diff --git a/.github/workflows/all_bicep.yml b/.github/workflows/all_bicep.yml index fef2eceb..1a326651 100644 --- a/.github/workflows/all_bicep.yml +++ b/.github/workflows/all_bicep.yml @@ -30,7 +30,7 @@ jobs: monitoring: ${{ matrix.monitoring }} infra_os: ${{ matrix.infra_os }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/all_manual.yml b/.github/workflows/all_manual.yml index 677af103..cb53db39 100644 --- a/.github/workflows/all_manual.yml +++ b/.github/workflows/all_manual.yml @@ -70,7 +70,7 @@ jobs: monitoring: ${{ matrix.monitoring }} infra_os: ${{ matrix.infra_os }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml index b4b57112..3f6baa73 100644 --- a/.github/workflows/build_image.yml +++ b/.github/workflows/build_image.yml @@ -17,7 +17,5 @@ jobs: with: resource_group: ${{ github.event.inputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/build_image_callable.yml b/.github/workflows/build_image_callable.yml index d8af5d07..4e9fe635 100644 --- a/.github/workflows/build_image_callable.yml +++ b/.github/workflows/build_image_callable.yml @@ -16,18 +16,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: - required: true - ARM_CLIENT_SECRET: - required: true env: TF_CLI_ARGS: '-no-color' TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' TF_CLI_ARGS_apply: '-auto-approve' AZHOP_CONFIGURATION: '.github/workflows/configs/integration.yml' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -41,15 +35,15 @@ defaults: jobs: set_image_list: name: set_image_list - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -60,7 +54,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: list all images to be built @@ -96,8 +90,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -108,7 +102,7 @@ jobs: - name: Login azure run: | source miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Build Images diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index efa992eb..458c4fb3 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -18,7 +18,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: seld-hosted permissions: contents: read id-token: write @@ -28,7 +28,7 @@ jobs: - name: Login azure run: | - az login --service-principal -u '${{ secrets.ARM_CLIENT_ID }}' -p '${{ secrets.ARM_CLIENT_SECRET }}' --tenant '${{ secrets.ARM_TENANT_ID }}' + az login -i az account set -s ${{ secrets.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/deploy_daily.yml b/.github/workflows/deploy_daily.yml index e8b16ff1..42e6b754 100644 --- a/.github/workflows/deploy_daily.yml +++ b/.github/workflows/deploy_daily.yml @@ -31,10 +31,10 @@ jobs: monitoring: ${{ matrix.monitoring }} clean: 'true' secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} deploy_tf: strategy: @@ -57,8 +57,7 @@ jobs: monitoring: ${{ matrix.monitoring }} clean: 'true' secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/loadtesting.yml b/.github/workflows/loadtesting.yml index 087981cf..764ca08f 100644 --- a/.github/workflows/loadtesting.yml +++ b/.github/workflows/loadtesting.yml @@ -19,8 +19,7 @@ jobs: users: ${{ github.event.inputs.nb_users }} scenarios: "ood*.*" secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 65c2c736..87db1157 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -65,7 +65,8 @@ jobs: deploy_with: ${{ github.event.inputs.deploy_with }} home_type: ${{ github.event.inputs.home_type }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/main_callable.yml b/.github/workflows/main_callable.yml index 5c2b1950..18ca58de 100644 --- a/.github/workflows/main_callable.yml +++ b/.github/workflows/main_callable.yml @@ -68,9 +68,9 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: @@ -80,8 +80,6 @@ env: AZHOP_CONFIGURATION: '.github/workflows/configs/${{ inputs.config }}.yml' AZHOP_LUSTRE_CONFIGURATION: '.github/workflows/configs/lustre.yml' AZHOP_IMAGES_CONFIGURATION: '.github/workflows/configs/images.yml' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} SHARED_SIG: /subscriptions/${{ secrets.ARM_SUBSCRIPTION_ID }}/resourceGroups/azhop_build_images/providers/Microsoft.Compute/galleries/azhop_4ehhye3z @@ -104,8 +102,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 outputs: @@ -129,7 +127,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" @@ -333,8 +331,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -347,7 +345,7 @@ jobs: if: needs.deploy.outputs.run_ad_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -371,8 +369,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -385,7 +383,7 @@ jobs: if: needs.deploy.outputs.run_lustre_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -409,8 +407,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -423,7 +421,7 @@ jobs: if: needs.deploy.outputs.run_ood_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -444,8 +442,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -458,7 +456,7 @@ jobs: if: needs.deploy.outputs.run_grafana_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -479,8 +477,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -493,7 +491,7 @@ jobs: if: needs.deploy.outputs.run_cycle_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -514,8 +512,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -528,7 +526,7 @@ jobs: if: needs.deploy.outputs.run_addusers_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -549,8 +547,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -563,7 +561,7 @@ jobs: if: needs.deploy.outputs.run_cyclecluster_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -585,8 +583,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -599,7 +597,7 @@ jobs: if: needs.deploy.outputs.run_telegraf_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -622,8 +620,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -634,7 +632,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: list all images to be built @@ -668,8 +666,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -682,7 +680,7 @@ jobs: if: needs.deploy.outputs.run_image_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Build Images @@ -706,8 +704,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -720,7 +718,7 @@ jobs: if: needs.deploy.outputs.run_tests_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Run test playbook @@ -742,8 +740,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -752,7 +750,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Cleanup diff --git a/.github/workflows/marketplace_application.yml b/.github/workflows/marketplace_application.yml index 4efdd61c..d6d20b34 100644 --- a/.github/workflows/marketplace_application.yml +++ b/.github/workflows/marketplace_application.yml @@ -16,8 +16,6 @@ on: workflow_dispatch: env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} BRANCH_NAME: ${{ github.head_ref || github.ref_name }} # https://docs.github.com/en/actions/learn-github-actions/contexts#github-context defaults: @@ -33,8 +31,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: diff --git a/.github/workflows/marketplace_image.yml b/.github/workflows/marketplace_image.yml index b5f62b5a..2d0f0ad3 100644 --- a/.github/workflows/marketplace_image.yml +++ b/.github/workflows/marketplace_image.yml @@ -20,8 +20,6 @@ on: default: 'false' # use it with ${{ github.event.inputs.publish }} env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -35,15 +33,15 @@ defaults: jobs: set_image_list: name: set_image_list - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -52,7 +50,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: list all images to be built @@ -89,8 +87,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -99,7 +97,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Build Images @@ -112,7 +110,7 @@ jobs: copy_disk: name: copy_disk - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read continue-on-error: true @@ -125,8 +123,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -135,7 +133,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Copy Disk @@ -169,7 +167,7 @@ jobs: put_offer: name: put_offer - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read continue-on-error: true @@ -183,8 +181,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -193,7 +191,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Push Offer Update diff --git a/.github/workflows/minimum.yml b/.github/workflows/minimum.yml deleted file mode 100644 index aa468892..00000000 --- a/.github/workflows/minimum.yml +++ /dev/null @@ -1,53 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : small environment -run-name: ${{ github.event.inputs.scheduler }} in ${{ github.event.inputs.resource_group }} by @${{ github.actor }} - -on: - workflow_dispatch: - inputs: - resource_group: - description: 'Name of the resource group to deploy in - In case of an existing resource group the environment will be updated' - required: false - default: 'AUTO_GENERATED' - location: - description: 'Azure location where to deploy to - default to westeurope' - required: false - default: 'westeurope' - clean: - description: 'Clean all resources' - required: false - default: 'true' # use it with ${{ github.event.inputs.clean }} - scheduler: - description: 'Job Scheduler to be installed : openpbs/slurm' - required: false - default: 'openpbs' # use it with ${{ github.event.inputs.scheduler }} - deploy_only: - description: 'Deploy only - Default to false' - required: false - default: 'false' # use it with ${{ github.event.inputs.deploy_only }} - deploy_with: - description: 'Method used for the deployment - tf, bicep or arm - Default to tf' - required: false - default: 'tf' # use it with ${{ github.event.inputs.deploy_with }} - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: ${{ github.event.inputs.resource_group }} - location: ${{ github.event.inputs.location }} - clean: ${{ github.event.inputs.clean }} - scheduler: ${{ github.event.inputs.scheduler }} - deploy_only: ${{ github.event.inputs.deploy_only }} - deploy_with: ${{ github.event.inputs.deploy_with }} - home_type: 'azurefiles' - config: 'minimum' - lustre: 'false' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/openpbs.yml b/.github/workflows/openpbs.yml deleted file mode 100644 index a336ae28..00000000 --- a/.github/workflows/openpbs.yml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : openpbs - -on: - workflow_dispatch: - inputs: - resource_group: - description: 'Name of the resource group to deploy in - In case of an existing resource group the environment will be updated' - required: false - default: 'AUTO_GENERATED' - location: - description: 'Azure location where to deploy to - default to westeurope' - required: false - default: 'westeurope' - clean: - description: 'Clean all resources' - required: false - default: 'true' # use it with ${{ github.event.inputs.clean }} - anf_dual: - description: 'Use ANF Dual Protocol' - required: false - default: 'false' # use it with ${{ github.event.inputs.anf_dual }} - lustre: - description: 'Deploy a Lustre cluster (true/false) - Default to true' - required: false - default: 'true' # use it with ${{ github.event.inputs.lustre }} - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: ${{ github.event.inputs.resource_group }} - location: ${{ github.event.inputs.location }} - clean: ${{ github.event.inputs.clean }} - anf_dual: ${{ github.event.inputs.anf_dual }} - scheduler: 'openpbs' - lustre: ${{ github.event.inputs.lustre }} - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/openpbs_pr_validation.yml b/.github/workflows/openpbs_pr_validation.yml deleted file mode 100644 index cc3c1880..00000000 --- a/.github/workflows/openpbs_pr_validation.yml +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : openpbs_pr_validation -# Allow only a single instance of this workflow to run at a time -concurrency: ${{ github.workflow }} - -on: - pull_request: - types: [ closed ] - branches: - - main - paths-ignore: - - '**.md' - - 'aad_claims.json' - - 'aad_manifest.json' - - 'configure_aad.sh' - - '.devcontainer/**' - - '.github/**' - - 'docs/**' - - 'playbooks/roles/cyclecloud_cluster/templates/azhop-slurm.txt.j2' - - 'playbooks/roles/munge/**' - - 'playbooks/roles/slurmclient/**' - - 'playbooks/roles/slurmserver/**' - - 'playbooks/ood-overrides-slurm.yml' - - 'playbooks/ood-overrides-auth-oidc.yml' - - 'tf/mysql.tf' - - 'playbooks/roles/tests/files/slurm_helpers.sh' - -env: - rg: 'azhop_openpbs_qa' - -jobs: - deploy: - # this job will only run if the PR has been merged - if: github.event.pull_request.merged == true - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'azhop_openpbs_qa' - clean: 'false' - anf_dual: 'false' - scheduler: 'openpbs' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - - run_tests: - needs: [deploy] - uses: ./.github/workflows/uitesting_callable.yml - with: - resource_group: 'azhop_openpbs_qa' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/openpbs_weekly.yml b/.github/workflows/openpbs_weekly.yml deleted file mode 100644 index 1ebb8501..00000000 --- a/.github/workflows/openpbs_weekly.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : openpbs_weekly - -on: - schedule: - - cron: "20 1 * * 0" # At 01:20 on Sunday - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'AUTO_GENERATED' - location: 'westeurope' - clean: 'true' - anf_dual: 'false' - scheduler: 'openpbs' - lustre: 'true' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/slurm.yml b/.github/workflows/slurm.yml deleted file mode 100644 index d24afdee..00000000 --- a/.github/workflows/slurm.yml +++ /dev/null @@ -1,54 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : slurm -# Allow only a single instance of this workflow to run at a time -#concurrency: ${{ github.workflow }} - -on: - workflow_dispatch: - inputs: - resource_group: - description: 'Name of the resource group to deploy in - In case of an existing resource group the environment will be updated' - required: false - default: 'AUTO_GENERATED' - location: - description: 'Azure location where to deploy to - default to westeurope' - required: false - default: 'westeurope' - clean: - description: 'Clean all resources' - required: false - default: 'true' # use it with ${{ github.event.inputs.clean }} - lustre: - description: 'Deploy a Lustre cluster (true/false) - Default to true' - required: false - default: 'false' # use it with ${{ github.event.inputs.lustre }} - cycle_slurm_version: - description: 'Version of the cyclecloud slurm project 2.7 or 3.0 - default to 2.7' - required: false - default: '2.7' # use it with ${{ github.event.inputs.cycle_slurm_version }} - -jobs: - deploy: - uses: ./.github/workflows/z_base_callable.yml - with: - resource_group: ${{ github.event.inputs.resource_group }} - location: ${{ github.event.inputs.location }} - scheduler: 'slurm' - lustre: ${{ github.event.inputs.lustre }} - home_type: 'azurefiles' - user_auth: 'local' - deploy_with: bicep - clean: ${{ github.event.inputs.clean }} - ui_tests: 'false' - monitoring: 'grafana' - infra_os: 'almalinux' - cycle_slurm_version: ${{ github.event.inputs.cycle_slurm_version }} - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/slurm_pr_validation.yml b/.github/workflows/slurm_pr_validation.yml deleted file mode 100644 index 9e1f906f..00000000 --- a/.github/workflows/slurm_pr_validation.yml +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : slurm_pr_validation -# Allow only a single instance of this workflow to run at a time -concurrency: ${{ github.workflow }} - -on: - pull_request: - types: [ closed ] - branches: - - main - paths-ignore: - - '**.md' - - 'aad_claims.json' - - 'aad_manifest.json' - - 'configure_aad.sh' - - '.devcontainer/**' - - '.github/**' - - 'docs/**' - - 'playbooks/roles/cyclecloud_cluster/templates/azhop-OpenPBS.txt.j2' - - 'playbooks/roles/cyclecloud_cluster/projects/openpbs/**' - - 'playbooks/roles/pbsclient/**' - - 'playbooks/roles/pbsserver/**' - - 'playbooks/ood-overrides-openpbs.yml' - - 'playbooks/ood-overrides-auth-oidc.yml' - - 'playbooks/roles/tests/files/openpbs_helpers.sh' - -jobs: - deploy: - # this job will only run if the PR has been merged - if: github.event.pull_request.merged == true - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'azhop_slurm_qa' - clean: 'false' - anf_dual: 'false' - scheduler: 'slurm' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - - run_tests: - needs: [deploy] - uses: ./.github/workflows/uitesting_callable.yml - with: - resource_group: 'azhop_slurm_qa' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/slurm_weekly.yml b/.github/workflows/slurm_weekly.yml deleted file mode 100644 index 611ed1f4..00000000 --- a/.github/workflows/slurm_weekly.yml +++ /dev/null @@ -1,28 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : slurm_weekly -# Allow only a single instance of this workflow to run at a time -#concurrency: ${{ github.workflow }} - -on: - schedule: - - cron: "20 1 * * 0" # At 01:20 on Sunday - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'AUTO_GENERATED' - clean: 'true' - location: 'southcentralus' - anf_dual: 'false' - scheduler: 'slurm' - lustre: 'true' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/uitesting.yml b/.github/workflows/uitesting.yml index e81cceaf..82183f3c 100644 --- a/.github/workflows/uitesting.yml +++ b/.github/workflows/uitesting.yml @@ -13,8 +13,7 @@ jobs: with: resource_group: ${{ github.event.inputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/update_selfhost.yml b/.github/workflows/update_selfhost.yml index 8cd4a30e..9f64f85c 100644 --- a/.github/workflows/update_selfhost.yml +++ b/.github/workflows/update_selfhost.yml @@ -34,4 +34,4 @@ jobs: - name: Install the toolchain run: | export HOME=/root # Hack to workaround miniconda installation - ./toolset/scripts/install.sh + ./toolset/scripts/install.sh /root/miniconda diff --git a/.github/workflows/z_base_callable.yml b/.github/workflows/z_base_callable.yml index 1cdce6f2..6c100715 100644 --- a/.github/workflows/z_base_callable.yml +++ b/.github/workflows/z_base_callable.yml @@ -74,9 +74,9 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true jobs: @@ -93,10 +93,10 @@ jobs: infra_os: ${{ inputs.infra_os }} cycle_slurm_version: ${{ inputs.cycle_slurm_version }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} deploy: uses: ./.github/workflows/z_deploy_callable.yml @@ -105,8 +105,8 @@ jobs: resource_group: ${{ needs.create_config.outputs.resource_group }} deploy_with: ${{ inputs.deploy_with }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -116,8 +116,8 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -127,8 +127,8 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -139,8 +139,8 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -151,7 +151,7 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index 5deedf2c..8a36e8f2 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -64,9 +64,9 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: @@ -74,8 +74,6 @@ env: AZHOP_CONFIGURATION_DIR: '.github/workflows/configs' AZHOP_LUSTRE_CONFIGURATION: '.github/workflows/configs/lustre.yml' AZHOP_IMAGES_CONFIGURATION: '.github/workflows/configs/images.yml' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -97,8 +95,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 outputs: @@ -110,9 +108,9 @@ jobs: submodules: true - name: Login azure - run: | + run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login --identity az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_deploy_callable.yml b/.github/workflows/z_deploy_callable.yml index 52f584cc..7675975a 100644 --- a/.github/workflows/z_deploy_callable.yml +++ b/.github/workflows/z_deploy_callable.yml @@ -18,17 +18,15 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: TF_CLI_ARGS: '-no-color' TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' TF_CLI_ARGS_apply: '-auto-approve' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -50,8 +48,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -62,7 +60,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_deploy_only_callable.yml b/.github/workflows/z_deploy_only_callable.yml index 666bf85a..14052751 100644 --- a/.github/workflows/z_deploy_only_callable.yml +++ b/.github/workflows/z_deploy_only_callable.yml @@ -49,9 +49,9 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true jobs: @@ -66,11 +66,11 @@ jobs: user_auth: ${{ inputs.user_auth }} monitoring: ${{ inputs.monitoring }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + deploy: uses: ./.github/workflows/z_deploy_callable.yml # azure/az-hop/.github/workflows/z_deploy_callable.yml@main needs: create_config @@ -78,10 +78,10 @@ jobs: resource_group: ${{ needs.create_config.outputs.resource_group }} deploy_with: ${{ inputs.deploy_with }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} destroy: uses: ./.github/workflows/z_destroy_callable.yml # azure/az-hop/.github/workflows/z_destroy_callable.yml@main @@ -90,7 +90,7 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/z_destroy_callable.yml b/.github/workflows/z_destroy_callable.yml index b05c3bc1..106abb99 100644 --- a/.github/workflows/z_destroy_callable.yml +++ b/.github/workflows/z_destroy_callable.yml @@ -13,14 +13,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -41,8 +39,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -53,7 +51,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_install_callable.yml b/.github/workflows/z_install_callable.yml index 376210b5..9f120b5b 100644 --- a/.github/workflows/z_install_callable.yml +++ b/.github/workflows/z_install_callable.yml @@ -13,14 +13,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -42,8 +40,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -54,7 +52,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_test_callable.yml b/.github/workflows/z_test_callable.yml index ce41d58b..d5293630 100644 --- a/.github/workflows/z_test_callable.yml +++ b/.github/workflows/z_test_callable.yml @@ -13,14 +13,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -42,8 +40,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -54,7 +52,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_uitesting_callable.yml b/.github/workflows/z_uitesting_callable.yml index ffe756fa..3b8e41e7 100644 --- a/.github/workflows/z_uitesting_callable.yml +++ b/.github/workflows/z_uitesting_callable.yml @@ -23,14 +23,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -93,8 +91,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -114,7 +112,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" - name: Download azhop states diff --git a/bicep/anf.bicep b/bicep/anf.bicep index f0a92989..40e98bb3 100644 --- a/bicep/anf.bicep +++ b/bicep/anf.bicep @@ -12,7 +12,7 @@ param serviceLevel string param sizeGB int -resource anfAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = { +resource anfAccount 'Microsoft.NetApp/netAppAccounts@2023-07-01' = { name: 'azhop-${resourcePostfix}' location: location @@ -29,7 +29,7 @@ resource anfAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = { } : {} } -resource anfPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2022-05-01' = { +resource anfPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2023-07-01' = { name: 'anfpool-${resourcePostfix}' location: location parent: anfAccount @@ -39,7 +39,7 @@ resource anfPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2022-05-01' = { } } -resource anfHome 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2022-05-01' = { +resource anfHome 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2023-07-01' = { name: 'anfhome' location: location parent: anfPool diff --git a/bicep/azhop.bicep b/bicep/azhop.bicep index 6c06e47f..4dd5450a 100644 --- a/bicep/azhop.bicep +++ b/bicep/azhop.bicep @@ -127,6 +127,9 @@ var config = { name : contains(azhopConfig, 'domain') ? azhopConfig.domain.name : 'hpc.azure' domain_join_user: createAD ? { username: azhopConfig.admin_user + password_key_vault_name: 'foo' + password_key_vault_resource_group_name: 'foo' + password_key_vault_secret_name: 'foo' } : useExistingAD ? { username: azhopConfig.domain.domain_join_user.username password_key_vault_name: azhopConfig.domain.domain_join_user.password_key_vault_name diff --git a/toolset/scripts/install.sh b/toolset/scripts/install.sh index c2aa84e3..849761ac 100755 --- a/toolset/scripts/install.sh +++ b/toolset/scripts/install.sh @@ -7,7 +7,7 @@ MINICONDA_URL_LINUX_X86="https://repo.anaconda.com/miniconda/Miniconda3-latest-L MINICONDA_URL_LINUX_ARM="https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-aarch64.sh" MINICONDA_URL_MAC_X86="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh" MINICONDA_URL_MAC_ARM="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh" -MINICONDA_INSTALL_DIR="miniconda" +MINICONDA_INSTALL_DIR=${1:-miniconda} MINICONDA_INSTALL_SCRIPT="miniconda-installer.sh" # Always use of virtual environment