diff --git a/.github/workflows/ByoVnetCI.yml b/.github/workflows/ByoVnetCI.yml index 062080c2c..b12364602 100644 --- a/.github/workflows/ByoVnetCI.yml +++ b/.github/workflows/ByoVnetCI.yml @@ -83,7 +83,7 @@ permissions: concurrency: ci-${{ github.ref }} env: - AZCLIVERSION: 2.43.0 #2.30.0 #2.29.2 #2.26.0 #latest + AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest ParamFilePath: ".github/workflows_dep/AksDeploy-ByoVnet.parameters.json" RESNAME: "Byov" DEPNAME: "Dep${{ github.run_number }}" diff --git a/.github/workflows/ByoVnetPrivateCI.yml b/.github/workflows/ByoVnetPrivateCI.yml index ecc2ee96c..cc858e594 100644 --- a/.github/workflows/ByoVnetPrivateCI.yml +++ b/.github/workflows/ByoVnetPrivateCI.yml @@ -80,7 +80,7 @@ on: env: ParamFilePath: ".github/workflows_dep/AksDeploy-Private.parameters.json" DEPNAME: 'DepPriv${{ github.run_number }}' - AZCLIVERSION: 2.43.0 #2.36.0 #2.30.0 #Pinning to a specific AZ CLI version + AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest concurrency: ci-${{ github.event.inputs.environment }}-${{ github.ref }} diff --git a/.github/workflows/OSSCI.yml b/.github/workflows/OSSCI.yml index 5c381b641..6fa0e4010 100644 --- a/.github/workflows/OSSCI.yml +++ b/.github/workflows/OSSCI.yml @@ -36,7 +36,7 @@ env: RG: "AksBicepAcc-Ci-OssCluster" #The resource group we're deploying to. RESNAME: "AksOss" #Used in Azure Resource Naming, overrides the default in the parameter file DEPNAME: "Dep${{ github.run_number }}" #Deployment Name - AZCLIVERSION: 2.43.0 #Pinning to a specific AZ CLI version + AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest permissions: id-token: write @@ -64,7 +64,7 @@ jobs: run: | LATEST=$(curl https://api.github.com/repos/Azure/AKS-Construction/releases/latest | jq '.tag_name' -r) echo "LATEST=$LATEST" >> $GITHUB_OUTPUT - + ContourDeploy: uses: ./.github/workflows/AKSC_Deploy.yml needs: [ReusableWF] diff --git a/.github/workflows/StandardCI.yml b/.github/workflows/StandardCI.yml index 9cdd0b05a..dc4592069 100644 --- a/.github/workflows/StandardCI.yml +++ b/.github/workflows/StandardCI.yml @@ -31,10 +31,10 @@ on: - cron: "0 23 * * 2" env: RG: "AksBicepAcc-Ci-BasicCluster" #The resource group we're deploying to. - ParamFilePath: "https://raw.githubusercontent.com/Azure/AKS-Construction/0.10.2/.github/workflows_dep/AksDeploy-Basic.parameters.json" # ".github/workflows_dep/AksDeploy-Basic.parameters.json" #Path to parameter file + ParamFilePath: "https://raw.githubusercontent.com/Azure/AKS-Construction/main/.github/workflows_dep/AksDeploy-Basic.parameters.json" # ".github/workflows_dep/AksDeploy-Basic.parameters.json" #Path to parameter file RESNAME: "AksStan" #Used in Azure Resource Naming, overrides the default in the parameter file DEPNAME: "Dep${{ github.run_number }}" #Deployment Name - AZCLIVERSION: 2.43.0 #Pinning to a specific AZ CLI version + AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest permissions: id-token: write diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8ac79991e..bef056266 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/ghpagesTest.yml b/.github/workflows/ghpagesTest.yml index 41c7baf6b..30887ca12 100644 --- a/.github/workflows/ghpagesTest.yml +++ b/.github/workflows/ghpagesTest.yml @@ -26,7 +26,7 @@ on: required: true env: - AZCLIVERSION: 2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest + AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest jobs: Validation: @@ -102,7 +102,7 @@ jobs: - name: Html Broken Link Checker id: lychee - uses: lycheeverse/lychee-action@v1.8.0 + uses: lycheeverse/lychee-action@v1.7.0 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} with: diff --git a/.github/workflows/regressionparams.yml b/.github/workflows/regressionparams.yml index 77493cbae..a0051a33f 100644 --- a/.github/workflows/regressionparams.yml +++ b/.github/workflows/regressionparams.yml @@ -25,7 +25,7 @@ on: env: RG: "AksBicepAcc-Ci-HelperValidate" #The resource group we're deploying to. ParamDir: ".github/workflows_dep/regressionparams/" #Path to parameter file - AZCLIVERSION: 2.43.0 #Pinning to a specific AZ CLI version + AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest jobs: GetParamFiles: diff --git a/bicep/main.bicep b/bicep/main.bicep index 4ed5997e3..72924c48d 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -1107,6 +1107,7 @@ param serviceMeshProfile string = '' @description('The ingress gateway to use for the Istio service mesh') param istioIngressGatewayMode string = '' +param istioRevision string = 'asm-1-17' var serviceMeshProfileObj = { istio: { @@ -1116,6 +1117,9 @@ var serviceMeshProfileObj = { mode: istioIngressGatewayMode }] } + revisions: [ + istioRevision + ] } mode: 'Istio' } @@ -1336,7 +1340,7 @@ keyVaultKmsCreateAndPrereqs || !empty(keyVaultKmsByoKeyId) ? azureKeyVaultKms : !empty(serviceMeshProfile) ? { serviceMeshProfile: serviceMeshProfileObj } : {} ) -resource aks 'Microsoft.ContainerService/managedClusters@2023-06-01' = { +resource aks 'Microsoft.ContainerService/managedClusters@2023-07-02-preview' = { name: 'aks-${resourceName}' location: location properties: aksProperties diff --git a/docs/ReleasingHelper.md b/docs/ReleasingHelper.md index dd29c0b9a..4485b9181 100644 --- a/docs/ReleasingHelper.md +++ b/docs/ReleasingHelper.md @@ -5,6 +5,16 @@ Usually a release of the Helper Web App will be accompanied by changes to the bicep code. In which case a new symantec release tag needs to be chosen (0.8.2 or 0.8.5 etc). There is a [GitHub action workflow](https://github.com/Azure/AKS-Construction/actions/workflows/release.yml) which is initiated manually but automates the release, all that needs to be provided is the new release tag. +- If you are not a member of the [AKS Construction Admins](https://github.com/orgs/Azure/teams/aks-construction-admins) or [AKS Construction Maintainers](https://github.com/orgs/Azure/teams/aks-construction-maintainers) groups, please ask a member of either group to be available to review your deployment - **you won't be able to complete the release without their review** +- Trigger the [Release bicep and helper](https://github.com/Azure/AKS-Construction/actions/workflows/release.yml) action, incrementing the release version by 1 (e.g. 0.10.1 :arrow_right: 0.10.2) +- Wait for the workflow to run to completion + - If any errors occur, examine the output of the job that failed and troubleshoot the issue(s). You may need to submit a fix via PR, which will require an additional person to review and approve + - If there are no errors, the action will pause on the "Deploy Web App to Prod Pages" job - you will need a repo admin or maintainer to review and approve this job to create the final release +- Navigate to the [Releases](https://github.com/Azure/AKS-Construction/releases) page and check your new release has appeared + - It should be showing with the "Pre-release" label + - Edit the release, scroll to the bottom of the page and select "Set as the latest release" and save the change +- Open that [AKS Construction helper](https://azure.github.io/AKS-Construction/) and verify that your release is now the current release + ## Releasing just the Helper Web App Occasionally there will be UI improvements that we want to release that do not have any dependencies in a new release.