Skip to content

Commit c418739

Browse files
Roopan-MicrosoftRoopan-Microsoft
authored
Merge pull request #57 from microsoft/PSL-US-15918
feat: added one click deployment github action pipeline
2 parents cdc9d30 + 7c46967 commit c418739

1 file changed

Lines changed: 259 additions & 0 deletions

File tree

.github/workflows/deploy.yml

Lines changed: 259 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,259 @@
1+
name: Validate Deployment
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
8+
jobs:
9+
deploy:
10+
runs-on: ubuntu-latest
11+
steps:
12+
- name: Checkout Code
13+
uses: actions/checkout@v3
14+
15+
- name: Setup Azure CLI
16+
run: |
17+
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
18+
az --version # Verify installation
19+
20+
- name: Login to Azure
21+
run: |
22+
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
23+
24+
- name: Install Bicep CLI
25+
run: az bicep install
26+
27+
- name: Generate Resource Group Name
28+
id: generate_rg_name
29+
run: |
30+
echo "Generating a unique resource group name..."
31+
TIMESTAMP=$(date +%Y%m%d%H%M%S)
32+
COMMON_PART="ci-mycsa"
33+
UNIQUE_RG_NAME="${COMMON_PART}${TIMESTAMP}"
34+
echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV
35+
echo "Generated Resource_GROUP_PREFIX: ${UNIQUE_RG_NAME}"
36+
37+
38+
- name: Check and Create Resource Group
39+
id: check_create_rg
40+
run: |
41+
set -e
42+
echo "Checking if resource group exists..."
43+
rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }})
44+
if [ "$rg_exists" = "false" ]; then
45+
echo "Resource group does not exist. Creating..."
46+
az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location northcentralus || { echo "Error creating resource group"; exit 1; }
47+
else
48+
echo "Resource group already exists."
49+
fi
50+
51+
52+
- name: Deploy Bicep Template
53+
id: deploy
54+
run: |
55+
set -e
56+
az deployment group create \
57+
--resource-group ${{ env.RESOURCE_GROUP_NAME }} \
58+
--template-file infra/main.bicep \
59+
--parameters ResourcePrefix=codegen AiLocation=northcentralus
60+
61+
62+
- name: Send Notification on Failure
63+
if: failure()
64+
run: |
65+
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
66+
67+
# Construct the email body
68+
EMAIL_BODY=$(cat <<EOF
69+
{
70+
"body": "<p>Dear Team,</p><p>We would like to inform you that the Modernize-your-code-solution-accelerator Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> ${RUN_URL}<br> ${OUTPUT}</p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>"
71+
}
72+
EOF
73+
)
74+
75+
# Send the notification
76+
curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
77+
-H "Content-Type: application/json" \
78+
-d "$EMAIL_BODY" || echo "Failed to send notification"
79+
80+
81+
- name: Get Log Analytics Workspace from Resource Group
82+
id: get_log_analytics_workspace
83+
run: |
84+
85+
set -e
86+
echo "Fetching Log Analytics workspace from resource group ${{ env.RESOURCE_GROUP_NAME }}..."
87+
88+
# Run the az monitor log-analytics workspace list command to get the workspace name
89+
log_analytics_workspace_name=$(az monitor log-analytics workspace list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --query "[0].name" -o tsv)
90+
91+
if [ -z "$log_analytics_workspace_name" ]; then
92+
echo "No Log Analytics workspace found in resource group ${{ env.RESOURCE_GROUP_NAME }}."
93+
exit 1
94+
else
95+
echo "LOG_ANALYTICS_WORKSPACE_NAME=${log_analytics_workspace_name}" >> $GITHUB_ENV
96+
echo "Log Analytics workspace name: ${log_analytics_workspace_name}"
97+
fi
98+
99+
100+
- name: List KeyVaults and Store in Array
101+
id: list_keyvaults
102+
run: |
103+
104+
set -e
105+
echo "Listing all KeyVaults in the resource group ${RESOURCE_GROUP_NAME}..."
106+
107+
# Get the list of KeyVaults in the specified resource group
108+
keyvaults=$(az resource list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --query "[?type=='Microsoft.KeyVault/vaults'].name" -o tsv)
109+
110+
if [ -z "$keyvaults" ]; then
111+
echo "No KeyVaults found in resource group ${RESOURCE_GROUP_NAME}."
112+
echo "KEYVAULTS=[]" >> $GITHUB_ENV # If no KeyVaults found, set an empty array
113+
else
114+
echo "KeyVaults found: $keyvaults"
115+
116+
# Format the list into an array with proper formatting (no trailing comma)
117+
keyvault_array="["
118+
first=true
119+
for kv in $keyvaults; do
120+
if [ "$first" = true ]; then
121+
keyvault_array="$keyvault_array\"$kv\""
122+
first=false
123+
else
124+
keyvault_array="$keyvault_array,\"$kv\""
125+
fi
126+
done
127+
keyvault_array="$keyvault_array]"
128+
129+
# Output the formatted array and save it to the environment variable
130+
echo "KEYVAULTS=$keyvault_array" >> $GITHUB_ENV
131+
fi
132+
133+
- name: Purge log analytics workspace
134+
id: log_analytics_workspace
135+
run: |
136+
137+
set -e
138+
# Purge Log Analytics Workspace
139+
echo "Purging the Log Analytics Workspace..."
140+
if ! az monitor log-analytics workspace delete --force --resource-group ${{ env.RESOURCE_GROUP_NAME }} --workspace-name ${{ env.LOG_ANALYTICS_WORKSPACE_NAME }} --yes --verbose; then
141+
echo "Failed to purge Log Analytics workspace: ${{ env.LOG_ANALYTICS_WORKSPACE_NAME }}"
142+
else
143+
echo "Purged the Log Analytics workspace: ${{ env.LOG_ANALYTICS_WORKSPACE_NAME }}"
144+
fi
145+
146+
echo "Log analytics workspace resource purging completed successfully"
147+
148+
149+
- name: Delete Bicep Deployment
150+
if: success()
151+
run: |
152+
set -e
153+
echo "Checking if resource group exists..."
154+
rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }})
155+
if [ "$rg_exists" = "true" ]; then
156+
echo "Resource group exist. Cleaning..."
157+
az group delete \
158+
--name ${{ env.RESOURCE_GROUP_NAME }} \
159+
--yes \
160+
--no-wait
161+
echo "Resource group deleted... ${{ env.RESOURCE_GROUP_NAME }}"
162+
else
163+
echo "Resource group does not exists."
164+
fi
165+
166+
167+
- name: Wait for resource deletion to complete
168+
run: |
169+
170+
# List of keyvaults
171+
KEYVAULTS="${{ env.KEYVAULTS }}"
172+
173+
# Remove the surrounding square brackets, if they exist
174+
stripped_keyvaults=$(echo "$KEYVAULTS" | sed 's/\[\|\]//g')
175+
176+
# Convert the comma-separated string into an array
177+
IFS=',' read -r -a resources_to_check <<< "$stripped_keyvaults"
178+
179+
# Append new resources to the array
180+
resources_to_check+=("${{ env.LOG_ANALYTICS_WORKSPACE_NAME }}")
181+
182+
echo "List of resources to check: ${resources_to_check[@]}"
183+
184+
# Maximum number of retries
185+
max_retries=3
186+
187+
# Retry intervals in seconds (30, 60, 120)
188+
retry_intervals=(30 60 120)
189+
190+
# Retry mechanism to check resources
191+
retries=0
192+
while true; do
193+
resource_found=false
194+
195+
# Get the list of resources in YAML format again on each retry
196+
resource_list=$(az resource list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --output yaml)
197+
198+
# Iterate through the resources to check
199+
for resource in "${resources_to_check[@]}"; do
200+
echo "Checking resource: $resource"
201+
if echo "$resource_list" | grep -q "name: $resource"; then
202+
echo "Resource '$resource' exists in the resource group."
203+
resource_found=true
204+
else
205+
echo "Resource '$resource' does not exist in the resource group."
206+
fi
207+
done
208+
209+
# If any resource exists, retry
210+
if [ "$resource_found" = true ]; then
211+
retries=$((retries + 1))
212+
if [ "$retries" -gt "$max_retries" ]; then
213+
echo "Maximum retry attempts reached. Exiting."
214+
break
215+
else
216+
# Wait for the appropriate interval for the current retry
217+
echo "Waiting for ${retry_intervals[$retries-1]} seconds before retrying..."
218+
sleep ${retry_intervals[$retries-1]}
219+
fi
220+
else
221+
echo "No resources found. Exiting."
222+
break
223+
fi
224+
done
225+
226+
227+
- name: Purging the Resources
228+
if: success()
229+
run: |
230+
231+
set -e
232+
# List of keyvaults
233+
KEYVAULTS="${{ env.KEYVAULTS }}"
234+
235+
# Remove the surrounding square brackets, if they exist
236+
stripped_keyvaults=$(echo "$KEYVAULTS" | sed 's/\[\|\]//g')
237+
238+
# Convert the comma-separated string into an array
239+
IFS=',' read -r -a keyvault_array <<< "$stripped_keyvaults"
240+
241+
echo "Using KeyVaults Array..."
242+
for keyvault_name in "${keyvault_array[@]}"; do
243+
echo "Processing KeyVault: $keyvault_name"
244+
# Check if the KeyVault is soft-deleted
245+
deleted_vaults=$(az keyvault list-deleted --query "[?name=='$keyvault_name']" -o json --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }})
246+
247+
# If the KeyVault is found in the soft-deleted state, purge it
248+
if [ "$(echo "$deleted_vaults" | jq length)" -gt 0 ]; then
249+
echo "KeyVault '$keyvault_name' is soft-deleted. Proceeding to purge..."
250+
# Purge the KeyVault
251+
if az keyvault purge --name "$keyvault_name" --no-wait; then
252+
echo "Successfully purged KeyVault '$keyvault_name'."
253+
else
254+
echo "Failed to purge KeyVault '$keyvault_name'."
255+
fi
256+
else
257+
echo "KeyVault '$keyvault_name' is not soft-deleted. No action taken."
258+
fi
259+
done

0 commit comments

Comments
 (0)