Skip to content

Commit

Permalink
Merge pull request #275 from im-practices/change-events
Browse files Browse the repository at this point in the history 
ARCH-2140 - Adding annotate app insights & pd change events
  • Loading branch information
@danielle-casella-adams
danielle-casella-adams authored Sep 4, 2024
2 parents c006240 + 97ccfd2 commit 56f038e
Show file tree
Hide file tree
Showing 18 changed files with 481 additions and 52 deletions.
31 changes: 19 additions & 12 deletions workflow-templates/im-deploy-az-app-manually.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: AmbitiousLizard_v52 DO NOT REMOVE
# Workflow Code: AmbitiousLizard_v53 DO NOT REMOVE
# Purpose:
# Gathers various stakeholder and attestor approvals, downloads artifacts from a release
# with the specified tags, makes changes to any configuration files for the specified
Expand Down Expand Up @@ -219,6 +219,7 @@ jobs:
UNZIPPED_ASSET: 'published_app' # TODO: If you have multiple deployables, this name is probably different and you need to update the value.
DEPLOY_ZIP: 'deploy.zip' # TODO: remove if this workflow is for an azure function
AZ_APP_TYPE: 'webapp' # TODO: If this workflow is for an azure function, change this value to functionapp
AZ_APP_NAME: ${{ needs.set-vars.outputs.AZ_APP_NAME }}

steps:
- name: Download artifacts from release
Expand Down Expand Up @@ -329,18 +330,18 @@ jobs:
# - name: Create a deployment slot
# run: |
# az ${{ env.AZ_APP_TYPE }} deployment slot create \
# --name ${{ needs.set-vars.outputs.AZ_APP_NAME }} \
# --name ${{ env.AZ_APP_NAME }} \
# --slot ${{ env.AZ_SLOT_NAME }} \
# --resource-group ${{ needs.set-vars.outputs.TARGET_RESOURCE_GROUP }} \
# --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} \
# --configuration-source ${{ needs.set-vars.outputs.AZ_APP_NAME }}
# --configuration-source ${{ env.AZ_APP_NAME }}

# TODO: Uncomment if you use User Managed Identity in your app service.
# - name: Assign MSI to slot
# if: steps.create-slot.outcome == 'success'
# run: |
# az webapp identity assign \
# --name ${{ needs.set-vars.outputs.AZ_APP_NAME }} \
# --name ${{ env.AZ_APP_NAME }} \
# --resource-group ${{ needs.set-vars.outputs.TARGET_RESOURCE_GROUP }} \
# --slot ${{ env.AZ_SLOT_NAME }} \
# --identities /subscriptions/${{ vars.ARM_SUBSCRIPTION_ID }}/resourcegroups/${{ needs.set-vars.outputs.PRIMARY_RESOURCE_GROUP }}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${{ needs.set-vars.outputs.AZ_APP_MSI }}
Expand All @@ -350,7 +351,7 @@ jobs:
# if: steps.create-slot.outcome == 'success'
# run: |
# az webapp vnet-integration add \
# --name ${{ needs.set-vars.outputs.AZ_APP_NAME }} \
# --name ${{ env.AZ_APP_NAME }} \
# --resource-group ${{ needs.set-vars.outputs.TARGET_RESOURCE_GROUP }} \
# --vnet ${{ needs.set-vars.outputs.VNET }} \
# --subnet ${{ needs.set-vars.outputs.SUBNET }} \
Expand All @@ -360,15 +361,15 @@ jobs:
- name: Deploy to Azure Web App
uses: azure/webapps-deploy@v3
with:
app-name: ${{ needs.set-vars.outputs.AZ_APP_NAME }}
app-name: ${{ env.AZ_APP_NAME }}
package: ./${{ env.DEPLOY_ZIP }}
slot-name: ${{ env.AZ_SLOT_NAME }} # TODO: Delete if not using slots

# TODO: remove this step if this workflow is for an azure app service
- name: Deploy to Azure Function
uses: azure/functions-action@v1
with:
app-name: ${{ needs.set-vars.outputs.AZ_APP_NAME }}
app-name: ${{ env.AZ_APP_NAME }}
package: ./${{ env.UNZIPPED_ASSET }}
slot-name: ${{ env.AZ_SLOT_NAME }} # TODO: Delete if not using slots

Expand All @@ -379,7 +380,7 @@ jobs:
# az ${{ env.AZ_APP_TYPE }} deployment slot swap \
# --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} \
# --resource-group ${{ needs.set-vars.outputs.TARGET_RESOURCE_GROUP }} \
# --name ${{ needs.set-vars.outputs.AZ_APP_NAME }} \
# --name ${{ env.AZ_APP_NAME }} \
# --slot ${{ env.AZ_SLOT_NAME }} \
# --target-slot ${{ env.TARGET_SLOT }}

Expand All @@ -388,7 +389,7 @@ jobs:
# - run: |
# az ${{ env.AZ_APP_TYPE }} deployment slot delete \
# --slot ${{ env.AZ_SLOT_NAME }} \
# --name ${{ needs.set-vars.outputs.AZ_APP_NAME }} \
# --name ${{ env.AZ_APP_NAME }} \
# --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} \
# --resource-group ${{ needs.set-vars.outputs.TARGET_RESOURCE_GROUP }}

Expand All @@ -406,16 +407,22 @@ jobs:
pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret
maintenance-window-id: ${{ steps.open-window.outputs.maintenance-window-id }}

# TODO: Delete the following step if not using app insights
- name: Annotate App Insights
uses: im-open/create-app-insights-annotation@v1.0
with:
subscriptionId: ${{ vars.ARM_SUBSCRIPTION_ID }} # This is an env-level variable
resourceGroupName: ${{ needs.set-vars.outputs.PRIMARY_RESOURCE_GROUP }}
appInsightsResourceName: '${{ needs.set-vars.outputs.APP_INSIGHTS_NAME }}'
releaseName: '${{ needs.set-vars.outputs.AZ_APP_NAME }}-${{ env.RELEASE_TAG }}'
releaseName: '${{ env.AZ_APP_NAME }}-${{ env.RELEASE_TAG }}'
category: 'Deployment'
customMetadata: 'ProjectName=${{ needs.set-vars.outputs.AZ_APP_NAME }},DeployedBy=${{ github.actor }},RunID=${{ github.run_id }}'
customMetadata: 'ProjectName=${{ env.AZ_APP_NAME }},DeployedBy=${{ github.actor }},RunID=${{ github.run_id }}'

- name: Send Deployment Event to PagerDuty
if: always()
uses: im-open/pagerduty-change-events-action@v1.1
with:
integration-key: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }} # This is an env-level secret # TODO: Ensure an integration has been created in PagerDuty on each applicable service and the secret added to the environment
custom-event: '[Deployment] ${{ inputs.tag }} deployed to ${{ inputs.environment-or-target }} ${{ env.AZ_APP_NAME }} (${{ job.status }})'

- name: Azure logout
if: always() && steps.login.outcome == 'success'
Expand Down
9 changes: 8 additions & 1 deletion workflow-templates/im-deploy-az-database.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: BetrayedCod_v37 DO NOT REMOVE
# Workflow Code: BetrayedCod_v38 DO NOT REMOVE
# Purpose:
# Gathers the required approvals from stakeholders and attestors, ensures
# tags are valid for production deployments and runs the migrations against
Expand Down Expand Up @@ -257,6 +257,13 @@ jobs:
category: 'Deployment'
customMetadata: 'ProjectName=${{ needs.set-vars.outputs.APP_INSIGHTS_ANNOTATION }},DeployedBy=${{ github.actor }},RunID=${{ github.run_id }}'

- name: Send Deployment Event to PagerDuty
if: always()
uses: im-open/pagerduty-change-events-action@v1.1
with:
integration-key: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }} # This is an env-level secret # TODO: Ensure an integration has been created in PagerDuty on each applicable service and the secret added to the environment
custom-event: '[Deployment] ${{ env.RELEASE_TAG }} deployed to ${{ inputs.environment-or-target }} ${{ env.DB_NAME }} (${{ job.status }})'

- name: Azure logout
if: always() && steps.login.outcome == 'success'
run: |
Expand Down
26 changes: 25 additions & 1 deletion workflow-templates/im-deploy-az-swap-app-slots.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: IrritatedHyena_v23 DO NOT REMOVE
# Workflow Code: IrritatedHyena_v24 DO NOT REMOVE
# Purpose:
# Swaps deployment slots in a specified environment for an Azure App Service
# or Function outside of a deployment when someone kicks it off manually.
Expand Down Expand Up @@ -94,6 +94,13 @@ jobs:
AZ_APP_NAME@demo: ''
AZ_APP_NAME@uat: ''
AZ_APP_NAME@prod: ''
# This variable is used to annotate app insights
APP_INSIGHTS_NAME@dev: ''
APP_INSIGHTS_NAME@qa: ''
APP_INSIGHTS_NAME@stage: ''
APP_INSIGHTS_NAME@demo: ''
APP_INSIGHTS_NAME@uat: ''
APP_INSIGHTS_NAME@prod: ''

- name: Open a PagerDuty Maintenance Window
if: env.OPEN_WINDOW == 'true'
Expand Down Expand Up @@ -135,6 +142,23 @@ jobs:
# --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} \
# --resource-group ${{ env.RESOURCE_GROUP }}

- name: Annotate App Insights
uses: im-open/create-app-insights-annotation@v1.0
with:
subscriptionId: ${{ vars.ARM_SUBSCRIPTION_ID }} # This is an env-level variable
resourceGroupName: ${{ env.RESOURCE_GROUP }}
appInsightsResourceName: '${{ env.APP_INSIGHTS_NAME }}'
releaseName: '${{ env.AZ_APP_NAME }}-Slot-Swap'
category: 'Deployment'
customMetadata: 'ProjectName=${{ env.AZ_APP_NAME }},SourceSlot=${{ env.SOURCE_SLOT }},TargetSlot=${{ env.TARGET_SLOT }},DeployedBy=${{ github.actor }},RunID=${{ github.run_id }}'

- name: Send Deployment Event to PagerDuty
if: always()
uses: im-open/pagerduty-change-events-action@v1.1
with:
integration-key: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }} # This is an env-level secret # TODO: Ensure an integration has been created in PagerDuty on each applicable service and the secret added to the environment
custom-event: '[Deployment] ${{ env.SOURCE_SLOT }} slot swapped with ${{ env.TARGET_SLOT }} slot for ${{ env.AZ_APP_NAME }} (${{ job.status }})'

- name: Azure logout
if: always() && steps.login.outcome == 'success'
run: |
Expand Down
54 changes: 49 additions & 5 deletions workflow-templates/im-deploy-files-to-az-storage-account.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: BubblyGreyhound_v29 DO NOT REMOVE
# Workflow Code: BubblyGreyhound_v30 DO NOT REMOVE
# Purpose:
# Checks out the repository and deploys a directory to the
# specified storage account when someone kicks it off manually.
Expand Down Expand Up @@ -46,11 +46,9 @@ permissions:
env:
ENVIRONMENT: ${{ github.event.inputs.environment }}
GITHUB_REF: ${{ github.event.inputs.branch-tag-sha }}
STORAGE_ACCOUNT_NAME: '' # TODO: Add the appropriate storage account name
TARGET_CONTAINER: '' # TODO: Add the appropriate target container in the stg account
SOURCE_DIRECTORY: '' # TODO: Add the appropriate source directory
DEPLOY_BOARD_NUM: '' # TODO: Add the automated deployment board number or remove if not using an automated deployment project board.


jobs:
deploy-to-azure:
runs-on: im-linux
Expand All @@ -65,6 +63,36 @@ jobs:
| Environment | `${{ env.ENVIRONMENT }}` |
| Branch/Tag/Sha | `${{ env.GITHUB_REF }}` |' >> $GITHUB_STEP_SUMMARY
# For more information and best practices on the usage and options available
# for this action go to: https://github.com/im-open/set-environment-variables-by-scope#usage-instructions
- name: Set Variables
uses: im-open/set-environment-variables-by-scope@v1.2
with:
scope: ${{ env.ENVIRONMENT }}
env:
# TODO: For the following inputs, fill in the value if you have the environment and delete the environment if it does not exist
# This variable is used to swap and delete slots
RESOURCE_GROUP@dev: ''
RESOURCE_GROUP@qa: ''
RESOURCE_GROUP@stage: ''
RESOURCE_GROUP@demo: ''
RESOURCE_GROUP@uat: ''
RESOURCE_GROUP@prod: ''
# This variable is used to deploy to the correct storage account
STORAGE_ACCOUNT_NAME@dev: ''
STORAGE_ACCOUNT_NAME@qa: ''
STORAGE_ACCOUNT_NAME@stage: ''
STORAGE_ACCOUNT_NAME@demo: ''
STORAGE_ACCOUNT_NAME@uat: ''
STORAGE_ACCOUNT_NAME@prod: ''
# This variable is used to annotate app insights
APP_INSIGHTS_NAME@dev: ''
APP_INSIGHTS_NAME@qa: ''
APP_INSIGHTS_NAME@stage: ''
APP_INSIGHTS_NAME@demo: ''
APP_INSIGHTS_NAME@uat: ''
APP_INSIGHTS_NAME@prod: ''

- name: Checkout Repository
uses: actions/checkout@v4
with:
Expand Down Expand Up @@ -99,7 +127,23 @@ jobs:
-d '${{ env.TARGET_CONTAINER }}' \
-s '${{ env.SOURCE_DIRECTORY }}'
# Only run this step if TechHub metadata.name value is passed in
- name: Annotate App Insights
uses: im-open/create-app-insights-annotation@v1.0
with:
subscriptionId: ${{ vars.ARM_SUBSCRIPTION_ID }} # This is an env-level variable
resourceGroupName: ${{ env.RESOURCE_GROUP }}
appInsightsResourceName: '${{ env.APP_INSIGHTS_NAME }}'
releaseName: '${{ env.STORAGE_ACCOUNT_NAME }}-File-Deploy'
category: 'Deployment'
customMetadata: 'StorageAccountName=${{ env.STORAGE_ACCOUNT_NAME }},TargetContainer=${{ env.TARGET_CONTAINER }},SourceDirectory=${{ env.SOURCE_DIRECTORY }},DeployedBy=${{ github.actor }},RunID=${{ github.run_id }}'

- name: Send Deployment Event to PagerDuty
if: always()
uses: im-open/pagerduty-change-events-action@v1.1
with:
integration-key: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }} # This is an env-level secret # TODO: Ensure an integration has been created in PagerDuty on each applicable service and the secret added to the environment
custom-event: '[Deployment] ${{ env.SOURCE_DIRECTORY }}@${{ env.GITHUB_REF }} deployed to ${{ env.STORAGE_ACCOUNT_NAME }} (${{ job.status }})'

- name: Create GitHub Deployment
if: always()
uses: im-open/create-github-deployment@v1.0
Expand Down
9 changes: 8 additions & 1 deletion workflow-templates/im-deploy-iis-website.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: FuzzyDragon_v50 DO NOT REMOVE
# Workflow Code: FuzzyDragon_v51 DO NOT REMOVE
# Purpose:
# Gathers various stakeholder and attestor approvals, downloads artifacts from a release
# with the specified tags, makes changes to any configuration files for the specified environments,
Expand Down Expand Up @@ -372,6 +372,13 @@ jobs:
service-account-id: ${{ env.DEPLOYMENT_SA_ID }}
service-account-password: ${{ secrets.DEPLOYMENT_SA_SECRET }}

- name: Send Deployment Event to PagerDuty
if: always()
uses: im-open/pagerduty-change-events-action@v1.1
with:
integration-key: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }} # This is an env-level secret # TODO: Ensure an integration has been created in PagerDuty on each applicable service and the secret added to the environment
custom-event: '[Deployment] ${{ inputs.tag }} deployed to ${{ inputs.environment }} ${{ env.WEBSITE_NAME }} (${{ job.status }})'

- name: Close the PagerDuty Maintenance Window
if: always() && steps.open-window.outcome == 'success'
uses: im-open/close-pagerduty-maintenance-window@v1.2
Expand Down
9 changes: 8 additions & 1 deletion workflow-templates/im-deploy-on-prem-database.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: AmazedPiglet_v38 DO NOT REMOVE
# Workflow Code: AmazedPiglet_v39 DO NOT REMOVE
# Purpose:
# Gathers the required approvals from stakeholders and attestors, ensures tags
# are valid for production deployments and runs the migrations against an on-prem
Expand Down Expand Up @@ -196,6 +196,13 @@ jobs:
username: '${{ steps.vault-secrets.outputs.SQL_AUTH_USERNAME }}'
password: '${{ steps.vault-secrets.outputs.SQL_AUTH_PASSWORD }}'

- name: Send Deployment Event to PagerDuty
if: always()
uses: im-open/pagerduty-change-events-action@v1.1
with:
integration-key: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }} # This is an env-level secret # TODO: Ensure an integration has been created in PagerDuty on each applicable service and the secret added to the environment
custom-event: '[Deployment] ${{ env.RELEASE_TAG }} deployed to ${{ env.ENVIRONMENT }} ${{ env.DB_NAME }} (${{ job.status }})'

- name: Azure logout
if: always() && steps.login.outcome == 'success'
run: |
Expand Down
25 changes: 21 additions & 4 deletions workflow-templates/im-deploy-tf-auto-apply-main-to-dev-on-merge.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: IrritableEagle_v39 DO NOT REMOVE
# Workflow Code: IrritableEagle_v40 DO NOT REMOVE
# Purpose:
# Automatically runs a terraform apply -auto-approve with the changes
# in the PR against the dev environment when a PR is merged to main.
Expand Down Expand Up @@ -41,6 +41,8 @@ env:
TF_IN_AUTOMATION: 'true'
TF_VERSION: '~>1.4.0' #TODO: Verify your version of terraform.
TF_WORKING_DIR: './infrastructure/dev' # TODO: Verify this directory is correct for your repository (older projects may not be inside of an infrastructure folder)
RESOURCE_GROUP: '' # TODO: Populate this value
APP_INSIGHTS_NAME: '' # TODO: Populate this value
# The following SSH_* secrets are org-level secrets
SSH_KEY_STORAGE_ACCOUNT: ${{ secrets.SSH_STORAGE_ACCOUNT }}
SSH_KEY_NETWORK_INFO: ${{ secrets.SSH_NETWORK_INFO }}
Expand All @@ -55,9 +57,7 @@ env:
jobs:
auto-apply-tf:
if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' # TODO: verify default branch name

runs-on: im-linux

environment: 'Dev'

defaults:
Expand Down Expand Up @@ -110,6 +110,7 @@ jobs:
# TODO: Remove the pagerduty token if not configuring pagerduty. If using pagerduty verify 'pagerduty_token' is the name of the variable that tf expects
# TODO: Add any other secrets that would be required for a tf plan to succeed. Since this is a multi-line command every line except the last will need a \ on the end of it
# PAGERDUTY_API_KEY is an org-level secret

- name: Terraform Apply
run: |
terraform apply -auto-approve -lock-timeout=90s \
Expand Down Expand Up @@ -138,7 +139,23 @@ jobs:
{ "name": "Actor", "value": "${{ github.actor }}" }
]
# Only run this step if TechHub metadata.name value is passed in
- name: Annotate App Insights
uses: im-open/create-app-insights-annotation@v1.0
with:
subscriptionId: ${{ vars.ARM_SUBSCRIPTION_ID }} # This is an env-level variable
resourceGroupName: ${{ env.RESOURCE_GROUP }}
appInsightsResourceName: '${{ env.APP_INSIGHTS_NAME }}'
releaseName: 'Infrastructure.main'
category: 'Deployment'
customMetadata: 'ProjectName=Infrastructure,DeployedBy=${{ github.actor }},RunID=${{ github.run_id }}'

- name: Send Deployment Event to PagerDuty
if: always()
uses: im-open/pagerduty-change-events-action@v1.1
with:
integration-key: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }} # This is an env-level secret # TODO: Ensure an integration has been created in PagerDuty on each applicable service and the secret added to the environment
custom-event: '[Deployment] Terraform@main deployed to ${{ env.RESOURCE_GROUP }} (${{ job.status }})'

- name: Create GitHub Deployment
if: always()
uses: im-open/create-github-deployment@v1.0
Expand Down
Loading

0 comments on commit 56f038e

Please sign in to comment.