🧑🏻‍🔧 Attendee provisioning

XpiritCommunityEvents · Nov 7, 2024 · 73a5d17 · 73a5d17
1 parent e4600f8
commit 73a5d17
Show file tree

Hide file tree

Showing 9 changed files with 391 additions and 0 deletions.
diff --git a/.devcontainer/post-start.sh b/.devcontainer/post-start.sh
@@ -1,4 +1,8 @@
 #!/bin/sh
 
+my_codespace=$(gh codespace list -R XpiritCommunityEvents/LegacyLiftOffWorkshop --json name | jq -r '.[0].name')
+gh issue create --assignee roycornelissen,vriesmarcel --title $my_codespace --label "provisioning" --body "Please provision my codespace" -R XpiritCommunityEvents/LegacyLiftOffWorkshop
+
 # pull and start the HMS database
 docker run -d -p 1433:1433 marcelv/project_hms_db
+
diff --git a/.github/ISSUE_TEMPLATE/signup-.md b/.github/ISSUE_TEMPLATE/signup-.md
@@ -0,0 +1,21 @@
+---
+name: 'Signup '
+about: Issue template that can be used to signup for an own repository
+title: "[SignUp]"
+labels: signup
+assignees: vriesmarcel, roycornelissen
+
+---
+
+To get a bit familiar with you, please write a few lines with your own introduction using Markdown.
+
+For example:
+     - Who you are
+     - Where you live
+     - Your hobbies
+     - Where you work and your role
+     - Your preferred working conditions
+     - Use Emoji to make it fun!
+     - Draw some inspiration from the [Markdown Cheatsheet](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) or [About GitHub Markdown](https://github.com/wulfland/AccelerateDevOps/issues/232) and spice it up.
+
+You can get some inspiration on these pages from our colleagues: https://github.com/renevanosnabrugge or https://github.com/vriesmarcel
diff --git a/.github/workflows/deprovision-env.yml b/.github/workflows/deprovision-env.yml
@@ -0,0 +1,41 @@
+
+name: Deprovision Azure Resources
+
+on:
+    workflow_dispatch:
+
+jobs:
+  delete-resource-groups:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # - name: Login to Azure
+      #   uses: azure/login@v1
+      #   with:
+      #     creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      # - name: Read GitHub handles from file
+      #   id: read-handles
+      #   run: |
+      #     echo "::set-output name=handles::$(cat provisioning/cleanup-handles.txt)"
+
+      # - name: Loop through handles and delete resource groups
+      #   run: |
+      #     for handle in ${{ steps.read-handles.outputs.handles }}; do
+      #       run: |
+      #           echo "Deleting resource group: $handle"
+      #           az group delete --name $handle --yes
+      #     done
+
+      # #remove user from AAD
+      # - name: Remove user from AAD
+      #   run: |
+      #       for handle in ${{ steps.read-handles.outputs.handles }}; do
+      #           run: |
+      #               echo "Deleting user: $handle"
+      #               az ad user delete --upn-or-object-id $handle
+      #       done
+
+
diff --git a/.github/workflows/provision-env.yml b/.github/workflows/provision-env.yml
@@ -0,0 +1,100 @@
+name: Provision Participant environment
+
+on:
+  issues:
+    types:
+      - closed
+
+  workflow_dispatch:
+    inputs: 
+      githubhandle: 
+        required: true
+        type: text 
+
+jobs:
+  build:
+    runs-on: ubuntu-latest  
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Get issue creator
+      id: github_handle
+      uses: actions/github-script@v6
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          if ("${{ github.event_name }}" == "issues") {
+            const subject = context.payload.issue;
+            if (subject.labels.find(l => l.name == "signup")) {
+              creator = subject.user.login;
+              console.log(`Issue creator: ${creator}`);
+              return creator;
+            }
+            throw new Error("Issue did not have a signup label");
+          }
+          return "${{ github.event.inputs.githubhandle }}";
+        
+    - name: Install GH Collab
+      run: |
+        gh extension install mislav/gh-repo-collab
+      env:
+        GH_TOKEN: ${{ secrets.VSLIVE_REPOCREATE }}
+
+    - name: Create Repository
+      env:
+        GH_TOKEN: ${{ secrets.VSLIVE_REPOCREATE }}
+      run: |
+        # Create clone of this repo for user
+        repo_name="XpiritCommunityEvents/attendeello-${{ steps.github_handle.outputs.result }}"
+        if gh repo view $repo_name &>/dev/null; then
+            echo "Repository $repo_name already exists."
+        else
+          echo "Repository $REPO_NAME does not exist."
+          gh repo create $repo_name \
+            --public \
+            --template ${{ github.repository }}
+        fi
+          
+    - name: Invite Member to Organization
+      env:
+        GH_TOKEN: ${{ secrets.VSLIVE_REPOCREATE }}
+      run: |
+        id=$(gh api users/${{ steps.github_handle.outputs.result }} --jq '.id')
+        gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /orgs/XpiritCommunityEvents/invitations -F invitee_id=$id -f role='direct_member'
+        gh api --method PUT -H "Accept: application/vnd.github+json" /repos/XpiritCommunityEvents/LegacyLiftOffWorkshop/collaborators/${{ steps.github_handle.outputs.result }} -f permission='Attendee'
+
+    - name: Set Rights to Repo
+      env:
+        GH_TOKEN: ${{ secrets.VSLIVE_REPOCREATE }}
+      run: |
+        # Add user to newly cloned repo
+        gh repo-collab add XpiritCommunityEvents/attendeello-${{ steps.github_handle.outputs.result }} ${{ steps.github_handle.outputs.result }} --permission admin | cat
+    
+    - name: Azure Login
+      uses: azure/[email protected]
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    # - name: Create Azure resource
+    #   uses: Azure/[email protected]
+    #   with:
+    #     inlineScript: |
+    #       # Set variables
+    #       RESOURCE_GROUP_NAME=rg-${{ steps.github_handle.outputs.result }}
+    #       APP_SERVICE_PLAN_NAME=asp-${{ steps.github_handle.outputs.result }}
+    #       WEBAPP_HMS="app-${{ steps.github_handle.outputs.result }}-hms"
+
+    #       az group create -l eastus -n $RESOURCE_GROUP_NAME --tags vslive=2024
+
+    #       # Create an App Service Plan
+    #       az appservice plan create --name $APP_SERVICE_PLAN_NAME --resource-group $RESOURCE_GROUP_NAME --sku S1 --tags vslive=2024
+
+    #       # Create Web Apps
+    #       az webapp create --name $WEBAPP_HMS --resource-group $RESOURCE_GROUP_NAME --plan $APP_SERVICE_PLAN_NAME --tags vslive=2024
+
+    # - name: Run User Provisioning Script
+    #   shell: pwsh
+    #   run: |
+    #     ./provisioning/gh-aad.ps1 -githubHandle ${{ steps.github_handle.outputs.result }} -AzureCredentialsJson '${{ secrets.AZURE_CREDENTIALS }}' -InitialPassword "${{ secrets.INITIALPASSWORD }}" -runLocal $false
diff --git a/.github/workflows/readme.md b/.github/workflows/readme.md
@@ -0,0 +1,21 @@
+## Provision workflow
+
+The provision wokflow uses a GitHub Secret called `VSLIVE_REPOCREATE`
+
+The contents of the secret is a Personal Access Token that has the following scopes for the XpiritCommunityEvent Organization
+
+### Repository Permissions
+- Read and Write access to members
+- Read and Write access to organization administration
+- Read and Write access to actions
+- Read and Write access to administration
+- Read and Write access to Contents
+- Read and Write access to issues,
+- Read and Write access to pull requests
+- Read and Write access to secrets
+- Read and Write access to workflows
+
+### Organization Permission
+- Read and Write to Administration
+- Read and Write to Members
+
diff --git a/.github/workflows/register-codespace.yml b/.github/workflows/register-codespace.yml
@@ -0,0 +1,83 @@
+name: Register Participant Codespace
+
+on:
+  issues:
+    types:
+      - closed
+
+  workflow_dispatch:
+    inputs: 
+      githubhandle: 
+        required: true
+        type: text 
+      codespace:
+        required: true
+        type: text 
+
+jobs:
+  build:
+    runs-on: ubuntu-latest  
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Get issue creator
+      id: github_handle
+      uses: actions/github-script@v6
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          if ("${{ github.event_name }}" == "issues") {
+            const subject = context.payload.issue;
+            if (subject.labels.find(l => l.name == "provisioning")) {
+              creator = subject.user.login;
+              console.log(`Issue creator: ${creator}`);
+              return creator;
+            }
+            throw new Error("Issue did not have a provisioning label");
+          }
+          return "${{ github.event.inputs.githubhandle }}";
+
+    - name: Check if user is attendee
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        # Get user id who triggered this workflow
+        
+        role=$(gh api repos/XpiritCommunityEvents/LegacyLiftOffWorkshop/collaborators/${{steps.github_handle.outputs.result}}/permission | jq '.role_name' -r)
+        echo "User has role $role"
+        if [[ "$role" != "Attendee" && "$role" != "admin" ]]; then
+            echo "User is not an attendee or admin. Stopping the workflow."
+            exit 1
+        fi
+
+    - name: Get codespace name from issue title
+      id: codespace_name
+      if: success()
+      uses: actions/github-script@v6
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          if ("${{ github.event_name }}" == "issues") {
+            const subject = context.payload.issue;
+            if (subject.labels.find(l => l.name == "provisioning")) {
+              codespace = subject.title;
+              console.log(`Codespace name: ${codespace}`);
+              return codespace;
+            }
+            throw new Error("Issue did not have a provisioning label");
+          }
+          return "${{ github.event.inputs.codespace }}";
+
+    - name: Azure Login
+      uses: azure/[email protected]
+      if: success()
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: Register codespace as reply url in app registration
+      if: success()
+      shell: pwsh
+      run: |
+        ./provisioning/add-codespace-to-app.ps1 -Codespace ${{ steps.codespace_name.outputs.result }} -AzureCredentialsJson '${{ secrets.AZURE_CREDENTIALS }}'
diff --git a/provisioning/add-codespace-to-app.ps1 b/provisioning/add-codespace-to-app.ps1
@@ -0,0 +1,24 @@
+param (
+    [Parameter(Mandatory=$true)]
+    [string]$Codespace,
+    [Parameter(Mandatory=$true)]
+    [string]$AzureCredentialsJson
+)
+
+$azureCredentials = ConvertFrom-Json $AzureCredentialsJson
+az login --allow-no-subscriptions --service-principal -u $($azureCredentials.clientId) -p $($azureCredentials.clientSecret) --tenant $($azureCredentials.tenantId)
+
+$appId="f1d141cf-c7fe-442d-93ec-53a72a416d8a"
+$urls=az ad app show --id $appId --query "[web.redirectUris]" | ConvertFrom-Json
+
+$Codespace = $Codespace.Trim('"')
+
+foreach ($url in $urls) {
+    if ($url -like "*$Codespace*") {
+        Write-Output "Codespace already added to app"
+        return
+    }
+}
+
+$urls += "https://$Codespace-7219.app.github.dev/signin-oidc"
+az ad app update --id $appId --web-redirect-uris $urls
diff --git a/provisioning/cleanup-handles.txt b/provisioning/cleanup-handles.txt