From c468e0f3436618a331f38d285752947db2c9a85c Mon Sep 17 00:00:00 2001 From: zhihaoguo Date: Mon, 24 Jun 2024 14:37:05 +0800 Subject: [PATCH 1/6] Updated setup-for-wls-vm.sh and setup-for-wls-aks.sh scripts with necessary secrets for workflows. --- .gitattributes | 1 + .../resource/credentials-params-wls-aks.yaml | 41 +++ .../resource/credentials-params-wls-vm.yaml | 52 ++++ .github/resource/pre-check.sh | 66 +++++ .github/resource/setup.sh | 61 +++++ .github/resource/teardown.sh | 16 ++ .github/workflows/setup-for-wls-aks.sh | 33 +++ .github/workflows/setup-for-wls-vm.sh | 33 +++ .github/workflows/setupForWlsAks.sh | 194 --------------- .github/workflows/setupForWlsVm.sh | 235 ------------------ .github/workflows/teardown-for-wls-aks.sh | 31 +++ .github/workflows/teardown-for-wls-vm.sh | 31 +++ .github/workflows/teardownForWlsAks.sh | 99 -------- .github/workflows/teardownForWlsVm.sh | 103 -------- 14 files changed, 365 insertions(+), 631 deletions(-) create mode 100644 .gitattributes create mode 100644 .github/resource/credentials-params-wls-aks.yaml create mode 100644 .github/resource/credentials-params-wls-vm.yaml create mode 100644 .github/resource/pre-check.sh create mode 100644 .github/resource/setup.sh create mode 100644 .github/resource/teardown.sh create mode 100644 .github/workflows/setup-for-wls-aks.sh create mode 100644 .github/workflows/setup-for-wls-vm.sh delete mode 100755 .github/workflows/setupForWlsAks.sh delete mode 100755 .github/workflows/setupForWlsVm.sh create mode 100644 .github/workflows/teardown-for-wls-aks.sh create mode 100644 .github/workflows/teardown-for-wls-vm.sh delete mode 100644 .github/workflows/teardownForWlsAks.sh delete mode 100644 .github/workflows/teardownForWlsVm.sh diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..526c8a38d --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.sh text eol=lf \ No newline at end of file diff --git a/.github/resource/credentials-params-wls-aks.yaml b/.github/resource/credentials-params-wls-aks.yaml new file mode 100644 index 000000000..b8f477e4f --- /dev/null +++ b/.github/resource/credentials-params-wls-aks.yaml @@ -0,0 +1,41 @@ +# This file contains the parameters for the credentials used in the workflows. +# You can use `az ad sp create-for-rbac --sdk-auth` to create service principal credentials +# You can set AZURE_CREDENTIALS values with multiple line secrets +# Here is an example +# - name: AZURE_CREDENTIALS +# value: | +# { +# "clientId": "", +# "clientSecret": "", +# "subscriptionId": "", +# "tenantId": "", +# "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", +# "resourceManagerEndpointUrl": "https://management.azure.com/", +# "activeDirectoryGraphResourceId": "https://graph.windows.net/", +# } +# description: Azure Credentials used for workflows. +- name: AZURE_CREDENTIALS + value: "" + description: Azure Credentials used for *WlsAks*.yml and *WlsVm*.yml workflows. +- name: ORC_SSOUSER + value: "" + description: "Oracle single sign-on userid." +- name: ORC_SSOPSW + value: "" + description: "Password for Oracle single sign-on userid." +- name: WDT_RUNTIMEPSW + value: "" + description: "Password for WebLogic Server and Runtime Deployment Tooling encryption." +- name: WLS_PSW + value: ${WDT_RUNTIMEPSW} + description: "Password for WebLogic Server and Runtime Deployment Tooling encryption." +# parameters for the credentials used in the workflows with default values. +- name: WLS_USERNAME + value: "weblogic" + description: "WebLogic Server user name." +- name: DB_PASSWORD + value: "Secret123!" + description: "Password for the database" +- name: LOCATION + value: "eastus" + description: "Location of the resource group" \ No newline at end of file diff --git a/.github/resource/credentials-params-wls-vm.yaml b/.github/resource/credentials-params-wls-vm.yaml new file mode 100644 index 000000000..0ea722028 --- /dev/null +++ b/.github/resource/credentials-params-wls-vm.yaml @@ -0,0 +1,52 @@ +# You can use `az ad sp create-for-rbac --sdk-auth` to create service principal credentials +# You can set AZURE_CREDENTIALS values with multiple line secrets +# Here is an example +# - name: AZURE_CREDENTIALS +# value: | +# { +# "clientId": "", +# "clientSecret": "", +# "subscriptionId": "", +# "tenantId": "", +# "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", +# "resourceManagerEndpointUrl": "https://management.azure.com/", +# "activeDirectoryGraphResourceId": "https://graph.windows.net/", +# } +# description: Azure Credentials used for workflows. +- name: AZURE_CREDENTIALS + value: "" + description: Azure Credentials used for *WlsVm* workflows. +- name: OTN_USERID + value: "" + description: Oracle single sign-on userid. +- name: OTN_PASSWORD + value: "" + description: Password for Oracle single sign-on userid. +- name: WLS_PSW + value: "" + description: Password for WebLogic Server. +# Git credentials +- name: USER_EMAIL + value: "" + description: User Email of GitHub acount to access GitHub repository. +- name: USER_NAME + value: "" + description: User name of GitHub account +- name: GIT_TOKEN + value: "" + description: GitHub token to access GitHub repository. +# parameters for the credentials used in the workflows with default values. +- name: LOCATION + value: "eastus" + description: Location of the resource group +# Optional parameters: +# if you want to use optional parameters, please uncomment the following lines +#- name: ELK_URI +# value: "" +# description: URI (hostname:port) for Elastic server, leave blank if you don't want to integrate ELK. +#- name: ELK_USER_NAME +# value: "" +# description: Account password for Elastic server, leave blank if you don't want to integrate ELK. +#- name: ELK_PSW +# value: "" +# description: Account password for Elastic server, leave blank if you don't want to integrate ELK. \ No newline at end of file diff --git a/.github/resource/pre-check.sh b/.github/resource/pre-check.sh new file mode 100644 index 000000000..4155df3ca --- /dev/null +++ b/.github/resource/pre-check.sh @@ -0,0 +1,66 @@ +# Check environment and tools required to run the script + +# ANSI color codes +GREEN='\033[0;32m' +NC='\033[0m' # No Color + +## Check if the required tools are installed and logged in +echo -e "${GREEN}To run this script, you need to have the following tools installed:${NC}" +echo -e "${GREEN}1. yq${NC}" +echo -e "${GREEN}2. Github CLI (gh)${NC}" +echo -e "${GREEN}3. Azure CLI (az)${NC}" +echo -e "${GREEN}And you need to be logged in to GitHub CLI (gh), and Azure CLI (az).${NC}" + +echo "Checking if the required tools are installed..." +echo "Checking progress started..." + +if ! command -v yq &> /dev/null; then + echo "Check required tools and environment failed." + echo "yq is not installed. Please install it to proceed." + exit 1 +fi +echo "1/6...yq is installed." + +if ! command -v jq &> /dev/null; then + echo "Check required tools and environment failed." + echo "jq is not installed. Please install it to proceed." + exit 1 +fi +echo "2/6...jq is installed." + +# Check gh installed +if ! command -v gh &> /dev/null; then + echo "Check required tools and environment failed." + echo "GitHub CLI (gh) is not installed. Please install it to proceed." + exit 1 +fi +echo "3/6...GitHub CLI (gh) is installed." + + +# Check if the GitHub CLI (gh) is logged in +if ! gh auth status &> /dev/null; then + echo "Check required tools and environment failed." + echo "You are not logged in to GitHub CLI (gh). Please log in with `gh auth login` to proceed." + exit 1 +fi +echo "4/6...You are logged in to GitHub CLI (gh)." + +# check if az is installed +if ! command -v az &> /dev/null; then + echo "Check required tools and environment failed." + echo "Azure CLI (az) is not installed. Please install it to proceed." + exit 1 +fi +echo "5/6...Azure CLI (az) is installed." + + +# check if az is logged in +if ! az account show &> /dev/null; then + echo "Check required tools and environment failed." + echo "You are not logged in to Azure CLI (az). Please log in with command `az login` to proceed." + exit 1 +fi +echo "6/6...You are logged in to Azure CLI (az)." + +echo "Checking progress completed..." + diff --git a/.github/resource/setup.sh b/.github/resource/setup.sh new file mode 100644 index 000000000..3faf23912 --- /dev/null +++ b/.github/resource/setup.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# ANSI color codes +RED='\033[0;31m' +NC='\033[0m' # No Color + +echo "setup-credentials.sh - Start" + +# Function to print error messages in red +print_error() { + local message=$1 + echo -e "${RED}Error: ${message}${NC}" +} + +check_parameters() { + echo "Checking parameters..." + local has_empty_value=0 + + while IFS= read -r line; do + name=$(echo "$line" | yq -r '.name') + value=$(echo "$line" | yq -r '.value') + + if [ -z "$value" ] || [ "$value" == "null" ]; then + print_error "The parameter '$name' has an empty/null value. Please provide a valid value." + has_empty_value=1 + break + else + echo "Name: $name, Value: $value" + fi + done < <(yq eval -o=json '.[]' "$param_file" | jq -c '.') + + echo "return $has_empty_value" + return $has_empty_value +} + +# Function to set values from YAML +set_values() { + echo "Setting values..." + yq eval -o=json '.[]' "$param_file" | jq -c '.' | while read -r line; do + name=$(echo "$line" | jq -r '.name') + value=$(echo "$line" | jq -r '.value') + gh secret set "$name" -b"${value}" + done +} + +# Main script execution +main() { + if check_parameters; then + echo "All parameters are valid." + set_values + else + echo "Parameter check failed. Exiting." + exit 1 + fi + + echo "setup-credentials.sh - Finish" +} + +# Run the main function +main diff --git a/.github/resource/teardown.sh b/.github/resource/teardown.sh new file mode 100644 index 000000000..d9d313a90 --- /dev/null +++ b/.github/resource/teardown.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +echo "teardown-credentials.sh - Start" + +# remove param the json +yq eval -o=json '.[]' "$param_file" | jq -c '.' | while read -r line; do + name=$(echo "$line" | jq -r '.name') + value=$(echo "$line" | jq -r '.value') + gh secret remove "$name" +done + +echo "teardown-credentials.sh - Finish" + + + diff --git a/.github/workflows/setup-for-wls-aks.sh b/.github/workflows/setup-for-wls-aks.sh new file mode 100644 index 000000000..b47680e38 --- /dev/null +++ b/.github/workflows/setup-for-wls-aks.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +################################################ +# This script is invoked by a human who: +# - has done az login. +# - can create repository secrets in the github repo from which this file was cloned. +# - has the gh client >= 2.0.0 installed. +# - has yq 4.x installed. +# +# This script initializes the repo from which this file is was cloned +# with the necessary secrets to run the workflows. +# Steps to run the Script: +# 1. Run az login. +# 2. Run gh auth login. +# 3. Clone the repository. +# 4. Prepare the .github/resource/credentials-params-wls-aks.yaml file with the required parameters. +# 5. Run the script with the following command: +# ``` +# cd .github/workflows +# bash setup-for-wls-aks.sh +# ``` +# 6. The script will set the required secrets in the repository. +# 7. Check the repository secrets to verify that the secrets are set. +################################################ + +set -Eeuo pipefail + +source ../resource/pre-check.sh +## Set environment variables +export param_file="../resource/credentials-params.yaml" + +source ../resource/setup.sh + diff --git a/.github/workflows/setup-for-wls-vm.sh b/.github/workflows/setup-for-wls-vm.sh new file mode 100644 index 000000000..60cba0874 --- /dev/null +++ b/.github/workflows/setup-for-wls-vm.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +################################################ +# This script is invoked by a human who: +# - has done az login. +# - can create repository secrets in the github repo from which this file was cloned. +# - has the gh client >= 2.0.0 installed. +# - has yq 4.x installed. +# +# This script initializes the repo from which this file is was cloned +# with the necessary secrets to run the workflows. +# Steps to run the Script: +# 1. Run az login. +# 2. Run gh auth login. +# 3. Clone the repository. +# 4. Prepare the .github/resource/credentials-params-wls-vm.yaml file with the required parameters. +# 5. Run the script with the following command: +# ``` +# cd .github/workflows +# bash setup-for-wls-vm.sh +# ``` +# 6. The script will set the required secrets in the repository. +# 7. Check the repository secrets to verify that the secrets are set. +################################################ + +set -Eeuo pipefail + +source ../resource/pre-check.sh +## Set environment variables +export param_file="../resource/credentials-params.yaml" + +source ../resource/setup.sh + diff --git a/.github/workflows/setupForWlsAks.sh b/.github/workflows/setupForWlsAks.sh deleted file mode 100755 index 8b436a3c5..000000000 --- a/.github/workflows/setupForWlsAks.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/usr/bin/env bash -################################################ -# This script is invoked by a human who: -# - has done az login. -# - can create repository secrets in the github repo from which this file was cloned. -# - has the gh client >= 2.0.0 installed. -# -# This script initializes the repo from which this file is was cloned -# with the necessary secrets to run the workflows. -# -# Script design taken from https://github.com/microsoft/NubesGen. -# -################################################ - -################################################ -# Set environment variables - the main variables you might want to configure. -# -AKS_REPO_USER_NAME=oracle -DB_PASSWORD="Secret123!" -# Three letters to disambiguate names. -DISAMBIG_PREFIX= -# The location of the resource group. For example `eastus`. Leave blank to use your default location. -LOCATION= -ORC_SSOPSW= -ORC_SSOUSER= -OWNER_REPONAME= -SLEEP_VALUE=30s -WDT_RUNTIMEPSW= -WLS_PSW=${WDT_RUNTIMEPSW} -WLS_USERNAME=weblogic - -# End set environment variables -################################################ - - -set -Eeuo pipefail -trap cleanup SIGINT SIGTERM ERR EXIT - -cleanup() { - trap - SIGINT SIGTERM ERR EXIT - # script cleanup here -} - -setup_colors() { - if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then - NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m' - else - NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW='' - fi -} - -msg() { - echo >&2 -e "${1-}" -} - -setup_colors - -read -r -p "Enter a disambiguation prefix (try initials with a sequence number, such as ejb01): " DISAMBIG_PREFIX - -if [ "$DISAMBIG_PREFIX" == '' ] ; then - msg "${RED}You must enter a disambiguation prefix." - exit 1; -fi - -# get ORC_SSOUSER if not set at the beginning of this file -if [ "$ORC_SSOUSER" == '' ] ; then - read -r -p "Enter Oracle single sign-on userid: " ORC_SSOUSER -fi - -# get ORC_SSOPSW if not set at the beginning of this file -if [ "$ORC_SSOPSW" == '' ] ; then - read -s -r -p "Enter password for preceding Oracle single sign-on userid: " ORC_SSOPSW -fi - -read -s -r -p "Enter password for WebLogic Server and Runtime Deployment Tooling encryption: " WDT_RUNTIMEPSW -WLS_PSW=${WDT_RUNTIMEPSW} - - -# get OWNER_REPONAME if not set at the beginning of this file -if [ "$OWNER_REPONAME" == '' ] ; then - read -r -p "Enter owner/reponame (blank for upsteam of current fork): " OWNER_REPONAME -fi - -if [ -z "${OWNER_REPONAME}" ] ; then - GH_FLAGS="" -else - GH_FLAGS="--repo ${OWNER_REPONAME}" -fi - -DISAMBIG_PREFIX=${DISAMBIG_PREFIX}`date +%m%d` -SERVICE_PRINCIPAL_NAME=${DISAMBIG_PREFIX}sp - -# get default location if not set at the beginning of this file -if [ "$LOCATION" == '' ] ; then - { - az config get defaults.location --only-show-errors > /dev/null 2>&1 - LOCATION_DEFAULTS_SETUP=$? - } || { - LOCATION_DEFAULTS_SETUP=0 - } - # if no default location is set, fallback to "eastus" - if [ "$LOCATION_DEFAULTS_SETUP" -eq 1 ]; then - LOCATION=eastus - else - LOCATION=$(az config get defaults.location --only-show-errors | jq -r .value) - fi -fi - -# Check AZ CLI status -msg "${GREEN}(1/6) Checking Azure CLI status...${NOFORMAT}" -{ - az > /dev/null -} || { - msg "${RED}Azure CLI is not installed." - msg "${GREEN}Go to https://aka.ms/nubesgen-install-az-cli to install Azure CLI." - exit 1; -} -{ - az account show > /dev/null -} || { - msg "${RED}You are not authenticated with Azure CLI." - msg "${GREEN}Run \"az login\" to authenticate." - exit 1; -} - -msg "${YELLOW}Azure CLI is installed and configured!" - -# Check GitHub CLI status -msg "${GREEN}(2/6) Checking GitHub CLI status...${NOFORMAT}" -USE_GITHUB_CLI=false -{ - gh auth status && USE_GITHUB_CLI=true && msg "${YELLOW}GitHub CLI is installed and configured!" -} || { - msg "${YELLOW}Cannot use the GitHub CLI. ${GREEN}No worries! ${YELLOW}We'll set up the GitHub secrets manually." - USE_GITHUB_CLI=false -} - -# Execute commands -msg "${GREEN}(3/6) Create Azure credentials ${SERVICE_PRINCIPAL_NAME}" -SUBSCRIPTION_ID=$(az account show --query id --output tsv --only-show-errors) - -### AZ ACTION CREATE - -AZURE_CREDENTIALS=$(az ad sp create-for-rbac --name ${SERVICE_PRINCIPAL_NAME} --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" --sdk-auth --only-show-errors) -SP_ID=$( az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query \[0\].id -o tsv) -az role assignment create --assignee ${SP_ID} --scope="/subscriptions/${SUBSCRIPTION_ID}" --role "User Access Administrator" - -msg "${GREEN}(6/6) Create secrets in GitHub" -if $USE_GITHUB_CLI; then - { - msg "${GREEN}Using the GitHub CLI to set secrets.${NOFORMAT}" - gh ${GH_FLAGS} secret set AKS_REPO_USER_NAME -b"${AKS_REPO_USER_NAME}" - gh ${GH_FLAGS} secret set AZURE_CREDENTIALS -b"${AZURE_CREDENTIALS}" - msg "${YELLOW}\"AZURE_CREDENTIALS\"" - msg "${GREEN}${AZURE_CREDENTIALS}" - gh ${GH_FLAGS} secret set DB_PASSWORD -b"${DB_PASSWORD}" - gh ${GH_FLAGS} secret set ORC_SSOPSW -b"${ORC_SSOPSW}" - gh ${GH_FLAGS} secret set ORC_SSOUSER -b"${ORC_SSOUSER}" - gh ${GH_FLAGS} secret set WDT_RUNTIMEPSW -b"${WDT_RUNTIMEPSW}" - gh ${GH_FLAGS} secret set WLS_PSW -b"${WLS_PSW}" - gh ${GH_FLAGS} secret set WLS_USERNAME -b"${WLS_USERNAME}" - msg "${YELLOW}\"DISAMBIG_PREFIX\"" - msg "${GREEN}${DISAMBIG_PREFIX}" - } || { - USE_GITHUB_CLI=false - } -fi -if [ $USE_GITHUB_CLI == false ]; then - msg "${NOFORMAT}======================MANUAL SETUP======================================" - msg "${GREEN}Using your Web browser to set up secrets..." - msg "${NOFORMAT}Go to the GitHub repository you want to configure." - msg "${NOFORMAT}In the \"settings\", go to the \"secrets\" tab and the following secrets:" - msg "(in ${YELLOW}yellow the secret name and${NOFORMAT} in ${GREEN}green the secret value)" - msg "${YELLOW}\"AKS_REPO_USER_NAME\"" - msg "${GREEN}${AKS_REPO_USER_NAME}" - msg "${YELLOW}\"AZURE_CREDENTIALS\"" - msg "${GREEN}${AZURE_CREDENTIALS}" - msg "${YELLOW}\"DB_PASSWORD\"" - msg "${GREEN}${DB_PASSWORD}" - msg "${YELLOW}\"ORC_SSOPSW\"" - msg "${GREEN}${ORC_SSOPSW}" - msg "${YELLOW}\"ORC_SSOUSER\"" - msg "${GREEN}${ORC_SSOUSER}" - msg "${YELLOW}\"WDT_RUNTIMEPSW\"" - msg "${GREEN}${WDT_RUNTIMEPSW}" - msg "${YELLOW}\"WLS_PSW\"" - msg "${GREEN}${WLS_PSW}" - msg "${YELLOW}\"WLS_USERNAME\"" - msg "${GREEN}${WLS_USERNAME}" - msg "${YELLOW}\"DISAMBIG_PREFIX\"" - msg "${GREEN}${DISAMBIG_PREFIX}" - msg "${NOFORMAT}========================================================================" -fi -msg "${GREEN}Secrets configured" diff --git a/.github/workflows/setupForWlsVm.sh b/.github/workflows/setupForWlsVm.sh deleted file mode 100755 index 0cec4059d..000000000 --- a/.github/workflows/setupForWlsVm.sh +++ /dev/null @@ -1,235 +0,0 @@ -#!/usr/bin/env bash -################################################ -# This script is invoked by a human who: -# - has done az login. -# - can create repository secrets in the github repo from which this file was cloned. -# - has the gh client >= 2.0.0 installed. -# -# This script initializes the repo from which this file is was cloned -# with the necessary secrets to run the workflows. -# -# Script design taken from https://github.com/microsoft/NubesGen. -# -################################################ - -################################################ -# Set environment variables - the main variables you might want to configure. -# -AKS_REPO_USER_NAME=oracle -# Three letters to disambiguate names. -DISAMBIG_PREFIX= -# URI (hostname:port) for Elastic server, leave blank if you don't want to integrate ELK. -ELK_URI= -# Account name for Elastic server, leave blank if you don't want to integrate ELK. -ELK_USER_NAME= -# Account password for Elastic server, leave blank if you don't want to integrate ELK. -ELK_PSW= -# The location of the resource group. For example `eastus`. Leave blank to use your default location. -LOCATION= -# Oracle single sign-on userid. -OTN_USERID= -# Password for preceding Oracle single sign-on userid. -OTN_PASSWORD= -# User Email of GitHub acount to access GitHub repository. -USER_EMAIL= -# User name for preceding GitHub account. -USER_NAME= -# Personal token for preceding GitHub account. -GIT_TOKEN= -WLS_PSW= - -# End set environment variables -################################################ - - -set -Eeuo pipefail -trap cleanup SIGINT SIGTERM ERR EXIT - -cleanup() { - trap - SIGINT SIGTERM ERR EXIT - # script cleanup here -} - -setup_colors() { - if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then - NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m' - else - NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW='' - fi -} - -msg() { - echo >&2 -e "${1-}" -} - -setup_colors - -read -r -p "Enter a disambiguation prefix (try initials with a sequence number, such as ejb01): " DISAMBIG_PREFIX -read -r -p "Enter owner/reponame (blank for upsteam of current fork): " OWNER_REPONAME - -if [ "$DISAMBIG_PREFIX" == '' ] ; then - msg "${RED}You must enter a disambiguation prefix." - exit 1; -fi - -if [ -z "${OWNER_REPONAME}" ] ; then - GH_FLAGS="" -else - GH_FLAGS="--repo ${OWNER_REPONAME}" -fi - -# get OTN_USERID if not set at the beginning of this file -if [ "$OTN_USERID" == '' ] ; then - read -r -p "Enter Oracle single sign-on userid: " OTN_USERID -fi - -# get OTN_PASSWORD if not set at the beginning of this file -if [ "$OTN_PASSWORD" == '' ] ; then - read -s -r -p "Enter password for preceding Oracle single sign-on userid: " OTN_PASSWORD -fi - -# get USER_EMAIL if not set at the beginning of this file -if [ "$USER_EMAIL" == '' ] ; then - read -r -p "Enter user Email of GitHub acount to access GitHub repository: " USER_EMAIL -fi - -# get USER_NAME if not set at the beginning of this file -if [ "$USER_NAME" == '' ] ; then - read -r -p "Enter user name of GitHub account: " USER_NAME -fi - -# get GIT_TOKEN if not set at the beginning of this file -if [ "$GIT_TOKEN" == '' ] ; then - read -s -r -p "Enter personal token of GitHub account: " GIT_TOKEN -fi - -read -s -r -p "Enter password for WebLogic Server: " WLS_PSW - -# get ELK_URI if not set at the beginning of this file -if [ "$ELK_URI" == '' ] ; then - read -r -p "Enter URI (hostname:port) for Elastic server, leave blank if you don't want to integrate ELK.: " ELK_URI -fi - -# get ELK_USER_NAME if not set at the beginning of this file -if [ "$ELK_USER_NAME" == '' ] ; then - read -r -p "Enter account name for Elastic server, leave blank if you don't want to integrate ELK.: " ELK_USER_NAME -fi - -# get ELK_USER_NAME if not set at the beginning of this file -if [ "$ELK_PSW" == '' ] ; then - read -s -r -p "Enter account password for Elastic server, leave blank if you don't want to integrate ELK.: " ELK_PSW -fi - -DISAMBIG_PREFIX=${DISAMBIG_PREFIX}`date +%m%d` -SERVICE_PRINCIPAL_NAME=${DISAMBIG_PREFIX}sp - -# get default location if not set at the beginning of this file -if [ "$LOCATION" == '' ] ; then - { - az config get defaults.location --only-show-errors > /dev/null 2>&1 - LOCATION_DEFAULTS_SETUP=$? - } || { - LOCATION_DEFAULTS_SETUP=0 - } - # if no default location is set, fallback to "eastus" - if [ "$LOCATION_DEFAULTS_SETUP" -eq 1 ]; then - LOCATION=eastus - else - LOCATION=$(az config get defaults.location --only-show-errors | jq -r .value) - fi -fi - -# Check AZ CLI status -msg "${GREEN}(1/6) Checking Azure CLI status...${NOFORMAT}" -{ - az > /dev/null -} || { - msg "${RED}Azure CLI is not installed." - msg "${GREEN}Go to https://aka.ms/nubesgen-install-az-cli to install Azure CLI." - exit 1; -} -{ - az account show > /dev/null -} || { - msg "${RED}You are not authenticated with Azure CLI." - msg "${GREEN}Run \"az login\" to authenticate." - exit 1; -} - -msg "${YELLOW}Azure CLI is installed and configured!" - -# Check GitHub CLI status -msg "${GREEN}(2/6) Checking GitHub CLI status...${NOFORMAT}" -USE_GITHUB_CLI=false -{ - gh auth status && USE_GITHUB_CLI=true && msg "${YELLOW}GitHub CLI is installed and configured!" -} || { - msg "${YELLOW}Cannot use the GitHub CLI. ${GREEN}No worries! ${YELLOW}We'll set up the GitHub secrets manually." - USE_GITHUB_CLI=false -} - -# Execute commands -msg "${GREEN}(3/6) Create service principal and Azure credentials ${SERVICE_PRINCIPAL_NAME}" -SUBSCRIPTION_ID=$(az account show --query id --output tsv --only-show-errors) - -### AZ ACTION CREATE -# Explicitely disable line wrapping for non MacOS -w0=-w0 -if [[ $OSTYPE == 'darwin'* ]]; then - w0= -fi - -SERVICE_PRINCIPAL=$(az ad sp create-for-rbac --name ${SERVICE_PRINCIPAL_NAME} --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" --sdk-auth --only-show-errors | base64 ${w0}) -AZURE_CREDENTIALS=$(echo $SERVICE_PRINCIPAL | base64 -d) - -msg "${GREEN}(6/6) Create secrets in GitHub" -if $USE_GITHUB_CLI; then - { - msg "${GREEN}Using the GitHub CLI to set secrets.${NOFORMAT}" - gh ${GH_FLAGS} secret set AZURE_CREDENTIALS -b"${AZURE_CREDENTIALS}" - msg "${YELLOW}\"AZURE_CREDENTIALS\"" - msg "${GREEN}${AZURE_CREDENTIALS}" - gh ${GH_FLAGS} secret set ELK_PSW -b"${ELK_PSW}" - gh ${GH_FLAGS} secret set ELK_URI -b"${ELK_URI}" - gh ${GH_FLAGS} secret set ELK_USER_NAME -b"${ELK_USER_NAME}" - gh ${GH_FLAGS} secret set GIT_TOKEN -b"${GIT_TOKEN}" - gh ${GH_FLAGS} secret set OTN_PASSWORD -b"${OTN_PASSWORD}" - gh ${GH_FLAGS} secret set OTN_USERID -b"${OTN_USERID}" - gh ${GH_FLAGS} secret set USER_EMAIL -b"${USER_EMAIL}" - gh ${GH_FLAGS} secret set USER_NAME -b"${USER_NAME}" - gh ${GH_FLAGS} secret set WLS_PSW -b"${WLS_PSW}" - } || { - USE_GITHUB_CLI=false - } -fi -if [ $USE_GITHUB_CLI == false ]; then - msg "${NOFORMAT}======================MANUAL SETUP======================================" - msg "${GREEN}Using your Web browser to set up secrets..." - msg "${NOFORMAT}Go to the GitHub repository you want to configure." - msg "${NOFORMAT}In the \"settings\", go to the \"secrets\" tab and the following secrets:" - msg "(in ${YELLOW}yellow the secret name and${NOFORMAT} in ${GREEN}green the secret value)" - msg "${YELLOW}\"AZURE_CREDENTIALS\"" - msg "${GREEN}${AZURE_CREDENTIALS}" - msg "${YELLOW}\"OTN_USERID\"" - msg "${GREEN}${OTN_USERID}" - msg "${YELLOW}\"OTN_PASSWORD\"" - msg "${GREEN}${OTN_PASSWORD}" - msg "${YELLOW}\"USER_EMAIL\"" - msg "${GREEN}${USER_EMAIL}" - msg "${YELLOW}\"USER_NAME\"" - msg "${GREEN}${USER_NAME}" - msg "${YELLOW}\"GIT_TOKEN\"" - msg "${GREEN}${GIT_TOKEN}" - msg "${YELLOW}\"ELK_URI\"" - msg "${GREEN}${ELK_URI}" - msg "${YELLOW}\"ELK_USER_NAME\"" - msg "${GREEN}${ELK_USER_NAME}" - msg "${YELLOW}\"ELK_PSW\"" - msg "${GREEN}${ELK_PSW}" - msg "${YELLOW}\"WLS_PSW\"" - msg "${GREEN}${WLS_PSW}" - msg "${YELLOW}\"DISAMBIG_PREFIX\"" - msg "${GREEN}${DISAMBIG_PREFIX}" - msg "${NOFORMAT}========================================================================" -fi -msg "${GREEN}Secrets configured" diff --git a/.github/workflows/teardown-for-wls-aks.sh b/.github/workflows/teardown-for-wls-aks.sh new file mode 100644 index 000000000..573fe27b2 --- /dev/null +++ b/.github/workflows/teardown-for-wls-aks.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +################################################ +# This script is invoked by a human who: +# - can remove repository secrets in the github repo from which this file was cloned. +# - has the gh client >= 2.0.0 installed. +# - has yq 4.x installed. +# +# This script initializes the repo from which this file is was cloned +# with the necessary secrets to run the workflows. +# Steps to run the Script: +# 1. Run gh auth login. +# 2. Clone the repository. +# 3. Run the script with the following command: +# ``` +# cd .github/workflows +# bash teardown-for-wls-aks.sh +# ``` +# 4. The script will remove the required secrets in the repository. +# 5. Check the repository secrets to verify that the secrets are removed. +################################################ + +set -Eeuo pipefail + +source ../resource/pre-check.sh +## Set environment variables +export param_file="../resource/credentials-params.yaml" + +source ../resource/teardown.sh + + diff --git a/.github/workflows/teardown-for-wls-vm.sh b/.github/workflows/teardown-for-wls-vm.sh new file mode 100644 index 000000000..45c34df74 --- /dev/null +++ b/.github/workflows/teardown-for-wls-vm.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +################################################ +# This script is invoked by a human who: +# - can remove repository secrets in the github repo from which this file was cloned. +# - has the gh client >= 2.0.0 installed. +# - has yq 4.x installed. +# +# This script initializes the repo from which this file is was cloned +# with the necessary secrets to run the workflows. +# Steps to run the Script: +# 1. Run gh auth login. +# 2. Clone the repository. +# 3. Run the script with the following command: +# ``` +# cd .github/workflows +# bash teardown-for-wls-vm.sh +# ``` +# 4. The script will remove the required secrets in the repository. +# 5. Check the repository secrets to verify that the secrets are removed. +################################################ + +set -Eeuo pipefail + +source ../resource/pre-check.sh +## Set environment variables +export param_file="../resource/credentials-params.yaml" + +source ../resource/teardown.sh + + diff --git a/.github/workflows/teardownForWlsAks.sh b/.github/workflows/teardownForWlsAks.sh deleted file mode 100644 index 9c9201e7b..000000000 --- a/.github/workflows/teardownForWlsAks.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/env bash -################################################ -# This script is invoked by a human who: -# - has invoked the setupForWlsAks.sh script -# -# This script removes the secrets and deletes the azure resources created in -# setupForWlsAks.sh. -# -# Script design taken from https://github.com/microsoft/NubesGen. -# -################################################ - - -set -Eeuo pipefail -trap cleanup SIGINT SIGTERM ERR EXIT - -cleanup() { - trap - SIGINT SIGTERM ERR EXIT - # script cleanup here -} - -setup_colors() { - if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then - NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m' - else - NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW='' - fi -} - -msg() { - echo >&2 -e "${1-}" -} - -setup_colors - -read -r -p "Enter disambiguation prefix: " DISAMBIG_PREFIX -read -r -p "Enter owner/reponame (blank for upsteam of current fork): " OWNER_REPONAME - -if [ -z "${OWNER_REPONAME}" ] ; then - GH_FLAGS="" -else - GH_FLAGS="--repo ${OWNER_REPONAME}" -fi - -SERVICE_PRINCIPAL_NAME=${DISAMBIG_PREFIX}sp -# Execute commands -msg "${GREEN}(1/4) Delete service principal ${SERVICE_PRINCIPAL_NAME}" -SUBSCRIPTION_ID=$(az account show --query id --output tsv --only-show-errors) -SP_OBJECT_ID_ARRAY=$(az ad sp list --display-name ${SERVICE_PRINCIPAL_NAME} --query "[0].id") || true -# remove whitespace -SP_OBJECT_ID_ARRAY=$(echo ${SP_OBJECT_ID_ARRAY} | xargs) || true -SP_OBJECT_ID_ARRAY=${SP_OBJECT_ID_ARRAY//[/} -SP_OBJECT_ID=${SP_OBJECT_ID_ARRAY//]/} -az role assignment delete --yes --assignee ${SP_OBJECT_ID} || true -az ad sp delete --id ${SP_OBJECT_ID} || true - -# Check GitHub CLI status -msg "${GREEN}(3/4) Checking GitHub CLI status...${NOFORMAT}" -USE_GITHUB_CLI=false -{ - gh auth status && USE_GITHUB_CLI=true && msg "${YELLOW}GitHub CLI is installed and configured!" -} || { - msg "${YELLOW}Cannot use the GitHub CLI. ${GREEN}No worries! ${YELLOW}We'll set up the GitHub secrets manually." - USE_GITHUB_CLI=false -} - -msg "${GREEN}(4/4) Removing secrets...${NOFORMAT}" -if $USE_GITHUB_CLI; then - { - msg "${GREEN}Using the GitHub CLI to remove secrets.${NOFORMAT}" - gh ${GH_FLAGS} secret remove AKS_REPO_USER_NAME - gh ${GH_FLAGS} secret remove AZURE_CREDENTIALS - gh ${GH_FLAGS} secret remove DB_PASSWORD - gh ${GH_FLAGS} secret remove ORC_SSOPSW - gh ${GH_FLAGS} secret remove ORC_SSOUSER - gh ${GH_FLAGS} secret remove WDT_RUNTIMEPSW - gh ${GH_FLAGS} secret remove WLS_PSW - gh ${GH_FLAGS} secret remove WLS_USERNAME - } || { - USE_GITHUB_CLI=false - } -fi -if [ $USE_GITHUB_CLI == false ]; then - msg "${NOFORMAT}======================MANUAL REMOVAL======================================" - msg "${GREEN}Using your Web browser to remove secrets..." - msg "${NOFORMAT}Go to the GitHub repository you want to configure." - msg "${NOFORMAT}In the \"settings\", go to the \"secrets\" tab and remove the following secrets:" - msg "(in ${YELLOW}yellow the secret name)" - msg "${YELLOW}\"AKS_REPO_USER_NAME\"" - msg "${YELLOW}\"AZURE_CREDENTIALS\"" - msg "${YELLOW}\"DB_PASSWORD\"" - msg "${YELLOW}\"ORC_SSOPSW\"" - msg "${YELLOW}\"ORC_SSOUSER\"" - msg "${YELLOW}\"WDT_RUNTIMEPSW\"" - msg "${YELLOW}\"WLS_PSW\"" - msg "${YELLOW}\"WLS_USERNAME\"" - msg "${NOFORMAT}========================================================================" -fi -msg "${GREEN}Secrets removed" diff --git a/.github/workflows/teardownForWlsVm.sh b/.github/workflows/teardownForWlsVm.sh deleted file mode 100644 index 6226c1010..000000000 --- a/.github/workflows/teardownForWlsVm.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/env bash -################################################ -# This script is invoked by a human who: -# - has invoked the setupForWlsAks.sh script -# -# This script removes the secrets and deletes the azure resources created in -# setupForWlsAks.sh. -# -# Script design taken from https://github.com/microsoft/NubesGen. -# -################################################ - - -set -Eeuo pipefail -trap cleanup SIGINT SIGTERM ERR EXIT - -cleanup() { - trap - SIGINT SIGTERM ERR EXIT - # script cleanup here -} - -setup_colors() { - if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then - NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m' - else - NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW='' - fi -} - -msg() { - echo >&2 -e "${1-}" -} - -setup_colors - -read -r -p "Enter disambiguation prefix: " DISAMBIG_PREFIX -read -r -p "Enter owner/reponame (blank for upsteam of current fork): " OWNER_REPONAME - -if [ -z "${OWNER_REPONAME}" ] ; then - GH_FLAGS="" -else - GH_FLAGS="--repo ${OWNER_REPONAME}" -fi - -SERVICE_PRINCIPAL_NAME=${DISAMBIG_PREFIX}sp - -# Execute commands -msg "${GREEN}(1/4) Delete service principal ${SERVICE_PRINCIPAL_NAME}" -SUBSCRIPTION_ID=$(az account show --query id --output tsv --only-show-errors) -SP_OBJECT_ID_ARRAY=$(az ad sp list --display-name ${SERVICE_PRINCIPAL_NAME} --query "[].objectId") || true -# remove whitespace -SP_OBJECT_ID_ARRAY=$(echo ${SP_OBJECT_ID_ARRAY} | xargs) || true -SP_OBJECT_ID_ARRAY=${SP_OBJECT_ID_ARRAY//[/} -SP_OBJECT_ID=${SP_OBJECT_ID_ARRAY//]/} -az ad sp delete --id ${SP_OBJECT_ID} || true - -# Check GitHub CLI status -msg "${GREEN}(3/4) Checking GitHub CLI status...${NOFORMAT}" -USE_GITHUB_CLI=false -{ - gh auth status && USE_GITHUB_CLI=true && msg "${YELLOW}GitHub CLI is installed and configured!" -} || { - msg "${YELLOW}Cannot use the GitHub CLI. ${GREEN}No worries! ${YELLOW}We'll set up the GitHub secrets manually." - USE_GITHUB_CLI=false -} - -msg "${GREEN}(4/4) Removing secrets...${NOFORMAT}" -if $USE_GITHUB_CLI; then - { - msg "${GREEN}Using the GitHub CLI to remove secrets.${NOFORMAT}" - gh ${GH_FLAGS} secret remove AZURE_CREDENTIALS - gh ${GH_FLAGS} secret remove ELK_PSW - gh ${GH_FLAGS} secret remove ELK_URI - gh ${GH_FLAGS} secret remove ELK_USER_NAME - gh ${GH_FLAGS} secret remove GIT_TOKEN - gh ${GH_FLAGS} secret remove OTN_PASSWORD - gh ${GH_FLAGS} secret remove OTN_USERID - gh ${GH_FLAGS} secret remove USER_EMAIL - gh ${GH_FLAGS} secret remove USER_NAME - gh ${GH_FLAGS} secret remove WLS_PSW - } || { - USE_GITHUB_CLI=false - } -fi -if [ $USE_GITHUB_CLI == false ]; then - msg "${NOFORMAT}======================MANUAL REMOVAL======================================" - msg "${GREEN}Using your Web browser to remove secrets..." - msg "${NOFORMAT}Go to the GitHub repository you want to configure." - msg "${NOFORMAT}In the \"settings\", go to the \"secrets\" tab and remove the following secrets:" - msg "(in ${YELLOW}yellow the secret name)" - msg "${YELLOW}\"AZURE_CREDENTIALS\"" - msg "${YELLOW}\"ELK_PSW\"" - msg "${YELLOW}\"ELK_URI\"" - msg "${YELLOW}\"ELK_USER_NAME\"" - msg "${YELLOW}\"GIT_TOKEN\"" - msg "${YELLOW}\"OTN_PASSWORD\"" - msg "${YELLOW}\"OTN_USERID\"" - msg "${YELLOW}\"USER_EMAIL\"" - msg "${YELLOW}\"USER_NAME\"" - msg "${YELLOW}\"WLS_PSW\"" - msg "${NOFORMAT}========================================================================" -fi -msg "${GREEN}Secrets removed" From 4d1df9d4a09854598e0c55923f4871c4b2f3adbc Mon Sep 17 00:00:00 2001 From: zhihaoguo Date: Mon, 24 Jun 2024 14:37:47 +0800 Subject: [PATCH 2/6] Refactor environment variable file names for WLS VM and WLS AKS setups. (#123) --- .github/workflows/setup-for-wls-aks.sh | 2 +- .github/workflows/setup-for-wls-vm.sh | 2 +- .github/workflows/teardown-for-wls-aks.sh | 2 +- .github/workflows/teardown-for-wls-vm.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/setup-for-wls-aks.sh b/.github/workflows/setup-for-wls-aks.sh index b47680e38..e08665377 100644 --- a/.github/workflows/setup-for-wls-aks.sh +++ b/.github/workflows/setup-for-wls-aks.sh @@ -27,7 +27,7 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables -export param_file="../resource/credentials-params.yaml" +export param_file="../resource/credentials-params-wls-aks.yaml" source ../resource/setup.sh diff --git a/.github/workflows/setup-for-wls-vm.sh b/.github/workflows/setup-for-wls-vm.sh index 60cba0874..7cf963732 100644 --- a/.github/workflows/setup-for-wls-vm.sh +++ b/.github/workflows/setup-for-wls-vm.sh @@ -27,7 +27,7 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables -export param_file="../resource/credentials-params.yaml" +export param_file="../resource/credentials-params-wls-vm.yaml" source ../resource/setup.sh diff --git a/.github/workflows/teardown-for-wls-aks.sh b/.github/workflows/teardown-for-wls-aks.sh index 573fe27b2..83d904a1d 100644 --- a/.github/workflows/teardown-for-wls-aks.sh +++ b/.github/workflows/teardown-for-wls-aks.sh @@ -24,7 +24,7 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables -export param_file="../resource/credentials-params.yaml" +export param_file="../resource/credentials-params-wls-aks.yaml" source ../resource/teardown.sh diff --git a/.github/workflows/teardown-for-wls-vm.sh b/.github/workflows/teardown-for-wls-vm.sh index 45c34df74..45a1818e1 100644 --- a/.github/workflows/teardown-for-wls-vm.sh +++ b/.github/workflows/teardown-for-wls-vm.sh @@ -24,7 +24,7 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables -export param_file="../resource/credentials-params.yaml" +export param_file="../resource/credentials-params-wls-vm.yaml" source ../resource/teardown.sh From 6fa5d1bf080cb7f0157478c05174c019a780a448 Mon Sep 17 00:00:00 2001 From: zhihaoguo Date: Mon, 24 Jun 2024 14:57:44 +0800 Subject: [PATCH 3/6] Refactored teardown script to remove redundant lines of code. --- .gitattributes | 2 +- .github/resource/credentials-params-wls-aks.yaml | 2 +- .github/resource/credentials-params-wls-vm.yaml | 2 +- .github/resource/pre-check.sh | 1 - .github/resource/teardown.sh | 3 --- .github/workflows/setup-for-wls-aks.sh | 1 - .github/workflows/teardown-for-wls-aks.sh | 2 -- .github/workflows/teardown-for-wls-vm.sh | 2 -- 8 files changed, 3 insertions(+), 12 deletions(-) diff --git a/.gitattributes b/.gitattributes index 526c8a38d..dfdb8b771 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1 @@ -*.sh text eol=lf \ No newline at end of file +*.sh text eol=lf diff --git a/.github/resource/credentials-params-wls-aks.yaml b/.github/resource/credentials-params-wls-aks.yaml index b8f477e4f..1c318c4aa 100644 --- a/.github/resource/credentials-params-wls-aks.yaml +++ b/.github/resource/credentials-params-wls-aks.yaml @@ -38,4 +38,4 @@ description: "Password for the database" - name: LOCATION value: "eastus" - description: "Location of the resource group" \ No newline at end of file + description: "Location of the resource group" diff --git a/.github/resource/credentials-params-wls-vm.yaml b/.github/resource/credentials-params-wls-vm.yaml index 0ea722028..e7e2f1eb4 100644 --- a/.github/resource/credentials-params-wls-vm.yaml +++ b/.github/resource/credentials-params-wls-vm.yaml @@ -49,4 +49,4 @@ # description: Account password for Elastic server, leave blank if you don't want to integrate ELK. #- name: ELK_PSW # value: "" -# description: Account password for Elastic server, leave blank if you don't want to integrate ELK. \ No newline at end of file +# description: Account password for Elastic server, leave blank if you don't want to integrate ELK. diff --git a/.github/resource/pre-check.sh b/.github/resource/pre-check.sh index 4155df3ca..deb1e4320 100644 --- a/.github/resource/pre-check.sh +++ b/.github/resource/pre-check.sh @@ -63,4 +63,3 @@ fi echo "6/6...You are logged in to Azure CLI (az)." echo "Checking progress completed..." - diff --git a/.github/resource/teardown.sh b/.github/resource/teardown.sh index d9d313a90..0cc3d479f 100644 --- a/.github/resource/teardown.sh +++ b/.github/resource/teardown.sh @@ -11,6 +11,3 @@ yq eval -o=json '.[]' "$param_file" | jq -c '.' | while read -r line; do done echo "teardown-credentials.sh - Finish" - - - diff --git a/.github/workflows/setup-for-wls-aks.sh b/.github/workflows/setup-for-wls-aks.sh index e08665377..f4159fe24 100644 --- a/.github/workflows/setup-for-wls-aks.sh +++ b/.github/workflows/setup-for-wls-aks.sh @@ -30,4 +30,3 @@ source ../resource/pre-check.sh export param_file="../resource/credentials-params-wls-aks.yaml" source ../resource/setup.sh - diff --git a/.github/workflows/teardown-for-wls-aks.sh b/.github/workflows/teardown-for-wls-aks.sh index 83d904a1d..0a21fad9e 100644 --- a/.github/workflows/teardown-for-wls-aks.sh +++ b/.github/workflows/teardown-for-wls-aks.sh @@ -27,5 +27,3 @@ source ../resource/pre-check.sh export param_file="../resource/credentials-params-wls-aks.yaml" source ../resource/teardown.sh - - diff --git a/.github/workflows/teardown-for-wls-vm.sh b/.github/workflows/teardown-for-wls-vm.sh index 45a1818e1..e0dbc84d3 100644 --- a/.github/workflows/teardown-for-wls-vm.sh +++ b/.github/workflows/teardown-for-wls-vm.sh @@ -27,5 +27,3 @@ source ../resource/pre-check.sh export param_file="../resource/credentials-params-wls-vm.yaml" source ../resource/teardown.sh - - From a1473bdfc59f2897bf8e479f397349587cd2e7fd Mon Sep 17 00:00:00 2001 From: zhihaoguo Date: Thu, 27 Jun 2024 16:43:16 +0800 Subject: [PATCH 4/6] Update azure-credential-setup-wls-vm.sh and azure-credential-setup-wls-aks.sh scripts to create Azure Service Principal and set credentials as secret in the repository. --- .../azure-credential-setup-wls-aks.sh | 22 +++++++++++++++++++ .../resource/azure-credential-setup-wls-vm.sh | 21 ++++++++++++++++++ .../azure-credential-teardown-wls-aks.sh | 13 +++++++++++ .../azure-credential-teardown-wls-vm.sh | 13 +++++++++++ .../resource/credentials-params-wls-aks.yaml | 18 --------------- .../resource/credentials-params-wls-vm.yaml | 19 +--------------- .github/workflows/setup-for-wls-aks.sh | 2 +- .github/workflows/setup-for-wls-vm.sh | 2 +- .github/workflows/teardown-for-wls-aks.sh | 2 +- .github/workflows/teardown-for-wls-vm.sh | 2 +- 10 files changed, 74 insertions(+), 40 deletions(-) create mode 100644 .github/resource/azure-credential-setup-wls-aks.sh create mode 100644 .github/resource/azure-credential-setup-wls-vm.sh create mode 100644 .github/resource/azure-credential-teardown-wls-aks.sh create mode 100644 .github/resource/azure-credential-teardown-wls-vm.sh diff --git a/.github/resource/azure-credential-setup-wls-aks.sh b/.github/resource/azure-credential-setup-wls-aks.sh new file mode 100644 index 000000000..a353aa800 --- /dev/null +++ b/.github/resource/azure-credential-setup-wls-aks.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# Copyright (c) IBM Corporation. +# Copyright (c) Microsoft Corporation. + +set -Eeuo pipefail + +echo "Execute azure-credential-setup.sh - Start------------------------------------------" + +## Create Azure Credentials +SERVICE_PRINCIPAL_NAME_WLS_AKS="sp-${REPO_NAME}-wls-aks-$(date +%s)" +echo "Creating Azure Service Principal with name: $SERVICE_PRINCIPAL_NAME_WLS_AKS" +SUBSCRIPTION_ID=$(az account show --query id -o tsv| tr -d '\r\n') + +AZURE_CREDENTIALS=$(az ad sp create-for-rbac --name ${SERVICE_PRINCIPAL_NAME_WLS_AKS} --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" --sdk-auth --only-show-errors) +SP_ID=$( az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query \[0\].id -o tsv | tr -d '\r\n') +az role assignment create --assignee ${SP_ID} --scope="/subscriptions/${SUBSCRIPTION_ID}" --role "User Access Administrator" + +## Set the Azure Credentials as a secret in the repository +gh secret set "AZURE_CREDENTIALS" -b"${AZURE_CREDENTIALS}" +gh variable set "SERVICE_PRINCIPAL_NAME_WLS_AKS" -b"${SERVICE_PRINCIPAL_NAME_WLS_AKS}" + +echo "Execute azure-credential-setup.sh - End--------------------------------------------" diff --git a/.github/resource/azure-credential-setup-wls-vm.sh b/.github/resource/azure-credential-setup-wls-vm.sh new file mode 100644 index 000000000..961cd72ab --- /dev/null +++ b/.github/resource/azure-credential-setup-wls-vm.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash +# Copyright (c) IBM Corporation. +# Copyright (c) Microsoft Corporation. + +set -Eeuo pipefail + +echo "Execute azure-credential-setup.sh - Start------------------------------------------" + +## Create Azure Credentials +SERVICE_PRINCIPAL_NAME_WLS_VM="sp-${REPO_NAME}-$(date +%s)" +echo "Creating Azure Service Principal with name: $SERVICE_PRINCIPAL_NAME_WLS_VM" +SUBSCRIPTION_ID=$(az account show --query id -o tsv| tr -d '\r\n') + +SERVICE_PRINCIPAL=$(az ad sp create-for-rbac --name ${SERVICE_PRINCIPAL_NAME_WLS_VM} --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" --sdk-auth --only-show-errors | base64 ${w0}) +AZURE_CREDENTIALS=$(echo $SERVICE_PRINCIPAL | base64 -d) + +## Set the Azure Credentials as a secret in the repository +gh secret set "AZURE_CREDENTIALS" -b"${AZURE_CREDENTIALS}" +gh variable set "SERVICE_PRINCIPAL_NAME_WLS_VM" -b"${SERVICE_PRINCIPAL_NAME_WLS_VM}" + +echo "Execute azure-credential-setup.sh - End--------------------------------------------" diff --git a/.github/resource/azure-credential-teardown-wls-aks.sh b/.github/resource/azure-credential-teardown-wls-aks.sh new file mode 100644 index 000000000..757a0f4e9 --- /dev/null +++ b/.github/resource/azure-credential-teardown-wls-aks.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +# Copyright (c) IBM Corporation. +# Copyright (c) Microsoft Corporation. + +set -Eeuo pipefail + +echo "Execute azure-credential-teardown.sh - Start------------------------------------------" + +gh secret delete "AZURE_CREDENTIALS" +SERVICE_PRINCIPAL_NAME_WLS_AKS=$(gh variable get "SERVICE_PRINCIPAL_NAME_WLS_AKS") +az ad sp delete --id $(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME_WLS_AKS --query "[].appId" -o tsv| tr -d '\r\n') + +echo "Execute azure-credential-teardown.sh - End--------------------------------------------" diff --git a/.github/resource/azure-credential-teardown-wls-vm.sh b/.github/resource/azure-credential-teardown-wls-vm.sh new file mode 100644 index 000000000..c29f11aab --- /dev/null +++ b/.github/resource/azure-credential-teardown-wls-vm.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +# Copyright (c) IBM Corporation. +# Copyright (c) Microsoft Corporation. + +set -Eeuo pipefail + +echo "Execute azure-credential-teardown.sh - Start------------------------------------------" + +gh secret delete "AZURE_CREDENTIALS" +SERVICE_PRINCIPAL_NAME_WLS_VM=$(gh variable get "SERVICE_PRINCIPAL_NAME_WLS_VM") +az ad sp delete --id $(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME_WLS_VM --query "[].appId" -o tsv| tr -d '\r\n') + +echo "Execute azure-credential-teardown.sh - End--------------------------------------------" diff --git a/.github/resource/credentials-params-wls-aks.yaml b/.github/resource/credentials-params-wls-aks.yaml index 1c318c4aa..c5c5784e8 100644 --- a/.github/resource/credentials-params-wls-aks.yaml +++ b/.github/resource/credentials-params-wls-aks.yaml @@ -1,22 +1,4 @@ # This file contains the parameters for the credentials used in the workflows. -# You can use `az ad sp create-for-rbac --sdk-auth` to create service principal credentials -# You can set AZURE_CREDENTIALS values with multiple line secrets -# Here is an example -# - name: AZURE_CREDENTIALS -# value: | -# { -# "clientId": "", -# "clientSecret": "", -# "subscriptionId": "", -# "tenantId": "", -# "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", -# "resourceManagerEndpointUrl": "https://management.azure.com/", -# "activeDirectoryGraphResourceId": "https://graph.windows.net/", -# } -# description: Azure Credentials used for workflows. -- name: AZURE_CREDENTIALS - value: "" - description: Azure Credentials used for *WlsAks*.yml and *WlsVm*.yml workflows. - name: ORC_SSOUSER value: "" description: "Oracle single sign-on userid." diff --git a/.github/resource/credentials-params-wls-vm.yaml b/.github/resource/credentials-params-wls-vm.yaml index e7e2f1eb4..33dc568f8 100644 --- a/.github/resource/credentials-params-wls-vm.yaml +++ b/.github/resource/credentials-params-wls-vm.yaml @@ -1,21 +1,4 @@ -# You can use `az ad sp create-for-rbac --sdk-auth` to create service principal credentials -# You can set AZURE_CREDENTIALS values with multiple line secrets -# Here is an example -# - name: AZURE_CREDENTIALS -# value: | -# { -# "clientId": "", -# "clientSecret": "", -# "subscriptionId": "", -# "tenantId": "", -# "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", -# "resourceManagerEndpointUrl": "https://management.azure.com/", -# "activeDirectoryGraphResourceId": "https://graph.windows.net/", -# } -# description: Azure Credentials used for workflows. -- name: AZURE_CREDENTIALS - value: "" - description: Azure Credentials used for *WlsVm* workflows. +# This file contains the parameters for the credentials used in the workflows. - name: OTN_USERID value: "" description: Oracle single sign-on userid. diff --git a/.github/workflows/setup-for-wls-aks.sh b/.github/workflows/setup-for-wls-aks.sh index f4159fe24..275075a64 100644 --- a/.github/workflows/setup-for-wls-aks.sh +++ b/.github/workflows/setup-for-wls-aks.sh @@ -28,5 +28,5 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-aks.yaml" - +source ../resource/azure-credential-setup-wls-aks.sh source ../resource/setup.sh diff --git a/.github/workflows/setup-for-wls-vm.sh b/.github/workflows/setup-for-wls-vm.sh index 7cf963732..450fe054e 100644 --- a/.github/workflows/setup-for-wls-vm.sh +++ b/.github/workflows/setup-for-wls-vm.sh @@ -28,6 +28,6 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-vm.yaml" - +source ../resource/azure-credential-setup-wls-vm.sh source ../resource/setup.sh diff --git a/.github/workflows/teardown-for-wls-aks.sh b/.github/workflows/teardown-for-wls-aks.sh index 0a21fad9e..73913a8eb 100644 --- a/.github/workflows/teardown-for-wls-aks.sh +++ b/.github/workflows/teardown-for-wls-aks.sh @@ -25,5 +25,5 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-aks.yaml" - +source ../resource/azure-credential-teardown-wls-aks.sh source ../resource/teardown.sh diff --git a/.github/workflows/teardown-for-wls-vm.sh b/.github/workflows/teardown-for-wls-vm.sh index e0dbc84d3..52602a196 100644 --- a/.github/workflows/teardown-for-wls-vm.sh +++ b/.github/workflows/teardown-for-wls-vm.sh @@ -25,5 +25,5 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-vm.yaml" - +source ../resource/azure-credential-teardown-wls-vm.sh source ../resource/teardown.sh From f207c5dc46490d827f4dc362513b4e14b5b1b454 Mon Sep 17 00:00:00 2001 From: zhihaoguo Date: Thu, 27 Jun 2024 16:44:51 +0800 Subject: [PATCH 5/6] Refactor copyright information in credential setup and teardown scripts --- .github/resource/azure-credential-setup-wls-aks.sh | 2 -- .github/resource/azure-credential-setup-wls-vm.sh | 2 -- .github/resource/azure-credential-teardown-wls-aks.sh | 2 -- .github/resource/azure-credential-teardown-wls-vm.sh | 2 -- 4 files changed, 8 deletions(-) diff --git a/.github/resource/azure-credential-setup-wls-aks.sh b/.github/resource/azure-credential-setup-wls-aks.sh index a353aa800..153c462e1 100644 --- a/.github/resource/azure-credential-setup-wls-aks.sh +++ b/.github/resource/azure-credential-setup-wls-aks.sh @@ -1,6 +1,4 @@ #!/usr/bin/env bash -# Copyright (c) IBM Corporation. -# Copyright (c) Microsoft Corporation. set -Eeuo pipefail diff --git a/.github/resource/azure-credential-setup-wls-vm.sh b/.github/resource/azure-credential-setup-wls-vm.sh index 961cd72ab..19ab631ac 100644 --- a/.github/resource/azure-credential-setup-wls-vm.sh +++ b/.github/resource/azure-credential-setup-wls-vm.sh @@ -1,6 +1,4 @@ #!/usr/bin/env bash -# Copyright (c) IBM Corporation. -# Copyright (c) Microsoft Corporation. set -Eeuo pipefail diff --git a/.github/resource/azure-credential-teardown-wls-aks.sh b/.github/resource/azure-credential-teardown-wls-aks.sh index 757a0f4e9..2d75810d5 100644 --- a/.github/resource/azure-credential-teardown-wls-aks.sh +++ b/.github/resource/azure-credential-teardown-wls-aks.sh @@ -1,6 +1,4 @@ #!/usr/bin/env bash -# Copyright (c) IBM Corporation. -# Copyright (c) Microsoft Corporation. set -Eeuo pipefail diff --git a/.github/resource/azure-credential-teardown-wls-vm.sh b/.github/resource/azure-credential-teardown-wls-vm.sh index c29f11aab..c0fd78802 100644 --- a/.github/resource/azure-credential-teardown-wls-vm.sh +++ b/.github/resource/azure-credential-teardown-wls-vm.sh @@ -1,6 +1,4 @@ #!/usr/bin/env bash -# Copyright (c) IBM Corporation. -# Copyright (c) Microsoft Corporation. set -Eeuo pipefail From 686cbba8e49bbf801f2e4ea591ce28936896b26c Mon Sep 17 00:00:00 2001 From: zhihaoguo Date: Thu, 27 Jun 2024 17:03:48 +0800 Subject: [PATCH 6/6] Refactor setup and teardown scripts to use separate credentials params files. --- .github/resource/{setup.sh => credentials-params-setup.sh} | 0 .../resource/{teardown.sh => credentials-params-teardown.sh} | 0 .github/workflows/setup-for-wls-aks.sh | 2 +- .github/workflows/setup-for-wls-vm.sh | 3 +-- .github/workflows/teardown-for-wls-aks.sh | 2 +- .github/workflows/teardown-for-wls-vm.sh | 2 +- 6 files changed, 4 insertions(+), 5 deletions(-) rename .github/resource/{setup.sh => credentials-params-setup.sh} (100%) rename .github/resource/{teardown.sh => credentials-params-teardown.sh} (100%) diff --git a/.github/resource/setup.sh b/.github/resource/credentials-params-setup.sh similarity index 100% rename from .github/resource/setup.sh rename to .github/resource/credentials-params-setup.sh diff --git a/.github/resource/teardown.sh b/.github/resource/credentials-params-teardown.sh similarity index 100% rename from .github/resource/teardown.sh rename to .github/resource/credentials-params-teardown.sh diff --git a/.github/workflows/setup-for-wls-aks.sh b/.github/workflows/setup-for-wls-aks.sh index 275075a64..50a147246 100644 --- a/.github/workflows/setup-for-wls-aks.sh +++ b/.github/workflows/setup-for-wls-aks.sh @@ -28,5 +28,5 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-aks.yaml" +source ../resource/credentials-params-setup.sh source ../resource/azure-credential-setup-wls-aks.sh -source ../resource/setup.sh diff --git a/.github/workflows/setup-for-wls-vm.sh b/.github/workflows/setup-for-wls-vm.sh index 450fe054e..1cb3d71eb 100644 --- a/.github/workflows/setup-for-wls-vm.sh +++ b/.github/workflows/setup-for-wls-vm.sh @@ -28,6 +28,5 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-vm.yaml" +source ../resource/credentials-params-setup.sh source ../resource/azure-credential-setup-wls-vm.sh -source ../resource/setup.sh - diff --git a/.github/workflows/teardown-for-wls-aks.sh b/.github/workflows/teardown-for-wls-aks.sh index 73913a8eb..25fada69b 100644 --- a/.github/workflows/teardown-for-wls-aks.sh +++ b/.github/workflows/teardown-for-wls-aks.sh @@ -25,5 +25,5 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-aks.yaml" +source ../resource/credentials-params-teardown.sh source ../resource/azure-credential-teardown-wls-aks.sh -source ../resource/teardown.sh diff --git a/.github/workflows/teardown-for-wls-vm.sh b/.github/workflows/teardown-for-wls-vm.sh index 52602a196..f05889971 100644 --- a/.github/workflows/teardown-for-wls-vm.sh +++ b/.github/workflows/teardown-for-wls-vm.sh @@ -25,5 +25,5 @@ set -Eeuo pipefail source ../resource/pre-check.sh ## Set environment variables export param_file="../resource/credentials-params-wls-vm.yaml" +source ../resource/credentials-params-teardown.sh source ../resource/azure-credential-teardown-wls-vm.sh -source ../resource/teardown.sh