.github/workflows/provision-azure.yml

name: provision-azure

on: [push]

env:
  KIND_NODE_VERSION: v1.31.1
  RG_NAME: rg-crossplane
  # Azure
  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}

jobs:
  crossplane-provision-azure:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@master

      # Using branch unique name for our bucket to prevent interfering jobs
      # But we need to split out the branch name, see https://stackoverflow.com/a/73467112/4964553
      # otherwise we'll run into errors like: 'compose resources: cannot associate composed resources with Composition resource templates: cannot get composed resource: invalid resource name "spring2024-bucket-renovate/xpkg.upbound.io-upbound-provider-aws-s3-1.x": [may not contain '/']'
      - name: Split branch name
        env:
          BRANCH: ${{ github.ref_name }}
        id: split
        run: echo "::set-output name=branchbucketsuffix::${BRANCH##*/}"

      - name: Spin up kind
        run: |
          echo "### Create kind cluster"
          kind create cluster --image "kindest/node:$KIND_NODE_VERSION" --wait 5m

          echo "### Let's try to access our kind cluster via kubectl"
          kubectl get nodes
      
      - name: Install crossplane via Helm & install crossplane CLI
        run: |
          echo "### Install crossplane via Helm"
          helm dependency update crossplane-install
          helm upgrade --install crossplane --namespace crossplane-system crossplane-install --create-namespace

          echo "### Install crossplane CLI"
          curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | sh
          sudo mv crossplane /usr/local/bin

      - name: Check crossplane status
        run: |
          helm list -n crossplane-system

          echo "### Wait for crossplane to become ready before installing Providers"
          kubectl wait --for=condition=ready pod -l app=crossplane --namespace crossplane-system --timeout=120s

          kubectl get all -n crossplane-system

      - name: Configure crossplane to access Azure
        run: |
          echo "### Create crossplane-azure-provider-key.json file"
          echo "{
            \"clientId\": \"$ARM_CLIENT_ID\",
            \"clientSecret\": \"$ARM_CLIENT_SECRET\",
            \"subscriptionId\": \"$ARM_SUBSCRIPTION_ID\",
            \"tenantId\": \"$ARM_TENANT_ID\",
            \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com\",
            \"resourceManagerEndpointUrl\": \"https://management.azure.com/\",
            \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\",
            \"sqlManagementEndpointUrl\": \"https://management.core.windows.net:8443/\",
            \"galleryEndpointUrl\": \"https://gallery.azure.com/\",
            \"managementEndpointUrl\": \"https://management.core.windows.net/\"
          }" > crossplane-azure-provider-key.json
          
          echo "### Create Azure Provider secret"
          kubectl create secret generic azure-account-creds -n crossplane-system --from-file=creds=./crossplane-azure-provider-key.json

          echo "### Install the crossplane Azure Provider (now using Upbound official Azure Provider Families)"
          kubectl apply -f upbound/provider-azure-storage/config/provider-azure-storage.yaml

          kubectl get provider.pkg.crossplane.io

          echo "### Wait until Azure Provider is up and running"
          kubectl wait --for=condition=healthy --timeout=120s provider/upbound-provider-azure-storage

          echo "### Create ProviderConfig to consume the Secret containing Azure credentials"
          kubectl apply -f upbound/provider-azure-storage/config/provider-config-azure.yaml

          echo "### Get overall provider status"
          kubectl get provider

      # Not using kubectl apply -f upbound/provider-azure-storage/claim.yaml currently to prevent jobs from interfering with each other
      - name: Create XRD, Composite & Claim to create ResourceGroup & StorageAccount
        run: |
          echo "### Create CompositeResourceDefinition (XRD)"
          kubectl apply -f upbound/provider-azure-storage/definition.yaml
          kubectl get xrd
          
          echo "### Wait for XRD to become Offered"
          kubectl wait --for=condition=Offered --timeout=120s xrd xstoragesazure.crossplane.jonashackt.io  

          echo "### Create Composition"
          kubectl apply -f upbound/provider-azure-storage/composition.yaml

          echo "### Create Claim, which should create ResourceGroup & StorageAccount"
          kubectl apply -f - <<EOF
          apiVersion: crossplane.jonashackt.io/v1alpha1
          kind: StorageAzure
          metadata:
            namespace: default
            name: managed-storage-account
          spec:
            compositionRef:
              name: storageazure-composition
            parameters:
              location: West Europe
              resourceGroupName: "$RG_NAME-${{ steps.split.outputs.branchbucketsuffix }}"
              storageAccountName: account4c8672d
          EOF

          echo "### Show crossplane overall status"
          kubectl get crossplane 

          echo "### Trace status of Azure ResourceGroup & Storage Account"
          crossplane beta trace storageazure.crossplane.jonashackt.io/managed-storage-account -o wide

          echo "### Wait until ResourceGroup is ready"
          kubectl wait --for=condition=ready --timeout=180s resourcegroup "$RG_NAME-${{ steps.split.outputs.branchbucketsuffix }}"

          echo "### Wait 3 mins until Claim & XR (Composite) are ready"
          kubectl wait --for=condition=ready --timeout=360s storageazure.crossplane.jonashackt.io/managed-storage-account

          echo "### Trace status of Azure ResourceGroup & Storage Account"
          crossplane beta trace storageazure.crossplane.jonashackt.io/managed-storage-account -o wide

      - name: Delete Resources
        run: |
          echo "### Remove CompositeResourceClaim to delete Storage Account and Resource Group"
          kubectl delete -f upbound/provider-azure-storage/claim.yaml