azuredevcollege/trainingdays scm breakout app infrastructure with Pulumi
I wanted to do a quick setup with Pulumi in order to see how fast I would be in contrast to use ARM templates in this session: https://github.com/azuredevcollege/trainingdays/blob/master/day2/challenges/challenge-bo-3.md
Until now I invested around 1h for this...
https://www.pulumi.com/docs/get-started/azure/
mkdir scmbreakoutpulumi && cd scmbreakoutpulumi
pulumi new azure-typescripthttps://www.pulumi.com/docs/reference/pkg/azure/storage/
https://www.pulumi.com/docs/reference/pkg/azure/storage/account/
https://www.pulumi.com/docs/reference/pkg/azure/storage/container/
https://www.pulumi.com/docs/reference/pkg/azure/storage/queue/
https://www.pulumi.com/docs/reference/pkg/azure/appservice/appservice/
https://www.pulumi.com/docs/reference/pkg/azure/appservice/slot/
We don't have a Function in the setup, we have
https://github.com/pulumi/examples/blob/master/azure-ts-functions-raw/index.ts
The setup uses a azure.appservice.FunctionApp !
https://www.pulumi.com/docs/reference/pkg/azure/appservice/functionapp/
See https://github.com/azuredevcollege/trainingdays/blob/master/day2/challenges/challenge-bo-3.md (all kudos go there!)
Have a look into the Azure Portal
https://www.pulumi.com/docs/guides/continuous-delivery/github-actions/
It's really cool to see that there's a Pulumi GitHub action project https://github.com/pulumi/actions already ready for us.
First we need to create 5 new GitHub Repository Secrets (encrypted variables) in your repo under Settings/Secrets.
We should start to create a new Pulumi Access Token PULUMI_ACCESS_TOKEN at https://app.pulumi.com/jonashackt/settings/tokens
Now we need to create the Azure specific variables (see the docs https://github.com/pulumi/actions#microsoft-azure).
For the ARM_SUBSCRIPTION_ID run a az account show (after you logged your CLI into your Azure subscription via azure login) and use the value of "id":.
For the other 3 variables we need to create a new Azure Service Principal (https://www.pulumi.com/docs/intro/cloud-providers/azure/setup/#creating-a-service-principal), which is the recommended way:
Using a Service Principal is the recommended way to connect Pulumi to Azure in a team or CI setting.
To create a Service Principal with Azure CLI the docs tell us to:
az ad sp create-for-rbac --name servicePrincipalGitHubActionsNow from the output choose the appId as the ARM_CLIENT_ID, the password as the ARM_CLIENT_SECRET and the tenant as the ARM_TENANT_ID. Create them all as GitHub Repository Secrets.
Finally there should be all these vars defined:
Let's create a GitHub Actions workflow preview-and-up.yml:
name: pulumi-preview-up
on: [push]
env:
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
jobs:
preview-up-destroy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: In order to use the Pulumi v2+ action, we need to setup the Pulumi project specific language environment
uses: actions/setup-node@v2
with:
node-version: '14'
- name: After setting up the Pulumi project specific language environment, we need to install the dependencies also (see https://github.com/pulumi/actions#example-workflows)
run: npm install
- name: Install Pulumi CLI so that we can create a GHA pipeline specific Pulumi Stack
uses: pulumi/action-install-pulumi-cli@v1.0.2
- name: Create GHA pipeline specific Pulumi Stack incl. Azure location
run: |
pulumi stack init github-${{ github.run_id }}
pulumi config set azure:location WestEurope
- name: Preview pulumi up
uses: pulumi/actions@v3
with:
command: preview
stack-name: github-${{ github.run_id }}
- name: Actually run pulumi up
uses: pulumi/actions@v3
with:
command: up
stack-name: github-${{ github.run_id }}
- name: Destroy resources via pulumi destroy
uses: pulumi/actions@v3
with:
command: destroy
stack-name: github-${{ github.run_id }}
- name: Remove the GHA pipeline specific Pulumi Stack
run: |
pulumi stack rm github-${{ github.run_id }} -yWe use the possibility to define the environment variables on the workflow's top level to reduce the 3 definition to one. Also we define a stack-name containing the GITHUB_RUN_ID which is one of the default GHA environment variables which is defined as:
A unique number for each run within a repository. This number does not change if you re-run the workflow run.
With this we prevent Action workflows getting in each other's way like this:
Updating (dev)
error: [409] Conflict: Another update is currently in progress.
To learn more about possible reasons and resolution, visit https://www.pulumi.com/docs/troubleshooting/#conflict
Using this simply workflow, the first preview job needs to finish successfully before the up job starts:
And we finally destroy our stack also, so that we don't procude to much costs :)
Don't forget to craft a nice GitHub Actions badge!
[](https://github.com/jonashackt/azure-training-pulumi/actions)
Optionally you can also install the Pulumi GitHub App so see more insights integrated in the commit history:
https://www.pulumi.com/docs/guides/continuous-delivery/github-app/
- Application Insights?