add tag to resource group for WAF deploy workflow #196
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy-Test-Cleanup (WAF) | |
on: | |
push: | |
branches: | |
- deploy-wf-w-azd | |
workflow_run: | |
workflows: ["Build Docker and Optional Push"] | |
types: | |
- completed | |
branches: | |
- main | |
- hotfix | |
- dev | |
- demo | |
schedule: | |
- cron: "10 11,23 * * *" # Runs at 11:10 AM and 11:10 PM GMT | |
env: | |
GPT_MIN_CAPACITY: 150 | |
BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }} | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
outputs: | |
RESOURCE_GROUP_NAME: ${{ steps.check_create_rg.outputs.RESOURCE_GROUP_NAME }} | |
AZURE_LOCATION: ${{ steps.set_region.outputs.AZURE_LOCATION }} | |
ENV_NAME: ${{ steps.generate_env_name.outputs.ENV_NAME }} | |
WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }} | |
MACAE_URL_API: ${{ steps.get_backend_url.outputs.MACAE_URL_API }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
- name: Run Quota Check | |
id: quota-check | |
run: | | |
export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} | |
export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} | |
export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }} | |
export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
export GPT_MIN_CAPACITY="150" | |
export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}" | |
chmod +x infra/scripts/checkquota.sh | |
if ! infra/scripts/checkquota.sh; then | |
# If quota check fails due to insufficient quota, set the flag | |
if grep -q "No region with sufficient quota found" infra/scripts/checkquota.sh; then | |
echo "QUOTA_FAILED=true" >> $GITHUB_ENV | |
fi | |
exit 1 # Fail the pipeline if any other failure occurs | |
fi | |
- name: Send Notification on Quota Failure | |
if: env.QUOTA_FAILED == 'true' | |
run: | | |
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
EMAIL_BODY=$(cat <<EOF | |
{ | |
"body": "<p>Dear Team,</p><p>The quota check has failed, and the MACAE WAF pipeline cannot proceed.</p><p><strong>Build URL:</strong> ${RUN_URL}</p><p>Please take necessary action.</p><p>Best regards,<br>Your Automation Team</p>" | |
} | |
EOF | |
) | |
curl -X POST "${{ secrets.LOGIC_APP_URL }}" \ | |
-H "Content-Type: application/json" \ | |
-d "$EMAIL_BODY" || echo "Failed to send notification" | |
- name: Fail Pipeline if Quota Check Fails | |
if: env.QUOTA_FAILED == 'true' | |
run: exit 1 | |
- name: Set Deployment Region | |
id: set_region | |
run: | | |
echo "Selected Region: $VALID_REGION" | |
echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV | |
echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_OUTPUT | |
- name: Setup Azure CLI | |
run: | | |
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash | |
az --version # Verify installation | |
- name: Setup Azure Developer CLI | |
run: | | |
curl -fsSL https://aka.ms/install-azd.sh | sudo bash | |
azd version | |
- name: Login to Azure | |
id: login-azure | |
run: | | |
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} | |
azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }} | |
- name: Install Bicep CLI | |
run: az bicep install | |
- name: Generate Resource Group Name | |
id: generate_rg_name | |
run: | | |
echo "Generating a unique resource group name..." | |
ACCL_NAME="macae" # Account name as specified | |
SHORT_UUID=$(uuidgen | cut -d'-' -f1) | |
UNIQUE_RG_NAME="arg-${ACCL_NAME}-${SHORT_UUID}" | |
echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV | |
echo "Generated Resource_GROUP_PREFIX: ${UNIQUE_RG_NAME}" | |
- name: Check and Create Resource Group | |
id: check_create_rg | |
run: | | |
set -e | |
echo "Checking if resource group exists..." | |
rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) | |
if [ "$rg_exists" = "false" ]; then | |
echo "Resource group does not exist. Creating..." | |
az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location ${{ env.AZURE_LOCATION }} --tags IsWAFEnabled=true || { echo "Error creating resource group"; exit 1; } | |
else | |
echo "Resource group already exists." | |
fi | |
echo "RESOURCE_GROUP_NAME=${{ env.RESOURCE_GROUP_NAME }}" >> $GITHUB_OUTPUT | |
- name: Generate Unique Environment Name | |
id: generate_env_name | |
run: | | |
COMMON_PART="macae" | |
TIMESTAMP=$(date +%s) | |
UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 6) | |
UNIQUE_ENV_NAME="${COMMON_PART}${UPDATED_TIMESTAMP}" | |
echo "ENV_NAME=${UNIQUE_ENV_NAME}" >> $GITHUB_ENV | |
echo "Generated Environment Name: ${UNIQUE_ENV_NAME}" | |
echo "ENV_NAME=${UNIQUE_ENV_NAME}" >> $GITHUB_OUTPUT | |
- name: Create Environment and set Variables | |
id: create_env | |
run: | | |
set -e | |
echo "Creating environment..." | |
azd env new ${{ env.ENV_NAME }} --no-prompt | |
echo "Environment created: ${{ env.ENV_NAME }}" | |
# set image tag based on branch | |
if [[ "${{ env.BRANCH_NAME }}" == "main" ]]; then | |
IMAGE_TAG="latest" | |
elif [[ "${{ env.BRANCH_NAME }}" == "dev" ]]; then | |
IMAGE_TAG="dev" | |
elif [[ "${{ env.BRANCH_NAME }}" == "demo" ]]; then | |
IMAGE_TAG="demo" | |
elif [[ "${{ env.BRANCH_NAME }}" == "hotfix" ]]; then | |
IMAGE_TAG="hotfix" | |
else | |
IMAGE_TAG="latest" | |
fi | |
echo "Using IMAGE_TAG: ${IMAGE_TAG}" | |
echo "Setting default subscription..." | |
azd config set defaults.subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
echo "Setting environment variables..." | |
azd env set AZURE_RESOURCE_GROUP="${{ env.RESOURCE_GROUP_NAME }}" | |
azd env set AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
azd env set AZURE_ENV_OPENAI_LOCATION="${{ env.AZURE_LOCATION }}" | |
azd env set AZURE_ENV_MODEL_CAPACITY="${{ env.GPT_MIN_CAPACITY }}" | |
azd env set AZURE_ENV_USE_WAF_ALIGNED_ARCHITECTURE=true | |
azd env set AZURE_ENV_IMAGETAG="${IMAGE_TAG}" | |
echo "Environment variables set successfully:" | |
azd env get-values | |
- name: Deploy using azd | |
id: deploy | |
run: | | |
set -e | |
azd up --no-prompt | |
echo "Deployment completed successfully." | |
- name: Extract Web App and API App URLs | |
id: get_output | |
run: | | |
WEBAPP_NAMES=$(az webapp list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --query "[].name" -o tsv) | |
for NAME in $WEBAPP_NAMES; do | |
if [[ $NAME == app-* ]]; then | |
WEBAPP_URL="https://${NAME}.azurewebsites.net" | |
echo "WEBAPP_URL=$WEBAPP_URL" >> $GITHUB_OUTPUT | |
fi | |
done | |
- name: Get Container App Backend URL | |
id: get_backend_url | |
run: | | |
CONTAINER_APP_NAME=$(az containerapp list \ | |
--resource-group ${{ env.RESOURCE_GROUP_NAME }} \ | |
--query "[0].name" -o tsv) | |
MACAE_URL_API=$(az containerapp show \ | |
--name "$CONTAINER_APP_NAME" \ | |
--resource-group ${{ env.RESOURCE_GROUP_NAME }} \ | |
--query "properties.configuration.ingress.fqdn" -o tsv) | |
echo "MACAE_URL_API=https://${MACAE_URL_API}" >> $GITHUB_OUTPUT | |
echo "CONTAINER_APP=${CONTAINER_APP_NAME}" >> $GITHUB_OUTPUT | |
- name: Logout from Azure | |
if: always() && steps.login-azure.outcome == 'success' | |
run: | | |
az logout | |
azd auth logout | |
e2e-test: | |
needs: deploy | |
uses: ./.github/workflows/test-automation.yml | |
with: | |
MACAE_WEB_URL: ${{ needs.deploy.outputs.WEBAPP_URL }} | |
MACAE_URL_API: ${{ needs.deploy.outputs.MACAE_URL_API }} | |
ACCELERATOR_NAME: "MACAE (WAF)" | |
secrets: inherit | |
cleanup-deployment: | |
if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' | |
needs: [deploy, e2e-test] | |
runs-on: ubuntu-latest | |
env: | |
RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }} | |
AZURE_LOCATION: ${{ needs.deploy.outputs.AZURE_LOCATION }} | |
ENV_NAME: ${{ needs.deploy.outputs.ENV_NAME }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Setup Azure Developer CLI | |
run: | | |
curl -fsSL https://aka.ms/install-azd.sh | sudo bash | |
azd version | |
- name: Login to Azure | |
run: | | |
azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }} | |
azd config set defaults.subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Select Environment | |
run: | | |
# Try to select the environment if it exists, otherwise create a minimal environment for cleanup | |
azd env list | |
if azd env list | grep -q "${{ env.ENV_NAME }}"; then | |
echo "Environment ${{ env.ENV_NAME }} found, selecting it..." | |
azd env select ${{ env.ENV_NAME }} | |
else | |
echo "Environment ${{ env.ENV_NAME }} not found, creating minimal environment for cleanup..." | |
azd env new ${{ env.ENV_NAME }} --no-prompt | |
azd env set AZURE_RESOURCE_GROUP "${{ env.RESOURCE_GROUP_NAME }}" | |
azd env set AZURE_SUBSCRIPTION_ID "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
azd env set AZURE_ENV_OPENAI_LOCATION="${{ env.AZURE_LOCATION }}" | |
azd env set AZURE_ENV_USE_WAF_ALIGNED_ARCHITECTURE=true | |
fi | |
- name: Delete deployment using azd | |
run: | | |
set -e | |
echo "Deleting deployment..." | |
azd down --purge --force --no-prompt | |
echo "Deployment deleted successfully." | |
- name: Send Notification on Failure | |
if: always() && (failure() || needs.deploy.result == 'failure') | |
run: | | |
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
# Construct the email body | |
EMAIL_BODY=$(cat <<EOF | |
{ | |
"body": "<p>Dear Team,</p><p>We would like to inform you that the Multi-Agent-Custom-Automation-Engine-Solution-Accelerator (WAF) Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> ${RUN_URL}<br> ${OUTPUT}</p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>" | |
} | |
EOF | |
) | |
# Send the notification | |
curl -X POST "${{ secrets.LOGIC_APP_URL }}" \ | |
-H "Content-Type: application/json" \ | |
-d "$EMAIL_BODY" || echo "Failed to send notification" | |
- name: Logout from Azure | |
if: always() | |
run: | | |
azd auth logout | |
echo "Logged out from Azure." |