Skip to content

Commit 21c2c35

Browse files
author
Harmanpreet Kaur
committed
Enhance CI workflows: add path triggers for 'infra/**', 'scripts/**', and 'azure.yaml'; update deploy workflow to trigger on completion of Docker build; remove pull request paths from PyLint workflow
1 parent 1efc3fd commit 21c2c35

3 files changed

Lines changed: 56 additions & 31 deletions

File tree

.github/workflows/build-docker-images.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,10 @@ on:
1313
- 'docker/**'
1414
- '.github/workflows/build-docker-images.yml'
1515
- '.github/workflows/build-docker.yml'
16+
- 'infra/**'
17+
- 'scripts/**'
18+
- 'azure.yaml'
19+
- '.github/workflows/deploy.yml'
1620
pull_request:
1721
branches:
1822
- main
@@ -30,6 +34,10 @@ on:
3034
- 'docker/**'
3135
- '.github/workflows/build-docker-images.yml'
3236
- '.github/workflows/build-docker.yml'
37+
- 'infra/**'
38+
- 'scripts/**'
39+
- 'azure.yaml'
40+
- '.github/workflows/deploy.yml'
3341
merge_group:
3442
workflow_dispatch:
3543

.github/workflows/deploy.yml

Lines changed: 48 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,17 @@
11
name: Deploy-Test-Cleanup Pipeline
22

33
on:
4-
push:
5-
branches:
6-
- main
7-
- dev
8-
- demo
9-
paths:
10-
- 'infra/**'
11-
- 'scripts/**'
12-
- 'azure.yaml'
13-
- '.github/workflows/deploy.yml'
14-
schedule:
15-
- cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT
16-
workflow_dispatch:
4+
workflow_run:
5+
workflows: ["Build Docker and Optional Push"]
6+
types:
7+
- completed
8+
branches:
9+
- main
10+
- dev
11+
- demo
12+
schedule:
13+
- cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT
14+
workflow_dispatch:
1715

1816
env:
1917
GPT_MIN_CAPACITY: 150
@@ -27,7 +25,7 @@ jobs:
2725
WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }}
2826
steps:
2927
- name: Checkout Code
30-
uses: actions/checkout@v3
28+
uses: actions/checkout@v5
3129

3230
- name: Setup Azure CLI
3331
run: |
@@ -45,7 +43,6 @@ jobs:
4543
export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
4644
export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
4745
export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
48-
export GPT_MIN_CAPACITY="${{ env.GPT_MIN_CAPACITY }}"
4946
export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}"
5047
chmod +x scripts/checkquota.sh
5148
if ! scripts/checkquota.sh; then
@@ -74,6 +71,11 @@ jobs:
7471
- name: Fail Pipeline if Quota Check Fails
7572
if: env.QUOTA_FAILED == 'true'
7673
run: exit 1
74+
75+
- name: Set Deployment Region
76+
run: |
77+
echo "Selected Region: $VALID_REGION"
78+
echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV
7779
7880
- name: Install Bicep CLI
7981
run: az bicep install
@@ -96,7 +98,7 @@ jobs:
9698
rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }})
9799
if [ "$rg_exists" = "false" ]; then
98100
echo "Resource group does not exist. Creating..."
99-
az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location northcentralus || { echo "Error creating resource group"; exit 1; }
101+
az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location australiaeast || { echo "Error creating resource group"; exit 1; }
100102
else
101103
echo "Resource group already exists."
102104
fi
@@ -128,17 +130,20 @@ jobs:
128130
IMAGE_TAG="latest"
129131
fi
130132
133+
# Generate current timestamp in desired format: YYYY-MM-DDTHH:MM:SS.SSSSSSSZ
134+
current_date=$(date -u +"%Y-%m-%dT%H:%M:%S.%7NZ")
135+
131136
az deployment group create \
132137
--name ${{ env.SOLUTION_PREFIX }}-deployment \
133138
--resource-group ${{ env.RESOURCE_GROUP_NAME }} \
134139
--template-file infra/main.bicep \
135140
--parameters \
136141
solutionName="${{ env.SOLUTION_PREFIX }}" \
137-
aiDeploymentsLocation="eastus" \
138-
useWafAlignedArchitecture=false \
139-
capacity=${{ env.GPT_MIN_CAPACITY }} \
142+
azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \
140143
imageVersion="${IMAGE_TAG}" \
141-
createdBy="Pipeline"
144+
createdBy="Pipeline" \
145+
tags="{'SecurityControl':'Ignore','Purpose':'Deploying and Cleaning Up Resources for Validation','CreatedDate':'$current_date'}"
146+
142147
- name: Assign Contributor role to Service Principal
143148
if: always()
144149
run: |
@@ -187,7 +192,26 @@ jobs:
187192
188193
- name: Login to Azure
189194
run: |
190-
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
195+
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
196+
az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
197+
198+
- name: Assign Contributor role to Service Principal
199+
if: always()
200+
run: |
201+
echo "Assigning Contributor role to SPN for RG: ${{ env.RESOURCE_GROUP_NAME }}"
202+
az role assignment create \
203+
--assignee ${{ secrets.AZURE_CLIENT_ID }} \
204+
--role "Contributor" \
205+
--scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}
206+
207+
echo "Assigning Log Analytics Contributor role for Log Analytics workspace access at RG level..."
208+
az role assignment create \
209+
--assignee ${{ secrets.AZURE_CLIENT_ID }} \
210+
--role "Log Analytics Reader" \
211+
--scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} || echo "Log Analytics Contributor role assignment failed (may already exist)"
212+
213+
echo "Waiting for role assignment propagation..."
214+
sleep 30
191215
192216
- name: Get Log Analytics Workspace and OpenAI from Resource Group
193217
if: always()
@@ -358,7 +382,7 @@ jobs:
358382
359383
# Purge OpenAI Resource
360384
echo "Purging the OpenAI Resource..."
361-
if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/northcentralus/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then
385+
if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/australiaeast/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then
362386
echo "Failed to purge openai resource: ${{ env.OPENAI_RESOURCE_NAME }}"
363387
else
364388
echo "Purged the openai resource: ${{ env.OPENAI_RESOURCE_NAME }}"
@@ -401,7 +425,7 @@ jobs:
401425
402426
EMAIL_BODY=$(cat <<EOF
403427
{
404-
"body": "<p>Dear Team,</p><p>We would like to inform you that the DocGen Deployment Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> <a href=\"${RUN_URL}\">${RUN_URL}</a><br></p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>"
428+
"body": "<p>Dear Team,</p><p>We would like to inform you that the CodeMod Deployment Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> <a href=\"${RUN_URL}\">${RUN_URL}</a><br></p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>"
405429
}
406430
EOF
407431
)
@@ -414,4 +438,4 @@ jobs:
414438
if: always()
415439
run: |
416440
az logout
417-
echo "Logged out from Azure."
441+
echo "Logged out from Azure."

.github/workflows/pylint.yml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,6 @@ on:
88
- '**/pyproject.toml'
99
- '.flake8'
1010
- '.github/workflows/pylint.yml'
11-
pull_request:
12-
paths:
13-
- '**/*.py'
14-
- '**/requirements.txt'
15-
- '**/pyproject.toml'
16-
- '.flake8'
17-
- '.github/workflows/pylint.yml'
1811

1912
jobs:
2013
lint:

0 commit comments

Comments
 (0)