diff --git a/README.md b/README.md index a476a16..e4b3053 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ Hexa is driven by community contributions. Please send us your Pull Requests and In order to use Hexa, you will need to install both the Azure CLI and Functions Core Tools: - Follow the official guide to install the [Azure CLI](http://bit.ly/2mgwpYr). - Follow the official guide to install the [Azure Functions Core Tools](http://bit.ly/2ow8C7y). +- NPM and Node.js. Once these tools are installed and available on your system, you are ready to install and use the Hexa CLI. @@ -123,6 +124,35 @@ Whenever your project Foo is ready to be deployed to Azure, you can use the `hex - `$ hexa init --yolo`: Hexa will enter Auto Mode and will setup all supported services (except if you use the `--just` flag) without asking you any question. +### Running on CI + +### Notes + +If you want to run Hexa on a Continuous Integration enviroment, you will need to make sure that the required dependencies ([see above](#Required-tools)) are installed. + +#### Set up Hexa for CI + +1. On your local machine, make sure you are logged in to your Azure account from the CLI by running `hexa login`. +1. Then run `hexa ci` to create a Service Principal account. You should have a similar output: + +``` +{ + appId: 'xx4362xx-aaxx-40xx-8bxx-xx6ea0c351xx', + displayName: 'appname', + name: 'http://appname', + password: 'xxce72xx-1axx-44xx-81xx-35xxb15xxa1e', + tenant: 'xxf988xx-86xx-41xx-91xx-2d7cd011dbxx' +} +``` + +1. Configure your CI with the following environment variables (secrets): + - `AZURE_SERVICE_PRINCIPAL_ID`: the `appId` from the service principal config. + - `AZURE_SERVICE_PRINCIPAL_PASSWORD`: the `password` from the service principal config. + - `AZURE_SERVICE_PRINCIPAL_TENANT`: The `tenant` from the service principal config. + +1. On your CI environment, before deploying with Hexa, run `hexa login`. Hexa will attempt to login to your Azure account using these service principal credentials. Hexa will automatically detect and use the environment variables if they are set. + +1. Then, simply run the usual `hexa deploy` command. Enjoy! diff --git a/src/commands/ci.ts b/src/commands/ci.ts new file mode 100644 index 0000000..87af29b --- /dev/null +++ b/src/commands/ci.ts @@ -0,0 +1,14 @@ +import { az, readWorkspace, sanitize } from "../core/utils"; +import chalk from "chalk"; +const debug = require("debug")("ci"); + +module.exports = async function() { + const { project } = readWorkspace(); + let name = sanitize(project.name); + debug(`using project ${chalk.green(name)}`); + + // https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create-for-rbac + const servicePrincipal = await az(`ad sp create-for-rbac --name="${name}" --role Contributor`, `Creating a Service Principal for CI...`); + + console.log(servicePrincipal); +}; diff --git a/src/commands/login.ts b/src/commands/login.ts index 3b1003a..00e5235 100644 --- a/src/commands/login.ts +++ b/src/commands/login.ts @@ -2,20 +2,25 @@ import { chooseSubscription } from "../core/prompt"; import { az, Config, saveWorkspace } from "../core/utils"; module.exports = async function() { - let subscriptionsList = await az( - `login --query "[].{name:name, state:state, id:id}"`, - `Loading subscriptions...` - ); + const { AZURE_SERVICE_PRINCIPAL_ID, AZURE_SERVICE_PRINCIPAL_PASSWORD, AZURE_SERVICE_PRINCIPAL_TENANT } = process.env; + + let subscriptionsList = []; + if (AZURE_SERVICE_PRINCIPAL_ID && AZURE_SERVICE_PRINCIPAL_PASSWORD && AZURE_SERVICE_PRINCIPAL_TENANT) { + await az( + `login --service-principal -u ${AZURE_SERVICE_PRINCIPAL_ID} -p ${AZURE_SERVICE_PRINCIPAL_PASSWORD} --tenant ${AZURE_SERVICE_PRINCIPAL_TENANT} --query "[].{name:name, state:state, id:id}"`, + `Sign in with a service principal...` + ); + + return true; + } else { + subscriptionsList = await az(`login --query "[].{name:name, state:state, id:id}"`, `Loading subscriptions...`); + } Config.set("subscriptions", subscriptionsList); if (subscriptionsList.length) { - let selectedSubscriptionId = (await chooseSubscription(subscriptionsList)) - .subscription as string; - const { id, name } = subscriptionsList.find( - (subscription: AzureSubscription) => - subscription.id === selectedSubscriptionId - ) as AzureSubscription; + let selectedSubscriptionId = (await chooseSubscription(subscriptionsList)).subscription as string; + const { id, name } = subscriptionsList.find((subscription: AzureSubscription) => subscription.id === selectedSubscriptionId) as AzureSubscription; Config.set("subscription", { id, name }); diff --git a/src/features/service-principal/create.ts b/src/features/service-principal/create.ts index 250539a..a88eec5 100644 --- a/src/features/service-principal/create.ts +++ b/src/features/service-principal/create.ts @@ -1,5 +1,5 @@ -import { az, Config, saveWorkspace, sanitize, readWorkspace } from "../../core/utils"; import chalk from "chalk"; +import { az, Config, readWorkspace, sanitize } from "../../core/utils"; const debug = require("debug")("rbac"); module.exports = async function() { @@ -9,7 +9,7 @@ module.exports = async function() { // https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create-for-rbac const servicePrincipal = await az( - `ad sp create-for-rbac --name="${name}" --scopes "${project.id}" --skip-assignment`, + `ad sp create-for-rbac --name="http://${name}" --role Contributor`, `Checking authorizations for project ${chalk.cyan(project.name)}...` ); diff --git a/src/index.ts b/src/index.ts index 1a4b93b..eb4f0b3 100644 --- a/src/index.ts +++ b/src/index.ts @@ -38,9 +38,10 @@ let debug: Function; .name("hexa") .usage("") .version(require("../package.json").version) - .option("login", "connect to your Azure") .option("init", "initialize a new workspace") + .option("login", "connect to your Azure") .option("deploy", "deploy to Azure") + .option("ci", "configure a CI environment") .option("-c, --create", "enable manual resource creation", false) .option("-d, --debug", "enable debug mode", false) .option("-j, --just ", "setup or deploy only the selected services (e.g. --just functions,hosting)", false)