Always run all infra steps regardless of changes (#472)

* remove check for changes * fix image tag * upgrade azure identity * use correct name for app db access --------- Co-authored-by: Hammerbeck <andreas.hammerbeck@digdir.no>
Altinn · Jun 19, 2024 · 05b734f · 05b734f
1 parent ad539ea
commit 05b734f
Show file tree

Hide file tree

Showing 12 changed files with 49 additions and 148 deletions.
diff --git a/.azure/applications/api/main.bicep b/.azure/applications/api/main.bicep
@@ -62,7 +62,7 @@ module databaseAccess '../../modules/postgreSql/AddAdministrationAccess.bicep' =
   params: {
     tenantId: appIdentity.outputs.tenantId
     principalId: appIdentity.outputs.principalId
-    appName: appIdentity.name
+    appName: appIdentity.outputs.name
     namePrefix: namePrefix
   }
 }

diff --git a/.azure/applications/migration/main.bicep b/.azure/applications/migration/main.bicep
@@ -1,10 +1,8 @@
 param namePrefix string
 param location string
 param appVersion string
-
 @secure()
 param keyVaultUrl string
-
 @secure()
 param keyVaultName string
 

diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep
@@ -101,7 +101,6 @@ module postgresql '../modules/postgreSql/create.bicep' = {
     administratorLoginPassword: brokerPgAdminPassword
     sku: postgresSku
     tenantId: tenantId
-    test_client_id: test_client_id
     environment: environment
   }
 }

diff --git a/.azure/modules/identity/create.bicep b/.azure/modules/identity/create.bicep
@@ -2,7 +2,6 @@
 param namePrefix string
 param location string
 
-
 resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
   name: '${namePrefix}-app-identity'
   location: location
@@ -11,3 +10,4 @@ output id string = userAssignedIdentity.id
 output clientId string = userAssignedIdentity.properties.clientId
 output principalId string = userAssignedIdentity.properties.principalId
 output tenantId string = userAssignedIdentity.properties.tenantId
+output name string = userAssignedIdentity.name
diff --git a/.azure/modules/migrationJob/main.bicep b/.azure/modules/migrationJob/main.bicep
@@ -5,7 +5,7 @@ param containerAppEnvId string
 param command string[]
 param environmentVariables { name: string, value: string?, secretRef: string? }[] = []
 param secrets { name: string, keyVaultUrl: string, identity: string }[] = []
-param volumes { name: string, storageName: string, storageType: string, mountOptions: string}[] = []
+param volumes { name: string, storageName: string, storageType: string, mountOptions: string }[] = []
 param volumeMounts { mountPath: string, subPath: string, volumeName: string }[] = []
 param principalId string
 
@@ -44,5 +44,4 @@ resource job 'Microsoft.App/jobs@2024-03-01' = {
     }
   }
 }
-
 output name string = job.name
diff --git a/.azure/modules/postgreSql/create.bicep b/.azure/modules/postgreSql/create.bicep
@@ -17,8 +17,6 @@ param srcKeyVault object
 param administratorLoginPassword string
 @secure()
 param tenantId string
-@secure()
-param test_client_id string
 
 var databaseName = 'brokerdb'
 var databaseUser = 'adminuser'
@@ -75,7 +73,7 @@ resource configurations 'Microsoft.DBforPostgreSQL/flexibleServers/configuration
   }
 }
 
-resource database 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2023-06-01-preview' = {
+resource database 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2023-12-01-preview' = {
   name: databaseName
   parent: postgres
   properties: {
@@ -102,15 +100,3 @@ module adoConnectionString '../keyvault/upsertSecret.bicep' = {
     secretValue: 'Host=${postgres.properties.fullyQualifiedDomainName};Database=${databaseName};Port=5432;Username=${namePrefix}-app-identity;Ssl Mode=Require;Trust Server Certificate=True;Maximum Pool Size=${poolSize};'
   }
 }
-
-resource databaseAccess 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@2022-12-01' =
-  if (environment == 'test') {
-    name: test_client_id
-    parent: postgres
-    dependsOn: [allowAzureAccess] // Needs to depend on allowAzureAccess to avoid updating at the same time
-    properties: {
-      principalType: 'Group'
-      tenantId: tenantId
-      principalName: 'Altinn-30-Broker-Test-Developers'
-    }
-  }
diff --git a/.github/actions/check-for-changes/action.yml b/.github/actions/check-for-changes/action.yml
diff --git a/.github/actions/migrate-database/action.yml b/.github/actions/migrate-database/action.yml
@@ -9,7 +9,7 @@ inputs:
   AZURE_TENANT_ID:
     description: "Tenant ID for the service principal"
     required: true
-  AZURE_SUBSCRIPTION_ID:  
+  AZURE_SUBSCRIPTION_ID:
     description: "Subscription ID for the service principal"
     required: true
   AZURE_ENVIRONMENT_KEY_VAULT_NAME:
@@ -81,7 +81,7 @@ runs:
           ./.github/tools/containerAppJobVerifier.sh ${{ steps.migration-job.outputs.name }} '${{ inputs.AZURE_NAME_PREFIX }}-rg' ${{ steps.get-version.outputs.imageTag }}
 
     - name: Logout from azure
-      shell: bash 
+      shell: bash
       if: ${{failure() || success()}}
       continue-on-error: true
       run: az logout
diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml
@@ -6,6 +6,9 @@ inputs:
   dockerImageBaseName:
     description: "Base image name for docker images"
     required: true
+  imageTag:
+    description: "Tag for the image"
+    required: true
   GITHUB_TOKEN:
     description: "GitHub token"
     required: true
@@ -15,11 +18,6 @@ runs:
   using: "composite"
   steps:
     - uses: actions/checkout@v4
-
-    - name: Get version
-      id: get-version
-      uses: ./.github/actions/get-current-version
-
     - name: Login to GitHub Container Registry
       uses: docker/login-action@v3
       with:
@@ -31,6 +29,6 @@ runs:
       shell: bash
       run: |
         # Construct the image tag using the Git hash
-        IMAGE="${{ inputs.dockerImageBaseName }}:${{ steps.get-version.outputs.imageTag }}"
+        IMAGE="${{ inputs.dockerImageBaseName }}:${{ inputs.imageTag }}"
         docker build . --tag $IMAGE
         docker push $IMAGE
diff --git a/.github/actions/release-version/action.yml b/.github/actions/release-version/action.yml
@@ -9,7 +9,10 @@ inputs:
   environment:
     description: "Github environment to deploy from"
     required: true
-  AZURE_SUBSCRIPTION_ID:  
+  imageTag:
+    description: "Tag for the image"
+    required: true
+  AZURE_SUBSCRIPTION_ID:
     description: "Subscription ID for the service principal"
     required: true
   AZURE_ENVIRONMENT_KEY_VAULT_NAME:
@@ -44,12 +47,12 @@ runs:
     - name: Get version
       id: get-version
       uses: ./.github/actions/get-current-version
-      
+
     - name: Deploy app
       uses: azure/arm-deploy@v2
       id: deploy
       env:
-        IMAGE_TAG: ${{ steps.get-version.outputs.imageTag }}
+        IMAGE_TAG: ${{ inputs.imageTag }}
         ENVIRONMENT: ${{ inputs.environment }}
         KEY_VAULT_NAME: ${{ inputs.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
         KEY_VAULT_URL: https://${{ inputs.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}.vault.azure.net
@@ -61,7 +64,7 @@ runs:
         resourceGroupName: ${{ inputs.AZURE_NAME_PREFIX }}-rg
         template: ./.azure/applications/api/main.bicep
         deploymentMode: Incremental
-        deploymentName: ${{ inputs.AZURE_NAME_PREFIX }}-${{ steps.get-version.outputs.imageTag }}
+        deploymentName: ${{ inputs.AZURE_NAME_PREFIX }}-${{ inputs.imageTag }}
         region: ${{ inputs.region }}
         failOnStdErr: false
         parameters: ./.azure/applications/api/params.bicepparam

diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml
@@ -7,43 +7,13 @@ on:
     - "Test/**" # ignore changes to tests
 
 jobs:
-  check-for-changes:
-    name: Check for changes
-    runs-on: ubuntu-latest
-    outputs:
-      hasAzureChanges: ${{ steps.check-for-changes.outputs.hasAzureChanges }}
-      hasBackendChanges: ${{ steps.check-for-changes.outputs.hasBackendChanges }}
-      hasMigrationChanges: ${{ steps.check-for-changes.outputs.hasMigrationChanges }}
-    steps:        
-      - uses: actions/checkout@v4
-
-      - name: "Check for changes"
-        id: check-for-changes
-        uses: ./.github/actions/check-for-changes
-
-      - name: "Inform about infrastructure skip"
-        if: ${{ steps.check-for-changes.outputs.hasAzureChanges != 'true' }}
-        run: echo "::warning file=.github/workflows/ci-cd.yaml,line=1,col=1::Infrastructure-as-code did not change. Infrastructure update will be skipped."
-
-      - name: "Inform about publish skip"
-        if: ${{ steps.check-for-changes.outputs.hasBackendChanges != 'true' }}
-        run: echo "::warning file=.github/workflows/ci-cd.yaml,line=1,col=1::Code not changed. Will not publish and release new version."
-
-      - name: "Inform about database migration skip"
-        if: ${{ steps.check-for-changes.outputs.hasMigrationChanges != 'true' }}
-        run: echo "::warning file=.github/workflows/ci-cd.yaml,line=1,col=1::Migrations did not change. No migration will run."
-
   test:	
     name: QA	
     uses: ./.github/workflows/test-application.yml	
-    needs: [check-for-changes]
-    if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' || needs.check-for-changes.outputs.hasMigrationChanges == 'true' }}
 
   publish:
     name: Publish
     runs-on: ubuntu-latest
-    needs: [check-for-changes]
-    if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
     permissions: 
       packages: write
       contents: read
@@ -60,24 +30,19 @@ jobs:
     uses: ./.github/workflows/deploy-to-environment.yml
     if: always() && !failure() && !cancelled() 
     needs: [ 
-      publish,
-      check-for-changes
+      publish
     ]
     permissions: 
       id-token: write
       contents: read
     secrets: inherit
     with:
       environment: test
-      hasAzureChanges: ${{ needs.check-for-changes.outputs.hasAzureChanges }}
-      hasBackendChanges: ${{ needs.check-for-changes.outputs.hasBackendChanges }}
-      hasMigrationChanges: ${{ needs.check-for-changes.outputs.hasMigrationChanges }}
 
   deploy-staging:
     name: Staging
     needs: [ 
       deploy-test,
-      check-for-changes
     ]
     uses: ./.github/workflows/deploy-to-environment.yml
     if: (!failure() && !cancelled()) 
@@ -87,15 +52,11 @@ jobs:
     secrets: inherit
     with:
       environment: staging
-      hasAzureChanges: ${{ needs.check-for-changes.outputs.hasAzureChanges }}
-      hasBackendChanges: ${{ needs.check-for-changes.outputs.hasBackendChanges }}
-      hasMigrationChanges: ${{ needs.check-for-changes.outputs.hasMigrationChanges }}
 
   deploy-production:
     name: Production
     needs: [
       deploy-staging,
-      check-for-changes
     ]
     uses: ./.github/workflows/deploy-to-environment.yml
     if: (!failure() && !cancelled())
@@ -105,15 +66,12 @@ jobs:
     secrets: inherit
     with:
       environment: production
-      hasAzureChanges: ${{ needs.check-for-changes.outputs.hasAzureChanges }}
-      hasBackendChanges: ${{ needs.check-for-changes.outputs.hasBackendChanges }}
-      hasMigrationChanges: ${{ needs.check-for-changes.outputs.hasMigrationChanges }}
 
   release-to-git:  
     name: Release to git
     runs-on: ubuntu-latest
-    needs: [check-for-changes, deploy-production]
-    if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' && !failure() && !cancelled()}}
+    needs: [deploy-production]
+    if: ${{ !failure() && !cancelled()}}
     permissions: 
       id-token: write
       contents: write