Skip to content

add tag to resource group for WAF deploy workflow #196

add tag to resource group for WAF deploy workflow

add tag to resource group for WAF deploy workflow #196

Workflow file for this run

name: Deploy-Test-Cleanup (WAF)
on:
push:
branches:
- deploy-wf-w-azd
workflow_run:
workflows: ["Build Docker and Optional Push"]
types:
- completed
branches:
- main
- hotfix
- dev
- demo
schedule:
- cron: "10 11,23 * * *" # Runs at 11:10 AM and 11:10 PM GMT
env:
GPT_MIN_CAPACITY: 150
BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
jobs:
deploy:
runs-on: ubuntu-latest
outputs:
RESOURCE_GROUP_NAME: ${{ steps.check_create_rg.outputs.RESOURCE_GROUP_NAME }}
AZURE_LOCATION: ${{ steps.set_region.outputs.AZURE_LOCATION }}
ENV_NAME: ${{ steps.generate_env_name.outputs.ENV_NAME }}
WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }}
MACAE_URL_API: ${{ steps.get_backend_url.outputs.MACAE_URL_API }}
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Run Quota Check
id: quota-check
run: |
export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}
export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
export GPT_MIN_CAPACITY="150"
export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}"
chmod +x infra/scripts/checkquota.sh
if ! infra/scripts/checkquota.sh; then
# If quota check fails due to insufficient quota, set the flag
if grep -q "No region with sufficient quota found" infra/scripts/checkquota.sh; then
echo "QUOTA_FAILED=true" >> $GITHUB_ENV
fi
exit 1 # Fail the pipeline if any other failure occurs
fi
- name: Send Notification on Quota Failure
if: env.QUOTA_FAILED == 'true'
run: |
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
EMAIL_BODY=$(cat <<EOF
{
"body": "<p>Dear Team,</p><p>The quota check has failed, and the MACAE WAF pipeline cannot proceed.</p><p><strong>Build URL:</strong> ${RUN_URL}</p><p>Please take necessary action.</p><p>Best regards,<br>Your Automation Team</p>"
}
EOF
)
curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
-H "Content-Type: application/json" \
-d "$EMAIL_BODY" || echo "Failed to send notification"
- name: Fail Pipeline if Quota Check Fails
if: env.QUOTA_FAILED == 'true'
run: exit 1
- name: Set Deployment Region
id: set_region
run: |
echo "Selected Region: $VALID_REGION"
echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV
echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_OUTPUT
- name: Setup Azure CLI
run: |
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
az --version # Verify installation
- name: Setup Azure Developer CLI
run: |
curl -fsSL https://aka.ms/install-azd.sh | sudo bash
azd version
- name: Login to Azure
id: login-azure
run: |
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }}
- name: Install Bicep CLI
run: az bicep install
- name: Generate Resource Group Name
id: generate_rg_name
run: |
echo "Generating a unique resource group name..."
ACCL_NAME="macae" # Account name as specified
SHORT_UUID=$(uuidgen | cut -d'-' -f1)
UNIQUE_RG_NAME="arg-${ACCL_NAME}-${SHORT_UUID}"
echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV
echo "Generated Resource_GROUP_PREFIX: ${UNIQUE_RG_NAME}"
- name: Check and Create Resource Group
id: check_create_rg
run: |
set -e
echo "Checking if resource group exists..."
rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }})
if [ "$rg_exists" = "false" ]; then
echo "Resource group does not exist. Creating..."
az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location ${{ env.AZURE_LOCATION }} --tags IsWAFEnabled=true || { echo "Error creating resource group"; exit 1; }
else
echo "Resource group already exists."
fi
echo "RESOURCE_GROUP_NAME=${{ env.RESOURCE_GROUP_NAME }}" >> $GITHUB_OUTPUT
- name: Generate Unique Environment Name
id: generate_env_name
run: |
COMMON_PART="macae"
TIMESTAMP=$(date +%s)
UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 6)
UNIQUE_ENV_NAME="${COMMON_PART}${UPDATED_TIMESTAMP}"
echo "ENV_NAME=${UNIQUE_ENV_NAME}" >> $GITHUB_ENV
echo "Generated Environment Name: ${UNIQUE_ENV_NAME}"
echo "ENV_NAME=${UNIQUE_ENV_NAME}" >> $GITHUB_OUTPUT
- name: Create Environment and set Variables
id: create_env
run: |
set -e
echo "Creating environment..."
azd env new ${{ env.ENV_NAME }} --no-prompt
echo "Environment created: ${{ env.ENV_NAME }}"
# set image tag based on branch
if [[ "${{ env.BRANCH_NAME }}" == "main" ]]; then
IMAGE_TAG="latest"
elif [[ "${{ env.BRANCH_NAME }}" == "dev" ]]; then
IMAGE_TAG="dev"
elif [[ "${{ env.BRANCH_NAME }}" == "demo" ]]; then
IMAGE_TAG="demo"
elif [[ "${{ env.BRANCH_NAME }}" == "hotfix" ]]; then
IMAGE_TAG="hotfix"
else
IMAGE_TAG="latest"
fi
echo "Using IMAGE_TAG: ${IMAGE_TAG}"
echo "Setting default subscription..."
azd config set defaults.subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
echo "Setting environment variables..."
azd env set AZURE_RESOURCE_GROUP="${{ env.RESOURCE_GROUP_NAME }}"
azd env set AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
azd env set AZURE_ENV_OPENAI_LOCATION="${{ env.AZURE_LOCATION }}"
azd env set AZURE_ENV_MODEL_CAPACITY="${{ env.GPT_MIN_CAPACITY }}"
azd env set AZURE_ENV_USE_WAF_ALIGNED_ARCHITECTURE=true
azd env set AZURE_ENV_IMAGETAG="${IMAGE_TAG}"
echo "Environment variables set successfully:"
azd env get-values
- name: Deploy using azd
id: deploy
run: |
set -e
azd up --no-prompt
echo "Deployment completed successfully."
- name: Extract Web App and API App URLs
id: get_output
run: |
WEBAPP_NAMES=$(az webapp list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --query "[].name" -o tsv)
for NAME in $WEBAPP_NAMES; do
if [[ $NAME == app-* ]]; then
WEBAPP_URL="https://${NAME}.azurewebsites.net"
echo "WEBAPP_URL=$WEBAPP_URL" >> $GITHUB_OUTPUT
fi
done
- name: Get Container App Backend URL
id: get_backend_url
run: |
CONTAINER_APP_NAME=$(az containerapp list \
--resource-group ${{ env.RESOURCE_GROUP_NAME }} \
--query "[0].name" -o tsv)
MACAE_URL_API=$(az containerapp show \
--name "$CONTAINER_APP_NAME" \
--resource-group ${{ env.RESOURCE_GROUP_NAME }} \
--query "properties.configuration.ingress.fqdn" -o tsv)
echo "MACAE_URL_API=https://${MACAE_URL_API}" >> $GITHUB_OUTPUT
echo "CONTAINER_APP=${CONTAINER_APP_NAME}" >> $GITHUB_OUTPUT
- name: Logout from Azure
if: always() && steps.login-azure.outcome == 'success'
run: |
az logout
azd auth logout
e2e-test:
needs: deploy
uses: ./.github/workflows/test-automation.yml
with:
MACAE_WEB_URL: ${{ needs.deploy.outputs.WEBAPP_URL }}
MACAE_URL_API: ${{ needs.deploy.outputs.MACAE_URL_API }}
ACCELERATOR_NAME: "MACAE (WAF)"
secrets: inherit
cleanup-deployment:
if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != ''
needs: [deploy, e2e-test]
runs-on: ubuntu-latest
env:
RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
AZURE_LOCATION: ${{ needs.deploy.outputs.AZURE_LOCATION }}
ENV_NAME: ${{ needs.deploy.outputs.ENV_NAME }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Azure Developer CLI
run: |
curl -fsSL https://aka.ms/install-azd.sh | sudo bash
azd version
- name: Login to Azure
run: |
azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }}
azd config set defaults.subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Select Environment
run: |
# Try to select the environment if it exists, otherwise create a minimal environment for cleanup
azd env list
if azd env list | grep -q "${{ env.ENV_NAME }}"; then
echo "Environment ${{ env.ENV_NAME }} found, selecting it..."
azd env select ${{ env.ENV_NAME }}
else
echo "Environment ${{ env.ENV_NAME }} not found, creating minimal environment for cleanup..."
azd env new ${{ env.ENV_NAME }} --no-prompt
azd env set AZURE_RESOURCE_GROUP "${{ env.RESOURCE_GROUP_NAME }}"
azd env set AZURE_SUBSCRIPTION_ID "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
azd env set AZURE_ENV_OPENAI_LOCATION="${{ env.AZURE_LOCATION }}"
azd env set AZURE_ENV_USE_WAF_ALIGNED_ARCHITECTURE=true
fi
- name: Delete deployment using azd
run: |
set -e
echo "Deleting deployment..."
azd down --purge --force --no-prompt
echo "Deployment deleted successfully."
- name: Send Notification on Failure
if: always() && (failure() || needs.deploy.result == 'failure')
run: |
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
# Construct the email body
EMAIL_BODY=$(cat <<EOF
{
"body": "<p>Dear Team,</p><p>We would like to inform you that the Multi-Agent-Custom-Automation-Engine-Solution-Accelerator (WAF) Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> ${RUN_URL}<br> ${OUTPUT}</p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>"
}
EOF
)
# Send the notification
curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
-H "Content-Type: application/json" \
-d "$EMAIL_BODY" || echo "Failed to send notification"
- name: Logout from Azure
if: always()
run: |
azd auth logout
echo "Logged out from Azure."