-
Notifications
You must be signed in to change notification settings - Fork 168
181 lines (155 loc) · 6.45 KB
/
StandardCI.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
name: InfraCI - Starter cluster
# Prerequisites
# 1. Set up your AZURE CREDENTIALS SECRET as per : https://github.com/marketplace/actions/azure-login#configure-a-service-principal-with-a-secret
# 2. Make sure the Service Principal has IAM Owner on the Resource Group you're deploying into (we're making role assignments in the Infra code)
on:
#Run on Manual execution
workflow_dispatch:
inputs:
environment:
description: 'Which GitHub Environment to deploy to'
required: true
default: "csu"
type: environment
#Run when PR's are made to main, where the changes are in the bicep directory or this workflow file itself
pull_request:
branches: [main]
paths:
- "bicep/*"
- ".github/workflows/StandardCI.yml"
types: #Type filtering should stop CI/CD running on draft status workflows
- opened
- reopened
- synchronize
- ready_for_review
#Run on a weekly schedule
schedule:
# At 11:00pm, every Tuesday week
- cron: "0 23 * * 2"
env:
RG: "AksBicepAcc-Ci-BasicCluster" #The resource group we're deploying to.
ParamFilePath: "https://raw.githubusercontent.com/Azure/AKS-Construction/${{ github.head_ref || github.ref_name }}/.github/workflows_dep/AksDeploy-Basic.parameters.json" # ".github/workflows_dep/AksDeploy-Basic.parameters.json" #Path to parameter file
RESNAME: "AksStan" #Used in Azure Resource Naming, overrides the default in the parameter file
DEPNAME: "Dep${{ github.run_number }}" #Deployment Name
AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest
permissions:
id-token: write
contents: read
concurrency: "StanCI-${{ github.event.inputs.Environment != '' && github.event.inputs.Environment || 'csu' }}-AksBicepAcc-Ci-BasicCluster"
jobs:
ReusableWF:
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.head.repo.fork && !github.event.pull_request.draft }}
outputs:
RG: ${{ env.RG }}
ENVIRONMENT: ${{ github.event.inputs.Environment }}
RESNAME: ${{ env.RESNAME }}
PARAMFILE: ${{ env.ParamFilePath }}
steps:
- name: Dummy step
run: echo "Resuable workflows can't be directly reference ENV/INPUTS (yet)"
Validation:
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment }}
if: ${{ !github.event.pull_request.head.repo.fork && !github.event.pull_request.draft }}
steps:
#Get the code files from the repo
- uses: actions/[email protected]
- name: Job parameter check
run: |
RG='${{ env.RG }}'
echo "RG is: $RG"
echo "Environment is: ${{ github.event.inputs.environment }}"
echo "Param file path is: ${{ env.ParamFilePath }}"
echo "Resource name is ${{ env.RESNAME }}"
echo "Deployment name is ${{ env.DEPNAME }}"
- name: Arm Parameter file check exists
shell: pwsh
run: |
Write-Output "Checking parameter file existance/contents"
$paramFilePath="${{ env.ParamFilePath }}"
Test-Path $paramFilePath
if (Test-Path $paramFilePath) {
$paramFileContent=Get-Content $paramFilePath
Write-Output $paramFileContent
}
- name: Azure Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Validate Infrastructure deployment
uses: Azure/cli@v2
with:
azcliversion: ${{ env.AZCLIVERSION }}
inlineScript: |
az account show --query name -o tsv
az deployment group validate -f bicep/main.bicep -g $RG -p ${{ env.ParamFilePath }} -p resourceName=$RESNAME
Deploy:
uses: ./.github/workflows/AKSC_Deploy.yml
needs: [ReusableWF, Validation]
with:
environment: ${{ needs.ReusableWF.outputs.ENVIRONMENT }}
rg: ${{ needs.ReusableWF.outputs.RG }}
resourceName: ${{ needs.ReusableWF.outputs.RESNAME }}
templateParamFile: ${{ needs.ReusableWF.outputs.PARAMFILE }}
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
SmokeTest_SimpleApp:
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment }}
needs: [Deploy]
steps:
- uses: actions/[email protected]
- name: Azure Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: AKS Connect
env:
AKSNAME: ${{ needs.Deploy.outputs.AKSNAME}}
run: az aks get-credentials -n $AKSNAME -g $RG --overwrite-existing
- name: Kubelogin
env:
kubeloginversion: 'v0.0.28'
run: |
wget https://github.com/Azure/kubelogin/releases/download/${{ env.kubeloginversion }}/kubelogin-linux-amd64.zip
unzip kubelogin-linux-amd64.zip
sudo mv bin/linux_amd64/kubelogin /usr/bin
kubelogin convert-kubeconfig -l azurecli
- name: Deploy Simple Workload
env:
MANIFESTTESTURL: "https://raw.githubusercontent.com/Gordonby/AKS-K8S-Lab-L200/master/azure-vote-all-in-one-redis.yaml"
NAMESP: "votey"
run: |
echo "Creating namespace $NAMESP"
kubectl create namespace $NAMESP --dry-run=client -o yaml | kubectl apply -f -
echo $MANIFESTTESTURL
kubectl apply -f $MANIFESTTESTURL -n $NAMESP
- name: Verify Simple Workload
id: simpleworkloadverify
env:
NAMESP: "votey"
run: |
sleep 2m #Give public ip a chance to be allocated
kubectl get po -n $NAMESP
kubectl get svc -n $NAMESP
pubIp=$(kubectl get svc -n $NAMESP -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}')
echo $pubIp
echo "SIMWORKLOADIP=$pubIp" >> $GITHUB_OUTPUT
curl $pubIp
Cleanup:
uses: ./.github/workflows/cleanupRg.yml
needs: [ReusableWF, SmokeTest_SimpleApp]
with:
environment: ${{ needs.ReusableWF.outputs.ENVIRONMENT }}
rg: ${{ needs.ReusableWF.outputs.RG }}
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}