From 7ffd84824aa1e107a08c409b872a27cbf92fd0aa Mon Sep 17 00:00:00 2001 From: nasusoba <108400027+nasusoba@users.noreply.github.com> Date: Tue, 12 Nov 2024 14:23:07 +0800 Subject: [PATCH 1/2] Create files --- .azure/backendTemplate.tf | 8 ++-- .github/workflows/deploy-infra.yml | 35 ++++++++++++++++++ .github/workflows/export.yml | 25 ++++++------- .github/workflows/list-and-run.yml | 51 ++++++++++++++++++++++++++ .github/workflows/scale.yml | 4 +- .github/workflows/site-cd-workflow.yml | 31 +++++++++------- .github/workflows/terraform-plan.yml | 28 ++++++++------ BUILD.bazel | 10 +++++ 8 files changed, 148 insertions(+), 44 deletions(-) create mode 100644 .github/workflows/deploy-infra.yml create mode 100644 .github/workflows/list-and-run.yml create mode 100644 BUILD.bazel diff --git a/.azure/backendTemplate.tf b/.azure/backendTemplate.tf index 8c6d8cb..cb9624a 100644 --- a/.azure/backendTemplate.tf +++ b/.azure/backendTemplate.tf @@ -1,10 +1,10 @@ terraform { backend "azurerm" { - resource_group_name = "runyutestiac" - storage_account_name = "runyutestiacsa" - container_name = "runyutestiaccontainer" + resource_group_name = "hybrid-iac" + storage_account_name = "hybridiac" + container_name = "hybridiac" key = "{{.GroupName}}.tfstate" use_azuread_auth = true - subscription_id = "de3c4d5e-af08-451a-a873-438d86ab6f4b" + subscription_id = "bd7961c1-21fb-449a-afff-070bf4b4e500" } } diff --git a/.github/workflows/deploy-infra.yml b/.github/workflows/deploy-infra.yml new file mode 100644 index 0000000..36f4ba8 --- /dev/null +++ b/.github/workflows/deploy-infra.yml @@ -0,0 +1,35 @@ +name: Terraform apply infra change + +on: + push: + branches: ["main"] + workflow_dispatch: + +permissions: + id-token: write + contents: read + +jobs: + dev: + name: dev + needs: [] + uses: ./.github/workflows/list-and-run.yml + secrets: inherit + with: + directory: dev + + qa: + name: qa + needs: [dev] + uses: ./.github/workflows/list-and-run.yml + secrets: inherit + with: + directory: qa + + prod: + name: prod + needs: [dev,qa] + uses: ./.github/workflows/list-and-run.yml + secrets: inherit + with: + directory: prod diff --git a/.github/workflows/export.yml b/.github/workflows/export.yml index a98d8f9..6c1fc7a 100644 --- a/.github/workflows/export.yml +++ b/.github/workflows/export.yml @@ -22,19 +22,17 @@ env: ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_USE_OIDC: true - TF_VAR_tenant: ${{ secrets.AZURE_TENANT_ID }} - TF_VAR_subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - TF_VAR_localAdminUser: ${{ secrets.localAdminUser }} - TF_VAR_localAdminPassword: ${{ secrets.localAdminPassword }} - TF_VAR_domainAdminUser: ${{ secrets.domainAdminUser }} - TF_VAR_domainAdminPassword: ${{ secrets.domainAdminPassword }} - TF_VAR_deploymentUserName: ${{ secrets.deploymentUserName }} - TF_VAR_deploymentUserPassword: ${{ secrets.deploymentUserPassword }} - TF_VAR_servicePrincipalId: ${{ secrets.servicePrincipalId }} - TF_VAR_servicePrincipalSecret: ${{ secrets.servicePrincipalSecret }} - TF_VAR_rpServicePrincipalObjectId: ${{ secrets.rpServicePrincipalObjectId }} - TF_VAR_vmAdminPassword: ${{ secrets.vmAdminPassword }} - TF_VAR_domainJoinPassword: ${{ secrets.domainJoinPassword }} + TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + TF_VAR_hci_0_local_admin_user: ${{ secrets.localAdminUser }} + TF_VAR_hci_0_local_admin_password: ${{ secrets.localAdminPassword }} + TF_VAR_domain_admin_user: ${{ secrets.domainAdminUser }} + TF_VAR_domain_admin_password: ${{ secrets.domainAdminPassword }} + TF_VAR_hci_0_deployment_user_password: ${{ secrets.deploymentUserPassword }} + TF_VAR_hci_0_service_principal_id: ${{ secrets.servicePrincipalId }} + TF_VAR_hci_0_service_principal_secret: ${{ secrets.servicePrincipalSecret }} + TF_VAR_rp_service_principal_object_id: ${{ secrets.rpServicePrincipalObjectId }} + TF_VAR_vm_admin_password: ${{ secrets.vmAdminPassword }} + TF_VAR_domain_join_password: ${{ secrets.domainJoinPassword }} HCI_RP_SP_ID: ${{ secrets.rpServicePrincipalObjectId }} jobs: @@ -112,4 +110,3 @@ jobs: git add . git commit -m "Export Azure resource into config" git push - \ No newline at end of file diff --git a/.github/workflows/list-and-run.yml b/.github/workflows/list-and-run.yml new file mode 100644 index 0000000..0588d77 --- /dev/null +++ b/.github/workflows/list-and-run.yml @@ -0,0 +1,51 @@ +name: List and Run + +on: + workflow_call: + inputs: + directory: + required: true + type: string + +jobs: + list: + runs-on: windows-latest + outputs: + matrix: ${{ steps.setTargets.outputs.matrix }} + apply: ${{ steps.setTargets.outputs.apply }} + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v3 + + - name: List directory + id: setTargets + shell: pwsh + run: | + $inputDirectory = "${{ inputs.directory }}" + $fullPath = Join-Path $pwd ${{ inputs.directory }} + $sites = Get-ChildItem -Directory $fullPath + + $array = @() + foreach ($site in $sites) { + $array += @{ + 'siteId' = $site.Name + 'workingDirectory' = ($inputDirectory + '/' + $site.Name).Replace('\', '/') + } + } + $json = ConvertTo-Json -InputObject $array -Compress + + echo "matrix=$json" >> $env:GITHUB_OUTPUT + + $apply = if ($sites.Length -gt 0) { 'true' } else { 'false' } + echo "apply=$apply" >> $env:GITHUB_OUTPUT + apply: + needs: [list] + if: ${{ needs.list.outputs.apply == 'true' }} + strategy: + matrix: + site: ${{ fromJson(needs.list.outputs.matrix) }} + uses: ./.github/workflows/site-cd-workflow.yml + with: + working-directory: ${{ matrix.site.workingDirectory }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/scale.yml b/.github/workflows/scale.yml index f90273a..f177074 100644 --- a/.github/workflows/scale.yml +++ b/.github/workflows/scale.yml @@ -16,6 +16,8 @@ on: permissions: contents: write id-token: write + pull-requests: write + issues: write jobs: scale: @@ -68,4 +70,4 @@ jobs: git add . git commit -m "Scale more sites according to .azure/scale.csv" git push - \ No newline at end of file + \ No newline at end of file diff --git a/.github/workflows/site-cd-workflow.yml b/.github/workflows/site-cd-workflow.yml index d0650b8..34a6b54 100644 --- a/.github/workflows/site-cd-workflow.yml +++ b/.github/workflows/site-cd-workflow.yml @@ -16,21 +16,26 @@ env: ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_USE_OIDC: true - TF_VAR_subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - TF_VAR_localAdminUser: ${{ secrets.localAdminUser }} - TF_VAR_localAdminPassword: ${{ secrets.localAdminPassword }} - TF_VAR_domainAdminUser: ${{ secrets.domainAdminUser }} - TF_VAR_domainAdminPassword: ${{ secrets.domainAdminPassword }} - TF_VAR_deploymentUserPassword: ${{ secrets.deploymentUserPassword }} - TF_VAR_servicePrincipalId: ${{ secrets.servicePrincipalId }} - TF_VAR_servicePrincipalSecret: ${{ secrets.servicePrincipalSecret }} - TF_VAR_rpServicePrincipalObjectId: ${{ secrets.rpServicePrincipalObjectId }} - TF_VAR_vmAdminPassword: ${{ secrets.vmAdminPassword }} - TF_VAR_domainJoinPassword: ${{ secrets.domainJoinPassword }} + TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + TF_VAR_local_admin_user: ${{ secrets.localAdminUser }} + TF_VAR_hci_0_local_admin_user: ${{ secrets.localAdminUser }} + TF_VAR_local_admin_password: ${{ secrets.localAdminPassword }} + TF_VAR_hci_0_local_admin_password: ${{ secrets.localAdminPassword }} + TF_VAR_domain_admin_user: ${{ secrets.domainAdminUser }} + TF_VAR_domain_admin_password: ${{ secrets.domainAdminPassword }} + TF_VAR_deployment_user_password: ${{ secrets.deploymentUserPassword }} + TF_VAR_hci_0_deployment_user_password: ${{ secrets.deploymentUserPassword }} + TF_VAR_service_principal_id: ${{ secrets.servicePrincipalId }} + TF_VAR_hci_0_service_principal_id: ${{ secrets.servicePrincipalId }} + TF_VAR_service_principal_secret: ${{ secrets.servicePrincipalSecret }} + TF_VAR_hci_0_service_principal_secret: ${{ secrets.servicePrincipalSecret }} + TF_VAR_rp_service_principal_object_id: ${{ secrets.rpServicePrincipalObjectId }} + TF_VAR_vm_admin_password: ${{ secrets.vmAdminPassword }} + TF_VAR_domain_join_password: ${{ secrets.domainJoinPassword }} jobs: terraform: - name: "Terraform" + name: ${{ inputs.working-directory }} # runs-on: [windows-latest] runs-on: [self-hosted] environment: terraform @@ -114,4 +119,4 @@ jobs: uses: Azure/IaC-Telemetry@main with: event-name: "apply-failure" - directory: ${{ inputs.working-directory }} + directory: ${{ inputs.working-directory }} \ No newline at end of file diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index 870aa2b..3cd6023 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -15,17 +15,22 @@ env: ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_USE_OIDC: true - TF_VAR_subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - TF_VAR_localAdminUser: ${{ secrets.localAdminUser }} - TF_VAR_localAdminPassword: ${{ secrets.localAdminPassword }} - TF_VAR_domainAdminUser: ${{ secrets.domainAdminUser }} - TF_VAR_domainAdminPassword: ${{ secrets.domainAdminPassword }} - TF_VAR_deploymentUserPassword: ${{ secrets.deploymentUserPassword }} - TF_VAR_servicePrincipalId: ${{ secrets.servicePrincipalId }} - TF_VAR_servicePrincipalSecret: ${{ secrets.servicePrincipalSecret }} - TF_VAR_rpServicePrincipalObjectId: ${{ secrets.rpServicePrincipalObjectId }} - TF_VAR_vmAdminPassword: ${{ secrets.vmAdminPassword }} - TF_VAR_domainJoinPassword: ${{ secrets.domainJoinPassword }} + TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + TF_VAR_local_admin_user: ${{ secrets.localAdminUser }} + TF_VAR_hci_0_local_admin_user: ${{ secrets.localAdminUser }} + TF_VAR_local_admin_password: ${{ secrets.localAdminPassword }} + TF_VAR_hci_0_local_admin_password: ${{ secrets.localAdminPassword }} + TF_VAR_domain_admin_user: ${{ secrets.domainAdminUser }} + TF_VAR_domain_admin_password: ${{ secrets.domainAdminPassword }} + TF_VAR_deployment_user_password: ${{ secrets.deploymentUserPassword }} + TF_VAR_hci_0_deployment_user_password: ${{ secrets.deploymentUserPassword }} + TF_VAR_service_principal_id: ${{ secrets.servicePrincipalId }} + TF_VAR_hci_0_service_principal_id: ${{ secrets.servicePrincipalId }} + TF_VAR_service_principal_secret: ${{ secrets.servicePrincipalSecret }} + TF_VAR_hci_0_service_principal_secret: ${{ secrets.servicePrincipalSecret }} + TF_VAR_rp_service_principal_object_id: ${{ secrets.rpServicePrincipalObjectId }} + TF_VAR_vm_admin_password: ${{ secrets.vmAdminPassword }} + TF_VAR_domain_join_password: ${{ secrets.domainJoinPassword }} jobs: provide_paths: @@ -223,4 +228,3 @@ jobs: - name: Terraform Plan Status if: steps.plan.outcome == 'failure' run: exit 1 - diff --git a/BUILD.bazel b/BUILD.bazel new file mode 100644 index 0000000..6d5fb71 --- /dev/null +++ b/BUILD.bazel @@ -0,0 +1,10 @@ +filegroup( + name = "profilefiles-tar-files", + srcs = glob( + [ + "**", + ], + exclude = ["BUILD.bazel"], + ), + visibility = ["//visibility:public"], +) From d0f56201a010049d230c0f4ab6d01a9ad49c5ab8 Mon Sep 17 00:00:00 2001 From: nasusoba <108400027+nasusoba@users.noreply.github.com> Date: Tue, 12 Nov 2024 14:24:17 +0800 Subject: [PATCH 2/2] Create files --- .azure/export.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .azure/export.json diff --git a/.azure/export.json b/.azure/export.json new file mode 100644 index 0000000..b6e512c --- /dev/null +++ b/.azure/export.json @@ -0,0 +1,12 @@ +[ + { + "resourceGroup": "/subscriptions/xxxx/resourceGroups/xxxx", + "baseModulePath": "./modules/test", + "groupPath": "./dev/lalla", + "pathToUpdate": [ + "./dev", + "./qa", + "./prod" + ] + } +] \ No newline at end of file