From 81d1888c1be843e9186f0b289fc4a42713a92928 Mon Sep 17 00:00:00 2001 From: Andreas Salhus Bakseter <141913422+baksetercx@users.noreply.github.com> Date: Mon, 6 May 2024 13:42:10 +0200 Subject: [PATCH] test workflow (#1) --- .github/workflows/deploy.yml | 45 +++++++++++++++++++++++++----------- README.md | 25 +++++++++++++++----- bootstrap.sh | 11 --------- terraform/main.tf | 2 +- terraform/providers.tf | 8 +++---- terraform/variables.tf | 5 ++++ 6 files changed, 61 insertions(+), 35 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0e53426..0529901 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,19 +1,23 @@ name: 'Deploy' on: - pull_request: + push: branches: ['workshop/*'] jobs: - set_name: - name: 'Get name from branch name and set env' + setup: + name: 'Setup' + outputs: + my_name: ${{ steps.set-name.outputs.my_name }} runs-on: ubuntu-latest steps: - - run: echo "MY_NAME=${BRANCH##*/}" >> "$GITHUB_ENV" + - name: 'Setup' + id: set-name + run: echo "my_name=${BRANCH##*/}" >> "$GITHUB_OUTPUT" env: BRANCH: ${{ github.ref_name }} - run_tests: + run-tests: name: 'Run frontend tests' runs-on: ubuntu-latest defaults: @@ -44,15 +48,25 @@ jobs: build: name: 'Build Docker image and push to registry' # Task A.2: - # needs: [set_name] + # needs: [setup] # Answer A.2: - needs: [set_name, run_tests] + needs: [setup, run-tests] # runs-on: ubuntu-latest + permissions: + contents: read + packages: write steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: 'ghcr.io' + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -60,20 +74,25 @@ jobs: uses: docker/build-push-action@v5 with: push: 'true' - tags: 'ghcr.io/${{ github.repository }}/${{ env.MY_NAME }}:latest' - file: 'frontend/Dockerfile' + tags: 'ghcr.io/${{ github.repository }}/${{ needs.setup.outputs.my_name }}:latest' + context: 'frontend' deploy: name: 'Deploy using Terraform' runs-on: ubuntu-latest - needs: [build] + needs: [build, setup] env: TF_VAR_revision_suffix: ${{ github.sha }} - TF_VAR_my_name: ${{ env.MY_NAME }} + TF_VAR_my_name: ${{ needs.setup.outputs.my_name }} + TF_VAR_repository: ${{ github.repository }} ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }} - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }} + ARM_USE_OIDC: 'true' + permissions: + contents: read + id-token: write + environment: prod defaults: run: working-directory: 'terraform' @@ -88,7 +107,7 @@ jobs: run: terraform init - name: Set Terraform workspace - run: teraform workspace new $MY_NAME || terraform workspace select $MY_NAME + run: terraform workspace new $TF_VAR_my_name || terraform workspace select $TF_VAR_my_name - name: Run Terraform plan run: terraform plan diff --git a/README.md b/README.md index 30cb3e4..374802e 100644 --- a/README.md +++ b/README.md @@ -179,15 +179,12 @@ Push branchen din til GitHub og sjekk ut om den kjører. Installer Terraform [her](https://developer.hashicorp.com/terraform/install). -For å kunne kjøre Terraform lokalt kjøre denne kommandoen i mappen [terraform](terraform): - -```bash -terraform init -``` +I denne workshoppen har dere ikke mulighet til å kjøre Terraform lokalt, +men du kan pushe til branch'en din og se på output fra GitHub Actions. ## 🔨 Oppgave 3.1 -Kjør en lokal `plan`. Dette kommer til å feile. +Se på output fra GitHub Actions i steget `deploy`. Her kan du se hva Terraform har tenkt til å lage. ## 🔨 Oppgave 3.2 @@ -229,3 +226,19 @@ resource "azurerm_container_app" "devops" { ``` + +# Setup (ikke en del av workshop'en) + +1. Få tak i en Azure subscription. Pass på at provider `Microsoft.App` er registrert i subscription'en din. +Se [her](https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-register-resource-provider?tabs=azure-cli) for mer informasjon, +evt. kjør kommandoen `az provider register --namespace Microsoft.App` for å registrere den. + +2. Lag en ny Storage Account i Azure for å lagre Terraform state. +Bruk skriptet `bootstrap.sh` for å sette opp en ny Storage Account, som vil lages i resource group `tfstate`. + +3. Lag en App Registration i Entra, og pek den mot riktig GitHub repository/environment. Se [link](). +Du kan bruke `prod` som environment, det er det som brukes i `.github/workflows/deploy.yml`. +Gi den `Contributor`-tilgang til subscription'en din. + +4. Hent ut client ID fra App Registration og legg den i GitHub repository variables under `ARM_CLIENT_ID`. +Hent også ut subscription ID og tentant ID og legg de i GitHub repository variables under `ARM_SUBSCRIPTION_ID` og `ARM_TENANT_ID`. diff --git a/bootstrap.sh b/bootstrap.sh index 0b8e5be..b112444 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -9,12 +9,6 @@ create() { local location="$4" local subscription_id="$5" - # Create service principal - az ad sp create-for-rbac \ - --name "terraform" \ - --role "Contributor" \ - --scopes "/subscriptions/$subscription_id" - # Create resource group az group create \ --name "$resource_group_name" \ @@ -78,11 +72,6 @@ delete() { az group delete \ --name "$resource_group_name" \ --yes - - # Delete service principal - local sp_name - sp_name=$(az ad sp list --display-name terraform --query '[0].appId' -o tsv) - az ad sp delete --id "$sp_name" } main() { diff --git a/terraform/main.tf b/terraform/main.tf index 71ecda1..6038fec 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -25,7 +25,7 @@ resource "azurerm_container_app" "devops" { # Answer T.2: container { name = "devops-workshop" - image = "ghcr.io/computas/devops-workshop/${var.my_name}:latest" + image = "ghcr.io/${var.repository}/${var.my_name}:latest" cpu = "0.25" memory = "0.5Gi" } diff --git a/terraform/providers.tf b/terraform/providers.tf index b4d34cf..21503ba 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -7,10 +7,10 @@ terraform { } backend "azurerm" { - resource_group_name = "tfstate" - storage_account_name = "tfstate24321" - container_name = "tfstate" - key = "terraform.tfstate" + resource_group_name = "tfstate" + storage_account_name = "tfstate27968" + container_name = "tfstate" + key = "terraform.tfstate" } } diff --git a/terraform/variables.tf b/terraform/variables.tf index 299833f..c7ed13a 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -3,6 +3,11 @@ variable "my_name" { description = "Your name. Must be lowercase and only a-z." } +variable "repository" { + type = string + description = "GitHub repository to use for the GHCR image." +} + variable "revision_suffix" { type = string description = "Unique suffix to differentiate versions of container in the container app, use e.g. git SHA."