Make Azure location configurable #125
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Cloud Infrastructure - Deployment | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "cloud-infrastructure/**" | |
| - ".github/workflows/cloud-infrastructure.yml" | |
| - "!**.md" | |
| pull_request: | |
| paths: | |
| - "cloud-infrastructure/**" | |
| - ".github/workflows/cloud-infrastructure.yml" | |
| - "!**.md" | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| plan-stage: | |
| name: Plan Changes Staging | |
| runs-on: ubuntu-latest | |
| env: | |
| UNIQUE_PREFIX: ${{ vars.UNIQUE_PREFIX }} | |
| ENVIRONMENT: "stage" | |
| SHARED_LOCATION: ${{ vars.STAGING_SHARED_LOCATION }} | |
| CLUSTER_LOCATION: ${{ vars.STAGING_CLUSTER_LOCATION }} | |
| CLUSTER_LOCATION_ACRONYM: ${{ vars.STAGING_CLUSTER_LOCATION_ACRONYM }} | |
| SQL_ADMIN_OBJECT_ID: ${{ vars.STAGING_SQL_ADMIN_OBJECT_ID }} | |
| DOMAIN_NAME: ${{ vars.STAGING_DOMAIN_NAME }} | |
| SERVICE_PRINCIPAL_ID: ${{ vars.STAGING_SERVICE_PRINCIPAL_ID }} | |
| TENANT_ID: ${{ vars.TENANT_ID }} | |
| SUBSCRIPTION_ID: ${{ vars.STAGING_SUBSCRIPTION_ID }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install Bicep CLI | |
| run: | | |
| curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 && | |
| chmod +x ./bicep && | |
| sudo mv ./bicep /usr/local/bin/bicep && | |
| bicep --version | |
| - name: Login to Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.SERVICE_PRINCIPAL_ID }} | |
| tenant-id: ${{ env.TENANT_ID }} | |
| subscription-id: ${{env.SUBSCRIPTION_ID }} | |
| - name: Plan Changes to Shared Environment Resources | |
| run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.SHARED_LOCATION }} --plan | |
| - name: Plan Changes to Cluster | |
| run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION }} ${{ env.CLUSTER_LOCATION_ACRONYM }} ${{ env.SQL_ADMIN_OBJECT_ID }} ${{ env.DOMAIN_NAME }} --plan | |
| deploy-stage: | |
| name: Deploy Staging | |
| needs: plan-stage | |
| runs-on: ubuntu-latest | |
| environment: "staging" # Force a manual approval | |
| if: ${{ vars.STAGING_CLUSTER_ENABLED }} && github.ref == 'refs/heads/main' | |
| env: | |
| UNIQUE_PREFIX: ${{ vars.UNIQUE_PREFIX }} | |
| ENVIRONMENT: "stage" | |
| SHARED_LOCATION: ${{ vars.STAGING_SHARED_LOCATION }} | |
| CLUSTER_LOCATION: ${{ vars.STAGING_CLUSTER_LOCATION }} | |
| CLUSTER_LOCATION_ACRONYM: ${{ vars.STAGING_CLUSTER_LOCATION_ACRONYM }} | |
| SQL_ADMIN_OBJECT_ID: ${{ vars.STAGING_SQL_ADMIN_OBJECT_ID }} | |
| DOMAIN_NAME: ${{ vars.STAGING_DOMAIN_NAME }} | |
| SERVICE_PRINCIPAL_ID: ${{ vars.STAGING_SERVICE_PRINCIPAL_ID }} | |
| TENANT_ID: ${{ vars.TENANT_ID }} | |
| SUBSCRIPTION_ID: ${{ vars.STAGING_SUBSCRIPTION_ID }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install Bicep CLI | |
| run: | | |
| curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 && | |
| chmod +x ./bicep && | |
| sudo mv ./bicep /usr/local/bin/bicep && | |
| bicep --version | |
| - name: Replace Classic sqlcmd (ODBC) with sqlcmd (GO) | |
| run: | | |
| sudo apt-get remove -y mssql-tools && | |
| curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc && | |
| sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/22.04/prod.list)" && | |
| sudo apt-get update && | |
| sudo apt-get install -y sqlcmd | |
| - name: Login to Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.SERVICE_PRINCIPAL_ID }} | |
| tenant-id: ${{ env.TENANT_ID }} | |
| subscription-id: ${{env.SUBSCRIPTION_ID }} | |
| - name: Deploy Shared Environment Resources | |
| run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.SHARED_LOCATION }} --apply | |
| - name: Deploy Cluster Resources | |
| id: deploy_cluster | |
| run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION }} ${{ env.CLUSTER_LOCATION_ACRONYM }} ${{ env.SQL_ADMIN_OBJECT_ID }} ${{ env.DOMAIN_NAME }} --apply | |
| - name: Refresh Azure Tokens # The previous step may take a while, so we refresh the token to avoid timeouts | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.SERVICE_PRINCIPAL_ID }} | |
| tenant-id: ${{ env.TENANT_ID }} | |
| subscription-id: ${{env.SUBSCRIPTION_ID }} | |
| - name: Grant Database Permissions | |
| run: | | |
| bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION_ACRONYM }} 'account-management' ${{ steps.deploy_cluster.outputs.ACCOUNT_MANAGEMENT_IDENTITY_CLIENT_ID }} | |
| bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION_ACRONYM }} 'back-office' ${{ steps.deploy_cluster.outputs.BACK_OFFICE_IDENTITY_CLIENT_ID }} | |
| plan-prod1: | |
| name: Plan Changes Production | |
| needs: deploy-stage | |
| runs-on: ubuntu-latest | |
| env: | |
| UNIQUE_PREFIX: ${{ vars.UNIQUE_PREFIX }} | |
| ENVIRONMENT: "prod" | |
| SHARED_LOCATION: ${{ vars.PRODUCTION_SHARED_LOCATION }} | |
| CLUSTER_LOCATION: ${{ vars.PRODUCTION_CLUSTER1_LOCATION }} | |
| CLUSTER_LOCATION_ACRONYM: ${{ vars.PRODUCTION_CLUSTER1_LOCATION_ACRONYM }} | |
| SQL_ADMIN_OBJECT_ID: ${{ vars.PRODUCTION_SQL_ADMIN_OBJECT_ID }} | |
| DOMAIN_NAME: ${{ vars.PRODUCTION_DOMAIN_NAME }} | |
| SERVICE_PRINCIPAL_ID: ${{ vars.PRODUCTION_SERVICE_PRINCIPAL_ID }} | |
| TENANT_ID: ${{ vars.TENANT_ID }} | |
| SUBSCRIPTION_ID: ${{ vars.PRODUCTION_SUBSCRIPTION_ID }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install Bicep CLI | |
| run: | | |
| curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 && | |
| chmod +x ./bicep && | |
| sudo mv ./bicep /usr/local/bin/bicep && | |
| bicep --version | |
| - name: Login to Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.SERVICE_PRINCIPAL_ID }} | |
| tenant-id: ${{ env.TENANT_ID }} | |
| subscription-id: ${{env.SUBSCRIPTION_ID }} | |
| - name: Plan Changes to Shared Environment Resources | |
| run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.SHARED_LOCATION }} --plan | |
| - name: Plan Changes to Cluster | |
| run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION }} ${{ env.CLUSTER_LOCATION_ACRONYM }} ${{ env.SQL_ADMIN_OBJECT_ID }} ${{ env.DOMAIN_NAME }} --plan | |
| deploy-prod1: | |
| name: Deploy Production | |
| needs: plan-prod1 | |
| runs-on: ubuntu-latest | |
| environment: "production" # Force a manual approval | |
| if: ${{ vars.PRODUCTION_CLUSTER1_ENABLED }} && github.ref == 'refs/heads/main' | |
| env: | |
| UNIQUE_PREFIX: ${{ vars.UNIQUE_PREFIX }} | |
| ENVIRONMENT: "prod" | |
| SHARED_LOCATION: ${{ vars.PRODUCTION_SHARED_LOCATION }} | |
| CLUSTER_LOCATION: ${{ vars.PRODUCTION_CLUSTER1_LOCATION }} | |
| CLUSTER_LOCATION_ACRONYM: ${{ vars.PRODUCTION_CLUSTER1_LOCATION_ACRONYM }} | |
| SQL_ADMIN_OBJECT_ID: ${{ vars.PRODUCTION_SQL_ADMIN_OBJECT_ID }} | |
| DOMAIN_NAME: ${{ vars.PRODUCTION_DOMAIN_NAME }} | |
| SERVICE_PRINCIPAL_ID: ${{ vars.PRODUCTION_SERVICE_PRINCIPAL_ID }} | |
| TENANT_ID: ${{ vars.TENANT_ID }} | |
| SUBSCRIPTION_ID: ${{ vars.PRODUCTION_SUBSCRIPTION_ID }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install Bicep CLI | |
| run: | | |
| curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 && | |
| chmod +x ./bicep && | |
| sudo mv ./bicep /usr/local/bin/bicep && | |
| bicep --version | |
| - name: Replace Classic sqlcmd (ODBC) with sqlcmd (GO) | |
| run: | | |
| sudo apt-get remove -y mssql-tools && | |
| curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc && | |
| sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/22.04/prod.list)" && | |
| sudo apt-get update && | |
| sudo apt-get install -y sqlcmd | |
| - name: Login to Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.SERVICE_PRINCIPAL_ID }} | |
| tenant-id: ${{ env.TENANT_ID }} | |
| subscription-id: ${{env.SUBSCRIPTION_ID }} | |
| - name: Deploy Shared Environment Resources | |
| run: bash ./cloud-infrastructure/environment/deploy-environment.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.SHARED_LOCATION }} --apply | |
| - name: Deploy Cluster Resources | |
| id: deploy_cluster | |
| run: bash ./cloud-infrastructure/cluster/deploy-cluster.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION }} ${{ env.CLUSTER_LOCATION_ACRONYM }} ${{ env.SQL_ADMIN_OBJECT_ID }} ${{ env.DOMAIN_NAME }} --apply | |
| - name: Refresh Azure Tokens # The previous step may take a while, so we refresh the token to avoid timeouts | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.SERVICE_PRINCIPAL_ID }} | |
| tenant-id: ${{ env.TENANT_ID }} | |
| subscription-id: ${{env.SUBSCRIPTION_ID }} | |
| - name: Grant Database Permissions | |
| run: | | |
| bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION_ACRONYM }} 'account-management' ${{ steps.deploy_cluster.outputs.ACCOUNT_MANAGEMENT_IDENTITY_CLIENT_ID }} | |
| bash ./cloud-infrastructure/cluster/grant-database-permissions.sh ${{ env.UNIQUE_PREFIX }} ${{ env.ENVIRONMENT }} ${{ env.CLUSTER_LOCATION_ACRONYM }} 'back-office' ${{ steps.deploy_cluster.outputs.BACK_OFFICE_IDENTITY_CLIENT_ID }} |