-
Notifications
You must be signed in to change notification settings - Fork 24
135 lines (112 loc) · 6.36 KB
/
updateParameters.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Update Parameter Files
on:
push:
branches: [main]
paths:
- 'configs/**'
- '.github/workflows/updateParameters.yml'
env:
GLOBAL_DNS_RESOURCE_GROUP_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'
DATA_LANDING_ZONE_SUBSCRIPTION_ID: '{dataLandingZoneSubscriptionId}'
DATA_PRODUCT_NAME: '{dataProductName}' # Choose max. 11 characters. They will be used as a prefix for all services. If not unique, deployment can fail for some services.
LOCATION: '{regionName}' # Specifies the region for all services (e.g. 'northeurope', 'eastus', etc.)
SUBNET_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}'
ML_COMPUTE_INSTANCE_USER_OBJECT_ID: '{mlComputeInstanceObjectId}'
DATABRICKS_WORKSPACE_ID: '{databricksWorkspaceId}'
SYNAPSE_STORAGE_ACCOUNT_NAME: '{synapseStorageAccountName}'
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '{synapseStorageAccountFileSystemName}'
PURVIEW_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Purview/accounts/{purviewName}' # If no Purview account is deployed, leave it empty string.
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '{resourceManagerConnectionName}'
jobs:
renaming:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Install Required Packages
- name: Install Required Modules
id: install_modules
run: |
echo "Install Modules"
pwsh -Command "Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted"
pwsh -Command "Install-Module -Name powershell-yaml"
# Update Parameters
- name: Update Parameters
id: update_parameters
run: |
echo "Updating Parameters"
pwsh $GITHUB_WORKSPACE/configs/UpdateParameters.ps1 \
-ConfigurationFilePath 'configs/config.json' \
-GlobalDnsResourceGroupId '${{ env.GLOBAL_DNS_RESOURCE_GROUP_ID }}' \
-DataLandingZoneSubscriptionId '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID }}' \
-DataLandingZoneName '${{ env.DATA_PRODUCT_NAME }}' \
-Location '${{ env.LOCATION }}' \
-PurviewId '${{ env.PURVIEW_ID }}' \
-SubnetId '${{ env.SUBNET_ID }}' \
-MlComputeInstanceUserObjectId '${{ env.ML_COMPUTE_INSTANCE_USER_OBJECT_ID }}' \
-DatabricksWorkspaceId '${{ env.DATABRICKS_WORKSPACE_ID }}' \
-SynapseStorageAccountName '${{ env.SYNAPSE_STORAGE_ACCOUNT_NAME }}' \
-SynapseStorageAccountFileSystemName '${{ env.SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME }}' \
-AzureResourceManagerConnectionName '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
# Define Pull Request Body
- name: Define Pull Request Body
id: define_pull_request_body
run: |
body="**Great work!** Just two more steps to start the deployment into your environment.
## 1. Create Resource Group and grant access
[Create a resource group](https://ms.portal.azure.com/#create/Microsoft.ResourceGroup) with the name \`${{ steps.update_parameters.outputs.landingZoneName }}-rg\` in the subscription \`${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}\` in the region \`${{ env.LOCATION }}\`.
Now, grant the service principal from earlier access to the resource group with the following commands (either with Azure CLI or with Powershell):
**For Azure CLI**
\`\`\`Shell
# Get Service Principal Object ID
az ad sp list --display-name \"{servicePrincipalName}\" --query \"[].{objectId:objectId}\" --output tsv
# Add role assignment
az role assignment create \\
--assignee \"{servicePrincipalObjectId}\" \\
--role \"Contributor\" \\
--resource-group \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
**For Powershell**
\`\`\`Powershell
# Get Service Principal Object ID
\$spObjectId = (Get-AzADServicePrincipal -DisplayName \"{servicePrincipalName}\").id
# Add role assignment
New-AzRoleAssignment \`
-ObjectId \$spObjectId \`
-RoleDefinitionName \"Contributor\" \`
-ResourceGroupName \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
## 2. Update Parameters in the workflow
**For GitHub Actions**
Go to \`/.github/workflows/dataProductDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
env:
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
**For Azure DevOps**
Go to \`/.ado/workflows/dataProductDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
Now, merge the pull request into your \`main\` branch."
body="${body//'%'/'%25'}"
body="${body//$'\n'/'%0A'}"
body="${body//$'\r'/'%0D'}"
echo "::set-output name=body::$body"
# Create Pull Request
- name: Create Pull Request
id: create_pull_request
uses: peter-evans/create-pull-request@v3
with:
commit-message: 'Updated Parameters'
branch: 'parameter_update_${{ github.run_id }}'
title: 'Updated Parameters with GitHub Workflow Run ID ${{ github.run_id }}'
body: ${{ steps.define_pull_request_body.outputs.body }}