Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use MSI instead of SPN #1907

Merged
merged 13 commits into from
May 13, 2024
Merged

use MSI instead of SPN #1907

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
a315eb5
az login with VM Identity
xpillons May 13, 2024
eb39c7a
remove containers
xpillons May 13, 2024
b4099bc
update miniconda path
xpillons May 13, 2024
9a1f1c8
update miniconda root install dir
xpillons May 13, 2024
e14c5e5
reuse container
xpillons May 13, 2024
0d16f9c
cleanup
xpillons May 13, 2024
80289f6
fix missing propertty due to latest bicep version
xpillons May 13, 2024
f2e2250
use ACR token to authenticate
xpillons May 13, 2024
2f95ec5
add missing secrets
xpillons May 13, 2024
617c3c1
add missing secrets
xpillons May 13, 2024
4edbe59
add missing secrets
xpillons May 13, 2024
1c54e4f
remove SPN usage
xpillons May 13, 2024
378e9bb
cleanup and API update
xpillons May 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/all_bicep.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
monitoring: ${{ matrix.monitoring }}
infra_os: ${{ matrix.infra_os }}
secrets:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
4 changes: 2 additions & 2 deletions .github/workflows/all_manual.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ jobs:
monitoring: ${{ matrix.monitoring }}
infra_os: ${{ matrix.infra_os }}
secrets:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
2 changes: 0 additions & 2 deletions .github/workflows/build_image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,5 @@ jobs:
with:
resource_group: ${{ github.event.inputs.resource_group }}
secrets:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
20 changes: 7 additions & 13 deletions .github/workflows/build_image_callable.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,18 +16,12 @@ on:
required: true
ARM_TENANT_ID:
required: true
ARM_CLIENT_ID:
required: true
ARM_CLIENT_SECRET:
required: true

env:
TF_CLI_ARGS: '-no-color'
TF_CLI_ARGS_destroy: '-auto-approve -refresh=false'
TF_CLI_ARGS_apply: '-auto-approve'
AZHOP_CONFIGURATION: '.github/workflows/configs/integration.yml'
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
AZHOP_STATE_CONTAINER: environments
Expand All @@ -41,15 +35,15 @@ defaults:
jobs:
set_image_list:
name: set_image_list
runs-on: ubuntu-latest
runs-on: self-hosted
permissions:
contents: read

container:
image: azhop.azurecr.io/hpcrover:latest
credentials:
username: ${{ env.ARM_CLIENT_ID }}
password: ${{ env.ARM_CLIENT_SECRET }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
options: --user 0

steps:
Expand All @@ -60,7 +54,7 @@ jobs:
- name: Login azure
run: |
source /miniconda/bin/activate
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az login -i
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}

- name: list all images to be built
Expand Down Expand Up @@ -96,8 +90,8 @@ jobs:
container:
image: azhop.azurecr.io/hpcrover:latest
credentials:
username: ${{ env.ARM_CLIENT_ID }}
password: ${{ env.ARM_CLIENT_SECRET }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
options: --user 0

steps:
Expand All @@ -108,7 +102,7 @@ jobs:
- name: Login azure
run: |
source miniconda/bin/activate
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az login -i
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}

- name: Build Images
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/container.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ on:
jobs:
build:

runs-on: ubuntu-latest
runs-on: seld-hosted
permissions:
contents: read
id-token: write
Expand All @@ -28,7 +28,7 @@ jobs:

- name: Login azure
run: |
az login --service-principal -u '${{ secrets.ARM_CLIENT_ID }}' -p '${{ secrets.ARM_CLIENT_SECRET }}' --tenant '${{ secrets.ARM_TENANT_ID }}'
az login -i
az account set -s ${{ secrets.ARM_SUBSCRIPTION_ID }}
echo "local user: $(whoami)"

Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/deploy_daily.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,10 @@ jobs:
monitoring: ${{ matrix.monitoring }}
clean: 'true'
secrets:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}

deploy_tf:
strategy:
Expand All @@ -57,8 +57,7 @@ jobs:
monitoring: ${{ matrix.monitoring }}
clean: 'true'
secrets:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}

REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
5 changes: 2 additions & 3 deletions .github/workflows/loadtesting.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,7 @@ jobs:
users: ${{ github.event.inputs.nb_users }}
scenarios: "ood*.*"
secrets:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}

REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
5 changes: 3 additions & 2 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,8 @@ jobs:
deploy_with: ${{ github.event.inputs.deploy_with }}
home_type: ${{ github.event.inputs.home_type }}
secrets:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}

ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
Loading
Loading