From 4b9ba86d622d8bca54ac3d74fbaef26b7b546500 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 15:33:55 -0700 Subject: [PATCH 01/48] test --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index bdad5b5c..0a47e45b 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -76,4 +76,4 @@ jobs: ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} - ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} + # ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} From f4d50f624df68c6d7bab7f018d35587c021d3430 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 15:42:24 -0700 Subject: [PATCH 02/48] remove client secret --- .github/workflows/cicd.yml | 11 +++-------- scripts/ciauthenticate | 2 +- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 0a47e45b..fabc0935 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -16,12 +16,11 @@ jobs: - name: Log in with Azure uses: azure/login@v1 with: - creds: '${{ secrets.AZURE_CREDENTIALS }}' + client-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} + tenant-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} + subscription-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} - name: Authenticate - env: - CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} - CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} run: ./scripts/ciauthenticate - name: Run cibuild @@ -73,7 +72,3 @@ jobs: env: IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} ENVIRONMENT: staging - ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} - ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} - ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} - # ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} diff --git a/scripts/ciauthenticate b/scripts/ciauthenticate index dacdc98f..ce4d4c25 100755 --- a/scripts/ciauthenticate +++ b/scripts/ciauthenticate @@ -16,4 +16,4 @@ CI authentication for this project. # curl -sL https://aka.ms/InstallAzureCLIDeb | bash # az login --service-principal --username ${CLIENT_ID} --tenant "microsoft.onmicrosoft.com" --password ${CLIENT_SECRET} az acr login --name pccomponentstest -docker login pccomponentstest.azurecr.io --username ${CLIENT_ID} --password ${CLIENT_SECRET} \ No newline at end of file +# docker login pccomponentstest.azurecr.io --username ${CLIENT_ID} --password ${CLIENT_SECRET} \ No newline at end of file From 2c74359a55c672745b8a9103941ab7b32e7bf54f Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 15:54:45 -0700 Subject: [PATCH 03/48] change PR for testing --- .github/workflows/pr.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 34629bd8..2697fd11 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -13,7 +13,20 @@ jobs: - name: Run cibuild run: ./scripts/cibuild + + - name: Log in with Azure + uses: azure/login@v1 + with: + client-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} + tenant-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} + subscription-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} + - name: 'Run Azure CLI commands' + run: | + az account show + az group list + pwd + validate: runs-on: ubuntu-latest steps: From 2a10fc7c4d85207605d5362ed905cf0df5ee2a69 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 16:01:17 -0700 Subject: [PATCH 04/48] test --- .github/workflows/pr.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 2697fd11..edf791c2 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -11,8 +11,8 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Run cibuild - run: ./scripts/cibuild + # - name: Run cibuild + # run: ./scripts/cibuild - name: Log in with Azure uses: azure/login@v1 @@ -26,7 +26,7 @@ jobs: az account show az group list pwd - + validate: runs-on: ubuntu-latest steps: From 1d6f7e7dd5f09bdbbb348c9c43595e428f40cce0 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 16:11:50 -0700 Subject: [PATCH 05/48] add token permission --- .github/workflows/cicd.yml | 4 ++++ .github/workflows/pr.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index fabc0935..bbb14986 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -5,6 +5,10 @@ on: branches: [main] tags: ["*"] +permissions: + id-token: write + contents: read + jobs: build_and_publish: diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index edf791c2..e7da3088 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -4,6 +4,10 @@ on: pull_request: branches: [main] +permissions: + id-token: write + contents: read + jobs: build: runs-on: ubuntu-latest From ae41a4a52757720aa84536035bc5f5b4b4428eca Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 16:36:40 -0700 Subject: [PATCH 06/48] test --- .github/workflows/pr.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index e7da3088..1e31ceda 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -7,7 +7,7 @@ on: permissions: id-token: write contents: read - + jobs: build: runs-on: ubuntu-latest @@ -27,8 +27,7 @@ jobs: - name: 'Run Azure CLI commands' run: | - az account show - az group list + az role assignment list --output table pwd validate: From 08ff800f1e9ad18ac888275d8814222ed46ef67e Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 16:38:36 -0700 Subject: [PATCH 07/48] remove redundant statement --- scripts/ciauthenticate | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/ciauthenticate b/scripts/ciauthenticate index ce4d4c25..c718cce4 100755 --- a/scripts/ciauthenticate +++ b/scripts/ciauthenticate @@ -15,5 +15,4 @@ CI authentication for this project. # curl -sL https://aka.ms/InstallAzureCLIDeb | bash # az login --service-principal --username ${CLIENT_ID} --tenant "microsoft.onmicrosoft.com" --password ${CLIENT_SECRET} -az acr login --name pccomponentstest -# docker login pccomponentstest.azurecr.io --username ${CLIENT_ID} --password ${CLIENT_SECRET} \ No newline at end of file +az acr login --name pccomponentstest \ No newline at end of file From 9bab3a3e972eee0eb2d11f2fa8e8bca5b8b757dd Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 16:39:16 -0700 Subject: [PATCH 08/48] test authentication --- .github/workflows/pr.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 1e31ceda..4877c0b8 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -29,7 +29,8 @@ jobs: run: | az role assignment list --output table pwd - + - name: Authenticate + run: ./scripts/ciauthenticate validate: runs-on: ubuntu-latest steps: From 862bf8f94e5f54bcdfc1b3823d13292ad511eade Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 16:43:51 -0700 Subject: [PATCH 09/48] test --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 4877c0b8..6e82bfae 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -27,7 +27,7 @@ jobs: - name: 'Run Azure CLI commands' run: | - az role assignment list --output table + az role assignment list --output json pwd - name: Authenticate run: ./scripts/ciauthenticate From 371bcc2fdff71fe3f8a83f2a1c51e288e3f60453 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 16:46:29 -0700 Subject: [PATCH 10/48] test --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 6e82bfae..eae06e58 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -27,7 +27,7 @@ jobs: - name: 'Run Azure CLI commands' run: | - az role assignment list --output json + az role assignment list --query "[].{role:roleDefinitionName, scope:scope}" -o json pwd - name: Authenticate run: ./scripts/ciauthenticate From fbdad9d2a44cd789c26eb6935ad9df55e46a4708 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 30 Apr 2024 17:01:48 -0700 Subject: [PATCH 11/48] revert to original pr --- .github/workflows/pr.yml | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index eae06e58..34629bd8 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -4,10 +4,6 @@ on: pull_request: branches: [main] -permissions: - id-token: write - contents: read - jobs: build: runs-on: ubuntu-latest @@ -15,22 +11,9 @@ jobs: steps: - uses: actions/checkout@v3 - # - name: Run cibuild - # run: ./scripts/cibuild - - - name: Log in with Azure - uses: azure/login@v1 - with: - client-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} - tenant-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} - subscription-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} + - name: Run cibuild + run: ./scripts/cibuild - - name: 'Run Azure CLI commands' - run: | - az role assignment list --query "[].{role:roleDefinitionName, scope:scope}" -o json - pwd - - name: Authenticate - run: ./scripts/ciauthenticate validate: runs-on: ubuntu-latest steps: From ca933ea6654629a732bfefe56826546d7e0bb03f Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 12:45:11 -0700 Subject: [PATCH 12/48] add config back --- .github/workflows/cicd.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index bbb14986..10fa0988 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -76,3 +76,5 @@ jobs: env: IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} ENVIRONMENT: staging + ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} + ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} From 7fe6b2d2d26cb11f9b8b9ba4b4547f763d22ac2a Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 12:48:14 -0700 Subject: [PATCH 13/48] change trigger --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 10fa0988..8870203e 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -2,7 +2,7 @@ name: Planetary Computer APIs CI/CD on: push: - branches: [main] + branches: [remove-secret-from-cicd] tags: ["*"] permissions: From f040cd98cca7cb7247feba90596a7e577a7c2e40 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 16:48:17 -0700 Subject: [PATCH 14/48] test --- .github/workflows/cicd.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 8870203e..6b7107bb 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -52,7 +52,7 @@ jobs: deploy: runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/main' }} + if: ${{ github.ref == 'remove-secret-from-cicd' }} needs: - build_and_publish steps: @@ -77,4 +77,5 @@ jobs: IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} ENVIRONMENT: staging ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} - ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} + ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} + ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} \ No newline at end of file From 68475f5aa2197e995f6fb3158e9147e54ce32370 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 17:04:50 -0700 Subject: [PATCH 15/48] test --- .github/workflows/cicd.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 6b7107bb..8fc8316e 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -52,7 +52,6 @@ jobs: deploy: runs-on: ubuntu-latest - if: ${{ github.ref == 'remove-secret-from-cicd' }} needs: - build_and_publish steps: From 32710c6e1106edf67ccbb965959493bf43fd86d6 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 17:05:49 -0700 Subject: [PATCH 16/48] test --- .github/workflows/cicd.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 8fc8316e..52ce9f98 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -59,7 +59,6 @@ jobs: - name: Get image tag id: get_image_tag - if: ${{ github.base_ref }} run: case "${GITHUB_REF}" in *tags*) From cfadb0537e279a92ba9cf0771dc6912f43be4065 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 17:16:23 -0700 Subject: [PATCH 17/48] test --- .github/workflows/cicd.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 52ce9f98..3c8ac536 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -75,5 +75,6 @@ jobs: IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} ENVIRONMENT: staging ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} - ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} - ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} \ No newline at end of file + ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} + ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} + ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} \ No newline at end of file From be9df8b5d60e1fc73610bf581ab0dd6855a0fdd3 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 17:31:04 -0700 Subject: [PATCH 18/48] test --- .github/workflows/cicd.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 3c8ac536..4b46df86 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -27,8 +27,8 @@ jobs: - name: Authenticate run: ./scripts/ciauthenticate - - name: Run cibuild - run: ./scripts/cibuild + # - name: Run cibuild + # run: ./scripts/cibuild - name: Get image tag id: get_image_tag @@ -44,8 +44,8 @@ jobs: ;; esac - - name: Publish images - run: ./scripts/cipublish --acr ${{steps.get_image_tag.outputs.acr}} --tag ${{steps.get_image_tag.outputs.tag}} + # - name: Publish images + # run: ./scripts/cipublish --acr ${{steps.get_image_tag.outputs.acr}} --tag ${{steps.get_image_tag.outputs.tag}} outputs: image_tag: ${{ steps.get_image_tag.outputs.tag }} From 04871359337e1199041bf7356dee663a91c1d70e Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 17:46:13 -0700 Subject: [PATCH 19/48] test --- deployment/bin/deploy | 2 +- deployment/docker-compose.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 09714740..5b18b7b6 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -84,7 +84,7 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then # Add IP to KV firewall # ######################### - bin/azlogin + # bin/azlogin bin/kv_add_ip ##################### diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index 33604808..c53f4f0f 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -32,3 +32,4 @@ services: - ../deployment:/opt/src/deployment - ../pccommon:/opt/src/pccommon:ro - ../pcfuncs:/opt/src/pcfuncs:ro + - ~/.azure:/root/.azure From eb34587a3f48fb1fdd8c11d556da6f2a8025cd2d Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 17:53:52 -0700 Subject: [PATCH 20/48] test --- deployment/bin/deploy | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 5b18b7b6..705fcf76 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -85,6 +85,7 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then ######################### # bin/azlogin + ls /root/.azure bin/kv_add_ip ##################### From 16f0c9f3028bdc01d80caa471f91e3694847c072 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 18:00:33 -0700 Subject: [PATCH 21/48] test --- .github/workflows/cicd.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 4b46df86..2df64780 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -56,6 +56,13 @@ jobs: - build_and_publish steps: - uses: actions/checkout@v3 + + - name: Log in with Azure + uses: azure/login@v1 + with: + client-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} + tenant-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} + subscription-id: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} - name: Get image tag id: get_image_tag From 2c38f89331a45b64fdd3fee8437c56c9ed439a17 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 18:13:12 -0700 Subject: [PATCH 22/48] remove azlogin --- deployment/bin/deploy | 2 -- deployment/bin/lib | 4 ---- 2 files changed, 6 deletions(-) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 705fcf76..370880a4 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -84,8 +84,6 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then # Add IP to KV firewall # ######################### - # bin/azlogin - ls /root/.azure bin/kv_add_ip ##################### diff --git a/deployment/bin/lib b/deployment/bin/lib index 4cae1706..b0d62655 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -71,8 +71,6 @@ function azlogin() { function cluster_login() { echo "Logging into the cluster..." - azlogin; - az aks get-credentials \ --resource-group ${RESOURCE_GROUP} \ --name ${CLUSTER_NAME} \ @@ -128,8 +126,6 @@ function prepare_funcs() { function deploy_funcs() { require_env "FUNCTION_APP_NAME" - azlogin - prepare_funcs pushd /opt/src/pcfuncs_deploy From 2e424d8b2b0e286ac02f54a07104ff3296900593 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 18:34:28 -0700 Subject: [PATCH 23/48] test --- deployment/bin/lib | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/deployment/bin/lib b/deployment/bin/lib index b0d62655..76d5ef21 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -81,11 +81,7 @@ function cluster_login() { # https://github.com/Azure/kubelogin/issues/87. # So we export to a kubeconfig file echo "Converting kubeconfig..." - kubelogin convert-kubeconfig \ - --login spn \ - --client-id ${ARM_CLIENT_ID} \ - --client-secret ${ARM_CLIENT_SECRET} \ - --kubeconfig=kubeconfig + kubelogin convert-kubeconfig --kubeconfig=kubeconfig export KUBECONFIG=kubeconfig } From 5c91f114259a7e666d84509c7fdb5d5be606b423 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 18:36:56 -0700 Subject: [PATCH 24/48] test --- deployment/bin/lib | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployment/bin/lib b/deployment/bin/lib index 76d5ef21..809daa0c 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -82,6 +82,8 @@ function cluster_login() { # So we export to a kubeconfig file echo "Converting kubeconfig..." kubelogin convert-kubeconfig --kubeconfig=kubeconfig + echo "Test Kubernetes Access:" + kubectl get nodes --kubeconfig=kubeconfig export KUBECONFIG=kubeconfig } From a235a6d26f3f0a90bc25f44e2395fc763ddfba8d Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 18:42:48 -0700 Subject: [PATCH 25/48] test --- deployment/bin/lib | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/deployment/bin/lib b/deployment/bin/lib index 809daa0c..253b1898 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -81,7 +81,11 @@ function cluster_login() { # https://github.com/Azure/kubelogin/issues/87. # So we export to a kubeconfig file echo "Converting kubeconfig..." - kubelogin convert-kubeconfig --kubeconfig=kubeconfig + kubelogin convert-kubeconfig \ + --login spn \ + --client-id ${ARM_CLIENT_ID} \ + --client-secret ${ARM_CLIENT_SECRET} \ + --kubeconfig=kubeconfig echo "Test Kubernetes Access:" kubectl get nodes --kubeconfig=kubeconfig export KUBECONFIG=kubeconfig From 2493804f449f4d27efce73572d5d76f6aba6ef1f Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 18:51:48 -0700 Subject: [PATCH 26/48] test --- deployment/bin/lib | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/deployment/bin/lib b/deployment/bin/lib index 253b1898..9235b0f2 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -82,9 +82,7 @@ function cluster_login() { # So we export to a kubeconfig file echo "Converting kubeconfig..." kubelogin convert-kubeconfig \ - --login spn \ - --client-id ${ARM_CLIENT_ID} \ - --client-secret ${ARM_CLIENT_SECRET} \ + -l azurecli \ --kubeconfig=kubeconfig echo "Test Kubernetes Access:" kubectl get nodes --kubeconfig=kubeconfig From b033600a454ac077339d26ef513b3feb49c69931 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 18:59:49 -0700 Subject: [PATCH 27/48] remove secret --- .github/workflows/cicd.yml | 1 - deployment/bin/deploy | 1 - deployment/docker-compose.yml | 1 - 3 files changed, 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 2df64780..5c2eec75 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -82,6 +82,5 @@ jobs: IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} ENVIRONMENT: staging ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} - ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} \ No newline at end of file diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 370880a4..45ecdb91 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -61,7 +61,6 @@ fi require_env "IMAGE_TAG" require_env "GIT_COMMIT" require_env "ARM_CLIENT_ID" -require_env "ARM_CLIENT_SECRET" require_env "ARM_TENANT_ID" # Directory for rendered values and templates diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index c53f4f0f..fba3377c 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -14,7 +14,6 @@ services: - ARM_SUBSCRIPTION_ID - ARM_TENANT_ID - ARM_CLIENT_ID - - ARM_CLIENT_SECRET # Used in the dev stack as an identifier - TF_VAR_username=${USER} From 3cf35c2826f8cbb2cb5b7d3dada01c3798f104ec Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 19:02:36 -0700 Subject: [PATCH 28/48] test --- .github/workflows/cicd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 5c2eec75..339cf59a 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -81,6 +81,6 @@ jobs: env: IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} ENVIRONMENT: staging - ARM_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} - ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} - ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} \ No newline at end of file + ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} + ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} + ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} \ No newline at end of file From ea62afc4a162e66c2f09b3a56834cf5481942d67 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 19:13:09 -0700 Subject: [PATCH 29/48] test --- .github/workflows/cicd.yml | 3 ++- deployment/bin/deploy | 1 + deployment/docker-compose.yml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 339cf59a..70228081 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -83,4 +83,5 @@ jobs: ENVIRONMENT: staging ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} - ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} \ No newline at end of file + ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} + ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 45ecdb91..370880a4 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -61,6 +61,7 @@ fi require_env "IMAGE_TAG" require_env "GIT_COMMIT" require_env "ARM_CLIENT_ID" +require_env "ARM_CLIENT_SECRET" require_env "ARM_TENANT_ID" # Directory for rendered values and templates diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index fba3377c..c53f4f0f 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -14,6 +14,7 @@ services: - ARM_SUBSCRIPTION_ID - ARM_TENANT_ID - ARM_CLIENT_ID + - ARM_CLIENT_SECRET # Used in the dev stack as an identifier - TF_VAR_username=${USER} From 3e7fc3e1dfd4c63500dc50d56bd1706041ba76c7 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 21:23:32 -0700 Subject: [PATCH 30/48] test --- .github/workflows/cicd.yml | 2 +- deployment/bin/deploy | 2 +- deployment/docker-compose.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 70228081..7a66ee72 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -84,4 +84,4 @@ jobs: ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} - ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file + # ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 370880a4..4417c076 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -61,7 +61,7 @@ fi require_env "IMAGE_TAG" require_env "GIT_COMMIT" require_env "ARM_CLIENT_ID" -require_env "ARM_CLIENT_SECRET" +# require_env "ARM_CLIENT_SECRET" require_env "ARM_TENANT_ID" # Directory for rendered values and templates diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index c53f4f0f..f0203ef7 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -14,7 +14,7 @@ services: - ARM_SUBSCRIPTION_ID - ARM_TENANT_ID - ARM_CLIENT_ID - - ARM_CLIENT_SECRET + # - ARM_CLIENT_SECRET # Used in the dev stack as an identifier - TF_VAR_username=${USER} From 92ee274b3dce25887701dfe46fb9f3402ed5379d Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 22:46:43 -0700 Subject: [PATCH 31/48] test --- deployment/terraform/resources/providers.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf index 0c06d28c..54d977d7 100644 --- a/deployment/terraform/resources/providers.tf +++ b/deployment/terraform/resources/providers.tf @@ -1,5 +1,6 @@ provider azurerm { features {} + use_oidc = true } terraform { From 214fdffce0cea959e0f2b79a0aa4b16c87f89b0b Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:00:31 -0700 Subject: [PATCH 32/48] test --- deployment/bin/deploy | 1 + deployment/terraform/resources/providers.tf | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 4417c076..a6a455d9 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -94,6 +94,7 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then if [[ "${SKIP_TF}" != 1 ]]; then echo "Deploying infrastructure with Terraform..." + terraform providers terraform init --upgrade if [ "${PLAN_ONLY}" ]; then diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf index 54d977d7..0c06d28c 100644 --- a/deployment/terraform/resources/providers.tf +++ b/deployment/terraform/resources/providers.tf @@ -1,6 +1,5 @@ provider azurerm { features {} - use_oidc = true } terraform { From ea587c08ec20b1d53dfe422ffca98c8df731b7f9 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:03:59 -0700 Subject: [PATCH 33/48] test --- deployment/bin/deploy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index a6a455d9..55726fa8 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -94,8 +94,8 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then if [[ "${SKIP_TF}" != 1 ]]; then echo "Deploying infrastructure with Terraform..." - terraform providers terraform init --upgrade + terraform providers if [ "${PLAN_ONLY}" ]; then terraform plan From cfa7afc76a2066a96174e305dacd0908ecb1ee06 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:23:59 -0700 Subject: [PATCH 34/48] test --- deployment/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/Dockerfile b/deployment/Dockerfile index cb72f7d6..027f3567 100644 --- a/deployment/Dockerfile +++ b/deployment/Dockerfile @@ -16,9 +16,9 @@ RUN echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu RUN apt-get update && apt-get install -y azure-functions-core-tools-4 -# Install Terraform 0.14.4 +# Install Terraform 1.8.2 -RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/0.14.4/terraform_0.14.4_linux_amd64.zip +RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/1.8.2/terraform_1.8.2_linux_amd64.zip RUN unzip terraform.zip RUN mv terraform /usr/local/bin From ee0f20d30daf54fb3d01fbec28f2deb1b5f7c7ff Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:29:48 -0700 Subject: [PATCH 35/48] test --- .github/workflows/cicd.yml | 2 +- deployment/bin/deploy | 2 +- deployment/docker-compose.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 7a66ee72..70228081 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -84,4 +84,4 @@ jobs: ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} - # ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file + ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 55726fa8..f0e1713a 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -61,7 +61,7 @@ fi require_env "IMAGE_TAG" require_env "GIT_COMMIT" require_env "ARM_CLIENT_ID" -# require_env "ARM_CLIENT_SECRET" +require_env "ARM_CLIENT_SECRET" require_env "ARM_TENANT_ID" # Directory for rendered values and templates diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index f0203ef7..c53f4f0f 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -14,7 +14,7 @@ services: - ARM_SUBSCRIPTION_ID - ARM_TENANT_ID - ARM_CLIENT_ID - # - ARM_CLIENT_SECRET + - ARM_CLIENT_SECRET # Used in the dev stack as an identifier - TF_VAR_username=${USER} From 8ed4dc589d6345f2b834e4abe6c002fb767d8393 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:41:36 -0700 Subject: [PATCH 36/48] test --- .github/workflows/cicd.yml | 2 +- deployment/bin/deploy | 2 +- deployment/docker-compose.yml | 2 +- deployment/terraform/resources/providers.tf | 1 + deployment/terraform/staging/main.tf | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 70228081..7a66ee72 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -84,4 +84,4 @@ jobs: ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} - ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file + # ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file diff --git a/deployment/bin/deploy b/deployment/bin/deploy index f0e1713a..55726fa8 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -61,7 +61,7 @@ fi require_env "IMAGE_TAG" require_env "GIT_COMMIT" require_env "ARM_CLIENT_ID" -require_env "ARM_CLIENT_SECRET" +# require_env "ARM_CLIENT_SECRET" require_env "ARM_TENANT_ID" # Directory for rendered values and templates diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index c53f4f0f..f0203ef7 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -14,7 +14,7 @@ services: - ARM_SUBSCRIPTION_ID - ARM_TENANT_ID - ARM_CLIENT_ID - - ARM_CLIENT_SECRET + # - ARM_CLIENT_SECRET # Used in the dev stack as an identifier - TF_VAR_username=${USER} diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf index 0c06d28c..54d977d7 100644 --- a/deployment/terraform/resources/providers.tf +++ b/deployment/terraform/resources/providers.tf @@ -1,5 +1,6 @@ provider azurerm { features {} + use_oidc = true } terraform { diff --git a/deployment/terraform/staging/main.tf b/deployment/terraform/staging/main.tf index 26150b1a..6cc73aff 100644 --- a/deployment/terraform/staging/main.tf +++ b/deployment/terraform/staging/main.tf @@ -32,6 +32,7 @@ terraform { storage_account_name = "pctesttfstate" container_name = "pc-test-api" key = "pqe-apis.tfstate" + use_oidc = true } } From a94c00e8a04ac8434fffaffd401d55ced7870366 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:45:21 -0700 Subject: [PATCH 37/48] test --- deployment/terraform/resources/providers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf index 54d977d7..bd81c230 100644 --- a/deployment/terraform/resources/providers.tf +++ b/deployment/terraform/resources/providers.tf @@ -9,7 +9,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.77.0" + version = "3.89.0" } } } From 95bfabd873ddfee177ee40029d5ebc67f5d98436 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:48:57 -0700 Subject: [PATCH 38/48] test --- .github/workflows/cicd.yml | 1 + deployment/terraform/staging/main.tf | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 7a66ee72..a02d80c0 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -84,4 +84,5 @@ jobs: ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} + ARM_USE_OIDC: true # ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file diff --git a/deployment/terraform/staging/main.tf b/deployment/terraform/staging/main.tf index 6cc73aff..26150b1a 100644 --- a/deployment/terraform/staging/main.tf +++ b/deployment/terraform/staging/main.tf @@ -32,7 +32,6 @@ terraform { storage_account_name = "pctesttfstate" container_name = "pc-test-api" key = "pqe-apis.tfstate" - use_oidc = true } } From bab9c3d3691a27b9859d76eb5085028ed3944524 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:53:23 -0700 Subject: [PATCH 39/48] test --- deployment/terraform/resources/providers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf index bd81c230..5671a49f 100644 --- a/deployment/terraform/resources/providers.tf +++ b/deployment/terraform/resources/providers.tf @@ -9,7 +9,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.89.0" + version = "3.97.1" } } } From c995a47c285e55c3d09467b3d45840e4a68e37eb Mon Sep 17 00:00:00 2001 From: elayrocks Date: Wed, 1 May 2024 23:57:39 -0700 Subject: [PATCH 40/48] test --- deployment/bin/deploy | 1 + deployment/docker-compose.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 55726fa8..ca380bf3 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -63,6 +63,7 @@ require_env "GIT_COMMIT" require_env "ARM_CLIENT_ID" # require_env "ARM_CLIENT_SECRET" require_env "ARM_TENANT_ID" +require_env "ARM_USE_OIDC" # Directory for rendered values and templates CONF_DIR='/opt/conf' diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index f0203ef7..e08454a5 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -14,6 +14,7 @@ services: - ARM_SUBSCRIPTION_ID - ARM_TENANT_ID - ARM_CLIENT_ID + - ARM_USE_OIDC # - ARM_CLIENT_SECRET # Used in the dev stack as an identifier From 91fe97de1459aef281b0f3c24a39366a553cd33a Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 00:10:21 -0700 Subject: [PATCH 41/48] test --- deployment/bin/deploy | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index ca380bf3..709b931d 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -95,6 +95,7 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then if [[ "${SKIP_TF}" != 1 ]]; then echo "Deploying infrastructure with Terraform..." + echo ${ARM_USE_OIDC} terraform init --upgrade terraform providers From f511643931b6f5e5512c23151416883d9734c39b Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 09:47:47 -0700 Subject: [PATCH 42/48] try Matt's fix --- deployment/docker-compose.yml | 6 +++++- deployment/terraform/staging/main.tf | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index e08454a5..81044367 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -15,7 +15,11 @@ services: - ARM_TENANT_ID - ARM_CLIENT_ID - ARM_USE_OIDC - # - ARM_CLIENT_SECRET + - ARM_OIDC_TOKEN + - ACTIONS_ID_TOKEN_REQUEST_URL + - ACTIONS_ID_TOKEN_REQUEST_TOKEN + - ARM_OIDC_REQUEST_TOKEN + - ARM_OIDC_REQUEST_URL # Used in the dev stack as an identifier - TF_VAR_username=${USER} diff --git a/deployment/terraform/staging/main.tf b/deployment/terraform/staging/main.tf index 26150b1a..359f899a 100644 --- a/deployment/terraform/staging/main.tf +++ b/deployment/terraform/staging/main.tf @@ -32,6 +32,7 @@ terraform { storage_account_name = "pctesttfstate" container_name = "pc-test-api" key = "pqe-apis.tfstate" + use_oidc = true } } From 9f9fb83800642eb67cb494d6a385189c9c31a95d Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 10:03:55 -0700 Subject: [PATCH 43/48] test --- deployment/bin/deploy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 709b931d..6dac0303 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -171,7 +171,8 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then --kube-context "${KUBE_CONTEXT}" \ --wait \ --timeout 2m0s \ - -f ${DEPLOY_VALUES_FILE} + -f ${DEPLOY_VALUES_FILE} \ + --force echo "==================" echo "==== Ingress =====" From b6e42aebfd76f17170055c0a4767e19528fa5d58 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 10:09:37 -0700 Subject: [PATCH 44/48] test --- deployment/bin/deploy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 6dac0303..ce60906e 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -166,13 +166,13 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then echo "================" echo "Deploying Tiler helm chart..." + helm rollback planetary-computer-tiler -n pc helm upgrade --install planetary-computer-tiler helm/published/planetary-computer-tiler \ -n pc \ --kube-context "${KUBE_CONTEXT}" \ --wait \ --timeout 2m0s \ -f ${DEPLOY_VALUES_FILE} \ - --force echo "==================" echo "==== Ingress =====" From cfd385dc012a113e9d49a7ce1d1f8ae5ed365e1e Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 11:30:00 -0700 Subject: [PATCH 45/48] test --- .github/workflows/cicd.yml | 3 +-- deployment/bin/deploy | 1 - deployment/bin/lib | 2 -- deployment/docker-compose.yml | 2 -- 4 files changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a02d80c0..5913bad0 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -84,5 +84,4 @@ jobs: ARM_CLIENT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).clientId }} ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).subscriptionId }} ARM_TENANT_ID: ${{ fromJSON(secrets.SECURE_AZURE_CREDENTIALS).tenantId }} - ARM_USE_OIDC: true - # ARM_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} \ No newline at end of file + ARM_USE_OIDC: true \ No newline at end of file diff --git a/deployment/bin/deploy b/deployment/bin/deploy index ce60906e..051e14b9 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -166,7 +166,6 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then echo "================" echo "Deploying Tiler helm chart..." - helm rollback planetary-computer-tiler -n pc helm upgrade --install planetary-computer-tiler helm/published/planetary-computer-tiler \ -n pc \ --kube-context "${KUBE_CONTEXT}" \ diff --git a/deployment/bin/lib b/deployment/bin/lib index 9235b0f2..b931f1c8 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -84,8 +84,6 @@ function cluster_login() { kubelogin convert-kubeconfig \ -l azurecli \ --kubeconfig=kubeconfig - echo "Test Kubernetes Access:" - kubectl get nodes --kubeconfig=kubeconfig export KUBECONFIG=kubeconfig } diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index 81044367..334dc5fe 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -16,8 +16,6 @@ services: - ARM_CLIENT_ID - ARM_USE_OIDC - ARM_OIDC_TOKEN - - ACTIONS_ID_TOKEN_REQUEST_URL - - ACTIONS_ID_TOKEN_REQUEST_TOKEN - ARM_OIDC_REQUEST_TOKEN - ARM_OIDC_REQUEST_URL From d9f824702682aee4ec0e14d7404caeaa804b53b6 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 11:33:16 -0700 Subject: [PATCH 46/48] test --- deployment/bin/deploy | 4 +--- deployment/docker-compose.yml | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 051e14b9..062b61b2 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -95,9 +95,7 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then if [[ "${SKIP_TF}" != 1 ]]; then echo "Deploying infrastructure with Terraform..." - echo ${ARM_USE_OIDC} terraform init --upgrade - terraform providers if [ "${PLAN_ONLY}" ]; then terraform plan @@ -171,7 +169,7 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then --kube-context "${KUBE_CONTEXT}" \ --wait \ --timeout 2m0s \ - -f ${DEPLOY_VALUES_FILE} \ + -f ${DEPLOY_VALUES_FILE} echo "==================" echo "==== Ingress =====" diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index 334dc5fe..81044367 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -16,6 +16,8 @@ services: - ARM_CLIENT_ID - ARM_USE_OIDC - ARM_OIDC_TOKEN + - ACTIONS_ID_TOKEN_REQUEST_URL + - ACTIONS_ID_TOKEN_REQUEST_TOKEN - ARM_OIDC_REQUEST_TOKEN - ARM_OIDC_REQUEST_URL From 39dc68add87dcb2dd3555594a55d114e9f3b4b29 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 12:17:38 -0700 Subject: [PATCH 47/48] test --- .github/workflows/cicd.yml | 8 ++++---- deployment/bin/deploy | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 5913bad0..7c3a2db6 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -27,8 +27,8 @@ jobs: - name: Authenticate run: ./scripts/ciauthenticate - # - name: Run cibuild - # run: ./scripts/cibuild + - name: Run cibuild + run: ./scripts/cibuild - name: Get image tag id: get_image_tag @@ -44,8 +44,8 @@ jobs: ;; esac - # - name: Publish images - # run: ./scripts/cipublish --acr ${{steps.get_image_tag.outputs.acr}} --tag ${{steps.get_image_tag.outputs.tag}} + - name: Publish images + run: ./scripts/cipublish --acr ${{steps.get_image_tag.outputs.acr}} --tag ${{steps.get_image_tag.outputs.tag}} outputs: image_tag: ${{ steps.get_image_tag.outputs.tag }} diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 062b61b2..2e0b2e89 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -61,7 +61,6 @@ fi require_env "IMAGE_TAG" require_env "GIT_COMMIT" require_env "ARM_CLIENT_ID" -# require_env "ARM_CLIENT_SECRET" require_env "ARM_TENANT_ID" require_env "ARM_USE_OIDC" From f4e3d903e38107fe06dffe2915a6e96de7c97075 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Thu, 2 May 2024 13:27:45 -0700 Subject: [PATCH 48/48] ready for review, revert the changes for testing purpose --- .github/workflows/cicd.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 7c3a2db6..c33e87be 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -2,7 +2,7 @@ name: Planetary Computer APIs CI/CD on: push: - branches: [remove-secret-from-cicd] + branches: [main] tags: ["*"] permissions: @@ -52,6 +52,7 @@ jobs: deploy: runs-on: ubuntu-latest + if: ${{ github.ref == 'refs/heads/main' }} needs: - build_and_publish steps: @@ -66,6 +67,7 @@ jobs: - name: Get image tag id: get_image_tag + if: ${{ github.base_ref }} run: case "${GITHUB_REF}" in *tags*)