-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running Deploy-PolicyPlan.ps1 both locally and in Github action fails on new setup #400
Comments
Are you deploying the plan using the command below: specifically adding the
There is an example workflow in the StarterKit which you can copy - it should work... |
Thank for the quick reply. I figured out my problem this morning. I guess there is just some thing I didn't understand with the deployment process when using the github action workflow. And I still don't completely understand this workflow and the intention. I guess this workflow is a simplified workflow only meant to run a plan against 1 environment and then deploy against the same environment. This is where it went wrong for me. I thought the intention was to test against dev/test management group and then deploy against prod. When I read the documentation I understood it as a test deployment against dev/test management group, then a prod deployment against prod, and I see that is probably what is solved with the azure devops single tenant workflow. We might not actually need this complexity as of now, but for the arguments sake. How could we solve this in github action workflow? I have now managed to deploy to the dev/test management group, but if I was to now deploy the same policies and policy set to a prod management group in the same tenant, if I duplicated the same workflows, pointed them to prod and then ran it, would it understand that the policies and policy sets should be moved to prod? My next question would be what happens when you then add more policies and definitions for testing and run the test build, wouldn't it then move everything back the t\dev/test management group? Or is there something keeping track of what's been deployed to test, and then to prod so it isn't moved back? I realize that this is maybe outside the scope of your support, and we probably can live just fine with deploy directly to prod. Some feedback:
|
Yes I've looked into OIDC - just haven't had a chance to implement. I am missing the instructions for setting up the GitHub permissions. It is only designed for a simple workflow - the background is that we have done a lot in Azure DevOps around the pipeline so this was the first foray into GitHub actions. I need to have a good think about what this would look like in dev/test workflow - just haven't had time. |
Ok. Thanks for your feedback. You can close this issue, and I will change the workflow to deploy against prod instead. Great work with this solution though. Looking forward to testing it more! |
Running the Build-DeploymentPlans.ps1 script works fine and generates a plans-$env:pacEnvironment folder containg a policy-plan.json. This works both locally and in Github action. Unfortunately when I try to run the Deploy-PolicyPlan.ps1 it fails with the below error message.
![image](https://private-user-images.githubusercontent.com/38495047/276608960-3e43095a-241b-4115-bafa-07d5f4f430b8.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2OTQ4NzEsIm5iZiI6MTcyMTY5NDU3MSwicGF0aCI6Ii8zODQ5NTA0Ny8yNzY2MDg5NjAtM2U0MzA5NWEtMjQxYi00MTE1LWJhZmEtMDdkNWY0ZjQzMGI4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIzVDAwMjkzMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTdlNTVkNGFhYjM1Y2I3ZWZmMGUwN2FmN2ExYTBmMDM0OTE3YmE1MzhmMzA5YmUyMWUyZmE2YmI4YWRjM2UxMWYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.s6Nt3OL6qEokV9um1B9qEtivNrIL_54h-q2fVUj7WL8)
The Output and Input folder is the same when running both scripts, but there seems to be some logics creating an environment plan folder in the Output folder which again contains the policy-plan.json file. Not sure if the DeployPolicyPlan.ps1 has taken this into account, and the script seems to fail in this part:
![image](https://private-user-images.githubusercontent.com/38495047/276610986-1a09de59-1337-4b4c-81b8-3ef9223f9c0e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2OTQ4NzEsIm5iZiI6MTcyMTY5NDU3MSwicGF0aCI6Ii8zODQ5NTA0Ny8yNzY2MTA5ODYtMWEwOWRlNTktMTMzNy00YjRjLTgxYjgtM2VmOTIyM2Y5YzBlLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIzVDAwMjkzMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWFlOGY5MGMzYjEyNWMyNjc2NTI4YmM1MTE3ODhiM2M1MmYyY2UxMjU4MmQ0NTZkYjU5NmQyYjc1NDVmYzQ0MjMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.imaxcd9upeZMBf2auKZaaONBVvs3kRDnKxLkB-0nDb4)
It could of course be something I have set up or configured incorrectly, and if so I would need some pointers to what I could have done wrong.
FYI I have managed to set up a working Github Action Build Deployment Plan Workflow, which creates a PR, but fails after approving and the deployment workflow is running.
The text was updated successfully, but these errors were encountered: