-
Notifications
You must be signed in to change notification settings - Fork 1
151 lines (119 loc) · 5.71 KB
/
create-environment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Create environment
on:
issues:
types: [ opened ]
workflow_dispatch:
permissions:
issues: write
contents: write
actions: write
jobs:
opened:
name: Create environment
runs-on: ubuntu-latest
container:
image: ghcr.io/xpiritbv/azure-sap-automation:github-workflow
if: contains(github.event.issue.labels.*.name, 'create-environment')
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get app token
id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v3
with:
application_id: ${{ secrets.APPLICATION_ID }}
application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
organization: ${{ github.repository_owner }}
- name: 'Validate Azure Credentials'
run: |
#!/usr/bin/env bash
set -euo pipefail
function missing_secret {
azure_link_issue=$(gh issue list --json 'number' | jq '.[].number' -r | grep link-azure)
gh issue reopen ${azure_link_issue}
gh issue comment ${azure_link_issue} -m "To continue, we need to have Azure credentials set.\n\nPlease set them and try again."
exit 1
}
if [[ -z "${{ secrets.AZURE_CLIENT_ID }}" ]] \
|| [[ -z "${{ secrets.AZURE_CLIENT_SECRET }}" ]] \
|| [[ -z "${{ secrets.AZURE_TENANT_ID }}" ]] \
|| [[ -z "${{ secrets.AZURE_SUBSCRIPTION_ID }}" ]]; then
missing_secret
fi
az login --service-principal \
--username ${{ secrets.AZURE_CLIENT_ID }} \
--password=${{ secrets.AZURE_CLIENT_SECRET }} \
--tenant ${{ secrets.AZURE_TENANT_ID }} \
--output none
if [ $? -ne 0 ]; then
missing_secret
fi
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
if [ $? -ne 0 ]; then
missing_secret
fi
- name: Run Issue form parser
id: parse
uses: peter-murray/issue-forms-body-parser@v4
with:
issue_id: ${{ github.event.issue.number }}
separator: '###'
label_marker_start: '' # U+200B - Zero Width Space; to make sure the UI stays clean
label_marker_end: '' # U+200B
- name: 'Create GitHub Environment'
env:
GH_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
run: |
#!/usr/bin/env bash
set -euo pipefail
json_input='${{ steps.parse.outputs.payload }}'
# json_input='{"Environment":"ACC","Region":"westeurope","Deployer Vnet":"DEP01"}'
environment=$(echo ${json_input} | jq -r '."Environment"')
region=$(echo ${json_input} | jq -r '."Region"')
deployer_vnet=$(echo ${json_input} | jq -r '."Deployer Vnet"')
pushd /source/deploy/terraform/terraform-units/modules/sap_namegenerator
region_map=$(echo var.region_mapping.${region} | terraform console | tr -d '"')
popd
region_display_name=$(az account list-locations -o json| jq --arg REGION $region '.[] | select(.name==$REGION) | .displayName' -r)
echo region_map: $region_map
echo region_display_name: $region_display_name
deployer_name=${environment}-${region_map}-${deployer_vnet}-INFRASTRUCTURE
library_name=${environment}-${region_map}-SAP_LIBRARY
url_to_call=/repos/${{ github.repository }}/environments/${deployer_name^^}
_=$(gh api \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
${url_to_call})
mkdir -p ${GITHUB_WORKSPACE}/WORKSPACES/DEPLOYER/${deployer_name^^}
mkdir -p ${GITHUB_WORKSPACE}/WORKSPACES/LIBRARY/${library_name^^}
cat .cfg_template/deployer.tfvars \
| sed "s|@@ENV@@|${environment}|g" \
| sed "s|@@REGION@@|${region}|g" \
| sed "s|@@VNET@@|${deployer_vnet}|g" \
| sed "s|@@REGION_DISPLAY_NAME@@|${region_display_name}|g" \
> ${GITHUB_WORKSPACE}/WORKSPACES/DEPLOYER/${deployer_name^^}/${deployer_name^^}.tfvars
cat .cfg_template/library.tfvars \
| sed "s|@@ENV@@|${environment}|g" \
| sed "s|@@REGION@@|${region}|g" \
> ${GITHUB_WORKSPACE}/WORKSPACES/LIBRARY/${library_name^^}/${library_name^^}.tfvars
git config --global --add safe.directory ${GITHUB_WORKSPACE}
git add ${GITHUB_WORKSPACE}/WORKSPACES
git config --global user.name "GitHub Actions"
git config --global user.email "[email protected]"
git commit -m "Add configuration for ${environment} in ${region}"
git push
# Now update the deployment workflow with the deployer and library
# Remove the current values
yq -i 'del(.on.workflow_dispatch.inputs.deployer.options)' .github/workflows/01-deploy-control-plane.yaml
yq -i 'del(.on.workflow_dispatch.inputs.library.options)' .github/workflows/01-deploy-control-plane.yaml
# Add the new values
for deployer in $(ls ${GITHUB_WORKSPACE}/WORKSPACES/DEPLOYER); do
yq -i '.on.workflow_dispatch.inputs.deployer.options += ["'${deployer}'"]' .github/workflows/01-deploy-control-plane.yaml
done
for library in $(ls ${GITHUB_WORKSPACE}/WORKSPACES/LIBRARY); do
yq -i '.on.workflow_dispatch.inputs.library.options += ["'${library}'"]' .github/workflows/01-deploy-control-plane.yaml
done
git add .github/workflows/01-deploy-control-plane.yaml
git commit -m "Add deployer and library for ${environment} in ${region}"
git push