forked from platformplatform/PlatformPlatform
-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (117 loc) · 5.46 KB
/
Copy path_deploy-infrastructure.yml
File metadata and controls
132 lines (117 loc) · 5.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Deploy Infrastructure
on:
workflow_call:
inputs:
azure_environment:
required: true
type: string
cluster_location_acronym:
required: true
type: string
service_principal_id:
required: true
type: string
subscription_id:
required: true
type: string
tenant_id:
required: true
type: string
unique_prefix:
required: true
type: string
shared_location:
required: true
type: string
cluster_location:
required: true
type: string
domain_name:
required: true
type: string
sql_admin_object_id:
required: true
type: string
production_service_principal_object_id:
required: false
type: string
default: "-"
jobs:
plan:
name: Plan
runs-on: ubuntu-24.04
outputs:
should_deploy: ${{ steps.determine_deployment.outputs.should_deploy }}
steps:
- name: Determine Deployment Conditions # For production: only deploy from main branch, but for staging also deploy from pull requests with 'Deploy to Staging' label
id: determine_deployment
run: |
if [[ "${{ inputs.azure_environment }}" == "prod" && "${{ github.ref }}" == "refs/heads/main" ]]; then
should_deploy="true"
elif [[ "${{ inputs.azure_environment }}" == "stage" && ("${{ github.ref }}" == "refs/heads/main" || "${{ contains(github.event.pull_request.labels.*.name, 'Deploy to Staging') }}" == "true") ]]; then
should_deploy="true"
else
should_deploy="false"
fi
echo "should_deploy=$should_deploy" >> $GITHUB_OUTPUT
- name: Checkout Code
uses: actions/checkout@v4
- name: Install Bicep CLI
run: |
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 &&
chmod +x ./bicep &&
sudo mv ./bicep /usr/local/bin/bicep &&
bicep --version
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ inputs.service_principal_id }}
tenant-id: ${{ inputs.tenant_id }}
subscription-id: ${{ inputs.subscription_id }}
- name: Plan Shared Environment Resources
run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.shared_location }} ${{ inputs.production_service_principal_object_id }} --plan
- name: Plan Cluster Resources
id: deploy_cluster
run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location }} ${{ inputs.cluster_location_acronym }} ${{ inputs.sql_admin_object_id }} ${{ inputs.domain_name }} --plan
deploy:
name: Deploy
if: ${{ needs.plan.outputs.should_deploy == 'true' }}
needs: plan
environment: ${{ github.event_name != 'pull_request' && (inputs.azure_environment == 'prod' && 'production' || 'staging') || '' }}
runs-on: ubuntu-24.04
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Install Bicep CLI
run: |
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 &&
chmod +x ./bicep &&
sudo mv ./bicep /usr/local/bin/bicep &&
bicep --version
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ inputs.service_principal_id }}
tenant-id: ${{ inputs.tenant_id }}
subscription-id: ${{ inputs.subscription_id }}
- name: Deploy Shared Environment Resources
run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.shared_location }} ${{ inputs.production_service_principal_object_id }} --apply
- name: Deploy Cluster Resources
id: deploy_cluster
run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location }} ${{ inputs.cluster_location_acronym }} ${{ inputs.sql_admin_object_id }} ${{ inputs.domain_name }} --apply
- name: Refresh Azure Tokens # The previous step may take a while, so we refresh the token to avoid timeouts
uses: azure/login@v2
with:
client-id: ${{ inputs.service_principal_id }}
tenant-id: ${{ inputs.tenant_id }}
subscription-id: ${{ inputs.subscription_id }}
- name: Install Microsoft sqlcmd Utility
run: |
curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc &&
sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/22.04/prod.list)" &&
sudo apt-get update &&
sudo apt-get install -y sqlcmd
- name: Grant Database Permissions
run: |
bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location_acronym }} 'account-management' ${{ steps.deploy_cluster.outputs.ACCOUNT_MANAGEMENT_IDENTITY_CLIENT_ID }}
bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ inputs.unique_prefix }} ${{ inputs.azure_environment }} ${{ inputs.cluster_location_acronym }} 'back-office' ${{ steps.deploy_cluster.outputs.BACK_OFFICE_IDENTITY_CLIENT_ID }}