-
Notifications
You must be signed in to change notification settings - Fork 107
78 lines (70 loc) · 3.48 KB
/
aks_cicd_environment_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# This is the workflow to setup the environment for Data Platform CI/CD pipelines
#
# AZURE: Before this workflow will run successfully you must do the following
# 1. Run manualPrep.ps1 in the Azure Portal and follow the instructions to set up the AZ_SP_CRED_<projectName> secret in GitHub (Settings > Secrets > "New repository secret").
# 2. Set up the SSH_PASSPHRASE secret in Settings > Secrets > "New repository secret"
name: Set Up CI/CD Environment
on:
workflow_dispatch:
inputs:
projectName:
description: 'Project Name'
required: true
default: 'db_cicd_project'
linuxNodePoolDefaultVMSize:
description: 'Linux Node Pool Default VM Size'
required: true
default: 'Standard_D2_v2'
windowsNodePoolDefaultVMSize:
description: 'Windows Node Pool Default VM Size'
required: true
default: 'Standard_D3_v2'
kubernetesVersion:
description: 'Kubernetes Version'
required: true
default: '1.19.6'
jobs:
build:
name: Setup Azure Environment
runs-on: ubuntu-latest
env:
PROJECT_NAME: ${{ github.event.inputs.projectName }}
LINUX_NODEPOOL_DEFAULT_VM_SIZE: ${{ github.event.inputs.linuxNodePoolDefaultVMSize }}
WINDOWS_NODEPOOL_DEFAULT_VM_SIZE: ${{ github.event.inputs.windowsNodePoolDefaultVMSize }}
KUBERNETES_VERSION: ${{ github.event.inputs.kubernetesVersion }}
AZ_SERVICE_PRINCIPAL_CREDENTIALS: ${{ secrets[format('AZ_SP_CRED_{0}', github.event.inputs.projectName)] }}
SSH_PASSPHRASE: ${{ secrets.SSH_PASSPHRASE }}
steps:
- uses: actions/checkout@v2
- name: decode az sp cred
id: cred-decode
shell: pwsh
run: |
$decodedCreds = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("${{ env.AZ_SERVICE_PRINCIPAL_CREDENTIALS}}"))
Write-Host ('::set-output name=az_sp_creds::'+$decodedCreds);
# documentation: https://github.com/azure/login#configure-azure-credentials
# TODO: set up a service principal which has permission only on the resource group and associated resources it creates
# MDP: This task can be replaced with Connect-AzAccount via service principal (https://docs.microsoft.com/en-us/powershell/azure/authenticate-azureps?view=azps-5.3.0). However for most pipelines, which would use azure powershell more than once, this is an anti-pattern.
# TODO: measure difference in performance between using this task and Connect-AzAccount in the next task
- name: login via az module
uses: azure/login@v1
with:
creds: ${{ steps.cred-decode.outputs.az_sp_creds }}
enable-azpssession: true
# documentation: https://github.com/marketplace/actions/azure-powershell-action
- name: run azure powershell script
uses: azure/powershell@v1
with:
azpsversion: 'latest'
errorActionPreference: 'continue'
inlineScript: |
$Parameters = @{
projectName = "$env:PROJECT_NAME";
azServicePrincipalCredentials = '${{ steps.cred-decode.outputs.az_sp_creds }}';
sshPassphrase = "$env:SSH_PASSPHRASE";
linuxNodePoolDefaultVMSize = "$env:LINUX_NODEPOOL_DEFAULT_VM_SIZE"
windowsNodePoolDefaultVMSize = "$env:WINDOWS_NODEPOOL_DEFAULT_VM_SIZE"
kubernetesVersion = "$env:KUBERNETES_VERSION"
debugOn = $false;
};
./envSetup/setup.ps1 @Parameters;