landingzones-tf100 #1508
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Copyright (c) Microsoft Corporation | |
| # Licensed under the MIT License. | |
| # | |
| name: landingzones-tf100 | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| paths-ignore: | |
| - 'documentation/**' | |
| - '_pictures/**' | |
| - 'README.md' | |
| - 'CHANGELOG.md' | |
| schedule: | |
| - cron: '0 3 * * *' | |
| env: | |
| TF_CLI_ARGS: '-no-color' | |
| TF_CLI_ARGS_destroy: '-refresh=false' | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| TF_REGISTRY_DISCOVERY_RETRY: 5 | |
| TF_REGISTRY_CLIENT_TIMEOUT: 15 | |
| ROVER_RUNNER: true | |
| jobs: | |
| foundations100: | |
| name: foundations-100 | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| max-parallel: 1 | |
| matrix: | |
| random_length: ['5'] | |
| container: | |
| image: aztfmod/rover:1.6.6-2401.0402 | |
| options: --user 0 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login azure | |
| run: | | |
| az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' | |
| az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} | |
| echo "local user: $(whoami)" | |
| - name: Github Actions permissions workaround | |
| run: | | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| - name: launchpad | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a apply \ | |
| -var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/100 \ | |
| -level level0 \ | |
| -launchpad \ | |
| -parallelism=30 \ | |
| --environment ${{ github.run_id }} \ | |
| '-var random_length=${{ matrix.random_length }}' \ | |
| '-var prefix=g${{ github.run_id }}' \ | |
| '-var tags={testing_job_id="${{ github.run_id }}"}' | |
| - name: foundations | |
| run: | | |
| sleep 180 | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a apply \ | |
| -var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/100-passthrough \ | |
| -tfstate caf_foundations.tfstate \ | |
| -level level1 \ | |
| -parallelism=30 \ | |
| --environment ${{ github.run_id }} \ | |
| '-var tags={testing_job_id="${{ github.run_id }}"}' | |
| networking100: | |
| name: networking-100 | |
| runs-on: ubuntu-latest | |
| needs: foundations100 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| config_files: [ | |
| "caf_solution/scenario/networking/100-single-region-hub", | |
| "caf_solution/scenario/networking/101-multi-region-hub", | |
| "caf_solution/scenario/networking/105-hub-and-spoke", | |
| "caf_solution/scenario/networking/106-hub-virtual-wan-firewall" | |
| ] | |
| container: | |
| image: aztfmod/rover:1.6.6-2401.0402 | |
| options: --user 0 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login azure | |
| run: | | |
| az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' | |
| az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} | |
| - name: Github Actions permissions workaround | |
| run: | | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| - name: deploy example | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a apply \ | |
| -tfstate $(basename ${{ matrix.config_files }}).tfstate \ | |
| -level level2 \ | |
| -parallelism=30 \ | |
| -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ | |
| --environment ${{ github.run_id }} | |
| - name: destroy example | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a destroy \ | |
| -tfstate $(basename ${{ matrix.config_files }}).tfstate \ | |
| -level level2 \ | |
| -parallelism=30 \ | |
| -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ | |
| --environment ${{ github.run_id }} \ | |
| -refresh=false | |
| foundations200: | |
| name: foundations-200 | |
| runs-on: ubuntu-latest | |
| needs: networking100 | |
| if: always() | |
| strategy: | |
| fail-fast: true | |
| max-parallel: 1 | |
| matrix: | |
| random_length: ['5'] | |
| container: | |
| image: aztfmod/rover:1.6.6-2401.0402 | |
| options: --user 0 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login azure | |
| run: | | |
| az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' | |
| az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} | |
| echo "local user: $(whoami)" | |
| - name: Github Actions permissions workaround | |
| run: | | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| - name: launchpad-200-upgrade | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a apply \ | |
| -var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/200 \ | |
| -level level0 \ | |
| -launchpad \ | |
| -parallelism=30 \ | |
| --environment ${{ github.run_id }} \ | |
| '-var random_length=${{ matrix.random_length }}' \ | |
| '-var prefix=g${{ github.run_id }}' \ | |
| '-var tags={testing_job_id="${{ github.run_id }}"}' | |
| - name: foundations-200-upgrade | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a apply \ | |
| -var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/gitops \ | |
| -tfstate caf_foundations.tfstate \ | |
| -level level1 \ | |
| -parallelism=30 \ | |
| --environment ${{ github.run_id }} \ | |
| '-var tags={testing_job_id="${{ github.run_id }}"}' | |
| networking200: | |
| name: networking-200 | |
| runs-on: ubuntu-latest | |
| needs: foundations200 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| config_files: [ | |
| "caf_solution/scenario/networking/200-single-region-hub", | |
| "caf_solution/scenario/networking/201-multi-region-hub", | |
| "caf_solution/scenario/networking/210-aks-private" | |
| ] | |
| container: | |
| image: aztfmod/rover:1.6.6-2401.0402 | |
| options: --user 0 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login azure | |
| run: | | |
| az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' | |
| az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} | |
| - name: Github Actions permissions workaround | |
| run: | | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| - name: deploy example | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a apply \ | |
| -tfstate $(basename ${{ matrix.config_files }}).tfstate \ | |
| -level level2 \ | |
| -parallelism=30 \ | |
| -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ | |
| --environment ${{ github.run_id }} | |
| - name: destroy example | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a destroy \ | |
| -tfstate $(basename ${{ matrix.config_files }}).tfstate \ | |
| -level level2 \ | |
| -parallelism=30 \ | |
| -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ | |
| --environment ${{ github.run_id }} \ | |
| -refresh=false | |
| foundations_destroy: | |
| name: foundations_destroy | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: networking200 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| random_length: ['5'] | |
| container: | |
| image: aztfmod/rover:1.6.6-2401.0402 | |
| options: --user 0 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login azure | |
| run: | | |
| az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' | |
| az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} | |
| echo "local user: $(whoami)" | |
| - name: Github Actions permissions workaround | |
| run: | | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| - name: foundations | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a destroy \ | |
| -var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/gitops \ | |
| -tfstate caf_foundations.tfstate \ | |
| -level level1 \ | |
| -parallelism=30 \ | |
| --environment ${{ github.run_id }} \ | |
| '-var tags={testing_job_id="${{ github.run_id }}"}' | |
| - name: Remove launchpad | |
| run: | | |
| /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a destroy \ | |
| -var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/200 \ | |
| -level level0 \ | |
| -launchpad \ | |
| -parallelism=30 \ | |
| --environment ${{ github.run_id }} \ | |
| '-var random_length=${{ matrix.random_length }}' \ | |
| '-var prefix=g${{ github.run_id }}' \ | |
| '-var tags={testing_job_id="${{ github.run_id }}"}' | |
| - name: Complete purge | |
| if: ${{ always() }} | |
| run: | | |
| for i in `az monitor diagnostic-settings subscription list -o tsv --query "value[?contains(name, '${{ github.run_id }}' )].name"`; do echo "purging subscription diagnostic-settings: $i" && $(az monitor diagnostic-settings subscription delete --name $i --yes); done | |
| for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done | |
| for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].objectId" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i || true); done | |
| for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i || true); done | |
| for i in `az keyvault list-deleted --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done | |
| for i in `az group list --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done | |
| for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i || true); done | |
| for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done |