-
Notifications
You must be signed in to change notification settings - Fork 106
155 lines (135 loc) · 5.92 KB
/
aks_manage_cluster.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: Manage AKS
on:
# schedule:
# # * is a special character in YAML so you have to quote this string
# # Run every sunday at 6:20 AM
# - cron: '15 5 * * *'
# repository_dispatch:
# types: [aks-start, aks-stop]
workflow_dispatch:
inputs:
projectName:
description: 'Project Name'
required: true
default: 'test_20210224'
aks_action:
description: 'AKS Action: start or stop'
required: true
default: 'stop'
jobs:
# 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖
aks-action:
name: Apply Action to AKS
runs-on: windows-latest
if: ${{ github.event.inputs.aks_action == 'start' || github.event.inputs.aks_action == 'stop' || github.event_name != 'workflow_dispatch'}}
env:
GITHUB_EVENT_NAME: ${{ github.event_name }}
GITHUB_EVENT_ACTION: ${{ github.event.action }}
WORKFLOW_PROJECT_NAME: ${{ github.event.inputs.projectName }}
WORKFLOW_ACTION: ${{ github.event.inputs.aks_action }}
DEFAULT_PROJECT_NAME: test_20210224
DEFAULT_ACTION: stop
steps:
- name: create variables
id: create-vars
shell: pwsh
run: |
function Get-MD5HashOfString($string) {
$stringAsStream = [System.IO.MemoryStream]::new();
$writer = [System.IO.StreamWriter]::new($stringAsStream);
$writer.write($string);
$writer.Flush();
$stringAsStream.Position = 0;
$hashedString = (Get-FileHash -InputStream $stringAsStream).Hash;
return [String]$hashedString;
}
$projectName;
$action;
if ($env:GITHUB_EVENT_NAME -ne "workflow_dispatch") {
$projectName = "$env:DEFAULT_PROJECT_NAME";
if($env:GITHUB_EVENT_NAME -eq "repository_dispatch"){
$env:GITHUB_EVENT_ACTION -match "aks-(?<Command>.*)"
$action = $matches.Command;
} else {
$action = "$env:DEFAULT_ACTION";
}
} else {
$projectName = "$env:WORKFLOW_PROJECT_NAME";
$action = "$env:WORKFLOW_ACTION";
}
$projectNameHash = (Get-MD5HashOfString($projectName)).Substring(0,10);
$azSecretsManagerName = "sm-" + $projectNameHash;
Write-Host "✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ";
Write-Host "";
Write-Host ("projectName value: {0}" -f $projectName);
Write-Host ("action value: {0}" -f $action);
Write-Host ("azSecretsManagerName: {0}" -f "$azSecretsManagerName");
Write-Host "";
Write-Host "✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ";
Write-Host ('::set-output name=azsecretsmanagername::'+$azSecretsManagerName);
Write-Host ('::set-output name=projectName::'+$projectName);
Write-Host ('::set-output name=action::'+$action);
- name: decode az sp cred
id: cred-decode
env:
AZ_SERVICE_PRINCIPAL_CREDENTIALS: ${{ secrets[format('AZ_SP_CRED_{0}', steps.create-vars.outputs.projectName)] }}
shell: pwsh
run: |
$decodedCreds = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("${{ env.AZ_SERVICE_PRINCIPAL_CREDENTIALS}}"))
Write-Host ('::set-output name=az_sp_creds::'+$decodedCreds);
# documentation: https://github.com/azure/login#configure-azure-credentials
- name: login via az module
uses: azure/login@v1
with:
creds: ${{ steps.cred-decode.outputs.az_sp_creds }}
enable-AzPSSession: true
# documentation: https://github.com/Azure/get-keyvault-secrets
- name: get azure secrets
id: azure-secrets
uses: Azure/[email protected]
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' # Note that this task can be replaced with a similar pattern as setting the namespace to the env variables (above), but is also not secure.
with:
keyvault: ${{ steps.create-vars.outputs.azsecretsmanagername }}
secrets: 'azResourceGroupName,aksClusterName' # comma separated list of secret keys that need to be fetched from the Key Vault
- name: aks action
id: aks-action
uses: azure/powershell@v1
with:
azpsversion: 'latest'
errorActionPreference: 'continue'
inlineScript: |
az aks ${{ steps.create-vars.outputs.action }} --name ${{ steps.azure-secrets.outputs.aksClusterName }} --resource-group ${{ steps.azure-secrets.outputs.azResourceGroupName }}
# 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖
unknown-aks-action:
name: Unknown Action for AKS
needs: [aks-action]
runs-on: windows-latest
if: ${{ always() && needs.aks-action.result == 'skipped' }} #MDPOMG, how to run a job if the previous one is skipped, but not if it isn't.
steps:
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: echo "$GITHUB_CONTEXT"
- name: Dump job context
env:
JOB_CONTEXT: ${{ toJSON(job) }}
run: echo "$JOB_CONTEXT"
- name: Dump steps context
env:
STEPS_CONTEXT: ${{ toJSON(steps) }}
run: echo "$STEPS_CONTEXT"
- name: Dump needs context
env:
NEEDS_CONTEXT: ${{ toJSON(needs) }}
run: echo "$NEEDS_CONTEXT"
- name: Dump needs context
env:
NEEDS_CONTEXT: ${{ toJSON(needs.aks-action) }}
run: echo "$NEEDS_CONTEXT"
- name: unknown action error
shell: pwsh
run: |
Write-Host ("::error::✨ ✨ ✨ `"${{ needs.aks-action.result }}`" is not a valid option. ✨ ✨ ✨");
Write-Host ("::error::✨ ✨ ✨ `"stop`" and `"start`" are the only options! ✨ ✨ ✨");
exit 1;