create hello world ACI test pipeline

Author: hgarvison

.github/workflows/_cleanup.yml

@@ -4,16 +4,77 @@ on:
   workflow_call:
     inputs:
       cluster-name:
-        required: true
+        required: false
         description: AKS Cluster Name
         type: string
       skr-client-kid:
-        required: true
+        required: false
         description: SKR key id
         default: "default-skr-client-kid"
         type: string
+      debug:
+        description: "Debug Flag"
+        default: false
+        required: false
+        type: boolean
+      test-name:
+        description: "Test Name"
+        required: true
+        type: string
+  schedule:
+    - cron: "0 0 * * *"
 
 jobs:
+  cleanup-running-acis:
+    name: Cleanup Running Container Groups
+    runs-on: ubuntu-latest
+    if: ${{ !inputs.debug }}
+    env:
+      RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
+    steps:
+      - name: Log into Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Delete All Container Groups
+        run: |
+          RUNNING_CONTAINERS=$(az container list \
+          --resource-group $RESOURCE_GROUP \
+          --query "[?!starts_with(name, 'uptime-')]")
+
+          for container in $(echo $RUNNING_CONTAINERS | jq -r '.[].id'); do
+              echo "Deleting container group: ${container}"
+              az resource delete --ids ${container}
+          done
+
+  cleanup-failed-acis:
+    name: Cleanup Failed Container Groups
+    runs-on: ubuntu-latest
+    if: ${{ !inputs.debug }}
+    env:
+      RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
+    steps:
+      - name: Log into Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Delete Failed Container Groups
+        run: |
+          NON_RUNNING_CONTAINERS=$(az container list \
+          --resource-group $RESOURCE_GROUP \
+          --query "[?provisioningState=='Failed' || provisioningState=='Unhealthy']")
+
+          for container in $(echo $NON_RUNNING_CONTAINERS | jq -r '.[].id'); do
+          echo "Deleting container group: ${container}"
+          az resource delete --ids ${container}
+          done
+
   cleanup_registry:
     name: Cleanup Container Registry
     runs-on: ubuntu-latest
@@ -25,23 +86,32 @@ jobs:
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - name: Cleanup Public Azure Container Registry
-        if: github.event_name != 'pull_request'
+      - name: Cleanup Hello World ACI Images
+        if: ${{ inputs.test-name == 'hello-world-aci' }}
+        run: |
+          # adding || true so that it doesn't fail if the image doesn't exist (i.e. helloworld didn't run)
+          az acr login --name ${{ github.event_name == 'pull_request' && secrets.TEST_AZURE_REGISTRY_NAME || secrets.AZURE_REGISTRY_NAME }}
+          az acr repository delete --name ${{ github.event_name == 'pull_request' && secrets.TEST_AZURE_REGISTRY_NAME || secrets.AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/aci/helloworld:${{ github.sha }} --yes || true
+
+      - name: Cleanup Hello World AKS Images
+        if: ${{ inputs.test-name == 'hello-world-aks' }}
         run: |
-          az acr login --name ${{ secrets.AZURE_REGISTRY_NAME }}
-          az acr repository delete --name ${{ secrets.AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/kafka/consumer:${{ github.sha }} --yes
-          az acr repository delete --name ${{ secrets.AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/kafka/producer:${{ github.sha }} --yes
+          # adding || true so that it doesn't fail if the image doesn't exist (i.e. helloworld didn't run)
+          az acr login --name ${{ github.event_name == 'pull_request' && secrets.TEST_AZURE_REGISTRY_NAME || secrets.AZURE_REGISTRY_NAME }}
+          az acr repository delete --name ${{ github.event_name == 'pull_request' && secrets.TEST_AZURE_REGISTRY_NAME || secrets.AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/aks/helloworld:${{ github.sha }} --yes || true
 
-      - name: Cleanup Test Azure Container Registry
-        if: github.event_name == 'pull_request'
+      - name: Cleanup Kafka Images
+        if: ${{ inputs.test-name == 'kafka' }}
         run: |
-          az acr login --name ${{ secrets.TEST_AZURE_REGISTRY_NAME }}
-          az acr repository delete --name ${{ secrets.TEST_AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/kafka/consumer:${{ github.sha }} --yes
-          az acr repository delete --name ${{ secrets.TEST_AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/kafka/producer:${{ github.sha }} --yes
+          # adding || true so that it doesn't fail if the image doesn't exist (i.e. kafka didn't run)
+          az acr login --name ${{ github.event_name == 'pull_request' && secrets.TEST_AZURE_REGISTRY_NAME || secrets.AZURE_REGISTRY_NAME }}
+          az acr repository delete --name ${{ github.event_name == 'pull_request' && secrets.TEST_AZURE_REGISTRY_NAME || secrets.AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/kafka/consumer:${{ github.sha }} --yes || true
+          az acr repository delete --name ${{ github.event_name == 'pull_request' && secrets.TEST_AZURE_REGISTRY_NAME || secrets.AZURE_REGISTRY_NAME }} --image private/${{ github.actor }}/acc/samples/kafka/producer:${{ github.sha }} --yes || true
 
   cleanup-cluster:
-    name: Clean Up
+    name: Clean Up Cluster
     runs-on: ubuntu-latest
+    if: ${{ inputs.cluster-name != '' }}
     steps:
       - name: Log into Azure
         uses: azure/login@v2
@@ -52,12 +122,12 @@ jobs:
 
       - name: Clean Up
         id: cleanup
-        env: 
+        env:
           RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
           CLUSTER_NAME: ${{ inputs.cluster-name }}
           SKR_CLIENT_KID: ${{ inputs.skr-client-kid }}
-        run: | 
-          # cannot rely on the job success/fail indicator to determine whether the SKR_CLIENT_KID exists or not so attempt to delete anyway 
+        run: |
+          # cannot rely on the job success/fail indicator to determine whether the SKR_CLIENT_KID exists or not so attempt to delete anyway
           az keyvault key delete --vault-name kafka-test-pipeline-akv --name $SKR_CLIENT_KID 2>&1 || true
           result=$(az aks list -g $RESOURCE_GROUP --query "[].name" -o tsv)
 

.github/workflows/_cleanup_all_clusters.yml

@@ -1,4 +1,4 @@
-name: Cleanup All AKS Cluster in Resource Group 
+name: Cleanup All AKS Cluster in Resource Group
 
 on:
   workflow_call:
@@ -11,19 +11,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Log into Azure
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Clean Up
         id: cleanup
-        env: 
+        env:
           RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
-        run: | 
+        run: |
           result=$(az aks list -g $RESOURCE_GROUP --query "[].name" -o tsv)
-          for name in $result 
+          for name in $result
           do
               max_retries=5
               retries=0

.github/workflows/_create_aks_cluster.yml

@@ -3,6 +3,10 @@ name: Create AKS Cluster
 on:
   workflow_call:
     inputs:
+      demo-name:
+        description: "Demo Name"
+        required: true
+        type: string
       workflow-id:
         description: "Workflow ID"
         required: true
@@ -17,21 +21,21 @@ on:
         description: "Workflow ID"
         required: true
         type: string
-  
+
 jobs:
   create-aks-cluster:
     name: Create AKS Cluster
     runs-on: ubuntu-latest
-    env: 
-      RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }} 
+    env:
+      RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
     outputs:
       cluster-name: ${{ steps.create-aks-cluster.outputs.cluster-name }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4  
+        uses: actions/checkout@v4
 
-      - name: Install Dependencies 
-        id: install-dependencies 
+      - name: Install Dependencies
+        id: install-dependencies
         run: |
           result=$(az extension list -o table  2>&1 || true)
           if [[ $result == *"aks-preview"* ]]; then
@@ -41,22 +45,22 @@ jobs:
             echo "aks-preview extension not found. Installing aks-preview..."
             az extension add --name aks-preview
           fi
-      
+
       - name: Log into Azure
         uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          
+
       - name: Create AKS Cluster
         id: create-aks-cluster
         if: steps.install-dependencies.outcome == 'success'
-        env: 
-          RUN_ID: ${{ inputs.workflow-id }}
+        env:
+          CLUSTER_NAME: ${{ inputs.demo-name }}-${{ inputs.workflow-id }}
         run: |
           az aks create --resource-group $RESOURCE_GROUP \
-          --name kafka-${RUN_ID} \
+          --name ${CLUSTER_NAME} \
           --os-sku AzureLinux \
           --node-vm-size Standard_DC4as_cc_v5 \
           --tags "Owner=accct" \
@@ -68,4 +72,4 @@ jobs:
           --auto-upgrade-channel patch \
           --node-os-upgrade-channel NodeImage
 
-          echo "cluster-name=kafka-${RUN_ID}" >> $GITHUB_OUTPUT
+          echo "cluster-name=${CLUSTER_NAME}" >> $GITHUB_OUTPUT

.github/workflows/_deploy_aci.yml

@@ -0,0 +1,132 @@
+name: Deploy ACI
+
+on:
+  workflow_call:
+    inputs:
+      workflow-id:
+        description: "Workflow ID"
+        required: true
+        type: string
+      helloworld-image:
+        description: "Hello World ACI Image"
+        default: "mcr.microsoft.com/acc/samples/aci/helloworld:2.9"
+        required: true
+        type: string
+      debug:
+        description: "Debug Flag"
+        default: false
+        required: false
+        type: boolean
+  workflow_dispatch:
+    inputs:
+      workflow-id:
+        description: "Workflow ID"
+        required: true
+        type: string
+      helloworld-image:
+        description: "Hello World ACI Image"
+        default: "mcr.microsoft.com/acc/samples/aci/helloworld:2.9"
+        required: true
+        type: string
+      debug:
+        description: "Debug Flag"
+        default: false
+        required: false
+        type: boolean
+
+jobs:
+  deploy-aci:
+    name: Deploy ACI
+    runs-on: ubuntu-latest
+    env:
+      RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
+      WORKFLOW_ID: ${{ inputs.workflow-id }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Log into Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Login to Public Azure Container Registry
+        if: github.event_name != 'pull_request'
+        run: |
+          az acr login --name ${{ secrets.AZURE_REGISTRY_NAME }}
+
+      - name: Login to Test Azure Container Registry
+        if: github.event_name == 'pull_request'
+        run: |
+          az acr login --name ${{ secrets.TEST_AZURE_REGISTRY_NAME }}
+
+      - name: Install Dependencies
+        id: install-dependencies
+        run: |
+            result=$(az extension list -o table  2>&1 || true)
+            if [[ $result == *"confcom"* ]]; then
+              echo "confcom already installed, upgrading confcom version."
+              az extension update --name confcom
+            else
+              echo "confcom extension not found. Installing confcom..."
+              az extension add --name confcom
+            fi
+
+      - name: Setup Hello World Image Environment Variable
+        run: |
+            # check if official image
+            if [[ "${{ inputs.helloworld-image }}" == *"mcr.microsoft.com"* ]]; then
+              echo HELLO_WORLD_IMAGE='${{ inputs.helloworld-image }}' >> $GITHUB_ENV
+            else
+              echo HELLO_WORLD_IMAGE='${{ (github.event_name != 'pull_request' && secrets.AZURE_REGISTRY_URL) || secrets.TEST_AZURE_REGISTRY_URL }}'/'${{ inputs.helloworld-image }}' >> $GITHUB_ENV
+            fi
+
+      - name: Substitute Environment Variables
+        id: substitute-envs
+        run: |
+            python util/env_substitution.py --file hello-world/ACI/arm-template.json --file-type json
+
+      - name: Generate Security Policy
+        id: generate-security-policy
+        run: |
+            sudo usermod -aG docker $USER
+            if [[ ${{ inputs.debug }} ]]; then
+              az confcom acipolicygen -a hello-world/ACI/arm-template.json --debug
+            else
+              az confcom acipolicygen -a hello-world/ACI/arm-template.json
+            fi
+
+      - name: Deploy ARM Template
+        id: deploy-arm-template
+        run: |
+            az deployment group create \
+                --resource-group $RESOURCE_GROUP \
+                --template-file hello-world/ACI/arm-template.json
+
+      - name: Check Container is Running
+        run: |
+            max_retries=5
+            retries=0
+            while [ $retries -lt $max_retries ]; do
+              CONTAINER_STATE=$(az container show \
+                  --name helloworld-aci-$WORKFLOW_ID \
+                  --resource-group $RESOURCE_GROUP \
+              )
+              if [[ $(echo $CONTAINER_STATE | jq -r '.instanceView.state') == "Running" ]]; then
+                  echo "Container is running."
+                  break  # Exit the loop on successful attempt
+              else
+                  echo "Container is not running yet, retrying in 5 seconds..."
+                  echo "Container state is: "
+                  echo $CONTAINER_STATE | jq
+                  retries=$((retries+1))
+                  sleep 5 # give the container a chance to stabilize
+              fi
+            done
+
+            if [ $retries -eq $max_retries ]; then
+              echo "The operation has been tried $retries times without success."
+              exit 1
+            fi