Deploy CTF services on Azure Kubernetes Service #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy CTF services on Azure Kubernetes Service | |
on: | |
workflow_dispatch: | |
inputs: | |
ENVIRONMENT: | |
default: ctf | |
description: The name of the GitHub environment to use (https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#about-environments) | |
type: environment | |
workflow_call: | |
inputs: | |
ENVIRONMENT: | |
default: ctf | |
description: The name of the GitHub environment to use (https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#about-environments) | |
type: string | |
secrets: | |
AZURE_CLIENT_ID: | |
required: true | |
AZURE_TENANT_ID: | |
required: true | |
AZURE_SUBSCRIPTION_ID: | |
required: true | |
permissions: | |
id-token: write # Required for requesting the JWT | |
contents: read | |
jobs: | |
deploy: | |
name: Deploy CTF services | |
runs-on: ubuntu-latest | |
environment: ${{ inputs.ENVIRONMENT }} | |
env: | |
AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }} | |
AZURE_DNS_NAME: ${{ vars.AZURE_DNS_NAME }} | |
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} | |
CLUSTER_NAME: ${{ vars.CLUSTER_NAME }} | |
NODE_COUNT: ${{ vars.NODE_COUNT }} | |
KEY_VAULT_NAME: ${{ vars.KEY_VAULT_NAME }} | |
MANAGE_RG: ${{ vars.MANAGE_RG }} | |
MANAGE_CLUSTER: ${{ vars.MANAGE_CLUSTER }} | |
MANAGE_KEYVAULT: ${{ vars.MANAGE_KEYVAULT }} | |
PURGE_KEYVAULT: ${{ vars.PURGE_KEYVAULT }} | |
steps: | |
- name: Run az login | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ vars.AZURE_CLIENT_ID }} | |
tenant-id: ${{ vars.AZURE_TENANT_ID }} | |
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install kubectl | |
uses: azure/setup-kubectl@v3 | |
with: | |
version: 'v1.29.1' | |
- name: Install helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: 'v3.14.0' | |
- name: Install go | |
uses: actions/setup-go@v5 | |
- name: Install envsubst | |
run: | | |
go install github.com/a8m/envsubst/cmd/[email protected] | |
- name: Create the Kubernetes cluster in AKS | |
run: | | |
./manage-azure-deployment.sh new | |
- name: Deploy the CTF services | |
env: | |
CTF_KEY: ${{ secrets.CTF_KEY }} | |
COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }} | |
CTFD_SECRET_KEY: ${{ secrets.CTFD_SECRET_KEY }} | |
JUICE_FQDN: ${{ vars.JUICE_FQDN }} | |
BALANCER_REPLICAS: ${{ vars.BALANCER_REPLICAS }} | |
MAX_INSTANCES: ${{ vars.MAX_INSTANCES }} | |
GRACE_PERIOD: ${{ vars.GRACE_PERIOD }} | |
MANAGE_MONITORING: ${{ vars.MANAGE_MONITORING }} | |
MANAGE_CTFD: ${{ vars.MANAGE_CTFD }} | |
METRICS_PASS: ${{ secrets.METRICS_PASS }} | |
GRAFANA_PASS: ${{ secrets.GRAFANA_PASS }} | |
CTFD_REDIS_PASS: ${{ secrets.CTFD_REDIS_PASS }} | |
CTFD_MYSQL_ROOT_PASS: ${{ secrets.CTFD_MYSQL_ROOT_PASS }} | |
CTFD_MYSQL_PASS: ${{ secrets.CTFD_MYSQL_PASS }} | |
CTFD_MYSQL_REPL_PASS: ${{ secrets.CTFD_MYSQL_REPL_PASS }} | |
run: | | |
./manage-multijuicer.sh up | |
- name: Run post-deployment configuration tasks | |
run: | | |
./manage-azure-deployment.sh config | |
import-challenges: | |
name: Import challenges to CTFd | |
runs-on: ubuntu-latest | |
environment: ${{ inputs.ENVIRONMENT }} | |
needs: [deploy] | |
steps: | |
- name: Install kubectl | |
uses: azure/setup-kubectl@v3 | |
with: | |
version: 'v1.29.1' | |
- name: Install node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Install juice-shop-ctf-cli | |
run: npm install -g juice-shop-ctf-cli | |
- name: Generate challenges | |
env: | |
CTF_KEY: ${{ secrets.CTF_KEY }} | |
run: | | |
./generate-challenges.sh | |
- name: Upload CTFd challenges file as an artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ctfd-challenges.csv | |
path: ctfd-challenges-*.csv | |
retention-days: 7 |