Merge pull request #230 from Azure/azure-ipam-dod

Azure IPAM Release v3.0.0
Azure · Feb 22, 2024 · a53b9e5 · a53b9e5
2 parents 64ef2d0 + b116cc7
commit a53b9e5
Show file tree

Hide file tree

Showing 77 changed files with 3,420 additions and 1,603 deletions.
diff --git a/.env.example b/.env.example
@@ -1,8 +1,11 @@
+# All Values Required
 AZURE_ENV=<AZURE CLOUD ENVIRONMENT>
-ENGINE_APP_ID=<ENGINE SERVICE PRINCIPAL CLIENT ID>
-ENGINE_APP_SECRET=<ENGINE SERVICE PRINCIPAL SECRET>
-UI_APP_ID=<UI SERVICE PRINCIPAL CLIENT ID>
+ENGINE_APP_ID=<ENGINE APP REGISTRATION CLIENT ID>
+ENGINE_APP_SECRET=<ENGINE APP REGISTRATION SECRET>
+UI_APP_ID=<UI APP REGISTRATION CLIENT ID>
 TENANT_ID=<AZURE AD TENANT ID>
 COSMOS_URL=https://<COSMOS NAME>.documents.azure.com
-COSMOS_KEY=<COSMOS ACCESS KEY>
 KEYVAULT_URL=https://<KEYVAULT NAME>.vault.azure.net
+
+# Legacy Values
+# COSMOS_KEY=<COSMOS ACCESS KEY>
diff --git a/.github/workflows/azure-ipam-build.yml b/.github/workflows/azure-ipam-build.yml
@@ -8,18 +8,116 @@ on:
 
 permissions:
   id-token: write
-  contents: read
+  contents: write
+  pull-requests: read
 
 env:
   ACR_NAME: ${{ vars.IPAM_PROD_ACR }}
 
 jobs:
-  deploy:
-    name: Update Azure IPAM Containers
+  version:
+    name: Update Azure IPAM Version
     runs-on: ubuntu-latest
+    outputs:
+      ipamVersion: ${{ steps.updateVersion.outputs.ipamVersion }}
     steps:
       - run: echo "Job triggered by a ${{ github.event_name }} event to main."
 
+      - name: Checkout Azure IPAM Code
+        uses: actions/checkout@v4
+
+      - uses: actions/github-script@v7
+        id: getPullRequestData
+        with:
+          script: |
+            return (
+              await github.rest.repos.listPullRequestsAssociatedWithCommit({
+                commit_sha: context.sha,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+              })
+            ).data[0];
+
+      - name: "Increment Azure IPAM Version"
+        id: updateVersion
+        working-directory: tools
+        env:
+          prBody: ${{ fromJson(steps.getPullRequestData.outputs.result).body }}
+        shell: pwsh
+        run: |
+          $version = [regex]::matches($env:prBody, '(?<=\[version:).*(?=])').value
+          $major = $env:prBody -match '(?<=\[)major(?=])'
+          $minor = $env:prBody -match '(?<=\[)minor(?=])'
+          $build = $env:prBody -match '(?<=\[)build(?=])'
+
+          try {
+            $version = [System.Version]$version
+            $newVersion = "{0}.{1}.{2}" -f $version.Major, $version.Minor, $version.Build
+          } catch {
+            $version = $null
+          }
+
+          if ($version) {
+            ./version.ps1 -Version $newVersion
+          } else if ($major) {
+            ./version.ps1 -BumpMajor
+          } else if ($minor) {
+            ./version.ps1 -BumpMinor
+          } else {
+            ./version.ps1 -BumpBuild
+          }
+
+      - name: "Create Azure IPAM ZIP Asset"
+        id: buildZipAsset
+        working-directory: tools
+        shell: pwsh
+        run: |
+          ./build.ps1 -Path ../assets/ 
+
+      - name: Commit Updated Azure IPAM Code
+        id: commitCode
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "[email protected]"
+          git commit -a -m "Updated Azure IPAM Version"
+          git push
+
+  release:
+    name: Create Azure IPAM Release
+    runs-on: ubuntu-latest
+    needs: [ version ]
+    steps:
+      - name: Checkout Azure IPAM Code
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            assets
+
+      - name: Publish Azure IPAM Release
+        id: publishRelease
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          tagName: v${{ needs.version.outputs.ipamVersion }}
+        run: |
+          gh release create "$tagName" \
+            --repo="$GITHUB_REPOSITORY" \
+            --title="$tagName" \
+            --notes "Azure IPAM Release"
+
+      - name: Upload Azure IPAM Release Asset
+        id: uploadReleaseAsset
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          tagName: v${{ needs.version.outputs.ipamVersion }}
+          assetPath: ./assets/ipam.zip
+        run: |
+          gh release upload "$tagName" "$assetPath"
+
+  update:
+    name: Update Azure IPAM Containers
+    runs-on: ubuntu-latest
+    needs: [ version, release ]
+    steps:
       - name: Azure login
         uses: azure/login@v1
         with:
@@ -29,26 +127,21 @@ jobs:
           enable-AzPSSession: true
 
       - name: Checkout Azure IPAM Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           sparse-checkout: |
             engine
             ui
             lb
 
-      - name: "Upload Azure IPAM Version"
-        id: updateVersion
-        shell: pwsh
-        run: |
-          $newVersion = "latest"
-
-          Write-Output "ipamVersion=$newVersion" >> $Env:GITHUB_OUTPUT
-
       - name: Build Azure IPAM Containers
         env:
-          IPAM_VERSION: ${{ steps.updateVersion.outputs.ipamVersion }}
+          IPAM_VERSION: ${{ needs.version.outputs.ipamVersion }}
         run: |
-          az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -f ./engine/Dockerfile.deb ./engine
-          az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -f ./engine/Dockerfile.func ./engine
-          az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -f ./ui/Dockerfile.deb ./ui
-          az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -f ./lb/Dockerfile ./lb
+          az acr build -r $ACR_NAME -t ipam:$IPAM_VERSION -t ipam:latest -f ./Dockerfile.deb .
+          az acr build -r $ACR_NAME -t ipamfunc:$IPAM_VERSION -t ipamfunc:latest -f ./Dockerfile.func .
+
+          az acr build -r $ACR_NAME -t ipam-engine:$IPAM_VERSION -t ipam-engine:latest -f ./engine/Dockerfile.deb ./engine
+          az acr build -r $ACR_NAME -t ipam-func:$IPAM_VERSION -t ipam-func:latest -f ./engine/Dockerfile.func ./engine
+          az acr build -r $ACR_NAME -t ipam-ui:$IPAM_VERSION -t ipam-ui:latest -f ./ui/Dockerfile.deb ./ui
+          az acr build -r $ACR_NAME -t ipam-lb:$IPAM_VERSION -t ipam-lb:latest -f ./lb/Dockerfile ./lb
diff --git a/.github/workflows/azure-ipam-testing.yml b/.github/workflows/azure-ipam-testing.yml
@@ -8,8 +8,8 @@ on:
 
 env:
   ACR_NAME: ${{ vars.IPAM_TEST_ACR }}
-  IPAM_UI_ID: ipam-ui-${{ github.run_id }}-${{ github.run_attempt }}
-  IPAM_ENGINE_ID: ipam-engine-${{ github.run_id }}-${{ github.run_attempt }}
+  IPAM_UI_NAME: ipam-ui-${{ github.run_id }}-${{ github.run_attempt }}
+  IPAM_ENGINE_NAME: ipam-engine-${{ github.run_id }}-${{ github.run_attempt }}
 
 jobs:
   deploy:
@@ -26,7 +26,7 @@ jobs:
         shell: pwsh
         run: |
           Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module Az, Microsoft.Graph, powershell-yaml -AllowClobber -Force
+          Install-Module Az, Microsoft.Graph -AllowClobber -Force
 
       - name: Azure Login
         uses: azure/login@v1
@@ -35,42 +35,36 @@ jobs:
           enable-AzPSSession: true
 
       - name: Checkout Azure IPAM Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           sparse-checkout: |
             deploy
             engine
             ui
-            lb
 
-      - name: Build Azure IPAM Containers
+      - name: Build Azure IPAM Container
         run: |
-          az acr build -r $ACR_NAME -t ipam-engine:${{ github.run_id }}-${{ github.run_attempt }} -f ./engine/Dockerfile.deb ./engine
-          az acr build -r $ACR_NAME -t ipam-func:${{ github.run_id }}-${{ github.run_attempt }} -f ./engine/Dockerfile.func ./engine
-          az acr build -r $ACR_NAME -t ipam-ui:${{ github.run_id }}-${{ github.run_attempt }}  -f ./ui/Dockerfile.deb ./ui
-          az acr build -r $ACR_NAME -t ipam-lb:${{ github.run_id }}-${{ github.run_attempt }} -f ./lb/Dockerfile ./lb
+          az acr build -r $ACR_NAME -t ipam:${{ github.run_id }}-${{ github.run_attempt }} -f ./Dockerfile.deb .
 
-      - name: Update Docker-Compose YAML
+      - name: Update Bicep File
+        working-directory: deploy
         shell: pwsh
         run: |
-          $uiContainer = "$env:ACR_NAME.azurecr.io/ipam-ui:${{ github.run_id }}-${{ github.run_attempt }}"
-          $engineContainer = "$env:ACR_NAME.azurecr.io/ipam-engine:${{ github.run_id }}-${{ github.run_attempt }}"
-          $lbContainer = "$env:ACR_NAME.azurecr.io/ipam-lb:${{ github.run_id }}-${{ github.run_attempt }}"
+          $acrName = "$env:ACR_NAME.azurecr.io"
+          $containerName = "ipam:${{ github.run_id }}-${{ github.run_attempt }}"
 
-          $composeFile = Get-Content -Path ./docker-compose.prod.yml
-          $composeYaml = $composeFile | ConvertFrom-Yaml
+          $bicepFile = Get-Content -Path ./modules/appService.bicep
 
-          $composeYaml['services']['ipam-ui'].image = $uiContainer
-          $composeYaml['services']['ipam-engine'].image = $engineContainer
-          $composeYaml['services']['nginx-proxy'].image = $lbContainer
+          $bicepFile = $bicepFile -replace "azureipam.azurecr.io", $acrName
+          $bicepFile = $bicepFile -replace "ipam:latest", $containerName
 
-          $composeYaml | ConvertTo-Yaml | Out-File -FilePath ./docker-compose.prod.yml
+          $bicepFile | Out-File -FilePath ./modules/appService.bicep -Force
 
       - name: Deploy Azure IPAM
         working-directory: deploy
         id: deployScript
         shell: pwsh
-        run: ./deploy.ps1 -Location "westus3" -UIAppName $env:IPAM_UI_ID -EngineAppName $env:IPAM_ENGINE_ID
+        run: ./deploy.ps1 -Location "westus3" -UIAppName $env:IPAM_UI_NAME -EngineAppName $env:IPAM_ENGINE_NAME
 
       - name: "Upload Logs"
         working-directory: logs
@@ -121,6 +115,10 @@ jobs:
           Write-Host ($deployDetails | Format-Table | Out-String) -NoNewline
           Write-Host "-------------------"
 
+      - name: "Sleep for 5 Minutes"
+        shell: pwsh
+        run: Start-Sleep -s 300
+
   test:
     name: Test Azure IPAM
     runs-on: ubuntu-latest
@@ -139,7 +137,7 @@ jobs:
           enable-AzPSSession: true
 
       - name: Checkout Azure IPAM Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           sparse-checkout: |
             tests
@@ -174,7 +172,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ deploy, test ]
     steps:
-      - name: Install Deployment Prerequisites
+      - name: Install Cleanup Prerequisites
         shell: pwsh
         run: |
           Set-PSRepository PSGallery -InstallationPolicy Trusted
@@ -207,9 +205,6 @@ jobs:
           $uiApp | Remove-AzADApplication
           $engineApp | Remove-AzADApplication
 
-      - name: "Remove Azure IPAM Containers"
+      - name: "Remove Azure IPAM Container"
         run: |
-          az acr repository delete --name $ACR_NAME --repository ipam-engine --yes
-          az acr repository delete --name $ACR_NAME --repository ipam-func --yes
-          az acr repository delete --name $ACR_NAME --repository ipam-ui --yes
-          az acr repository delete --name $ACR_NAME --repository ipam-lb --yes
+          az acr repository delete --name $ACR_NAME --repository ipam --yes
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,3 @@
 NOTES.md
 TODO.md
 /logs
-/deployV2
diff --git a/Dockerfile → Dockerfile.deb b/Dockerfile → Dockerfile.deb
@@ -1,11 +1,18 @@
-# syntax=docker/dockerfile:1
-FROM node:18-slim AS builder
+ARG BUILD_IMAGE=node:18-slim
+ARG SERVE_IMAGE=python:3.9-slim
 
-# Set Working Directory
-WORKDIR /app
+ARG PORT=8080
+
+FROM $BUILD_IMAGE AS builder
+
+# Disable NPM Update Notifications
+ENV NPM_CONFIG_UPDATE_NOTIFIER=false
+
+# Set the Working Directory
+WORKDIR /tmp
 
 # Add `/app/node_modules/.bin` to $PATH
-ENV PATH /app/node_modules/.bin:$PATH
+ENV PATH /tmp/node_modules/.bin:$PATH
 
 # Install UI Dependencies
 COPY ./ui/package.json ./
@@ -20,14 +27,22 @@ COPY ./ui/. ./
 # Build IPAM UI
 RUN npm run build
 
-FROM python:3.9-slim
+FROM $SERVE_IMAGE
+
+ARG PORT
+
+# Set Environment Variable
+ENV PORT=${PORT}
+
+# Disable PIP Root Warnings
+ENV PIP_ROOT_USER_ACTION=ignore
 
 # Set Working Directory
 WORKDIR /tmp
 
 # Install OpenSSH and set the password for root to "Docker!"
-RUN apt update
-RUN apt install openssh-server -y \
+RUN apt-get update
+RUN apt-get install -qq openssh-server -y \
       && echo "root:Docker!" | chpasswd 
 
 # Enable SSH root login with Password Authentication
@@ -39,15 +54,8 @@ COPY sshd_config /etc/ssh/
 RUN ssh-keygen -A
 RUN mkdir /var/run/sshd
 
-# Install NodeJS 16.x
-RUN apt install curl -y
-RUN curl -sL https://deb.nodesource.com/setup_18.x -o nodesource_setup.sh
-RUN bash ./nodesource_setup.sh
-RUN apt install nodejs
-RUN npm install -g react-inject-env
-
 # Set Working Directory
-WORKDIR /code
+WORKDIR /ipam
 
 # Install Engine Dependencies
 COPY ./engine/requirements.txt /code/requirements.txt
@@ -56,19 +64,20 @@ COPY ./engine/requirements.txt /code/requirements.txt
 RUN pip install --upgrade pip --progress-bar off
 
 # Install Dependencies
-RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt
+RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt --progress-bar off
 
 # Copy Engine Code
-COPY ./engine/app /code/app
-COPY --from=builder /app/build ./app/build
+COPY ./engine/app ./app
+COPY --from=builder /tmp/dist ./dist
 
 # Copy Init Script
-COPY ./init.sh /code
+COPY ./init.sh .
 
-# Expose Ports
-EXPOSE 80 2222
+# Set Script Execute Permissions
+RUN chmod +x init.sh
 
-# Execute Init Script
-CMD ["bash", "./init.sh"]
+# Expose Ports
+EXPOSE $PORT 2222
 
-# CMD npx --yes react-inject-env set -d /code/app/build ; uvicorn "app.main:app" --reload --host "0.0.0.0" --port 80
+# Execute Startup Script
+ENTRYPOINT ./init.sh ${PORT}