-
Notifications
You must be signed in to change notification settings - Fork 1
271 lines (238 loc) · 9.71 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
name: dotnet-k8s-stack
on:
workflow_dispatch:
inputs:
environment:
description: 'Environment'
required: true
default: 'dev'
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
DOMAIN_NAME: ${{ secrets.PUBLIC_DOMAIN_NAME }}
CERT_REGISTRATION_EMAIL: ${{ secrets.CERT_REGISTRATION_EMAIL }}
CERT_MANAGER_CLIENT_ID: ${{ secrets.CERT_MANAGER_CLIENT_ID }}
CERT_MANAGER_OBJECT_ID: ${{ secrets.CERT_MANAGER_OBJECT_ID }}
CERT_MANAGER_CLIENT_SECRET: ${{ secrets.CERT_MANAGER_CLIENT_SECRET }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
K8S_CLIENT_ID: ${{ secrets.K8S_CLIENT_ID }}
K8S_CLIENT_SECRET: ${{ secrets.K8S_CLIENT_SECRET }}
K8S_OBJECT_ID: ${{ secrets.K8S_OBJECT_ID }}
jobs:
backend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: 'Set environmental variables'
run: |
echo "ENVIRONMENT=${{ github.event.inputs.environment }}" >> $GITHUB_ENV
declare -A variables
while IFS=": " read variable val
do
echo "$variable=$val" >> $GITHUB_ENV
done < $GITHUB_WORKSPACE/config/${{ github.event.inputs.environment }}.yaml
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Set-up terraform backend'
id: setup-terraform-backend
run: |
chmod +x $GITHUB_WORKSPACE/infrastructure/terraform/$PROVIDER/backend/setup-terraform-backend.sh
$GITHUB_WORKSPACE/infrastructure/terraform/$PROVIDER/backend/setup-terraform-backend.sh -g $TERRAFORM_BACKEND_GROUP_NAME -l $LOCATION --storage-account-name $STORAGE_ACCOUNT_NAME --storage-container-name $STORAGE_CONTAINER_NAME
infrastructure:
needs: [backend]
runs-on: ubuntu-latest
env:
TFVARS_FILE: "workflow.tfvars"
outputs:
ip_address: ${{ steps.output.outputs.ip_address }}
acr_login_server: ${{ steps.output.outputs.acr_login_server }}
aks_cluster_group: ${{ steps.output.outputs.aks_cluster_group }}
steps:
- uses: actions/checkout@v2
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: 0.12.28
terraform_wrapper: false
- name: 'Set environmental variables'
run: |
echo "ENVIRONMENT=${{ github.event.inputs.environment }}" >> $GITHUB_ENV
declare -A variables
while IFS=": " read variable val
do
echo "$variable=$val" >> $GITHUB_ENV
done < $GITHUB_WORKSPACE/config/${{ github.event.inputs.environment }}.yaml
- name: 'Set working directory'
run: |
echo "WORKING_DIRECTORY=$GITHUB_WORKSPACE/infrastructure/terraform/$PROVIDER/" >> $GITHUB_ENV
- name: 'create tfvars file'
run: |
cd $WORKING_DIRECTORY
cat <<EOF > $TFVARS_FILE
resource_group_name = "$GROUP_NAME"
location = "$LOCATION"
cluster_name = "$CLUSTER_NAME"
domain_name = "$DOMAIN_NAME"
acr_name = "$ACR_NAME"
aks_sp_client_id = "$K8S_CLIENT_ID"
aks_sp_client_secret = "$K8S_CLIENT_SECRET"
acr_sp_object_id = "$K8S_OBJECT_ID"
cert_manager_sp_object_id = "$CERT_MANAGER_OBJECT_ID"
vnet_sp_object_id = "$K8S_OBJECT_ID"
environment = "$ENVIRONMENT"
EOF
- name: 'terraform fmt'
id: fmt
run: |
cd $WORKING_DIRECTORY
terraform fmt
continue-on-error: true
- name: 'terraform init'
id: init
run: |
cd $WORKING_DIRECTORY
terraform init \
-backend-config="resource_group_name=$TERRAFORM_BACKEND_GROUP_NAME" \
-backend-config="storage_account_name=$STORAGE_ACCOUNT_NAME" \
-backend-config="container_name=$STORAGE_CONTAINER_NAME" \
-backend-config="key=$STORAGE_CONTAINER_KEY" \
- name: 'terraform validate'
id: validate
run: |
cd $WORKING_DIRECTORY
terraform validate -no-color
- name: 'terraform plan'
id: plan
run: |
cd $WORKING_DIRECTORY
terraform plan -no-color \
-var-file "$TFVARS_FILE"
- name: 'terraform apply'
id: apply
run: |
cd $WORKING_DIRECTORY
terraform apply --auto-approve \
-var-file "$TFVARS_FILE"
- name: 'terraform output'
id: output
run: |
cd $WORKING_DIRECTORY
echo "Azure DNS name servers"
terraform output name_servers
IP_ADDRESS="$(terraform output ip_address)"
ACR_LOGIN_SERVER="$(terraform output acr_login_server)"
AKS_CLUSTER_GROUP="$(terraform output aks_cluster_group)"
echo "::set-output name=ip_address::"$IP_ADDRESS""
echo "::set-output name=acr_login_server::"$ACR_LOGIN_SERVER""
echo "::set-output name=aks_cluster_group::"$AKS_CLUSTER_GROUP""
image:
needs: [infrastructure]
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./image
steps:
- uses: actions/checkout@v2
- name: 'Set environmental variables'
run: |
echo "ENVIRONMENT=${{ github.event.inputs.environment }}" >> $GITHUB_ENV
declare -A variables
while IFS=": " read variable val
do
echo "$variable=$val" >> $GITHUB_ENV
done < $GITHUB_WORKSPACE/config/${{ github.event.inputs.environment }}.yaml
- name: 'Login to Azure ACR'
id: acr-login
run: |
echo "$ARM_CLIENT_SECRET" | docker login "${{ needs.infrastructure.outputs.acr_login_server }}" --username $ARM_CLIENT_ID --password-stdin
- name: 'Get backup'
id: get-backup
run: |
cd sql
chmod +x run-to-get-bak.sh
./run-to-get-bak.sh
- name: 'Build sql image'
id: build-sql-image
run: |
cd sql
docker build . -t ${{ needs.infrastructure.outputs.acr_login_server }}/$SQL_IMAGE_NAME:$SQL_IMAGE_VERSION
docker push ${{ needs.infrastructure.outputs.acr_login_server }}/$SQL_IMAGE_NAME:$SQL_IMAGE_VERSION
- name: 'Build api image'
id: build-api-image
run: |
cd api
docker build . -t ${{ needs.infrastructure.outputs.acr_login_server }}/$API_IMAGE_NAME:$API_IMAGE_VERSION
docker push ${{ needs.infrastructure.outputs.acr_login_server }}/$API_IMAGE_NAME:$API_IMAGE_VERSION
- name: 'Build app image'
id: build-app-image
run: |
cd app
docker build . -t ${{ needs.infrastructure.outputs.acr_login_server }}/$APP_IMAGE_NAME:$APP_IMAGE_VERSION
docker push ${{ needs.infrastructure.outputs.acr_login_server }}/$APP_IMAGE_NAME:$APP_IMAGE_VERSION
orchestration:
needs: [image, infrastructure]
runs-on: ubuntu-latest
env:
HELM_VARIABLES_FILE: "vars.yaml"
HELM_TEMPLATE_FILE: "values-template.yaml"
HELM_VALUES_FILE: "values.yaml"
defaults:
run:
working-directory: ./orchestration
steps:
- uses: actions/checkout@v2
- name: 'Set environmental variables'
run: |
echo "ENVIRONMENT=${{ github.event.inputs.environment }}" >> $GITHUB_ENV
declare -A variables
while IFS=": " read variable val
do
echo "$variable=$val" >> $GITHUB_ENV
done < $GITHUB_WORKSPACE/config/${{ github.event.inputs.environment }}.yaml
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Get AKS credentials'
id: get-aks-credentials
run: |
az aks get-credentials -g $GROUP_NAME -n $CLUSTER_NAME --overwrite
- name: 'Replace Helm tokens'
id: replace-helm-tokens
run: |
cat <<EOF > $HELM_VARIABLES_FILE
ENVIRONMENT: $ENVIRONMENT
GITHUB_URL: $GITHUB_URL
CLUSTER_NAME: $CLUSTER_NAME
IP_ADDRESS: ${{ needs.infrastructure.outputs.ip_address }}
DOMAIN_NAME: $DOMAIN_NAME
CERT_ACME_SERVER: $CERT_ACME_SERVER
CERT_REGISTRATION_EMAIL: $CERT_REGISTRATION_EMAIL
CERT_MANAGER_CLIENT_ID: $CERT_MANAGER_CLIENT_ID
CERT_MANAGER_CLIENT_SECRET: $(echo -n "$CERT_MANAGER_CLIENT_SECRET" | base64)
AZURE_TENANT_ID: $AZURE_TENANT_ID
AZURE_SUBSCRIPTION_ID: $AZURE_SUBSCRIPTION_ID
AZURE_DNS_ZONE_RESOURCE_GROUP: $GROUP_NAME
AZURE_IP_ADDRESS_RESOURCE_GROUP: $GROUP_NAME
ACR_LOGIN_SERVER: ${{ needs.infrastructure.outputs.acr_login_server }}
SQL_IMAGE_NAME: $SQL_IMAGE_NAME
SQL_IMAGE_VERSION: $SQL_IMAGE_VERSION
API_IMAGE_NAME: $API_IMAGE_NAME
API_IMAGE_VERSION: $API_IMAGE_VERSION
APP_IMAGE_NAME: $APP_IMAGE_NAME
APP_IMAGE_VERSION: $APP_IMAGE_VERSION
EOF
chmod +x replace-helm-tokens.sh
./replace-helm-tokens.sh -f $HELM_VARIABLES_FILE --template-file $HELM_TEMPLATE_FILE --output-file $HELM_VALUES_FILE
- name: 'helm dependency update'
id: helm-dependency-update
run: |
helm dependency update
- name: 'helm install'
id: helm-install
run: |
helm upgrade -i -f $HELM_VALUES_FILE $HELM_INSTALL_NAME --create-namespace -n $ENVIRONMENT --atomic .