From 79cc299ace2e826a8303ff107dae92b459fa2a61 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 12:06:02 -0700 Subject: [PATCH 01/13] remove client secret --- .github/workflows/cicd.yml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a93aea69..ed0d015c 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -2,7 +2,8 @@ name: CI/CD on: push: - branches: [main] + # branches: [main] + branches: [user/elay/remove-client-secret] tags: ["*"] env: @@ -12,7 +13,6 @@ env: AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} permissions: id-token: write @@ -24,6 +24,13 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Log in with Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: actions/setup-python@v4 with: python-version: "3.8" @@ -51,7 +58,7 @@ jobs: uses: azure/setup-helm@v3 with: version: v3.8.2 - if: ${{ github.base_ref == 'main' }} + # if: ${{ github.base_ref == 'main' }} - name: Setup cluster run: ./scripts/cluster setup @@ -73,19 +80,13 @@ jobs: esac - name: Log into the ACR (test) - env: - CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} - run: docker login pccomponentstest.azurecr.io --username ${CLIENT_ID} --password ${CLIENT_SECRET} + run: az acr login --name pccomponentstest - name: Publish images (test) run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} --no-login - name: Log into the ACR - env: - CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} - run: docker login pccomponents.azurecr.io --username ${CLIENT_ID} --password ${CLIENT_SECRET} + run: az acr login --name pccomponents - name: Publish images run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} --no-login @@ -99,7 +100,7 @@ jobs: deploy: runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/main' }} + # if: ${{ github.ref == 'refs/heads/main' }} needs: - build_and_publish steps: From 42e863ee96025d11494545d2d64ca09a7264ca42 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 13:48:33 -0700 Subject: [PATCH 02/13] remove client secret --- .github/workflows/cicd.yml | 72 ++++++++++++++++++----------------- deployment/bin/deploy | 2 - deployment/bin/lib | 9 +---- deployment/docker-compose.yml | 19 ++++----- 4 files changed, 48 insertions(+), 54 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index ed0d015c..91accaf7 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -24,13 +24,6 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Log in with Azure - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - uses: actions/setup-python@v4 with: python-version: "3.8" @@ -41,30 +34,30 @@ jobs: - name: Setup run: ./scripts/setup --no-aux-servers - - name: Test - run: ./scripts/test + # - name: Test + # run: ./scripts/test - - name: Validate collections - run: ./scripts/validate-collections + # - name: Validate collections + # run: ./scripts/validate-collections - # Integration Tests + # # Integration Tests - - name: Install Kind - uses: helm/kind-action@v1.4.0 - with: - install_only: true + # - name: Install Kind + # uses: helm/kind-action@v1.4.0 + # with: + # install_only: true - - name: Install Helm - uses: azure/setup-helm@v3 - with: - version: v3.8.2 - # if: ${{ github.base_ref == 'main' }} + # - name: Install Helm + # uses: azure/setup-helm@v3 + # with: + # version: v3.8.2 + # # if: ${{ github.base_ref == 'main' }} - - name: Setup cluster - run: ./scripts/cluster setup + # - name: Setup cluster + # run: ./scripts/cluster setup - - name: Run integration tests - run: ./scripts/citest-integration + # - name: Run integration tests + # run: ./scripts/citest-integration # Publish images @@ -79,21 +72,23 @@ jobs: ;; esac - - name: Log into the ACR (test) - run: az acr login --name pccomponentstest + - name: Log in with Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Publish images (test) run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} --no-login - - name: Log into the ACR - run: az acr login --name pccomponents - - - name: Publish images - run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} --no-login + # - name: Publish images + # run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} --no-login - - name: Clean up CosmosDB test containers - run: ./scripts/setup --rm-test-containers - if: always() + # - name: Clean up CosmosDB test containers + # run: ./scripts/setup --rm-test-containers + # if: always() outputs: image_tag: ${{ steps.get_image_tag.outputs.tag }} @@ -106,6 +101,13 @@ jobs: steps: - uses: actions/checkout@v2 + - name: Log in with Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Deploy run: ./scripts/cideploy env: diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 62490ee1..8b1f0e55 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -112,8 +112,6 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then # Gather environment variables from the terraform directory source "${TERRAFORM_DIR}"/env.sh - bin/azlogin - require_env "DEPLOY_SECRETS_KV" require_env "DEPLOY_SECRETS_KV_SECRET" require_env "DEPLOY_SECRETS_KV_RG_NAME" diff --git a/deployment/bin/lib b/deployment/bin/lib index d71c7a51..9a667a64 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -71,11 +71,6 @@ function cluster_login() { CLUSTER_NAME=$2 fi - az login --service-principal \ - --username ${ARM_CLIENT_ID} \ - --password ${ARM_CLIENT_SECRET} \ - --tenant ${ARM_TENANT_ID} - az aks get-credentials \ --resource-group ${RESOURCE_GROUP} \ --name ${CLUSTER_NAME} \ @@ -88,9 +83,7 @@ function cluster_login() { # So we export to a kubeconfig file echo "Converting kubeconfig..." kubelogin convert-kubeconfig \ - --login spn \ - --client-id ${ARM_CLIENT_ID} \ - --client-secret ${ARM_CLIENT_SECRET} \ + -l azurecli \ --kubeconfig=kubeconfig export KUBECONFIG=kubeconfig } diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index d2e6f732..117bf460 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -7,15 +7,15 @@ services: dockerfile: deployment/Dockerfile environment: # For Terraform - - ARM_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} - - ARM_TENANT_ID=${AZURE_TENANT_ID} - - ARM_CLIENT_ID=${AZURE_CLIENT_ID} - - ARM_CLIENT_SECRET=${AZURE_CLIENT_SECRET} - - # For Azure CLI - - AZURE_TENANT_ID=${AZURE_TENANT_ID} - - AZURE_CLIENT_ID=${AZURE_CLIENT_ID} - - AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} + - ARM_SUBSCRIPTION_ID + - ARM_TENANT_ID + - ARM_CLIENT_ID + - ARM_USE_OIDC + - ARM_OIDC_TOKEN + - ACTIONS_ID_TOKEN_REQUEST_URL + - ACTIONS_ID_TOKEN_REQUEST_TOKEN + - ARM_OIDC_REQUEST_TOKEN + - ARM_OIDC_REQUEST_URL # Used in function deployment injected by GH Actions - GITHUB_TOKEN @@ -26,3 +26,4 @@ services: - ../deployment:/opt/src/deployment - ../pctasks:/opt/src/pctasks:ro - ../pctasks_funcs:/opt/src/pctasks_funcs:ro + - ~/.azure:/root/.azure From 09247e52cb11e2ff643a3e5594936c91271fad09 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 14:07:37 -0700 Subject: [PATCH 03/13] test --- .github/workflows/cicd.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 91accaf7..88992374 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -28,11 +28,11 @@ jobs: with: python-version: "3.8" - - name: Install local dependencies - run: ./scripts/install + # - name: Install local dependencies + # run: ./scripts/install - - name: Setup - run: ./scripts/setup --no-aux-servers + # - name: Setup + # run: ./scripts/setup --no-aux-servers # - name: Test # run: ./scripts/test @@ -81,7 +81,7 @@ jobs: - name: Publish images (test) - run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} --no-login + run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} # - name: Publish images # run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} --no-login From 6d0cf6d35af1636ec13e8985bc3e92cd7fd02e0e Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 14:11:32 -0700 Subject: [PATCH 04/13] test --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 88992374..a75e10a6 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -81,7 +81,7 @@ jobs: - name: Publish images (test) - run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} + run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} --no-login # - name: Publish images # run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} --no-login From e41563eda7280db50574511d1aad8abf37cc0038 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 14:23:48 -0700 Subject: [PATCH 05/13] test --- .github/workflows/cicd.yml | 57 +++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a75e10a6..109c52d6 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -28,36 +28,36 @@ jobs: with: python-version: "3.8" - # - name: Install local dependencies - # run: ./scripts/install + - name: Install local dependencies + run: ./scripts/install - # - name: Setup - # run: ./scripts/setup --no-aux-servers + - name: Setup + run: ./scripts/setup --no-aux-servers - # - name: Test - # run: ./scripts/test + - name: Test + run: ./scripts/test - # - name: Validate collections - # run: ./scripts/validate-collections + - name: Validate collections + run: ./scripts/validate-collections - # # Integration Tests + # Integration Tests - # - name: Install Kind - # uses: helm/kind-action@v1.4.0 - # with: - # install_only: true + - name: Install Kind + uses: helm/kind-action@v1.4.0 + with: + install_only: true - # - name: Install Helm - # uses: azure/setup-helm@v3 - # with: - # version: v3.8.2 - # # if: ${{ github.base_ref == 'main' }} + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.8.2 + # if: ${{ github.base_ref == 'main' }} - # - name: Setup cluster - # run: ./scripts/cluster setup + - name: Setup cluster + run: ./scripts/cluster setup - # - name: Run integration tests - # run: ./scripts/citest-integration + - name: Run integration tests + run: ./scripts/citest-integration # Publish images @@ -79,16 +79,15 @@ jobs: tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Publish images (test) - run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} --no-login + run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} - # - name: Publish images - # run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} --no-login + - name: Publish images + run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} - # - name: Clean up CosmosDB test containers - # run: ./scripts/setup --rm-test-containers - # if: always() + - name: Clean up CosmosDB test containers + run: ./scripts/setup --rm-test-containers + if: always() outputs: image_tag: ${{ steps.get_image_tag.outputs.tag }} From 2cd842e7d9467dcc5a4fb8bde536435ee45039b3 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 15:16:22 -0700 Subject: [PATCH 06/13] test --- .github/workflows/cicd.yml | 73 +++++++++++++++++++------------------- deployment/bin/deploy | 5 +-- 2 files changed, 37 insertions(+), 41 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 109c52d6..9dfd6c30 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -10,9 +10,6 @@ env: PCTASKS_COSMOSDB__URL: ${{ secrets.COSMOSDB_URL }} PCTASKS_COSMOSDB__KEY: ${{ secrets.COSMOSDB_KEY }} PCTASKS_COSMOSDB__TEST_CONTAINER_SUFFIX: ${{ github.run_id }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} permissions: id-token: write @@ -24,40 +21,40 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 - with: - python-version: "3.8" + # - uses: actions/setup-python@v4 + # with: + # python-version: "3.8" - - name: Install local dependencies - run: ./scripts/install + # - name: Install local dependencies + # run: ./scripts/install - - name: Setup - run: ./scripts/setup --no-aux-servers + # - name: Setup + # run: ./scripts/setup --no-aux-servers - - name: Test - run: ./scripts/test + # - name: Test + # run: ./scripts/test - - name: Validate collections - run: ./scripts/validate-collections + # - name: Validate collections + # run: ./scripts/validate-collections - # Integration Tests + # # Integration Tests - - name: Install Kind - uses: helm/kind-action@v1.4.0 - with: - install_only: true + # - name: Install Kind + # uses: helm/kind-action@v1.4.0 + # with: + # install_only: true - - name: Install Helm - uses: azure/setup-helm@v3 - with: - version: v3.8.2 - # if: ${{ github.base_ref == 'main' }} + # - name: Install Helm + # uses: azure/setup-helm@v3 + # with: + # version: v3.8.2 + # # if: ${{ github.base_ref == 'main' }} - - name: Setup cluster - run: ./scripts/cluster setup + # - name: Setup cluster + # run: ./scripts/cluster setup - - name: Run integration tests - run: ./scripts/citest-integration + # - name: Run integration tests + # run: ./scripts/citest-integration # Publish images @@ -79,15 +76,15 @@ jobs: tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Publish images (test) - run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} + # - name: Publish images (test) + # run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} - - name: Publish images - run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} + # - name: Publish images + # run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} - - name: Clean up CosmosDB test containers - run: ./scripts/setup --rm-test-containers - if: always() + # - name: Clean up CosmosDB test containers + # run: ./scripts/setup --rm-test-containers + # if: always() outputs: image_tag: ${{ steps.get_image_tag.outputs.tag }} @@ -112,5 +109,7 @@ jobs: env: IMAGE_TAG: ${{needs.build_and_publish.outputs.image_tag}} ENVIRONMENT: staging - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_USE_OIDC: true diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 8b1f0e55..e1d4d905 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -33,11 +33,8 @@ Options: require_env "ARM_SUBSCRIPTION_ID" require_env "ARM_TENANT_ID" require_env "ARM_CLIENT_ID" -require_env "ARM_CLIENT_SECRET" +require_env "ARM_USE_OIDC" -require_env "AZURE_TENANT_ID" -require_env "AZURE_CLIENT_ID" -require_env "AZURE_CLIENT_SECRET" ################### # Parse arguments # From 9f85e32013b800658893e5bf699c4125d23c940a Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 15:30:56 -0700 Subject: [PATCH 07/13] add terraform config --- deployment/terraform/resources/providers.tf | 1 + deployment/terraform/staging/backend.tf | 1 + 2 files changed, 2 insertions(+) diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf index 5cb41859..bf2bfc3a 100644 --- a/deployment/terraform/resources/providers.tf +++ b/deployment/terraform/resources/providers.tf @@ -1,6 +1,7 @@ provider azurerm { features {} skip_provider_registration = true + use_oidc = true } terraform { diff --git a/deployment/terraform/staging/backend.tf b/deployment/terraform/staging/backend.tf index 34e673be..3da5bc77 100644 --- a/deployment/terraform/staging/backend.tf +++ b/deployment/terraform/staging/backend.tf @@ -4,5 +4,6 @@ terraform { storage_account_name = "pctesttfstate" container_name = "pctasks" key = "staging.terraform.tfstate" + use_oidc = true } } \ No newline at end of file From dfedab7b90f5e3e2dfa2747bfa9211fbf2001841 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 15:43:43 -0700 Subject: [PATCH 08/13] test --- deployment/Dockerfile | 4 ++-- deployment/terraform/resources/providers.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/Dockerfile b/deployment/Dockerfile index 128b92ba..8c280bf8 100644 --- a/deployment/Dockerfile +++ b/deployment/Dockerfile @@ -24,9 +24,9 @@ RUN echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu RUN apt-get update && apt-get install -y azure-functions-core-tools-4 -# Install Terraform 0.14.4 +# Install Terraform 1.8.2 -RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/1.1.2/terraform_1.1.2_linux_amd64.zip +RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/1.8.2/terraform_1.8.2_linux_amd64.zip RUN unzip terraform.zip RUN mv terraform /usr/local/bin diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf index bf2bfc3a..1f30b330 100644 --- a/deployment/terraform/resources/providers.tf +++ b/deployment/terraform/resources/providers.tf @@ -10,7 +10,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.65.0" + version = "3.97.1" } } } From 9f0acb5c52808a090b544a64966a6f7476712d59 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 15:48:32 -0700 Subject: [PATCH 09/13] test --- deployment/terraform/batch_pool/providers.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/terraform/batch_pool/providers.tf b/deployment/terraform/batch_pool/providers.tf index c058a509..7e2bead8 100644 --- a/deployment/terraform/batch_pool/providers.tf +++ b/deployment/terraform/batch_pool/providers.tf @@ -1,6 +1,7 @@ provider azurerm { features {} skip_provider_registration = true + use_oidc = true } terraform { @@ -9,7 +10,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.65.0" + version = "3.97.1" } } } From 3743807a305d2255b8eee2cadd786dbf4d0d5ef3 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 20:23:15 -0700 Subject: [PATCH 10/13] test --- deployment/terraform/resources/keyvault.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/terraform/resources/keyvault.tf b/deployment/terraform/resources/keyvault.tf index d3a63503..ab41c708 100644 --- a/deployment/terraform/resources/keyvault.tf +++ b/deployment/terraform/resources/keyvault.tf @@ -9,7 +9,7 @@ resource "azurerm_key_vault_access_policy" "function_app" { object_id = azurerm_linux_function_app.pctasks.identity.0.principal_id secret_permissions = [ - "Get", "List" + "Get", "List", "Set" ] } From d8c245e8396d5fa99cde763958f7e218a7a28c40 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Mon, 6 May 2024 20:59:14 -0700 Subject: [PATCH 11/13] test --- deployment/terraform/resources/keyvault.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/terraform/resources/keyvault.tf b/deployment/terraform/resources/keyvault.tf index ab41c708..d3a63503 100644 --- a/deployment/terraform/resources/keyvault.tf +++ b/deployment/terraform/resources/keyvault.tf @@ -9,7 +9,7 @@ resource "azurerm_key_vault_access_policy" "function_app" { object_id = azurerm_linux_function_app.pctasks.identity.0.principal_id secret_permissions = [ - "Get", "List", "Set" + "Get", "List" ] } From 4c353f0cc7dd9ae0073cccfed397f5f6d426d9eb Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 7 May 2024 10:44:41 -0700 Subject: [PATCH 12/13] test entire execution --- .github/workflows/cicd.yml | 64 +++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 9dfd6c30..b1198e80 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -21,40 +21,40 @@ jobs: steps: - uses: actions/checkout@v3 - # - uses: actions/setup-python@v4 - # with: - # python-version: "3.8" + - uses: actions/setup-python@v4 + with: + python-version: "3.8" - # - name: Install local dependencies - # run: ./scripts/install + - name: Install local dependencies + run: ./scripts/install - # - name: Setup - # run: ./scripts/setup --no-aux-servers + - name: Setup + run: ./scripts/setup --no-aux-servers - # - name: Test - # run: ./scripts/test + - name: Test + run: ./scripts/test - # - name: Validate collections - # run: ./scripts/validate-collections + - name: Validate collections + run: ./scripts/validate-collections - # # Integration Tests + # Integration Tests - # - name: Install Kind - # uses: helm/kind-action@v1.4.0 - # with: - # install_only: true + - name: Install Kind + uses: helm/kind-action@v1.4.0 + with: + install_only: true - # - name: Install Helm - # uses: azure/setup-helm@v3 - # with: - # version: v3.8.2 - # # if: ${{ github.base_ref == 'main' }} + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.8.2 + # if: ${{ github.base_ref == 'main' }} - # - name: Setup cluster - # run: ./scripts/cluster setup + - name: Setup cluster + run: ./scripts/cluster setup - # - name: Run integration tests - # run: ./scripts/citest-integration + - name: Run integration tests + run: ./scripts/citest-integration # Publish images @@ -76,15 +76,15 @@ jobs: tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # - name: Publish images (test) - # run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} + - name: Publish images (test) + run: ./scripts/publish --acr pccomponentstest --tag ${{steps.get_image_tag.outputs.tag}} - # - name: Publish images - # run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} + - name: Publish images + run: ./scripts/publish --acr pccomponents --tag ${{steps.get_image_tag.outputs.tag}} - # - name: Clean up CosmosDB test containers - # run: ./scripts/setup --rm-test-containers - # if: always() + - name: Clean up CosmosDB test containers + run: ./scripts/setup --rm-test-containers + if: always() outputs: image_tag: ${{ steps.get_image_tag.outputs.tag }} From 148e87e91b624c719731e837683ee28468703fae Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 7 May 2024 10:49:54 -0700 Subject: [PATCH 13/13] ready for code review --- .github/workflows/cicd.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index b1198e80..857456f2 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -2,8 +2,7 @@ name: CI/CD on: push: - # branches: [main] - branches: [user/elay/remove-client-secret] + branches: [main] tags: ["*"] env: @@ -48,7 +47,7 @@ jobs: uses: azure/setup-helm@v3 with: version: v3.8.2 - # if: ${{ github.base_ref == 'main' }} + if: ${{ github.base_ref == 'main' }} - name: Setup cluster run: ./scripts/cluster setup @@ -91,7 +90,7 @@ jobs: deploy: runs-on: ubuntu-latest - # if: ${{ github.ref == 'refs/heads/main' }} + if: ${{ github.ref == 'refs/heads/main' }} needs: - build_and_publish steps: