image: ${{ github.sha }} + shell: bash - name: Post Pull Request Comment ${{ github.event.number }} if: ${{ github.event_name == 'pull_request' }} @@ -81,3 +165,110 @@ jobs: message: | Review app Access Your Teaching Qualifications deployed to was deleted Review app Check A Teacher's Record deployed to was deleted + + + - uses: actions/checkout@v4 + - name: Extract configuration from tfvars + id: config + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + + if [ -z "$PR_NUMBER" ]; then + echo "::error ::Failed to extract PR_NUMBER" + exit 1 + fi + + RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + DEV_TFVARS=workspace_variables/dev.tfvars.json + TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + exit 1 + fi + + if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + echo "::error ::Failed to extract storage_account_name from $TFVARS" + exit 1 + fi + + if [ -z "$TERRAFORM_VERSION" ]; then + echo "::error ::Failed to extract terraform_version from terraform.tf" + exit 1 + fi + + if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + exit 1 + fi + + if [ -z "$TF_STATE_CONTAINER" ]; then + echo "::error ::Failed to extract tf_state_container from terraform.tf" + exit 1 + fi + + echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + shell: bash + env: + TFVARS: workspace_variables/review.tfvars.json + working-directory: terraform + + - uses: Azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - run: | + TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + shell: bash + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: ${{ env.terraform_version }} + terraform_wrapper: false + + - name: Check resource group exists + run: | + GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + if [[ "$GROUP" =~ "true" ]]; then + echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + fi + + - name: Set Environment variables + if: env.REVIEW_APP_EXISTS == 'true' + run: | + TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} \ + --prefix $TF_STATE_FILE --query "[].name" -o tsv) + if [ -n "$pr_state_file" ]; then + echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + fi + + - name: Terraform + if: env.TF_STATE_EXISTS == 'true' + id: terraform + run: | + make ci review terraform-destroy pr_id=${{ env.pr_number }} + env: + ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + TF_VAR_aytq_docker_image: ${{ github.sha }} + shell: bash From 584718df805b932537c50d8884ad78b4a0c6ae9e Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:11:33 +0100 Subject: [PATCH 15/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 113 ++++++++++++++++++++++-- 1 file changed, 104 insertions(+), 9 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index de53efd2..e21938bc 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -15,23 +15,118 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} environment: review steps: - - name: Checkout - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + - name: Extract configuration from tfvars + id: config + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + + if [ -z "$PR_NUMBER" ]; then + echo "::error ::Failed to extract PR_NUMBER" + exit 1 + fi + + RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + DEV_TFVARS=workspace_variables/dev.tfvars.json + TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + exit 1 + fi + + if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + echo "::error ::Failed to extract storage_account_name from $TFVARS" + exit 1 + fi + + if [ -z "$TERRAFORM_VERSION" ]; then + echo "::error ::Failed to extract terraform_version from terraform.tf" + exit 1 + fi + + if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + exit 1 + fi + + if [ -z "$TF_STATE_CONTAINER" ]; then + echo "::error ::Failed to extract tf_state_container from terraform.tf" + exit 1 + fi + + echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + shell: bash + env: + TFVARS: workspace_variables/review.tfvars.json + working-directory: terraform + + - uses: Azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - run: | + TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + shell: bash - uses: hashicorp/setup-terraform@v3 with: - terraform_version: 1.6.4 + terraform_version: ${{ env.terraform_version }} terraform_wrapper: false - - uses: DFE-Digital/github-actions/set-kubelogin-environment@master - with: - azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + - name: Check resource group exists + run: | + GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + if [[ "$GROUP" =~ "true" ]]; then + echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + fi - - name: Terraform Destroy + - name: Set Environment variables + if: env.REVIEW_APP_EXISTS == 'true' run: | - make ci review terraform-destroy + TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} \ + --prefix $TF_STATE_FILE --query "[].name" -o tsv) + if [ -n "$pr_state_file" ]; then + echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + fi + + - name: Terraform + if: env.TF_STATE_EXISTS == 'true' + id: terraform + run: | + make ci review terraform-destroy pr_id=${{ env.pr_number }} env: - PR_NUMBER: ${{ github.event.pull_request.number }} + ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + TF_VAR_aytq_docker_image: ${{ github.sha }} + shell: bash + + - name: Delete tf state file + if: env.TF_STATE_EXISTS == 'true' + run: | + az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} - name: Post Pull Request Comment if: ${{ github.event_name == 'pull_request' }} From b2e061327577d0ce06b98530800ffc3cac5daab7 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:19:32 +0100 Subject: [PATCH 16/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index e21938bc..d582254a 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -6,6 +6,12 @@ on: - main types: - closed + workflow_dispatch: + inputs: + pr_number: + description: PR number of review app to delete + required: false + type: string jobs: delete-review-app: From 1b7dea7b050ab14d031b28f462fee11d9bf95746 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:36:15 +0100 Subject: [PATCH 17/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index d582254a..c441f3c0 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -6,12 +6,12 @@ on: - main types: - closed - workflow_dispatch: - inputs: - pr_number: - description: PR number of review app to delete - required: false - type: string + # workflow_dispatch: + # inputs: + # pr_number: + # description: PR number of review app to delete + # required: false + # type: string jobs: delete-review-app: From 344cd4e280d8939adb0e40a17be7988f52e109f1 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:39:05 +0100 Subject: [PATCH 18/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 256 ++++++++++++------------ 1 file changed, 127 insertions(+), 129 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index c441f3c0..485a491d 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -14,133 +14,133 @@ on: # type: string jobs: - delete-review-app: - name: Delete Review App ${{ github.event.pull_request.number }} - concurrency: deploy_review_${{ github.event.pull_request.number }} - runs-on: ubuntu-latest - if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} - environment: review - steps: - - uses: actions/checkout@v4 - - name: Extract configuration from tfvars - id: config - run: | - if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - PR_NUMBER=${{ github.event.inputs.pr_number }} - else - PR_NUMBER=${{ github.event.pull_request.number }} - fi - - if [ -z "$PR_NUMBER" ]; then - echo "::error ::Failed to extract PR_NUMBER" - exit 1 - fi - - RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - DEV_TFVARS=workspace_variables/dev.tfvars.json - TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - - if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - exit 1 - fi - - if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - echo "::error ::Failed to extract storage_account_name from $TFVARS" - exit 1 - fi - - if [ -z "$TERRAFORM_VERSION" ]; then - echo "::error ::Failed to extract terraform_version from terraform.tf" - exit 1 - fi - - if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - exit 1 - fi - - if [ -z "$TF_STATE_CONTAINER" ]; then - echo "::error ::Failed to extract tf_state_container from terraform.tf" - exit 1 - fi - - echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - shell: bash - env: - TFVARS: workspace_variables/review.tfvars.json - working-directory: terraform - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - run: | - TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - shell: bash - - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: ${{ env.terraform_version }} - terraform_wrapper: false - - - name: Check resource group exists - run: | - GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - if [[ "$GROUP" =~ "true" ]]; then - echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - fi - - - name: Set Environment variables - if: env.REVIEW_APP_EXISTS == 'true' - run: | - TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} \ - --prefix $TF_STATE_FILE --query "[].name" -o tsv) - if [ -n "$pr_state_file" ]; then - echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - fi - - - name: Terraform - if: env.TF_STATE_EXISTS == 'true' - id: terraform - run: | - make ci review terraform-destroy pr_id=${{ env.pr_number }} - env: - ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - TF_VAR_aytq_docker_image: ${{ github.sha }} - shell: bash - - - name: Delete tf state file - if: env.TF_STATE_EXISTS == 'true' - run: | - az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} - - - name: Post Pull Request Comment - if: ${{ github.event_name == 'pull_request' }} - uses: marocchino/sticky-pull-request-comment@v2 - with: - message: | - Review app Access Your Teaching Qualifications deployed to was deleted - Review app Check A Teacher's Record deployed to was deleted + # delete-review-app: + # name: Delete Review App ${{ github.event.pull_request.number }} + # concurrency: deploy_review_${{ github.event.pull_request.number }} + # runs-on: ubuntu-latest + # if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} + # environment: review + # steps: + # - uses: actions/checkout@v4 + # - name: Extract configuration from tfvars + # id: config + # run: | + # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + # PR_NUMBER=${{ github.event.inputs.pr_number }} + # else + # PR_NUMBER=${{ github.event.pull_request.number }} + # fi + + # if [ -z "$PR_NUMBER" ]; then + # echo "::error ::Failed to extract PR_NUMBER" + # exit 1 + # fi + + # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + # DEV_TFVARS=workspace_variables/dev.tfvars.json + # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + # echo "::error ::Failed to extract storage_account_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$TERRAFORM_VERSION" ]; then + # echo "::error ::Failed to extract terraform_version from terraform.tf" + # exit 1 + # fi + + # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + # exit 1 + # fi + + # if [ -z "$TF_STATE_CONTAINER" ]; then + # echo "::error ::Failed to extract tf_state_container from terraform.tf" + # exit 1 + # fi + + # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + # shell: bash + # env: + # TFVARS: workspace_variables/review.tfvars.json + # working-directory: terraform + + # - uses: Azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + + # - run: | + # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + # shell: bash + + # - uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: ${{ env.terraform_version }} + # terraform_wrapper: false + + # - name: Check resource group exists + # run: | + # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + # if [[ "$GROUP" =~ "true" ]]; then + # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Set Environment variables + # if: env.REVIEW_APP_EXISTS == 'true' + # run: | + # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} \ + # --prefix $TF_STATE_FILE --query "[].name" -o tsv) + # if [ -n "$pr_state_file" ]; then + # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Terraform + # if: env.TF_STATE_EXISTS == 'true' + # id: terraform + # run: | + # make ci review terraform-destroy pr_id=${{ env.pr_number }} + # env: + # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + # TF_VAR_aytq_docker_image: ${{ github.sha }} + # shell: bash + + # - name: Delete tf state file + # if: env.TF_STATE_EXISTS == 'true' + # run: | + # az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} + + # - name: Post Pull Request Comment + # if: ${{ github.event_name == 'pull_request' }} + # uses: marocchino/sticky-pull-request-comment@v2 + # with: + # message: | + # Review app Access Your Teaching Qualifications deployed to was deleted + # Review app Check A Teacher's Record deployed to was deleted delete-review-app-aks: name: Delete Review App ${{ github.event.pull_request.number }} @@ -151,8 +151,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - - uses: actions/checkout@v4 - name: Extract configuration from tfvars id: config run: | From 317b5dfe79f9b83b8651615a49e17753466fc084 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:40:08 +0100 Subject: [PATCH 19/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 485a491d..4954778f 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -6,12 +6,12 @@ on: - main types: - closed - # workflow_dispatch: - # inputs: - # pr_number: - # description: PR number of review app to delete - # required: false - # type: string + workflow_dispatch: + inputs: + pr_number: + description: PR number of review app to delete + required: false + type: string jobs: # delete-review-app: From 8169d2b83db74e8b8a3877f35548d5838e54ae79 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:43:14 +0100 Subject: [PATCH 20/37] Readding tf state delete --- .github/workflows/delete-review-app.yml | 450 ++++++++++++------------ 1 file changed, 225 insertions(+), 225 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 4954778f..ccf94830 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -14,143 +14,14 @@ on: type: string jobs: - # delete-review-app: - # name: Delete Review App ${{ github.event.pull_request.number }} - # concurrency: deploy_review_${{ github.event.pull_request.number }} - # runs-on: ubuntu-latest - # if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} - # environment: review - # steps: - # - uses: actions/checkout@v4 - # - name: Extract configuration from tfvars - # id: config - # run: | - # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - # PR_NUMBER=${{ github.event.inputs.pr_number }} - # else - # PR_NUMBER=${{ github.event.pull_request.number }} - # fi - - # if [ -z "$PR_NUMBER" ]; then - # echo "::error ::Failed to extract PR_NUMBER" - # exit 1 - # fi - - # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - # DEV_TFVARS=workspace_variables/dev.tfvars.json - # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - - # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - # echo "::error ::Failed to extract storage_account_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$TERRAFORM_VERSION" ]; then - # echo "::error ::Failed to extract terraform_version from terraform.tf" - # exit 1 - # fi - - # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - # exit 1 - # fi - - # if [ -z "$TF_STATE_CONTAINER" ]; then - # echo "::error ::Failed to extract tf_state_container from terraform.tf" - # exit 1 - # fi - - # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - # shell: bash - # env: - # TFVARS: workspace_variables/review.tfvars.json - # working-directory: terraform - - # - uses: Azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - - # - run: | - # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - # shell: bash - - # - uses: hashicorp/setup-terraform@v3 - # with: - # terraform_version: ${{ env.terraform_version }} - # terraform_wrapper: false - - # - name: Check resource group exists - # run: | - # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - # if [[ "$GROUP" =~ "true" ]]; then - # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Set Environment variables - # if: env.REVIEW_APP_EXISTS == 'true' - # run: | - # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} \ - # --prefix $TF_STATE_FILE --query "[].name" -o tsv) - # if [ -n "$pr_state_file" ]; then - # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Terraform - # if: env.TF_STATE_EXISTS == 'true' - # id: terraform - # run: | - # make ci review terraform-destroy pr_id=${{ env.pr_number }} - # env: - # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - # TF_VAR_aytq_docker_image: ${{ github.sha }} - # shell: bash - - # - name: Delete tf state file - # if: env.TF_STATE_EXISTS == 'true' - # run: | - # az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} - - # - name: Post Pull Request Comment - # if: ${{ github.event_name == 'pull_request' }} - # uses: marocchino/sticky-pull-request-comment@v2 - # with: - # message: | - # Review app Access Your Teaching Qualifications deployed to was deleted - # Review app Check A Teacher's Record deployed to was deleted - - delete-review-app-aks: + delete-review-app: name: Delete Review App ${{ github.event.pull_request.number }} concurrency: deploy_review_${{ github.event.pull_request.number }} runs-on: ubuntu-latest - if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} - environment: aks-review + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} + environment: review steps: - - name: Checkout - uses: actions/checkout@v4 + - uses: actions/checkout@v4 - name: Extract configuration from tfvars id: config run: | @@ -256,118 +127,247 @@ jobs: TF_VAR_aytq_docker_image: ${{ github.sha }} shell: bash - - name: Post Pull Request Comment ${{ github.event.number }} + - name: Delete tf state file + if: env.TF_STATE_EXISTS == 'true' + run: | + az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} + + - name: Post Pull Request Comment if: ${{ github.event_name == 'pull_request' }} uses: marocchino/sticky-pull-request-comment@v2 with: - header: aks message: | Review app Access Your Teaching Qualifications deployed to was deleted Review app Check A Teacher's Record deployed to was deleted + # delete-review-app-aks: + # name: Delete Review App ${{ github.event.pull_request.number }} + # concurrency: deploy_review_${{ github.event.pull_request.number }} + # runs-on: ubuntu-latest + # if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} + # environment: aks-review + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # - name: Extract configuration from tfvars + # id: config + # run: | + # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + # PR_NUMBER=${{ github.event.inputs.pr_number }} + # else + # PR_NUMBER=${{ github.event.pull_request.number }} + # fi - - uses: actions/checkout@v4 - - name: Extract configuration from tfvars - id: config - run: | - if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - PR_NUMBER=${{ github.event.inputs.pr_number }} - else - PR_NUMBER=${{ github.event.pull_request.number }} - fi + # if [ -z "$PR_NUMBER" ]; then + # echo "::error ::Failed to extract PR_NUMBER" + # exit 1 + # fi - if [ -z "$PR_NUMBER" ]; then - echo "::error ::Failed to extract PR_NUMBER" - exit 1 - fi + # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + # DEV_TFVARS=workspace_variables/dev.tfvars.json + # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - DEV_TFVARS=workspace_variables/dev.tfvars.json - TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + # exit 1 + # fi - if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - exit 1 - fi + # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + # echo "::error ::Failed to extract storage_account_name from $TFVARS" + # exit 1 + # fi - if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - echo "::error ::Failed to extract storage_account_name from $TFVARS" - exit 1 - fi + # if [ -z "$TERRAFORM_VERSION" ]; then + # echo "::error ::Failed to extract terraform_version from terraform.tf" + # exit 1 + # fi - if [ -z "$TERRAFORM_VERSION" ]; then - echo "::error ::Failed to extract terraform_version from terraform.tf" - exit 1 - fi + # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + # exit 1 + # fi - if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - exit 1 - fi + # if [ -z "$TF_STATE_CONTAINER" ]; then + # echo "::error ::Failed to extract tf_state_container from terraform.tf" + # exit 1 + # fi - if [ -z "$TF_STATE_CONTAINER" ]; then - echo "::error ::Failed to extract tf_state_container from terraform.tf" - exit 1 - fi + # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + # shell: bash + # env: + # TFVARS: workspace_variables/review.tfvars.json + # working-directory: terraform - echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - shell: bash - env: - TFVARS: workspace_variables/review.tfvars.json - working-directory: terraform + # - uses: Azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + # - run: | + # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + # shell: bash - - run: | - TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - shell: bash + # - uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: ${{ env.terraform_version }} + # terraform_wrapper: false - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: ${{ env.terraform_version }} - terraform_wrapper: false + # - name: Check resource group exists + # run: | + # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + # if [[ "$GROUP" =~ "true" ]]; then + # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + # fi - - name: Check resource group exists - run: | - GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - if [[ "$GROUP" =~ "true" ]]; then - echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - fi + # - name: Set Environment variables + # if: env.REVIEW_APP_EXISTS == 'true' + # run: | + # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - name: Set Environment variables - if: env.REVIEW_APP_EXISTS == 'true' - run: | - TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} \ + # --prefix $TF_STATE_FILE --query "[].name" -o tsv) + # if [ -n "$pr_state_file" ]; then + # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + # fi - pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} \ - --prefix $TF_STATE_FILE --query "[].name" -o tsv) - if [ -n "$pr_state_file" ]; then - echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - fi + # - name: Terraform + # if: env.TF_STATE_EXISTS == 'true' + # id: terraform + # run: | + # make ci review terraform-destroy pr_id=${{ env.pr_number }} + # env: + # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + # TF_VAR_aytq_docker_image: ${{ github.sha }} + # shell: bash - - name: Terraform - if: env.TF_STATE_EXISTS == 'true' - id: terraform - run: | - make ci review terraform-destroy pr_id=${{ env.pr_number }} - env: - ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - TF_VAR_aytq_docker_image: ${{ github.sha }} - shell: bash + # - name: Post Pull Request Comment ${{ github.event.number }} + # if: ${{ github.event_name == 'pull_request' }} + # uses: marocchino/sticky-pull-request-comment@v2 + # with: + # header: aks + # message: | + # Review app Access Your Teaching Qualifications deployed to was deleted + # Review app Check A Teacher's Record deployed to was deleted + + + # - uses: actions/checkout@v4 + # - name: Extract configuration from tfvars + # id: config + # run: | + # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + # PR_NUMBER=${{ github.event.inputs.pr_number }} + # else + # PR_NUMBER=${{ github.event.pull_request.number }} + # fi + + # if [ -z "$PR_NUMBER" ]; then + # echo "::error ::Failed to extract PR_NUMBER" + # exit 1 + # fi + + # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + # DEV_TFVARS=workspace_variables/dev.tfvars.json + # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + # echo "::error ::Failed to extract storage_account_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$TERRAFORM_VERSION" ]; then + # echo "::error ::Failed to extract terraform_version from terraform.tf" + # exit 1 + # fi + + # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + # exit 1 + # fi + + # if [ -z "$TF_STATE_CONTAINER" ]; then + # echo "::error ::Failed to extract tf_state_container from terraform.tf" + # exit 1 + # fi + + # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + # shell: bash + # env: + # TFVARS: workspace_variables/review.tfvars.json + # working-directory: terraform + + # - uses: Azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + + # - run: | + # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + # shell: bash + + # - uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: ${{ env.terraform_version }} + # terraform_wrapper: false + + # - name: Check resource group exists + # run: | + # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + # if [[ "$GROUP" =~ "true" ]]; then + # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Set Environment variables + # if: env.REVIEW_APP_EXISTS == 'true' + # run: | + # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} \ + # --prefix $TF_STATE_FILE --query "[].name" -o tsv) + # if [ -n "$pr_state_file" ]; then + # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Terraform + # if: env.TF_STATE_EXISTS == 'true' + # id: terraform + # run: | + # make ci review terraform-destroy pr_id=${{ env.pr_number }} + # env: + # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + # TF_VAR_aytq_docker_image: ${{ github.sha }} + # shell: bash From 9bbf650ba0e8ddc35f21430e2178b617bc6fa9f2 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 16:48:53 +0100 Subject: [PATCH 21/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 349 ++++++++---------------- 1 file changed, 120 insertions(+), 229 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index ccf94830..9ec816d6 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -142,232 +142,123 @@ jobs: Review app Access Your Teaching Qualifications deployed to was deleted Review app Check A Teacher's Record deployed to was deleted - # delete-review-app-aks: - # name: Delete Review App ${{ github.event.pull_request.number }} - # concurrency: deploy_review_${{ github.event.pull_request.number }} - # runs-on: ubuntu-latest - # if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} - # environment: aks-review - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - # - name: Extract configuration from tfvars - # id: config - # run: | - # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - # PR_NUMBER=${{ github.event.inputs.pr_number }} - # else - # PR_NUMBER=${{ github.event.pull_request.number }} - # fi - - # if [ -z "$PR_NUMBER" ]; then - # echo "::error ::Failed to extract PR_NUMBER" - # exit 1 - # fi - - # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - # DEV_TFVARS=workspace_variables/dev.tfvars.json - # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - - # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - # echo "::error ::Failed to extract storage_account_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$TERRAFORM_VERSION" ]; then - # echo "::error ::Failed to extract terraform_version from terraform.tf" - # exit 1 - # fi - - # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - # exit 1 - # fi - - # if [ -z "$TF_STATE_CONTAINER" ]; then - # echo "::error ::Failed to extract tf_state_container from terraform.tf" - # exit 1 - # fi - - # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - # shell: bash - # env: - # TFVARS: workspace_variables/review.tfvars.json - # working-directory: terraform - - # - uses: Azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - - # - run: | - # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - # shell: bash - - # - uses: hashicorp/setup-terraform@v3 - # with: - # terraform_version: ${{ env.terraform_version }} - # terraform_wrapper: false - - # - name: Check resource group exists - # run: | - # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - # if [[ "$GROUP" =~ "true" ]]; then - # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Set Environment variables - # if: env.REVIEW_APP_EXISTS == 'true' - # run: | - # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} \ - # --prefix $TF_STATE_FILE --query "[].name" -o tsv) - # if [ -n "$pr_state_file" ]; then - # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Terraform - # if: env.TF_STATE_EXISTS == 'true' - # id: terraform - # run: | - # make ci review terraform-destroy pr_id=${{ env.pr_number }} - # env: - # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - # TF_VAR_aytq_docker_image: ${{ github.sha }} - # shell: bash - - # - name: Post Pull Request Comment ${{ github.event.number }} - # if: ${{ github.event_name == 'pull_request' }} - # uses: marocchino/sticky-pull-request-comment@v2 - # with: - # header: aks - # message: | - # Review app Access Your Teaching Qualifications deployed to was deleted - # Review app Check A Teacher's Record deployed to was deleted - - - # - uses: actions/checkout@v4 - # - name: Extract configuration from tfvars - # id: config - # run: | - # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - # PR_NUMBER=${{ github.event.inputs.pr_number }} - # else - # PR_NUMBER=${{ github.event.pull_request.number }} - # fi - - # if [ -z "$PR_NUMBER" ]; then - # echo "::error ::Failed to extract PR_NUMBER" - # exit 1 - # fi - - # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - # DEV_TFVARS=workspace_variables/dev.tfvars.json - # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - - # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - # echo "::error ::Failed to extract storage_account_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$TERRAFORM_VERSION" ]; then - # echo "::error ::Failed to extract terraform_version from terraform.tf" - # exit 1 - # fi - - # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - # exit 1 - # fi - - # if [ -z "$TF_STATE_CONTAINER" ]; then - # echo "::error ::Failed to extract tf_state_container from terraform.tf" - # exit 1 - # fi - - # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - # shell: bash - # env: - # TFVARS: workspace_variables/review.tfvars.json - # working-directory: terraform - - # - uses: Azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - - # - run: | - # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - # shell: bash - - # - uses: hashicorp/setup-terraform@v3 - # with: - # terraform_version: ${{ env.terraform_version }} - # terraform_wrapper: false - - # - name: Check resource group exists - # run: | - # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - # if [[ "$GROUP" =~ "true" ]]; then - # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Set Environment variables - # if: env.REVIEW_APP_EXISTS == 'true' - # run: | - # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} \ - # --prefix $TF_STATE_FILE --query "[].name" -o tsv) - # if [ -n "$pr_state_file" ]; then - # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Terraform - # if: env.TF_STATE_EXISTS == 'true' - # id: terraform - # run: | - # make ci review terraform-destroy pr_id=${{ env.pr_number }} - # env: - # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - # TF_VAR_aytq_docker_image: ${{ github.sha }} - # shell: bash + delete-review-app-aks: + name: Delete Review App ${{ github.event.pull_request.number }} + concurrency: deploy_review_${{ github.event.pull_request.number }} + runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} + environment: aks-review + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Extract configuration from tfvars + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + + if [ -z "$PR_NUMBER" ]; then + echo "::error ::Failed to extract PR_NUMBER" + exit 1 + fi + + RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + DEV_TFVARS=workspace_variables/dev.tfvars.json + TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + exit 1 + fi + + if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + echo "::error ::Failed to extract storage_account_name from $TFVARS" + exit 1 + fi + + if [ -z "$TERRAFORM_VERSION" ]; then + echo "::error ::Failed to extract terraform_version from terraform.tf" + exit 1 + fi + + if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + exit 1 + fi + + if [ -z "$TF_STATE_CONTAINER" ]; then + echo "::error ::Failed to extract tf_state_container from terraform.tf" + exit 1 + fi + + echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + shell: bash + env: + TFVARS: workspace_variables/review.tfvars.json + working-directory: terraform + + - uses: Azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - run: | + TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + shell: bash + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: ${{ env.terraform_version }} + terraform_wrapper: false + + - name: Check resource group exists + run: | + GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + if [[ "$GROUP" =~ "true" ]]; then + echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + fi + + - name: Set Environment variables + if: env.REVIEW_APP_EXISTS == 'true' + run: | + TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} \ + --prefix $TF_STATE_FILE --query "[].name" -o tsv) + if [ -n "$pr_state_file" ]; then + echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + fi + + - name: Terraform + if: env.TF_STATE_EXISTS == 'true' + run: | + make ci review terraform-destroy pr_id=${{ env.pr_number }} + env: + ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + TF_VAR_aytq_docker_image: ${{ github.sha }} + shell: bash + + - name: Post Pull Request Comment ${{ github.event.number }} + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + Review app Access Your Teaching Qualifications deployed to was deleted + Review app Check A Teacher's Record deployed to was deleted From 2e5ad8c157549c477c3075ef2ee3a310cfa60579 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 22:24:28 +0100 Subject: [PATCH 22/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 9ec816d6..376ad747 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -164,13 +164,13 @@ jobs: exit 1 fi - RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + . global_config/review.sh + + APP_RESOURCE_GROUP_NAME=$AZURE_RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) DEV_TFVARS=workspace_variables/dev.tfvars.json TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then echo "::error ::Failed to extract app_resource_group_name from $TFVARS" @@ -192,21 +192,15 @@ jobs: exit 1 fi - if [ -z "$TF_STATE_CONTAINER" ]; then - echo "::error ::Failed to extract tf_state_container from terraform.tf" - exit 1 - fi - echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + echo "tf_resource_group_name=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV shell: bash env: - TFVARS: workspace_variables/review.tfvars.json - working-directory: terraform + TFVARS: config/review.tfvars.json + working-directory: terraform/application - uses: Azure/login@v1 with: @@ -236,7 +230,7 @@ jobs: TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + pr_state_file=$(az storage blob list -c terraform-state \ --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ --account-name ${{ env.storage_account_name }} \ --prefix $TF_STATE_FILE --query "[].name" -o tsv) From a765964dbac01fe05e2aeaa63cbf7441f49222d3 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 22:45:58 +0100 Subject: [PATCH 23/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 193 +++++++++++++----------- 1 file changed, 105 insertions(+), 88 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 376ad747..96e91f48 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -149,104 +149,121 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} environment: aks-review steps: + # - name: Checkout + # uses: actions/checkout@v4 + # - name: Extract configuration from tfvars + # run: | + # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + # PR_NUMBER=${{ github.event.inputs.pr_number }} + # else + # PR_NUMBER=${{ github.event.pull_request.number }} + # fi + + # if [ -z "$PR_NUMBER" ]; then + # echo "::error ::Failed to extract PR_NUMBER" + # exit 1 + # fi + + # . global_config/review.sh + + # APP_RESOURCE_GROUP_NAME=$AZURE_RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + # DEV_TFVARS=workspace_variables/dev.tfvars.json + # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + + # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + # echo "::error ::Failed to extract storage_account_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$TERRAFORM_VERSION" ]; then + # echo "::error ::Failed to extract terraform_version from terraform.tf" + # exit 1 + # fi + + # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + # exit 1 + # fi + + # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + # echo "tf_resource_group_name=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV + # shell: bash + # env: + # TFVARS: config/review.tfvars.json + # working-directory: terraform/application + + # - uses: Azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + + # - run: | + # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + # shell: bash + + # - uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: ${{ env.terraform_version }} + # terraform_wrapper: false + + # - name: Check resource group exists + # run: | + # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + # if [[ "$GROUP" =~ "true" ]]; then + # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Set Environment variables + # if: env.REVIEW_APP_EXISTS == 'true' + # run: | + # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + # pr_state_file=$(az storage blob list -c terraform-state \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} \ + # --prefix $TF_STATE_FILE --query "[].name" -o tsv) + # if [ -n "$pr_state_file" ]; then + # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Terraform + # if: env.TF_STATE_EXISTS == 'true' + # run: | + # make ci review terraform-destroy pr_id=${{ env.pr_number }} + # env: + # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + # TF_VAR_aytq_docker_image: ${{ github.sha }} + # shell: bash - name: Checkout uses: actions/checkout@v4 - - name: Extract configuration from tfvars - run: | - if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - PR_NUMBER=${{ github.event.inputs.pr_number }} - else - PR_NUMBER=${{ github.event.pull_request.number }} - fi - - if [ -z "$PR_NUMBER" ]; then - echo "::error ::Failed to extract PR_NUMBER" - exit 1 - fi - - . global_config/review.sh - - APP_RESOURCE_GROUP_NAME=$AZURE_RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - DEV_TFVARS=workspace_variables/dev.tfvars.json - TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - - if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - exit 1 - fi - - if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - echo "::error ::Failed to extract storage_account_name from $TFVARS" - exit 1 - fi - - if [ -z "$TERRAFORM_VERSION" ]; then - echo "::error ::Failed to extract terraform_version from terraform.tf" - exit 1 - fi - - if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - exit 1 - fi - - echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - echo "tf_resource_group_name=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV - shell: bash - env: - TFVARS: config/review.tfvars.json - working-directory: terraform/application - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - run: | - TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - shell: bash - uses: hashicorp/setup-terraform@v3 with: - terraform_version: ${{ env.terraform_version }} + terraform_version: 1.6.4 terraform_wrapper: false - - name: Check resource group exists - run: | - GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - if [[ "$GROUP" =~ "true" ]]; then - echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - fi - - - name: Set Environment variables - if: env.REVIEW_APP_EXISTS == 'true' - run: | - TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - pr_state_file=$(az storage blob list -c terraform-state \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} \ - --prefix $TF_STATE_FILE --query "[].name" -o tsv) - if [ -n "$pr_state_file" ]; then - echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - fi + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} - - name: Terraform - if: env.TF_STATE_EXISTS == 'true' + - name: Terraform Destroy run: | - make ci review terraform-destroy pr_id=${{ env.pr_number }} + make ci review terraform-destroy env: - ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - TF_VAR_aytq_docker_image: ${{ github.sha }} - shell: bash + PR_NUMBER: ${{ github.event.pull_request.number }} - name: Post Pull Request Comment ${{ github.event.number }} if: ${{ github.event_name == 'pull_request' }} From c2f194a739d6a3f119d839c20270ea3365fdd89a Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 22:48:25 +0100 Subject: [PATCH 24/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 98 ------------------------- 1 file changed, 98 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 96e91f48..2bbda948 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -149,104 +149,6 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} environment: aks-review steps: - # - name: Checkout - # uses: actions/checkout@v4 - # - name: Extract configuration from tfvars - # run: | - # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - # PR_NUMBER=${{ github.event.inputs.pr_number }} - # else - # PR_NUMBER=${{ github.event.pull_request.number }} - # fi - - # if [ -z "$PR_NUMBER" ]; then - # echo "::error ::Failed to extract PR_NUMBER" - # exit 1 - # fi - - # . global_config/review.sh - - # APP_RESOURCE_GROUP_NAME=$AZURE_RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - # DEV_TFVARS=workspace_variables/dev.tfvars.json - # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - - # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - # echo "::error ::Failed to extract storage_account_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$TERRAFORM_VERSION" ]; then - # echo "::error ::Failed to extract terraform_version from terraform.tf" - # exit 1 - # fi - - # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - # exit 1 - # fi - - # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - # echo "tf_resource_group_name=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV - # shell: bash - # env: - # TFVARS: config/review.tfvars.json - # working-directory: terraform/application - - # - uses: Azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - - # - run: | - # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - # shell: bash - - # - uses: hashicorp/setup-terraform@v3 - # with: - # terraform_version: ${{ env.terraform_version }} - # terraform_wrapper: false - - # - name: Check resource group exists - # run: | - # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - # if [[ "$GROUP" =~ "true" ]]; then - # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Set Environment variables - # if: env.REVIEW_APP_EXISTS == 'true' - # run: | - # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - # pr_state_file=$(az storage blob list -c terraform-state \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} \ - # --prefix $TF_STATE_FILE --query "[].name" -o tsv) - # if [ -n "$pr_state_file" ]; then - # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Terraform - # if: env.TF_STATE_EXISTS == 'true' - # run: | - # make ci review terraform-destroy pr_id=${{ env.pr_number }} - # env: - # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - # TF_VAR_aytq_docker_image: ${{ github.sha }} - # shell: bash - name: Checkout uses: actions/checkout@v4 From 0b84ca989a58523a232b02624b67332eeeda92e6 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 22:50:59 +0100 Subject: [PATCH 25/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 2bbda948..36c242e7 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -163,7 +163,7 @@ jobs: - name: Terraform Destroy run: | - make ci review terraform-destroy + make ci aks-review terraform-destroy env: PR_NUMBER: ${{ github.event.pull_request.number }} From 4c6c15e85fee7a241fed91cc6eb662d08e933248 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 22:59:38 +0100 Subject: [PATCH 26/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 254 ++++++++++++------------ 1 file changed, 127 insertions(+), 127 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 36c242e7..76067fb0 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -14,133 +14,133 @@ on: type: string jobs: - delete-review-app: - name: Delete Review App ${{ github.event.pull_request.number }} - concurrency: deploy_review_${{ github.event.pull_request.number }} - runs-on: ubuntu-latest - if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} - environment: review - steps: - - uses: actions/checkout@v4 - - name: Extract configuration from tfvars - id: config - run: | - if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - PR_NUMBER=${{ github.event.inputs.pr_number }} - else - PR_NUMBER=${{ github.event.pull_request.number }} - fi - - if [ -z "$PR_NUMBER" ]; then - echo "::error ::Failed to extract PR_NUMBER" - exit 1 - fi - - RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - DEV_TFVARS=workspace_variables/dev.tfvars.json - TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - - if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - exit 1 - fi - - if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - echo "::error ::Failed to extract storage_account_name from $TFVARS" - exit 1 - fi - - if [ -z "$TERRAFORM_VERSION" ]; then - echo "::error ::Failed to extract terraform_version from terraform.tf" - exit 1 - fi - - if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - exit 1 - fi - - if [ -z "$TF_STATE_CONTAINER" ]; then - echo "::error ::Failed to extract tf_state_container from terraform.tf" - exit 1 - fi - - echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - shell: bash - env: - TFVARS: workspace_variables/review.tfvars.json - working-directory: terraform - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - run: | - TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - shell: bash - - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: ${{ env.terraform_version }} - terraform_wrapper: false - - - name: Check resource group exists - run: | - GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - if [[ "$GROUP" =~ "true" ]]; then - echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - fi - - - name: Set Environment variables - if: env.REVIEW_APP_EXISTS == 'true' - run: | - TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} \ - --prefix $TF_STATE_FILE --query "[].name" -o tsv) - if [ -n "$pr_state_file" ]; then - echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - fi - - - name: Terraform - if: env.TF_STATE_EXISTS == 'true' - id: terraform - run: | - make ci review terraform-destroy pr_id=${{ env.pr_number }} - env: - ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - TF_VAR_aytq_docker_image: ${{ github.sha }} - shell: bash - - - name: Delete tf state file - if: env.TF_STATE_EXISTS == 'true' - run: | - az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ - --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - --account-name ${{ env.storage_account_name }} - - - name: Post Pull Request Comment - if: ${{ github.event_name == 'pull_request' }} - uses: marocchino/sticky-pull-request-comment@v2 - with: - message: | - Review app Access Your Teaching Qualifications deployed to was deleted - Review app Check A Teacher's Record deployed to was deleted + # delete-review-app: + # name: Delete Review App ${{ github.event.pull_request.number }} + # concurrency: deploy_review_${{ github.event.pull_request.number }} + # runs-on: ubuntu-latest + # if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} + # environment: review + # steps: + # - uses: actions/checkout@v4 + # - name: Extract configuration from tfvars + # id: config + # run: | + # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + # PR_NUMBER=${{ github.event.inputs.pr_number }} + # else + # PR_NUMBER=${{ github.event.pull_request.number }} + # fi + + # if [ -z "$PR_NUMBER" ]; then + # echo "::error ::Failed to extract PR_NUMBER" + # exit 1 + # fi + + # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + # DEV_TFVARS=workspace_variables/dev.tfvars.json + # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + # echo "::error ::Failed to extract storage_account_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$TERRAFORM_VERSION" ]; then + # echo "::error ::Failed to extract terraform_version from terraform.tf" + # exit 1 + # fi + + # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + # exit 1 + # fi + + # if [ -z "$TF_STATE_CONTAINER" ]; then + # echo "::error ::Failed to extract tf_state_container from terraform.tf" + # exit 1 + # fi + + # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + # shell: bash + # env: + # TFVARS: workspace_variables/review.tfvars.json + # working-directory: terraform + + # - uses: Azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + + # - run: | + # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + # shell: bash + + # - uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: ${{ env.terraform_version }} + # terraform_wrapper: false + + # - name: Check resource group exists + # run: | + # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + # if [[ "$GROUP" =~ "true" ]]; then + # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Set Environment variables + # if: env.REVIEW_APP_EXISTS == 'true' + # run: | + # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} \ + # --prefix $TF_STATE_FILE --query "[].name" -o tsv) + # if [ -n "$pr_state_file" ]; then + # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Terraform + # if: env.TF_STATE_EXISTS == 'true' + # id: terraform + # run: | + # make ci review terraform-destroy pr_id=${{ env.pr_number }} + # env: + # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + # TF_VAR_aytq_docker_image: ${{ github.sha }} + # shell: bash + + # - name: Delete tf state file + # if: env.TF_STATE_EXISTS == 'true' + # run: | + # az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} + + # - name: Post Pull Request Comment + # if: ${{ github.event_name == 'pull_request' }} + # uses: marocchino/sticky-pull-request-comment@v2 + # with: + # message: | + # Review app Access Your Teaching Qualifications deployed to was deleted + # Review app Check A Teacher's Record deployed to was deleted delete-review-app-aks: name: Delete Review App ${{ github.event.pull_request.number }} From 4f05f7fe50910c510db158515ff2b621699f1eef Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 23:06:25 +0100 Subject: [PATCH 27/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 100 +++++++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 76067fb0..c1b1da00 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -149,6 +149,104 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} environment: aks-review steps: + # - name: Checkout + # uses: actions/checkout@v4 + # - name: Extract configuration from tfvars + # run: | + # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + # PR_NUMBER=${{ github.event.inputs.pr_number }} + # else + # PR_NUMBER=${{ github.event.pull_request.number }} + # fi + + # if [ -z "$PR_NUMBER" ]; then + # echo "::error ::Failed to extract PR_NUMBER" + # exit 1 + # fi + + # . global_config/review.sh + + # APP_RESOURCE_GROUP_NAME=$AZURE_RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + # DEV_TFVARS=workspace_variables/dev.tfvars.json + # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + + # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + # echo "::error ::Failed to extract storage_account_name from $TFVARS" + # exit 1 + # fi + + # if [ -z "$TERRAFORM_VERSION" ]; then + # echo "::error ::Failed to extract terraform_version from terraform.tf" + # exit 1 + # fi + + # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + # exit 1 + # fi + + # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + # echo "tf_resource_group_name=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV + # shell: bash + # env: + # TFVARS: config/review.tfvars.json + # working-directory: terraform/application + + # - uses: Azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + + # - run: | + # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + # shell: bash + + # - uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: ${{ env.terraform_version }} + # terraform_wrapper: false + + # - name: Check resource group exists + # run: | + # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + # if [[ "$GROUP" =~ "true" ]]; then + # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Set Environment variables + # if: env.REVIEW_APP_EXISTS == 'true' + # run: | + # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + # pr_state_file=$(az storage blob list -c terraform-state \ + # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + # --account-name ${{ env.storage_account_name }} \ + # --prefix $TF_STATE_FILE --query "[].name" -o tsv) + # if [ -n "$pr_state_file" ]; then + # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + # fi + + # - name: Terraform + # if: env.TF_STATE_EXISTS == 'true' + # run: | + # make ci review terraform-destroy pr_id=${{ env.pr_number }} + # env: + # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + # TF_VAR_aytq_docker_image: ${{ github.sha }} + # shell: bash - name: Checkout uses: actions/checkout@v4 @@ -163,7 +261,7 @@ jobs: - name: Terraform Destroy run: | - make ci aks-review terraform-destroy + make ci review terraform-destroy env: PR_NUMBER: ${{ github.event.pull_request.number }} From 6905539f88ad663179f7059b94b008c6eead5b1d Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 23:07:35 +0100 Subject: [PATCH 28/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index c1b1da00..29378656 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -261,7 +261,7 @@ jobs: - name: Terraform Destroy run: | - make ci review terraform-destroy + make ci review terraform-destroy pr_id=${{ github.event.pull_request.number }} env: PR_NUMBER: ${{ github.event.pull_request.number }} From 3acaf81e3f17d36652badd9d8247dfa7c47988dc Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Tue, 3 Sep 2024 23:10:49 +0100 Subject: [PATCH 29/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 29378656..f0e59111 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -261,7 +261,7 @@ jobs: - name: Terraform Destroy run: | - make ci review terraform-destroy pr_id=${{ github.event.pull_request.number }} + make ci aks-review aks-terraform-destroy env: PR_NUMBER: ${{ github.event.pull_request.number }} From f24edd18f2e6b3067b2c370bbcec67a342f04a3a Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 4 Sep 2024 17:12:13 +0100 Subject: [PATCH 30/37] Ammending delete workflow --- .github/workflows/delete-review-app.yml | 401 +++++++++++------------- 1 file changed, 175 insertions(+), 226 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index f0e59111..01334703 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -14,133 +14,133 @@ on: type: string jobs: - # delete-review-app: - # name: Delete Review App ${{ github.event.pull_request.number }} - # concurrency: deploy_review_${{ github.event.pull_request.number }} - # runs-on: ubuntu-latest - # if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} - # environment: review - # steps: - # - uses: actions/checkout@v4 - # - name: Extract configuration from tfvars - # id: config - # run: | - # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - # PR_NUMBER=${{ github.event.inputs.pr_number }} - # else - # PR_NUMBER=${{ github.event.pull_request.number }} - # fi - - # if [ -z "$PR_NUMBER" ]; then - # echo "::error ::Failed to extract PR_NUMBER" - # exit 1 - # fi - - # RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) - # APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - # DEV_TFVARS=workspace_variables/dev.tfvars.json - # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - # TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") - - # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - # echo "::error ::Failed to extract storage_account_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$TERRAFORM_VERSION" ]; then - # echo "::error ::Failed to extract terraform_version from terraform.tf" - # exit 1 - # fi - - # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - # exit 1 - # fi - - # if [ -z "$TF_STATE_CONTAINER" ]; then - # echo "::error ::Failed to extract tf_state_container from terraform.tf" - # exit 1 - # fi - - # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - # echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV - # shell: bash - # env: - # TFVARS: workspace_variables/review.tfvars.json - # working-directory: terraform - - # - uses: Azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - - # - run: | - # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - # shell: bash - - # - uses: hashicorp/setup-terraform@v3 - # with: - # terraform_version: ${{ env.terraform_version }} - # terraform_wrapper: false - - # - name: Check resource group exists - # run: | - # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - # if [[ "$GROUP" =~ "true" ]]; then - # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Set Environment variables - # if: env.REVIEW_APP_EXISTS == 'true' - # run: | - # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - # pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} \ - # --prefix $TF_STATE_FILE --query "[].name" -o tsv) - # if [ -n "$pr_state_file" ]; then - # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Terraform - # if: env.TF_STATE_EXISTS == 'true' - # id: terraform - # run: | - # make ci review terraform-destroy pr_id=${{ env.pr_number }} - # env: - # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - # TF_VAR_aytq_docker_image: ${{ github.sha }} - # shell: bash - - # - name: Delete tf state file - # if: env.TF_STATE_EXISTS == 'true' - # run: | - # az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} - - # - name: Post Pull Request Comment - # if: ${{ github.event_name == 'pull_request' }} - # uses: marocchino/sticky-pull-request-comment@v2 - # with: - # message: | - # Review app Access Your Teaching Qualifications deployed to was deleted - # Review app Check A Teacher's Record deployed to was deleted + delete-review-app: + name: Delete Review App ${{ github.event.pull_request.number }} + concurrency: deploy_review_${{ github.event.pull_request.number }} + runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} + environment: review + steps: + - uses: actions/checkout@v4 + - name: Extract configuration from tfvars + id: config + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + + if [ -z "$PR_NUMBER" ]; then + echo "::error ::Failed to extract PR_NUMBER" + exit 1 + fi + + RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) + APP_RESOURCE_GROUP_NAME=$RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg + STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) + TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) + DEV_TFVARS=workspace_variables/dev.tfvars.json + TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) + TF_STATE_CONTAINER=$(awk '/{/{f=/backend/;next}f' terraform.tf | grep -o "\"[a-z\-]*\"" | tr -d \") + + if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract app_resource_group_name from $TFVARS" + exit 1 + fi + + if [ -z "$STORAGE_ACCOUNT_NAME" ]; then + echo "::error ::Failed to extract storage_account_name from $TFVARS" + exit 1 + fi + + if [ -z "$TERRAFORM_VERSION" ]; then + echo "::error ::Failed to extract terraform_version from terraform.tf" + exit 1 + fi + + if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then + echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" + exit 1 + fi + + if [ -z "$TF_STATE_CONTAINER" ]; then + echo "::error ::Failed to extract tf_state_container from terraform.tf" + exit 1 + fi + + echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV + echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV + echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV + echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV + echo "tf_state_container=$TF_STATE_CONTAINER" >> $GITHUB_ENV + shell: bash + env: + TFVARS: workspace_variables/review.tfvars.json + working-directory: terraform + + - uses: Azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - run: | + TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + shell: bash + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: ${{ env.terraform_version }} + terraform_wrapper: false + + - name: Check resource group exists + run: | + GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) + if [[ "$GROUP" =~ "true" ]]; then + echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV + fi + + - name: Set Environment variables + if: env.REVIEW_APP_EXISTS == 'true' + run: | + TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate + echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + pr_state_file=$(az storage blob list -c ${{ env.tf_state_container }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} \ + --prefix $TF_STATE_FILE --query "[].name" -o tsv) + if [ -n "$pr_state_file" ]; then + echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + fi + + - name: Terraform + if: env.TF_STATE_EXISTS == 'true' + id: terraform + run: | + make ci review terraform-destroy pr_id=${{ env.pr_number }} + env: + ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} + TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} + TF_VAR_aytq_docker_image: ${{ github.sha }} + shell: bash + + - name: Delete tf state file + if: env.TF_STATE_EXISTS == 'true' + run: | + az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.storage_account_name }} + + - name: Post Pull Request Comment + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + message: | + Review app Access Your Teaching Qualifications deployed to was deleted + Review app Check A Teacher's Record deployed to was deleted delete-review-app-aks: name: Delete Review App ${{ github.event.pull_request.number }} @@ -149,112 +149,54 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }} environment: aks-review steps: - # - name: Checkout - # uses: actions/checkout@v4 - # - name: Extract configuration from tfvars - # run: | - # if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - # PR_NUMBER=${{ github.event.inputs.pr_number }} - # else - # PR_NUMBER=${{ github.event.pull_request.number }} - # fi - - # if [ -z "$PR_NUMBER" ]; then - # echo "::error ::Failed to extract PR_NUMBER" - # exit 1 - # fi - - # . global_config/review.sh - - # APP_RESOURCE_GROUP_NAME=$AZURE_RESOURCE_PREFIX-review-pr-$PR_NUMBER-rg - # STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) - # TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) - # DEV_TFVARS=workspace_variables/dev.tfvars.json - # TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) - - # if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract app_resource_group_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$STORAGE_ACCOUNT_NAME" ]; then - # echo "::error ::Failed to extract storage_account_name from $TFVARS" - # exit 1 - # fi - - # if [ -z "$TERRAFORM_VERSION" ]; then - # echo "::error ::Failed to extract terraform_version from terraform.tf" - # exit 1 - # fi - - # if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then - # echo "::error ::Failed to extract resource_group_name from $DEV_TFVARS" - # exit 1 - # fi - - # echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV - # echo "pr_number=$PR_NUMBER" >> $GITHUB_ENV - # echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV - # echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV - # echo "tf_resource_group_name=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV - # shell: bash - # env: - # TFVARS: config/review.tfvars.json - # working-directory: terraform/application - - # - uses: Azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - - # - run: | - # TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" - # echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" - # echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - # shell: bash - - # - uses: hashicorp/setup-terraform@v3 - # with: - # terraform_version: ${{ env.terraform_version }} - # terraform_wrapper: false - - # - name: Check resource group exists - # run: | - # GROUP=$(az group exists --name ${{ env.app_resource_group_name }}) - # if [[ "$GROUP" =~ "true" ]]; then - # echo "REVIEW_APP_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Set Environment variables - # if: env.REVIEW_APP_EXISTS == 'true' - # run: | - # TF_STATE_FILE=review/review-pr-${{ env.pr_number }}.tfstate - # echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV - - # pr_state_file=$(az storage blob list -c terraform-state \ - # --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ - # --account-name ${{ env.storage_account_name }} \ - # --prefix $TF_STATE_FILE --query "[].name" -o tsv) - # if [ -n "$pr_state_file" ]; then - # echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV - # fi - - # - name: Terraform - # if: env.TF_STATE_EXISTS == 'true' - # run: | - # make ci review terraform-destroy pr_id=${{ env.pr_number }} - # env: - # ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} - # TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} - # TF_VAR_aytq_docker_image: ${{ github.sha }} - # shell: bash - name: Checkout uses: actions/checkout@v4 + - name: Extract configuration from tfvars + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + + . global_config/review.sh + + echo "STORAGE_ACCOUNT_NAME=s189t01aytqrvtfsa" >> $GITHUB_ENV + echo "TF_RESOURCE_GROUP_NAME=s189t01-aytq-rv-rg" >> $GITHUB_ENV + shell: bash + env: + TFVARS: config/review.tfvars.json + working-directory: terraform/application + + - uses: Azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - run: | + TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.TF_RESOURCE_GROUP_NAME }} -n ${{ env.STORAGE_ACCOUNT_NAME }} | jq -r '.[0].value')" + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV + shell: bash + - uses: hashicorp/setup-terraform@v3 with: terraform_version: 1.6.4 terraform_wrapper: false + - name: Set Environment variables + run: | + TF_STATE_FILE=review/review-pr-${{ env.PR_NUMBER }}.tfstate + echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV + + pr_state_file=$(az storage blob list -c terraform-state \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.STORAGE_ACCOUNT_NAME }} \ + --prefix $TF_STATE_FILE --query "[].name" -o tsv) + if [ -n "$pr_state_file" ]; then + echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV + fi + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master with: azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} @@ -263,7 +205,14 @@ jobs: run: | make ci aks-review aks-terraform-destroy env: - PR_NUMBER: ${{ github.event.pull_request.number }} + PR_NUMBER: ${{ env.PR_NUMBER }} + + - name: Delete tf state file + if: env.TF_STATE_EXISTS == 'true' + run: | + az storage blob delete -c terraform-state --name ${{ env.TF_STATE_FILE }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ + --account-name ${{ env.STORAGE_ACCOUNT_NAME }} - name: Post Pull Request Comment ${{ github.event.number }} if: ${{ github.event_name == 'pull_request' }} From fb6b06090c9a8d9ac5aca30daa894a13e4c5d0b6 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 4 Sep 2024 17:18:57 +0100 Subject: [PATCH 31/37] Removing global config review.sh and working directory --- .github/workflows/delete-review-app.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 01334703..4f23a0cd 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -160,14 +160,9 @@ jobs: PR_NUMBER=${{ github.event.pull_request.number }} fi - . global_config/review.sh - echo "STORAGE_ACCOUNT_NAME=s189t01aytqrvtfsa" >> $GITHUB_ENV echo "TF_RESOURCE_GROUP_NAME=s189t01-aytq-rv-rg" >> $GITHUB_ENV shell: bash - env: - TFVARS: config/review.tfvars.json - working-directory: terraform/application - uses: Azure/login@v1 with: From 1422f9f120a9ff8d39e2da64636954192d276c54 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 4 Sep 2024 17:23:43 +0100 Subject: [PATCH 32/37] Removing uneccesary env --- .github/workflows/delete-review-app.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 4f23a0cd..0b05e0d7 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -199,8 +199,6 @@ jobs: - name: Terraform Destroy run: | make ci aks-review aks-terraform-destroy - env: - PR_NUMBER: ${{ env.PR_NUMBER }} - name: Delete tf state file if: env.TF_STATE_EXISTS == 'true' From 8fdf9c94e0f771c244fb3a648b2519280c9adbf7 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 4 Sep 2024 17:29:18 +0100 Subject: [PATCH 33/37] Setting PR number as env --- .github/workflows/delete-review-app.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 0b05e0d7..caf39357 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -160,6 +160,7 @@ jobs: PR_NUMBER=${{ github.event.pull_request.number }} fi + echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV echo "STORAGE_ACCOUNT_NAME=s189t01aytqrvtfsa" >> $GITHUB_ENV echo "TF_RESOURCE_GROUP_NAME=s189t01-aytq-rv-rg" >> $GITHUB_ENV shell: bash @@ -199,6 +200,8 @@ jobs: - name: Terraform Destroy run: | make ci aks-review aks-terraform-destroy + env: + PR_NUMBER: ${{ env.PR_NUMBER }} - name: Delete tf state file if: env.TF_STATE_EXISTS == 'true' From 4abc4e8b8b6e700a7195db4edf8911baf0c8174d Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 4 Sep 2024 17:39:28 +0100 Subject: [PATCH 34/37] Correcting tf state file name --- .github/workflows/delete-review-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index caf39357..b952663c 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -182,7 +182,7 @@ jobs: - name: Set Environment variables run: | - TF_STATE_FILE=review/review-pr-${{ env.PR_NUMBER }}.tfstate + TF_STATE_FILE=pr-${{ env.PR_NUMBER }}_kubernetes.tfstate echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV pr_state_file=$(az storage blob list -c terraform-state \ From dba4a75ff1d124d8d735be4d5497f2e979f9cd00 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Wed, 4 Sep 2024 17:48:10 +0100 Subject: [PATCH 35/37] Improving delete app post pull request comment --- .github/workflows/delete-review-app.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index b952663c..e2efc5d2 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -216,5 +216,7 @@ jobs: with: header: aks message: | - Review app Access Your Teaching Qualifications deployed to was deleted - Review app Check A Teacher's Record deployed to was deleted + The review apps Access Your Teaching Qualifications & Check A Teacher's Record have been deleted. + The following domains are not available anymore: + - + - From 83d9245d8ba99153585a9fa1d248342707cd7df5 Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Thu, 5 Sep 2024 12:56:05 +0100 Subject: [PATCH 36/37] Removing post pull request comment for review app non aks delete --- .github/workflows/delete-review-app.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index e2efc5d2..b939a36c 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -1,4 +1,4 @@ -name: Delete review app on AKS +name: Delete Review App on: pull_request: @@ -134,13 +134,6 @@ jobs: --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ --account-name ${{ env.storage_account_name }} - - name: Post Pull Request Comment - if: ${{ github.event_name == 'pull_request' }} - uses: marocchino/sticky-pull-request-comment@v2 - with: - message: | - Review app Access Your Teaching Qualifications deployed to was deleted - Review app Check A Teacher's Record deployed to was deleted delete-review-app-aks: name: Delete Review App ${{ github.event.pull_request.number }} From 82a868c25fd1a88b0327880c14aca52cce09e41b Mon Sep 17 00:00:00 2001 From: Shahe Islam Date: Thu, 5 Sep 2024 15:28:55 +0100 Subject: [PATCH 37/37] Pretty lint --- .github/workflows/delete-review-app.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index b939a36c..9424103a 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -134,7 +134,6 @@ jobs: --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ --account-name ${{ env.storage_account_name }} - delete-review-app-aks: name: Delete Review App ${{ github.event.pull_request.number }} concurrency: deploy_review_${{ github.event.pull_request.number }}