From a315eb5c10a30e300694be1cbf8f1804cf195b8b Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 12:51:09 +0200 Subject: [PATCH 01/13] az login with VM Identity --- .github/workflows/build_image_callable.yml | 5 +++-- .github/workflows/container.yml | 5 +++-- .github/workflows/main_callable.yml | 3 ++- .github/workflows/marketplace_image.yml | 5 +++-- .github/workflows/z_create_config_callable.yml | 3 ++- .github/workflows/z_deploy_callable.yml | 3 ++- .github/workflows/z_destroy_callable.yml | 3 ++- .github/workflows/z_install_callable.yml | 3 ++- .github/workflows/z_test_callable.yml | 3 ++- .github/workflows/z_uitesting_callable.yml | 3 ++- 10 files changed, 23 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build_image_callable.yml b/.github/workflows/build_image_callable.yml index d8af5d07e..f11d8ccff 100644 --- a/.github/workflows/build_image_callable.yml +++ b/.github/workflows/build_image_callable.yml @@ -41,7 +41,7 @@ defaults: jobs: set_image_list: name: set_image_list - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read @@ -60,7 +60,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: list all images to be built diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index efa992eb2..3bbe606aa 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -18,7 +18,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: seld-hosted permissions: contents: read id-token: write @@ -28,7 +28,8 @@ jobs: - name: Login azure run: | - az login --service-principal -u '${{ secrets.ARM_CLIENT_ID }}' -p '${{ secrets.ARM_CLIENT_SECRET }}' --tenant '${{ secrets.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ secrets.ARM_CLIENT_ID }}' -p '${{ secrets.ARM_CLIENT_SECRET }}' --tenant '${{ secrets.ARM_TENANT_ID }}' + az login -i az account set -s ${{ secrets.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/main_callable.yml b/.github/workflows/main_callable.yml index 5c2b19502..2373b916f 100644 --- a/.github/workflows/main_callable.yml +++ b/.github/workflows/main_callable.yml @@ -129,7 +129,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/marketplace_image.yml b/.github/workflows/marketplace_image.yml index b5f62b5aa..d41842351 100644 --- a/.github/workflows/marketplace_image.yml +++ b/.github/workflows/marketplace_image.yml @@ -35,7 +35,7 @@ defaults: jobs: set_image_list: name: set_image_list - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read @@ -52,7 +52,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: list all images to be built diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index 5deedf2cf..7a5e0e01f 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -112,7 +112,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_deploy_callable.yml b/.github/workflows/z_deploy_callable.yml index 52f584cc3..35137cb48 100644 --- a/.github/workflows/z_deploy_callable.yml +++ b/.github/workflows/z_deploy_callable.yml @@ -62,7 +62,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_destroy_callable.yml b/.github/workflows/z_destroy_callable.yml index b05c3bc1d..53e84c319 100644 --- a/.github/workflows/z_destroy_callable.yml +++ b/.github/workflows/z_destroy_callable.yml @@ -53,7 +53,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_install_callable.yml b/.github/workflows/z_install_callable.yml index 376210b58..75a531a01 100644 --- a/.github/workflows/z_install_callable.yml +++ b/.github/workflows/z_install_callable.yml @@ -54,7 +54,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_test_callable.yml b/.github/workflows/z_test_callable.yml index ce41d58b4..cdda4cb22 100644 --- a/.github/workflows/z_test_callable.yml +++ b/.github/workflows/z_test_callable.yml @@ -54,7 +54,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_uitesting_callable.yml b/.github/workflows/z_uitesting_callable.yml index ffe756fa6..13ae8a7b4 100644 --- a/.github/workflows/z_uitesting_callable.yml +++ b/.github/workflows/z_uitesting_callable.yml @@ -114,7 +114,8 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" - name: Download azhop states From eb39c7a0e8ff1505bf08b524dc31d0ad122977a2 Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 13:05:58 +0200 Subject: [PATCH 02/13] remove containers --- .github/workflows/z_create_config_callable.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index 7a5e0e01f..fa2826bcf 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -94,12 +94,12 @@ jobs: contents: read timeout-minutes: 60 - container: - image: azhop.azurecr.io/hpcrover:latest - credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} - options: --user 0 + # container: + # image: azhop.azurecr.io/hpcrover:latest + # credentials: + # username: ${{ env.ARM_CLIENT_ID }} + # password: ${{ env.ARM_CLIENT_SECRET }} + # options: --user 0 outputs: resource_group: ${{ steps.build_config.outputs.resource_group }} @@ -111,6 +111,8 @@ jobs: - name: Login azure run: | + pwd + ls -alt source /miniconda/bin/activate #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i From b4099bc7ed7b4253a5a063b085a5d29b9103f389 Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 13:09:03 +0200 Subject: [PATCH 03/13] update miniconda path --- .github/workflows/z_create_config_callable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index fa2826bcf..c0e0b8e51 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -113,7 +113,7 @@ jobs: run: | pwd ls -alt - source /miniconda/bin/activate + source /root/miniconda/bin/activate #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} From 9a1f1c80476efdf3fa8b9969837f819447a251c8 Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 13:19:11 +0200 Subject: [PATCH 04/13] update miniconda root install dir --- .github/workflows/update_selfhost.yml | 2 +- toolset/scripts/install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update_selfhost.yml b/.github/workflows/update_selfhost.yml index 8cd4a30e0..9f64f85ca 100644 --- a/.github/workflows/update_selfhost.yml +++ b/.github/workflows/update_selfhost.yml @@ -34,4 +34,4 @@ jobs: - name: Install the toolchain run: | export HOME=/root # Hack to workaround miniconda installation - ./toolset/scripts/install.sh + ./toolset/scripts/install.sh /root/miniconda diff --git a/toolset/scripts/install.sh b/toolset/scripts/install.sh index c2aa84e3a..849761acf 100755 --- a/toolset/scripts/install.sh +++ b/toolset/scripts/install.sh @@ -7,7 +7,7 @@ MINICONDA_URL_LINUX_X86="https://repo.anaconda.com/miniconda/Miniconda3-latest-L MINICONDA_URL_LINUX_ARM="https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-aarch64.sh" MINICONDA_URL_MAC_X86="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh" MINICONDA_URL_MAC_ARM="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh" -MINICONDA_INSTALL_DIR="miniconda" +MINICONDA_INSTALL_DIR=${1:-miniconda} MINICONDA_INSTALL_SCRIPT="miniconda-installer.sh" # Always use of virtual environment From e14c5e599426725d7a68e9db3f8f89a4ed92955b Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 13:33:58 +0200 Subject: [PATCH 05/13] reuse container --- .github/workflows/z_create_config_callable.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index c0e0b8e51..d2ca61082 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -94,12 +94,12 @@ jobs: contents: read timeout-minutes: 60 - # container: - # image: azhop.azurecr.io/hpcrover:latest - # credentials: - # username: ${{ env.ARM_CLIENT_ID }} - # password: ${{ env.ARM_CLIENT_SECRET }} - # options: --user 0 + container: + image: azhop.azurecr.io/hpcrover:latest + credentials: + username: ${{ env.ARM_CLIENT_ID }} + password: ${{ env.ARM_CLIENT_SECRET }} + options: --user 0 outputs: resource_group: ${{ steps.build_config.outputs.resource_group }} @@ -113,9 +113,11 @@ jobs: run: | pwd ls -alt - source /root/miniconda/bin/activate + ls -alt / + + source /miniconda/bin/activate #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' - az login -i + az login --identity az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" From 0d16f9cf5458b05eb2f0b21ddcdec93a71c1e43c Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 13:38:08 +0200 Subject: [PATCH 06/13] cleanup --- .github/workflows/z_create_config_callable.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index d2ca61082..c413aac86 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -110,11 +110,7 @@ jobs: submodules: true - name: Login azure - run: | - pwd - ls -alt - ls -alt / - + run: | source /miniconda/bin/activate #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login --identity From 80289f6472143eef27c488104e7d953fb10aeb39 Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 13:56:17 +0200 Subject: [PATCH 07/13] fix missing propertty due to latest bicep version --- bicep/azhop.bicep | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bicep/azhop.bicep b/bicep/azhop.bicep index 6c06e47f9..4dd5450ab 100644 --- a/bicep/azhop.bicep +++ b/bicep/azhop.bicep @@ -127,6 +127,9 @@ var config = { name : contains(azhopConfig, 'domain') ? azhopConfig.domain.name : 'hpc.azure' domain_join_user: createAD ? { username: azhopConfig.admin_user + password_key_vault_name: 'foo' + password_key_vault_resource_group_name: 'foo' + password_key_vault_secret_name: 'foo' } : useExistingAD ? { username: azhopConfig.domain.domain_join_user.username password_key_vault_name: azhopConfig.domain.domain_join_user.password_key_vault_name From f2e2250689b1efb8a42871cd8bc3510590c168f3 Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 15:05:46 +0200 Subject: [PATCH 08/13] use ACR token to authenticate --- .github/workflows/z_create_config_callable.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index c413aac86..8e039a507 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -97,8 +97,10 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + # username: ${{ env.ARM_CLIENT_ID }} + # password: ${{ env.ARM_CLIENT_SECRET }} options: --user 0 outputs: From 2f95ec563a6c2874a34447885e9368f6eb9391c7 Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 15:08:28 +0200 Subject: [PATCH 09/13] add missing secrets --- .github/workflows/z_base_callable.yml | 2 ++ .github/workflows/z_create_config_callable.yml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/z_base_callable.yml b/.github/workflows/z_base_callable.yml index 1cdce6f2b..62551dd66 100644 --- a/.github/workflows/z_base_callable.yml +++ b/.github/workflows/z_base_callable.yml @@ -97,6 +97,8 @@ jobs: ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} deploy: uses: ./.github/workflows/z_deploy_callable.yml diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index 8e039a507..fad5e9dab 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -68,6 +68,10 @@ on: required: true ARM_CLIENT_SECRET: required: true + REGISTRY_USERNAME: + required: true + REGISTRY_PASSWORD: + required: true env: AZHOP_CONFIGURATION: '.github/workflows/configs/base.yml' From 617c3c151c18aa7ab95d171b6264ee1e758d5ecb Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 15:11:01 +0200 Subject: [PATCH 10/13] add missing secrets --- .github/workflows/z_base_callable.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/z_base_callable.yml b/.github/workflows/z_base_callable.yml index 62551dd66..1e26b18d0 100644 --- a/.github/workflows/z_base_callable.yml +++ b/.github/workflows/z_base_callable.yml @@ -78,6 +78,10 @@ on: required: true ARM_CLIENT_SECRET: required: true + REGISTRY_USERNAME: + required: true + REGISTRY_PASSWORD: + required: true jobs: create_config: From 4edbe596b0e189a59439c74c1a0a798457dc5e14 Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 15:12:50 +0200 Subject: [PATCH 11/13] add missing secrets --- .github/workflows/all_manual.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/all_manual.yml b/.github/workflows/all_manual.yml index 677af1035..37005d76c 100644 --- a/.github/workflows/all_manual.yml +++ b/.github/workflows/all_manual.yml @@ -74,3 +74,5 @@ jobs: ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} \ No newline at end of file From 1c54e4f26a7713319907865aba8fad92fa2cf43d Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 15:43:06 +0200 Subject: [PATCH 12/13] remove SPN usage --- .github/workflows/all_bicep.yml | 4 +- .github/workflows/all_manual.yml | 2 - .github/workflows/build_image.yml | 2 - .github/workflows/build_image_callable.yml | 17 ++-- .github/workflows/deploy_daily.yml | 9 +- .github/workflows/loadtesting.yml | 5 +- .github/workflows/main.yml | 5 +- .github/workflows/main_callable.yml | 83 +++++++++---------- .github/workflows/marketplace_application.yml | 6 +- .github/workflows/marketplace_image.yml | 29 +++---- .github/workflows/minimum.yml | 53 ------------ .github/workflows/openpbs.yml | 46 ---------- .github/workflows/openpbs_pr_validation.yml | 59 ------------- .github/workflows/openpbs_weekly.yml | 26 ------ .github/workflows/slurm.yml | 54 ------------ .github/workflows/slurm_pr_validation.yml | 55 ------------ .github/workflows/slurm_weekly.yml | 28 ------- .github/workflows/uitesting.yml | 5 +- .github/workflows/z_base_callable.yml | 26 +++--- .../workflows/z_create_config_callable.yml | 9 -- .github/workflows/z_deploy_callable.yml | 11 +-- .github/workflows/z_deploy_only_callable.yml | 18 ++-- .github/workflows/z_destroy_callable.yml | 11 +-- .github/workflows/z_install_callable.yml | 11 +-- .github/workflows/z_test_callable.yml | 11 +-- .github/workflows/z_uitesting_callable.yml | 11 +-- 26 files changed, 112 insertions(+), 484 deletions(-) delete mode 100644 .github/workflows/minimum.yml delete mode 100644 .github/workflows/openpbs.yml delete mode 100644 .github/workflows/openpbs_pr_validation.yml delete mode 100644 .github/workflows/openpbs_weekly.yml delete mode 100644 .github/workflows/slurm.yml delete mode 100644 .github/workflows/slurm_pr_validation.yml delete mode 100644 .github/workflows/slurm_weekly.yml diff --git a/.github/workflows/all_bicep.yml b/.github/workflows/all_bicep.yml index fef2eceb7..1a326651b 100644 --- a/.github/workflows/all_bicep.yml +++ b/.github/workflows/all_bicep.yml @@ -30,7 +30,7 @@ jobs: monitoring: ${{ matrix.monitoring }} infra_os: ${{ matrix.infra_os }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/all_manual.yml b/.github/workflows/all_manual.yml index 37005d76c..cb53db39e 100644 --- a/.github/workflows/all_manual.yml +++ b/.github/workflows/all_manual.yml @@ -70,8 +70,6 @@ jobs: monitoring: ${{ matrix.monitoring }} infra_os: ${{ matrix.infra_os }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml index b4b57112e..3f6baa738 100644 --- a/.github/workflows/build_image.yml +++ b/.github/workflows/build_image.yml @@ -17,7 +17,5 @@ jobs: with: resource_group: ${{ github.event.inputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/build_image_callable.yml b/.github/workflows/build_image_callable.yml index f11d8ccff..4e9fe6358 100644 --- a/.github/workflows/build_image_callable.yml +++ b/.github/workflows/build_image_callable.yml @@ -16,18 +16,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: - required: true - ARM_CLIENT_SECRET: - required: true env: TF_CLI_ARGS: '-no-color' TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' TF_CLI_ARGS_apply: '-auto-approve' AZHOP_CONFIGURATION: '.github/workflows/configs/integration.yml' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -48,8 +42,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -60,7 +54,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} @@ -97,8 +90,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -109,7 +102,7 @@ jobs: - name: Login azure run: | source miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Build Images diff --git a/.github/workflows/deploy_daily.yml b/.github/workflows/deploy_daily.yml index e8b16ff1a..42e6b754b 100644 --- a/.github/workflows/deploy_daily.yml +++ b/.github/workflows/deploy_daily.yml @@ -31,10 +31,10 @@ jobs: monitoring: ${{ matrix.monitoring }} clean: 'true' secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} deploy_tf: strategy: @@ -57,8 +57,7 @@ jobs: monitoring: ${{ matrix.monitoring }} clean: 'true' secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/loadtesting.yml b/.github/workflows/loadtesting.yml index 087981cfd..764ca08f5 100644 --- a/.github/workflows/loadtesting.yml +++ b/.github/workflows/loadtesting.yml @@ -19,8 +19,7 @@ jobs: users: ${{ github.event.inputs.nb_users }} scenarios: "ood*.*" secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 65c2c7364..87db11577 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -65,7 +65,8 @@ jobs: deploy_with: ${{ github.event.inputs.deploy_with }} home_type: ${{ github.event.inputs.home_type }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/main_callable.yml b/.github/workflows/main_callable.yml index 2373b916f..18ca58de0 100644 --- a/.github/workflows/main_callable.yml +++ b/.github/workflows/main_callable.yml @@ -68,9 +68,9 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: @@ -80,8 +80,6 @@ env: AZHOP_CONFIGURATION: '.github/workflows/configs/${{ inputs.config }}.yml' AZHOP_LUSTRE_CONFIGURATION: '.github/workflows/configs/lustre.yml' AZHOP_IMAGES_CONFIGURATION: '.github/workflows/configs/images.yml' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} SHARED_SIG: /subscriptions/${{ secrets.ARM_SUBSCRIPTION_ID }}/resourceGroups/azhop_build_images/providers/Microsoft.Compute/galleries/azhop_4ehhye3z @@ -104,8 +102,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 outputs: @@ -129,7 +127,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" @@ -334,8 +331,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -348,7 +345,7 @@ jobs: if: needs.deploy.outputs.run_ad_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -372,8 +369,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -386,7 +383,7 @@ jobs: if: needs.deploy.outputs.run_lustre_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -410,8 +407,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -424,7 +421,7 @@ jobs: if: needs.deploy.outputs.run_ood_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -445,8 +442,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -459,7 +456,7 @@ jobs: if: needs.deploy.outputs.run_grafana_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -480,8 +477,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -494,7 +491,7 @@ jobs: if: needs.deploy.outputs.run_cycle_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -515,8 +512,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -529,7 +526,7 @@ jobs: if: needs.deploy.outputs.run_addusers_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -550,8 +547,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -564,7 +561,7 @@ jobs: if: needs.deploy.outputs.run_cyclecluster_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -586,8 +583,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -600,7 +597,7 @@ jobs: if: needs.deploy.outputs.run_telegraf_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Install applications @@ -623,8 +620,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -635,7 +632,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: list all images to be built @@ -669,8 +666,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -683,7 +680,7 @@ jobs: if: needs.deploy.outputs.run_image_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Build Images @@ -707,8 +704,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -721,7 +718,7 @@ jobs: if: needs.deploy.outputs.run_tests_job == 'true' run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Run test playbook @@ -743,8 +740,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -753,7 +750,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Cleanup diff --git a/.github/workflows/marketplace_application.yml b/.github/workflows/marketplace_application.yml index 4efdd61c0..d6d20b347 100644 --- a/.github/workflows/marketplace_application.yml +++ b/.github/workflows/marketplace_application.yml @@ -16,8 +16,6 @@ on: workflow_dispatch: env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} BRANCH_NAME: ${{ github.head_ref || github.ref_name }} # https://docs.github.com/en/actions/learn-github-actions/contexts#github-context defaults: @@ -33,8 +31,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: diff --git a/.github/workflows/marketplace_image.yml b/.github/workflows/marketplace_image.yml index d41842351..2d0f0ad39 100644 --- a/.github/workflows/marketplace_image.yml +++ b/.github/workflows/marketplace_image.yml @@ -20,8 +20,6 @@ on: default: 'false' # use it with ${{ github.event.inputs.publish }} env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -42,8 +40,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -52,7 +50,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} @@ -90,8 +87,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -100,7 +97,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Build Images @@ -113,7 +110,7 @@ jobs: copy_disk: name: copy_disk - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read continue-on-error: true @@ -126,8 +123,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -136,7 +133,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Copy Disk @@ -170,7 +167,7 @@ jobs: put_offer: name: put_offer - runs-on: ubuntu-latest + runs-on: self-hosted permissions: contents: read continue-on-error: true @@ -184,8 +181,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -194,7 +191,7 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' + az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - name: Push Offer Update diff --git a/.github/workflows/minimum.yml b/.github/workflows/minimum.yml deleted file mode 100644 index aa468892a..000000000 --- a/.github/workflows/minimum.yml +++ /dev/null @@ -1,53 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : small environment -run-name: ${{ github.event.inputs.scheduler }} in ${{ github.event.inputs.resource_group }} by @${{ github.actor }} - -on: - workflow_dispatch: - inputs: - resource_group: - description: 'Name of the resource group to deploy in - In case of an existing resource group the environment will be updated' - required: false - default: 'AUTO_GENERATED' - location: - description: 'Azure location where to deploy to - default to westeurope' - required: false - default: 'westeurope' - clean: - description: 'Clean all resources' - required: false - default: 'true' # use it with ${{ github.event.inputs.clean }} - scheduler: - description: 'Job Scheduler to be installed : openpbs/slurm' - required: false - default: 'openpbs' # use it with ${{ github.event.inputs.scheduler }} - deploy_only: - description: 'Deploy only - Default to false' - required: false - default: 'false' # use it with ${{ github.event.inputs.deploy_only }} - deploy_with: - description: 'Method used for the deployment - tf, bicep or arm - Default to tf' - required: false - default: 'tf' # use it with ${{ github.event.inputs.deploy_with }} - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: ${{ github.event.inputs.resource_group }} - location: ${{ github.event.inputs.location }} - clean: ${{ github.event.inputs.clean }} - scheduler: ${{ github.event.inputs.scheduler }} - deploy_only: ${{ github.event.inputs.deploy_only }} - deploy_with: ${{ github.event.inputs.deploy_with }} - home_type: 'azurefiles' - config: 'minimum' - lustre: 'false' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/openpbs.yml b/.github/workflows/openpbs.yml deleted file mode 100644 index a336ae289..000000000 --- a/.github/workflows/openpbs.yml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : openpbs - -on: - workflow_dispatch: - inputs: - resource_group: - description: 'Name of the resource group to deploy in - In case of an existing resource group the environment will be updated' - required: false - default: 'AUTO_GENERATED' - location: - description: 'Azure location where to deploy to - default to westeurope' - required: false - default: 'westeurope' - clean: - description: 'Clean all resources' - required: false - default: 'true' # use it with ${{ github.event.inputs.clean }} - anf_dual: - description: 'Use ANF Dual Protocol' - required: false - default: 'false' # use it with ${{ github.event.inputs.anf_dual }} - lustre: - description: 'Deploy a Lustre cluster (true/false) - Default to true' - required: false - default: 'true' # use it with ${{ github.event.inputs.lustre }} - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: ${{ github.event.inputs.resource_group }} - location: ${{ github.event.inputs.location }} - clean: ${{ github.event.inputs.clean }} - anf_dual: ${{ github.event.inputs.anf_dual }} - scheduler: 'openpbs' - lustre: ${{ github.event.inputs.lustre }} - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/openpbs_pr_validation.yml b/.github/workflows/openpbs_pr_validation.yml deleted file mode 100644 index cc3c18802..000000000 --- a/.github/workflows/openpbs_pr_validation.yml +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : openpbs_pr_validation -# Allow only a single instance of this workflow to run at a time -concurrency: ${{ github.workflow }} - -on: - pull_request: - types: [ closed ] - branches: - - main - paths-ignore: - - '**.md' - - 'aad_claims.json' - - 'aad_manifest.json' - - 'configure_aad.sh' - - '.devcontainer/**' - - '.github/**' - - 'docs/**' - - 'playbooks/roles/cyclecloud_cluster/templates/azhop-slurm.txt.j2' - - 'playbooks/roles/munge/**' - - 'playbooks/roles/slurmclient/**' - - 'playbooks/roles/slurmserver/**' - - 'playbooks/ood-overrides-slurm.yml' - - 'playbooks/ood-overrides-auth-oidc.yml' - - 'tf/mysql.tf' - - 'playbooks/roles/tests/files/slurm_helpers.sh' - -env: - rg: 'azhop_openpbs_qa' - -jobs: - deploy: - # this job will only run if the PR has been merged - if: github.event.pull_request.merged == true - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'azhop_openpbs_qa' - clean: 'false' - anf_dual: 'false' - scheduler: 'openpbs' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - - run_tests: - needs: [deploy] - uses: ./.github/workflows/uitesting_callable.yml - with: - resource_group: 'azhop_openpbs_qa' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/openpbs_weekly.yml b/.github/workflows/openpbs_weekly.yml deleted file mode 100644 index 1ebb8501d..000000000 --- a/.github/workflows/openpbs_weekly.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : openpbs_weekly - -on: - schedule: - - cron: "20 1 * * 0" # At 01:20 on Sunday - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'AUTO_GENERATED' - location: 'westeurope' - clean: 'true' - anf_dual: 'false' - scheduler: 'openpbs' - lustre: 'true' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/slurm.yml b/.github/workflows/slurm.yml deleted file mode 100644 index d24afdeef..000000000 --- a/.github/workflows/slurm.yml +++ /dev/null @@ -1,54 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : slurm -# Allow only a single instance of this workflow to run at a time -#concurrency: ${{ github.workflow }} - -on: - workflow_dispatch: - inputs: - resource_group: - description: 'Name of the resource group to deploy in - In case of an existing resource group the environment will be updated' - required: false - default: 'AUTO_GENERATED' - location: - description: 'Azure location where to deploy to - default to westeurope' - required: false - default: 'westeurope' - clean: - description: 'Clean all resources' - required: false - default: 'true' # use it with ${{ github.event.inputs.clean }} - lustre: - description: 'Deploy a Lustre cluster (true/false) - Default to true' - required: false - default: 'false' # use it with ${{ github.event.inputs.lustre }} - cycle_slurm_version: - description: 'Version of the cyclecloud slurm project 2.7 or 3.0 - default to 2.7' - required: false - default: '2.7' # use it with ${{ github.event.inputs.cycle_slurm_version }} - -jobs: - deploy: - uses: ./.github/workflows/z_base_callable.yml - with: - resource_group: ${{ github.event.inputs.resource_group }} - location: ${{ github.event.inputs.location }} - scheduler: 'slurm' - lustre: ${{ github.event.inputs.lustre }} - home_type: 'azurefiles' - user_auth: 'local' - deploy_with: bicep - clean: ${{ github.event.inputs.clean }} - ui_tests: 'false' - monitoring: 'grafana' - infra_os: 'almalinux' - cycle_slurm_version: ${{ github.event.inputs.cycle_slurm_version }} - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/slurm_pr_validation.yml b/.github/workflows/slurm_pr_validation.yml deleted file mode 100644 index 9e1f906fa..000000000 --- a/.github/workflows/slurm_pr_validation.yml +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : slurm_pr_validation -# Allow only a single instance of this workflow to run at a time -concurrency: ${{ github.workflow }} - -on: - pull_request: - types: [ closed ] - branches: - - main - paths-ignore: - - '**.md' - - 'aad_claims.json' - - 'aad_manifest.json' - - 'configure_aad.sh' - - '.devcontainer/**' - - '.github/**' - - 'docs/**' - - 'playbooks/roles/cyclecloud_cluster/templates/azhop-OpenPBS.txt.j2' - - 'playbooks/roles/cyclecloud_cluster/projects/openpbs/**' - - 'playbooks/roles/pbsclient/**' - - 'playbooks/roles/pbsserver/**' - - 'playbooks/ood-overrides-openpbs.yml' - - 'playbooks/ood-overrides-auth-oidc.yml' - - 'playbooks/roles/tests/files/openpbs_helpers.sh' - -jobs: - deploy: - # this job will only run if the PR has been merged - if: github.event.pull_request.merged == true - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'azhop_slurm_qa' - clean: 'false' - anf_dual: 'false' - scheduler: 'slurm' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - - run_tests: - needs: [deploy] - uses: ./.github/workflows/uitesting_callable.yml - with: - resource_group: 'azhop_slurm_qa' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/slurm_weekly.yml b/.github/workflows/slurm_weekly.yml deleted file mode 100644 index 611ed1f40..000000000 --- a/.github/workflows/slurm_weekly.yml +++ /dev/null @@ -1,28 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# -name : slurm_weekly -# Allow only a single instance of this workflow to run at a time -#concurrency: ${{ github.workflow }} - -on: - schedule: - - cron: "20 1 * * 0" # At 01:20 on Sunday - -jobs: - deploy: - uses: ./.github/workflows/main_callable.yml - with: - resource_group: 'AUTO_GENERATED' - clean: 'true' - location: 'southcentralus' - anf_dual: 'false' - scheduler: 'slurm' - lustre: 'true' - secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - diff --git a/.github/workflows/uitesting.yml b/.github/workflows/uitesting.yml index e81cceaff..82183f3c0 100644 --- a/.github/workflows/uitesting.yml +++ b/.github/workflows/uitesting.yml @@ -13,8 +13,7 @@ jobs: with: resource_group: ${{ github.event.inputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/z_base_callable.yml b/.github/workflows/z_base_callable.yml index 1e26b18d0..6c100715c 100644 --- a/.github/workflows/z_base_callable.yml +++ b/.github/workflows/z_base_callable.yml @@ -74,10 +74,6 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: - required: true - ARM_CLIENT_SECRET: - required: true REGISTRY_USERNAME: required: true REGISTRY_PASSWORD: @@ -97,8 +93,6 @@ jobs: infra_os: ${{ inputs.infra_os }} cycle_slurm_version: ${{ inputs.cycle_slurm_version }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} @@ -111,8 +105,8 @@ jobs: resource_group: ${{ needs.create_config.outputs.resource_group }} deploy_with: ${{ inputs.deploy_with }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -122,8 +116,8 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -133,8 +127,8 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -145,8 +139,8 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} @@ -157,7 +151,7 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} diff --git a/.github/workflows/z_create_config_callable.yml b/.github/workflows/z_create_config_callable.yml index fad5e9dab..8a36e8f21 100644 --- a/.github/workflows/z_create_config_callable.yml +++ b/.github/workflows/z_create_config_callable.yml @@ -64,10 +64,6 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: - required: true - ARM_CLIENT_SECRET: - required: true REGISTRY_USERNAME: required: true REGISTRY_PASSWORD: @@ -78,8 +74,6 @@ env: AZHOP_CONFIGURATION_DIR: '.github/workflows/configs' AZHOP_LUSTRE_CONFIGURATION: '.github/workflows/configs/lustre.yml' AZHOP_IMAGES_CONFIGURATION: '.github/workflows/configs/images.yml' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -103,8 +97,6 @@ jobs: credentials: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - # username: ${{ env.ARM_CLIENT_ID }} - # password: ${{ env.ARM_CLIENT_SECRET }} options: --user 0 outputs: @@ -118,7 +110,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login --identity az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_deploy_callable.yml b/.github/workflows/z_deploy_callable.yml index 35137cb48..7675975a1 100644 --- a/.github/workflows/z_deploy_callable.yml +++ b/.github/workflows/z_deploy_callable.yml @@ -18,17 +18,15 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: TF_CLI_ARGS: '-no-color' TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' TF_CLI_ARGS_apply: '-auto-approve' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -50,8 +48,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -62,7 +60,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_deploy_only_callable.yml b/.github/workflows/z_deploy_only_callable.yml index 666bf85a9..140527519 100644 --- a/.github/workflows/z_deploy_only_callable.yml +++ b/.github/workflows/z_deploy_only_callable.yml @@ -49,9 +49,9 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true jobs: @@ -66,11 +66,11 @@ jobs: user_auth: ${{ inputs.user_auth }} monitoring: ${{ inputs.monitoring }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + deploy: uses: ./.github/workflows/z_deploy_callable.yml # azure/az-hop/.github/workflows/z_deploy_callable.yml@main needs: create_config @@ -78,10 +78,10 @@ jobs: resource_group: ${{ needs.create_config.outputs.resource_group }} deploy_with: ${{ inputs.deploy_with }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} destroy: uses: ./.github/workflows/z_destroy_callable.yml # azure/az-hop/.github/workflows/z_destroy_callable.yml@main @@ -90,7 +90,7 @@ jobs: with: resource_group: ${{ needs.create_config.outputs.resource_group }} secrets: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/z_destroy_callable.yml b/.github/workflows/z_destroy_callable.yml index 53e84c319..106abb992 100644 --- a/.github/workflows/z_destroy_callable.yml +++ b/.github/workflows/z_destroy_callable.yml @@ -13,14 +13,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -41,8 +39,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -53,7 +51,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_install_callable.yml b/.github/workflows/z_install_callable.yml index 75a531a01..9f120b5b9 100644 --- a/.github/workflows/z_install_callable.yml +++ b/.github/workflows/z_install_callable.yml @@ -13,14 +13,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -42,8 +40,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -54,7 +52,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_test_callable.yml b/.github/workflows/z_test_callable.yml index cdda4cb22..d52936300 100644 --- a/.github/workflows/z_test_callable.yml +++ b/.github/workflows/z_test_callable.yml @@ -13,14 +13,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -42,8 +40,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -54,7 +52,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/.github/workflows/z_uitesting_callable.yml b/.github/workflows/z_uitesting_callable.yml index 13ae8a7b4..3b8e41e7c 100644 --- a/.github/workflows/z_uitesting_callable.yml +++ b/.github/workflows/z_uitesting_callable.yml @@ -23,14 +23,12 @@ on: required: true ARM_TENANT_ID: required: true - ARM_CLIENT_ID: + REGISTRY_USERNAME: required: true - ARM_CLIENT_SECRET: + REGISTRY_PASSWORD: required: true env: - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} AZHOP_STATE_CONTAINER: environments @@ -93,8 +91,8 @@ jobs: container: image: azhop.azurecr.io/hpcrover:latest credentials: - username: ${{ env.ARM_CLIENT_ID }} - password: ${{ env.ARM_CLIENT_SECRET }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} options: --user 0 steps: @@ -114,7 +112,6 @@ jobs: - name: Login azure run: | source /miniconda/bin/activate - #az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' az login -i az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" From 378e9bb247e55fb8fa09997feef9244198e906da Mon Sep 17 00:00:00 2001 From: "Xavier Pillons (MSFT)" Date: Mon, 13 May 2024 17:22:03 +0200 Subject: [PATCH 13/13] cleanup and API update --- .github/workflows/container.yml | 1 - bicep/anf.bicep | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 3bbe606aa..458c4fb30 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -28,7 +28,6 @@ jobs: - name: Login azure run: | - #az login --service-principal -u '${{ secrets.ARM_CLIENT_ID }}' -p '${{ secrets.ARM_CLIENT_SECRET }}' --tenant '${{ secrets.ARM_TENANT_ID }}' az login -i az account set -s ${{ secrets.ARM_SUBSCRIPTION_ID }} echo "local user: $(whoami)" diff --git a/bicep/anf.bicep b/bicep/anf.bicep index f0a929898..40e98bb36 100644 --- a/bicep/anf.bicep +++ b/bicep/anf.bicep @@ -12,7 +12,7 @@ param serviceLevel string param sizeGB int -resource anfAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = { +resource anfAccount 'Microsoft.NetApp/netAppAccounts@2023-07-01' = { name: 'azhop-${resourcePostfix}' location: location @@ -29,7 +29,7 @@ resource anfAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = { } : {} } -resource anfPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2022-05-01' = { +resource anfPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2023-07-01' = { name: 'anfpool-${resourcePostfix}' location: location parent: anfAccount @@ -39,7 +39,7 @@ resource anfPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2022-05-01' = { } } -resource anfHome 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2022-05-01' = { +resource anfHome 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2023-07-01' = { name: 'anfhome' location: location parent: anfPool