InfraCI - Starter cluster #1629
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: InfraCI - Starter cluster | |
| # Prerequisites | |
| # 1. Set up your AZURE CREDENTIALS SECRET as per : https://github.com/marketplace/actions/azure-login#configure-a-service-principal-with-a-secret | |
| # 2. Make sure the Service Principal has IAM Owner on the Resource Group you're deploying into (we're making role assignments in the Infra code) | |
| on: | |
| #Run on Manual execution | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Which GitHub Environment to deploy to' | |
| required: true | |
| default: "csu" | |
| type: environment | |
| #Run when PR's are made to main, where the changes are in the bicep directory or this workflow file itself | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - "bicep/*" | |
| - ".github/workflows/StandardCI.yml" | |
| types: #Type filtering should stop CI/CD running on draft status workflows | |
| - opened | |
| - reopened | |
| - synchronize | |
| - ready_for_review | |
| #Run on a weekly schedule | |
| schedule: | |
| # At 11:00pm, every Tuesday week | |
| - cron: "0 23 * * 2" | |
| env: | |
| RG: "AksBicepAcc-Ci-BasicCluster" #The resource group we're deploying to. | |
| ParamFilePath: "https://raw.githubusercontent.com/Azure/AKS-Construction/${{ github.head_ref || github.ref_name }}/.github/workflows_dep/AksDeploy-Basic.parameters.json" # ".github/workflows_dep/AksDeploy-Basic.parameters.json" #Path to parameter file | |
| RESNAME: "AksStan" #Used in Azure Resource Naming, overrides the default in the parameter file | |
| DEPNAME: "Dep${{ github.run_number }}" #Deployment Name | |
| AZCLIVERSION: 2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| concurrency: "StanCI-${{ github.event.inputs.Environment != '' && github.event.inputs.Environment || 'csu' }}-AksBicepAcc-Ci-BasicCluster" | |
| jobs: | |
| ReusableWF: | |
| runs-on: ubuntu-latest | |
| if: ${{ !github.event.pull_request.head.repo.fork && !github.event.pull_request.draft }} | |
| outputs: | |
| RG: ${{ env.RG }} | |
| ENVIRONMENT: ${{ github.event.inputs.Environment }} | |
| RESNAME: ${{ env.RESNAME }} | |
| PARAMFILE: ${{ env.ParamFilePath }} | |
| steps: | |
| - name: Dummy step | |
| run: echo "Resuable workflows can't be directly reference ENV/INPUTS (yet)" | |
| Validation: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.environment }} | |
| if: ${{ !github.event.pull_request.head.repo.fork && !github.event.pull_request.draft }} | |
| steps: | |
| #Get the code files from the repo | |
| - uses: actions/[email protected] | |
| - name: Job parameter check | |
| run: | | |
| RG='${{ env.RG }}' | |
| echo "RG is: $RG" | |
| echo "Environment is: ${{ github.event.inputs.environment }}" | |
| echo "Param file path is: ${{ env.ParamFilePath }}" | |
| echo "Resource name is ${{ env.RESNAME }}" | |
| echo "Deployment name is ${{ env.DEPNAME }}" | |
| - name: Arm Parameter file check exists | |
| shell: pwsh | |
| run: | | |
| Write-Output "Checking parameter file existance/contents" | |
| $paramFilePath="${{ env.ParamFilePath }}" | |
| Test-Path $paramFilePath | |
| if (Test-Path $paramFilePath) { | |
| $paramFileContent=Get-Content $paramFilePath | |
| Write-Output $paramFileContent | |
| } | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Validate Infrastructure deployment | |
| uses: Azure/cli@v2 | |
| with: | |
| azcliversion: ${{ env.AZCLIVERSION }} | |
| inlineScript: | | |
| az account show --query name -o tsv | |
| az deployment group validate -f bicep/main.bicep -g $RG -p ${{ env.ParamFilePath }} -p resourceName=$RESNAME | |
| Deploy: | |
| uses: ./.github/workflows/AKSC_Deploy.yml | |
| needs: [ReusableWF, Validation] | |
| with: | |
| environment: ${{ needs.ReusableWF.outputs.ENVIRONMENT }} | |
| rg: ${{ needs.ReusableWF.outputs.RG }} | |
| resourceName: ${{ needs.ReusableWF.outputs.RESNAME }} | |
| templateParamFile: ${{ needs.ReusableWF.outputs.PARAMFILE }} | |
| secrets: | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| SmokeTest_SimpleApp: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.environment }} | |
| needs: [Deploy] | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: AKS Connect | |
| env: | |
| AKSNAME: ${{ needs.Deploy.outputs.AKSNAME}} | |
| run: az aks get-credentials -n $AKSNAME -g $RG --overwrite-existing | |
| - name: Kubelogin | |
| env: | |
| kubeloginversion: 'v0.0.28' | |
| run: | | |
| wget https://github.com/Azure/kubelogin/releases/download/${{ env.kubeloginversion }}/kubelogin-linux-amd64.zip | |
| unzip kubelogin-linux-amd64.zip | |
| sudo mv bin/linux_amd64/kubelogin /usr/bin | |
| kubelogin convert-kubeconfig -l azurecli | |
| - name: Deploy Simple Workload | |
| env: | |
| MANIFESTTESTURL: "https://raw.githubusercontent.com/Gordonby/AKS-K8S-Lab-L200/master/azure-vote-all-in-one-redis.yaml" | |
| NAMESP: "votey" | |
| run: | | |
| echo "Creating namespace $NAMESP" | |
| kubectl create namespace $NAMESP --dry-run=client -o yaml | kubectl apply -f - | |
| echo $MANIFESTTESTURL | |
| kubectl apply -f $MANIFESTTESTURL -n $NAMESP | |
| - name: Verify Simple Workload | |
| id: simpleworkloadverify | |
| env: | |
| NAMESP: "votey" | |
| run: | | |
| sleep 2m #Give public ip a chance to be allocated | |
| kubectl get po -n $NAMESP | |
| kubectl get svc -n $NAMESP | |
| pubIp=$(kubectl get svc -n $NAMESP -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}') | |
| echo $pubIp | |
| echo "SIMWORKLOADIP=$pubIp" >> $GITHUB_OUTPUT | |
| curl $pubIp | |
| Cleanup: | |
| uses: ./.github/workflows/cleanupRg.yml | |
| needs: [ReusableWF, SmokeTest_SimpleApp] | |
| with: | |
| environment: ${{ needs.ReusableWF.outputs.ENVIRONMENT }} | |
| rg: ${{ needs.ReusableWF.outputs.RG }} | |
| secrets: | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |