-
Notifications
You must be signed in to change notification settings - Fork 0
/
allocate_resources.sh
133 lines (111 loc) · 4.76 KB
/
allocate_resources.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/bin/bash
# Colors for console output
GREEN="\e[32m"
RED="\e[31m"
BLUE="\e[34m"
CYAN="\e[36m"
YELLOW="\e[33m"
RESET="\e[0m"
# Constants
RESOURCE_GROUP="hvalfangstresourcegroup"
STORAGE_ACCOUNT_NAME="hvalfangststorageaccount"
FUNCTION_APP_NAME="hvalfangstlinuxfunctionapp"
LOCATION="westeurope"
BICEP_FILE="infra/main.bicep"
# Set environment variable to prevent path conversion in MSYS (https://github.com/Azure/azure-cli/blob/dev/doc/use_cli_with_git_bash.md#auto-translation-of-resource-ids)
export MSYS_NO_PATHCONV=1;
# Function to handle errors
handle_error() {
echo -e "${RED}Error occurred in script at line: ${BASH_LINENO[0]}. Exiting...${RESET}"
exit 1
}
# Set trap to catch errors and execute handle_error
trap 'handle_error' ERR
# Check if you are logged in to Azure
echo -e "${YELLOW}Checking if logged in to Azure...${RESET}"
az account show
if [ $? -ne 0 ]; then
echo -e "${RED}Not logged in to Azure. Please run 'az login' first.${RESET}"
exit 1
fi
# Variables retrieved from Azure CLI
SUBSCRIPTION_ID=$(az account show --query id --output tsv)
TENANT_ID=$(az account show --query tenantId --output tsv)
# Create Resource Group
echo -e "${YELLOW}Creating resource group ${RESOURCE_GROUP} in ${LOCATION} ${RESET}"
az group create --name ${RESOURCE_GROUP} --location ${LOCATION}
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to create resource group.${RESET}"
exit 1
fi
# Deploy Bicep template
echo -e "${YELLOW}Deploying Bicep template...${RESET}"
az deployment group create --resource-group $RESOURCE_GROUP --template-file $BICEP_FILE -c
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to deploy Bicep template.${RESET}"
exit 1
fi
# Create service principal used by GitHub Actions, the returned JSON is stored as secret in the GitHub repository
echo -e "${YELLOW}Creating service principal...${RESET}"
SP_APP_ID=$(az ad sp create-for-rbac --name hvalfangst-github-actions-sp --role contributor --scopes /subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP} --query "appId" -o tsv)
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to create service principal.${RESET}"
exit 1
fi
echo -e "${YELLOW}Adding federated credential to Azure AD application...${RESET}"
# Check if the federated credential already exists
EXISTING_CRED=$(az ad app federated-credential list --id ${SP_APP_ID} --query "[?name=='GitHubActionsFederatedCred']")
if [ "$EXISTING_CRED" == "[]" ]; then
# Federated credential does not exist, create it
az ad app federated-credential create --id ${SP_APP_ID} --parameters '{
"name": "GitHubActionsFederatedCred",
"issuer": "https://token.actions.githubusercontent.com",
"subject": "repo:hvalfangst/azure-static-react-website-triggering-functions:ref:refs/heads/main",
"audiences": [
"api://AzureADTokenExchange"
]
}'
echo -e "${YELLOW}Federated credential created successfully.${RESET}"
else
# Federated credential already exists
echo -e "${YELLOW}Federated credential already exists. Skipping creation.${RESET}"
fi
# Set up our storage container to serve static website with default index and 404 page
echo -e "${YELLOW}Setting up static website...${RESET}"
az storage blob service-properties update \
--account-name ${STORAGE_ACCOUNT_NAME} \
--static-website \
--index-document index.html \
--404-document 404.html
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to set up static website.${RESET}"
exit 1
fi
# Set up CORS for our Function App, which is used for our HTTP-triggered function
echo -e "${YELLOW}Setting up CORS for function app...${RESET}"
az functionapp cors add --name ${FUNCTION_APP_NAME} --resource-group ${RESOURCE_GROUP} --allowed-origins http://localhost:3000
az functionapp cors add --name ${FUNCTION_APP_NAME} --resource-group ${RESOURCE_GROUP} --allowed-origins https://hvalfangststorageaccount.z6.web.core.windows.net
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to set up CORS for function app.${RESET}"
exit 1
fi
# Set up app registration for function app
echo -e "${YELLOW}Setting up app registration for function app...${RESET}"
FUNCTION_APP_CLIENT_ID=$(az ad app create \
--display-name "hvalfangst-function-app" \
--query appId -o tsv)
if [ $? -ne 0 ] || [ -z "$FUNCTION_APP_CLIENT_ID" ]; then
echo -e "${RED}Failed to set up app registration or retrieve the app ID.${RESET}"
exit 1
fi
# Set up app settings for the function app
echo -e "${YELLOW}Setting up app settings for function app...${RESET}"
az functionapp config appsettings set \
--name ${FUNCTION_APP_NAME} \
--resource-group ${RESOURCE_GROUP} \
--settings TENANT_ID=${TENANT_ID} FUNCTION_APP_CLIENT_ID=${FUNCTION_APP_CLIENT_ID}
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to set up app settings for function app.${RESET}"
exit 1
fi
echo -e "${GREEN}All resources have been provisioned.${RESET}"