From 414cf6c7b6c6e3cf77e8094ac2dddf3ecc5d2f13 Mon Sep 17 00:00:00 2001 From: Administrator Date: Mon, 30 Sep 2024 09:12:51 -0600 Subject: [PATCH 01/69] saving reusable actions --- .github/actions/build-frontend/action.yml | 51 ++++++++++++++ .github/actions/deploy-frontend/action.yml | 46 +++++++++++++ .github/workflows/build-deploy-frontend.yml | 73 --------------------- .github/workflows/deploy-dev.yml | 51 ++++++++++++++ 4 files changed, 148 insertions(+), 73 deletions(-) create mode 100644 .github/actions/build-frontend/action.yml create mode 100644 .github/actions/deploy-frontend/action.yml delete mode 100644 .github/workflows/build-deploy-frontend.yml create mode 100644 .github/workflows/deploy-dev.yml diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml new file mode 100644 index 00000000..0f79c036 --- /dev/null +++ b/.github/actions/build-frontend/action.yml @@ -0,0 +1,51 @@ +name: Build ReportVision's Front End +description: Build the React application +inputs: + deploy_env: + description: The environment being deployed (e.g. "prod" or "test") + required: true + frontend_tarball: + description: The path to the tar file containing the client code to deploy + required: true +runs: + using: composite + steps: + - uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODE_VERSION }} + - name: Use cache for node_modules + uses: actions/cache@v4 + with: + path: | + ./OCR/frontend/node_modules + key: npm-${{ env.NODE_VERSION }}-${{ hashFiles('OCR/frontend/package.json') }} + - name: Install dependencies + working-directory: ./OCR/frontend + shell: bash + run: | + npm ci + - name: Build deployable frontend + shell: bash + working-directory: ./OCR/frontend + env: + DEPLOY_ENV: ${{ inputs.deploy_env }} + run: | + npm run build + - name: Test frontend + shell: bash + working-directory: ./OCR/frontend + env: + DEPLOY_ENV: ${{ inputs.deploy_env }} + run: | + npm run test + - name: Pack frontend into a tarball + shell: bash + run: | + tar -C ./OCR/frontend/build -czf ${{ inputs.frontend_tarball }} . + - name: Upload frontend build files + uses: actions/upload-artifact@v4 + if: success() + with: + name: frontend-tarball + path: ${{ inputs.frontend_tarball }} + retention-days: 1 \ No newline at end of file diff --git a/.github/actions/deploy-frontend/action.yml b/.github/actions/deploy-frontend/action.yml new file mode 100644 index 00000000..f8c22a26 --- /dev/null +++ b/.github/actions/deploy-frontend/action.yml @@ -0,0 +1,46 @@ +name: Deploy ReportVision Frontend +description: Promote API from secondary slot, and deploy frontend from tarball +inputs: + deploy_env: + description: The environment being deployed (e.g. "prod" or "test") + required: true + frontend_tarball: + description: The path to the tar file containing the frontend code to deploy + required: true + azure_client_id: + description: The Azure client_id for this environment. + required: true + azure_tenant_id: + description: The Azure tenant_id for this environment. + required: true + azure_subscription_id: + description: The Azure subscription_id for this environment. + required: true + +runs: + using: composite + steps: + - uses: azure/login@v2 + with: + client-id: ${{ inputs.azure_client_id }} + tenant-id: ${{ inputs.azure_tenant_id }} + subscription-id: ${{ inputs.azure_subscription_id }} + - name: Retrieve frontend build + uses: actions/download-artifact@v4 + with: + name: frontend-tarball + - name: Unpack frontend tarball + shell: bash + run: | + mkdir frontend-build; + tar -C frontend-build -zxvf ${{ inputs.frontend_tarball }} + - name: Deploy frontend to Azure Blob Storage + shell: bash + run: | + az storage blob upload-batch -s frontend-build/ -d '$web' \ + --account-name reportvisionfrontend${{ inputs.deploy_env }} \ + --overwrite + - name: Azure logout + shell: bash + run: | + az logout \ No newline at end of file diff --git a/.github/workflows/build-deploy-frontend.yml b/.github/workflows/build-deploy-frontend.yml deleted file mode 100644 index 7ed84b59..00000000 --- a/.github/workflows/build-deploy-frontend.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Build and Deploy Frontend - -on: - workflow_dispatch: - -permissions: - id-token: write - contents: read - -jobs: - build: - name: Build - runs-on: ubuntu-latest - defaults: - run: - working-directory: OCR/frontend - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: '20' - - name: Install NPM packages - run: npm ci - - name: Build project - run: npm run build - - name: Run unit tests - run: npm run test - - name: Create client build archive - shell: bash - run: | - echo "::group::Create application archive" - tar -C ./dist/ -czf ./client.tgz . - echo "::endgroup::" - - name: Upload production-ready build files - uses: actions/upload-artifact@v4 - with: - name: production-files - path: ./OCR/frontend/client.tgz - - deploy: - name: Deploy - runs-on: ubuntu-latest - environment: build-frontend-dev - needs: [build] - steps: - - name: Download Artifacts To Job - uses: actions/download-artifact@v4 - with: - name: production-files - - name: Unpack client - shell: bash - run: | - echo "::group::Unpack client" - mkdir client-build; - tar -C client-build -zxvf client.tgz - echo "::endgroup::" - - name: Azure login - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Upload to Azure blob storage - shell: bash - run: | - az storage blob upload-batch --account-name reportvisionfrontenddev -d '$web' -s client-build/ - - name: Azure logout - shell: bash - run: | - az logout \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml new file mode 100644 index 00000000..8eee72da --- /dev/null +++ b/.github/workflows/deploy-dev.yml @@ -0,0 +1,51 @@ +name: Build and Deploy Frontend + +on: + workflow_dispatch: + inputs: + deploy_env: + description: 'The environment to deploy to' + required: true + type: choice + options: + - dev + - dev2 + - dev3 + - dev4 + - dev5 + - dev6 + +permissions: + id-token: write + contents: read + +env: + NODE_VERSION: 20 + +jobs: + build_frontend: + runs-on: ubuntu-latest + environment: ${{ inputs.deploy_env }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/build-frontend + name: Build front-end application + with: + frontend_tarball: ./frontend.tgz + deploy_env: ${{ inputs.deploy_env }} + + deploy: + name: Deploy + runs-on: ubuntu-latest + environment: ${{ inputs.deploy_env }} + needs: [build_frontend] + steps: + - uses: actions/checkout@v4 + - name: Promote and deploy + uses: ./.github/actions/deploy-application + with: + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + frontend_tarball: frontend.tgz + deploy_env: ${{ inputs.deploy_env }} \ No newline at end of file From 3b42fba458f72d81ffdfa04291ef36804d4616f0 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 1 Oct 2024 14:45:02 -0600 Subject: [PATCH 02/69] tf deploy --- .github/actions/tf-deploy/action.yml | 67 ++++++++++++++++++++++++++++ .github/workflows/deploy-dev.yml | 42 +++++++++++++++-- 2 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 .github/actions/tf-deploy/action.yml diff --git a/.github/actions/tf-deploy/action.yml b/.github/actions/tf-deploy/action.yml new file mode 100644 index 00000000..d45b72a0 --- /dev/null +++ b/.github/actions/tf-deploy/action.yml @@ -0,0 +1,67 @@ +name: Terraform Action Deployment +description: Build and push Docker image to the registry +inputs: + azure_client_id: + description: The Azure client_id for this environment. + required: true + azure_tenant_id: + description: The Azure tenant_id for this environment. + required: true + azure_subscription_id: + description: The Azure subscription_id for this environment. + required: true + deploy_env: + description: The environment to deploy to + required: true + terraform_arm_client_id: + description: Terraform ARM client ID + required: true + terraform_arm_client_secret: + description: Terraform ARM client secret + required: true + terraform_arm_subscription_id: + description: Terraform ARM subscription ID + required: true + terraform_arm_tenant_id: + description: Terraform ARM tenant ID + required: true + okta_api_token: + description: Okta API token + required: true + +runs: + using: composite + steps: + - uses: azure/login@v2 + with: + client-id: ${{ inputs.azure_client_id }} + tenant-id: ${{ inputs.azure_tenant_id }} + subscription-id: ${{ inputs.azure_subscription_id }} + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + - name: Build ReportStream function app + uses: ./.github/actions/build-reportstream-functions + with: + deploy-env: ${{ inputs.deploy_env }} + - name: Terraform Init + working-directory: ./ops/terraform/envs + env: # all Azure interaction is through Terraform + ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} + ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} + ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} + ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} + OKTA_API_TOKEN: ${{ inputs.okta_api_token }} + shell: bash + run: make init-${{ inputs.deploy_env }} + - name: Terraform deploy (infrastructure and staging slot) + working-directory: ./ops/terraform/envs + env: # all Azure interaction is through Terraform + ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} + ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} + ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} + ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} + OKTA_API_TOKEN: ${{ inputs.okta_api_token }} + shell: bash + run: | + terraform -chdir=${{ inputs.deploy_env }} init + terraform -chdir=${{ inputs.deploy_env }} plan -var-file=../api.tfvars -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 8eee72da..68aa1dd7 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,4 +1,4 @@ -name: Build and Deploy Frontend +name: Build and Deploy full app on: workflow_dispatch: @@ -14,6 +14,9 @@ on: - dev4 - dev5 - dev6 + ocr-version: + description: 'The environment to deploy to' + required: true permissions: id-token: write @@ -34,6 +37,32 @@ jobs: frontend_tarball: ./frontend.tgz deploy_env: ${{ inputs.deploy_env }} + prerelease_backend: + runs-on: ubuntu-latest + needs: [build_frontend, build_docker] + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/tf-deploy + name: Deploy with Terraform + with: + azure_creds: ${{ secrets.AZURE_CREDENTIALS }} + deploy_env: ${{ inputs.deploy_env }} + terraform_arm_client_id: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }} + terraform_arm_client_secret: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }} + terraform_arm_subscription_id: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }} + terraform_arm_tenant_id: ${{ secrets.TERRAFORM_ARM_TENANT_ID }} + okta_api_token: ${{ secrets.OKTA_API_TOKEN_NONPROD }} + - uses: ./.github/actions/stg-wait-for-slot-commit + name: Wait for correct commit to be deployed in staging slot + timeout-minutes: 5 + with: + deploy_env: ${{ inputs.deploy_env }} + - uses: ./.github/actions/stg-wait-for-slot-readiness + name: Wait for staging deploy to be ready + timeout-minutes: 1 + with: + deploy_env: ${{ inputs.deploy_env }} + deploy: name: Deploy runs-on: ubuntu-latest @@ -42,10 +71,17 @@ jobs: steps: - uses: actions/checkout@v4 - name: Promote and deploy - uses: ./.github/actions/deploy-application + uses: ./.github/actions/deploy-frontend with: azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} frontend_tarball: frontend.tgz - deploy_env: ${{ inputs.deploy_env }} \ No newline at end of file + deploy_env: ${{ inputs.deploy_env }} + - name: Deploy to Azure Web App + id: deploy-to-webapp + uses: azure/webapps-deploy@v3 + with: + app-name: reportvision-ocr-api-${{ inputs.deploy_env }} + publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} + images: 'ghcr.io/ReportVision:${{ inputs.ocr-version }}' \ No newline at end of file From 819ee602b2cba747e41ea2d3525dcbe6a1bc139b Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 3 Oct 2024 10:04:57 -0600 Subject: [PATCH 03/69] started docker reusablity --- .github/actions/build-publish-ocr/action.yml | 66 ++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/actions/build-publish-ocr/action.yml diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml new file mode 100644 index 00000000..2cfce350 --- /dev/null +++ b/.github/actions/build-publish-ocr/action.yml @@ -0,0 +1,66 @@ +name: Terraform Action Deployment +description: Build and push Docker image to the registry +inputs: + azure_client_id: + description: The Azure client_id for this environment. + required: true + azure_tenant_id: + description: The Azure tenant_id for this environment. + required: true + azure_subscription_id: + description: The Azure subscription_id for this environment. + required: true + deploy_env: + description: The environment to deploy to + required: true + terraform_arm_client_id: + description: Terraform ARM client ID + required: true + terraform_arm_client_secret: + description: Terraform ARM client secret + required: true + terraform_arm_subscription_id: + description: Terraform ARM subscription ID + required: true + terraform_arm_tenant_id: + description: Terraform ARM tenant ID + required: true + okta_api_token: + description: Okta API token + required: true + +runs: + using: composite + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ocr-api + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{version}},value=${{ env.VERSION }} + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: ./OCR/ + file: ./OCR/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}-ocr-api + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + \ No newline at end of file From 31d06bc501d508b59151c49533edb2ab5171d257 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 15:32:45 -0600 Subject: [PATCH 04/69] init --- .github/actions/build-frontend/action.yml | 14 +- .github/actions/build-publish-ocr/action.yml | 51 ++----- .github/actions/tf-deploy/action.yml | 79 ++++++----- .github/workflows/deploy-dev.yml | 140 ++++++++++--------- 4 files changed, 131 insertions(+), 153 deletions(-) diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index 0f79c036..34045e81 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -17,23 +17,23 @@ runs: uses: actions/cache@v4 with: path: | - ./OCR/frontend/node_modules - key: npm-${{ env.NODE_VERSION }}-${{ hashFiles('OCR/frontend/package.json') }} + ./frontend/node_modules + key: npm-${{ env.NODE_VERSION }}-${{ hashFiles('frontend/package.json') }} - name: Install dependencies - working-directory: ./OCR/frontend + working-directory: ./frontend shell: bash run: | npm ci - name: Build deployable frontend shell: bash - working-directory: ./OCR/frontend + working-directory: ./frontend env: DEPLOY_ENV: ${{ inputs.deploy_env }} run: | - npm run build + VITE_API_URL='https://reportvision-ocr-api-dev.azurewebsites.net/' npm run build - name: Test frontend shell: bash - working-directory: ./OCR/frontend + working-directory: ./frontend env: DEPLOY_ENV: ${{ inputs.deploy_env }} run: | @@ -41,7 +41,7 @@ runs: - name: Pack frontend into a tarball shell: bash run: | - tar -C ./OCR/frontend/build -czf ${{ inputs.frontend_tarball }} . + tar -C ./frontend/build -czf ${{ inputs.frontend_tarball }} . - name: Upload frontend build files uses: actions/upload-artifact@v4 if: success() diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index 2cfce350..ed969c58 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -1,33 +1,10 @@ name: Terraform Action Deployment description: Build and push Docker image to the registry inputs: - azure_client_id: - description: The Azure client_id for this environment. - required: true - azure_tenant_id: - description: The Azure tenant_id for this environment. - required: true - azure_subscription_id: - description: The Azure subscription_id for this environment. - required: true deploy_env: description: The environment to deploy to required: true - terraform_arm_client_id: - description: Terraform ARM client ID - required: true - terraform_arm_client_secret: - description: Terraform ARM client secret - required: true - terraform_arm_subscription_id: - description: Terraform ARM subscription ID - required: true - terraform_arm_tenant_id: - description: Terraform ARM tenant ID - required: true - okta_api_token: - description: Okta API token - required: true + runs: using: composite @@ -40,27 +17,19 @@ runs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ocr-api - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{version}},value=${{ env.VERSION }} + - name: Lowercase the repo name + shell: bash + run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + - name: Check if image exists + shell: bash + id: image_check + run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and push Docker image id: push + if: steps.image_check.outcome == 1 uses: docker/build-push-action@v6 with: context: ./OCR/ file: ./OCR/Dockerfile push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}-ocr-api - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true - \ No newline at end of file + tags: ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }}-${{ inputs.deploy_env }} \ No newline at end of file diff --git a/.github/actions/tf-deploy/action.yml b/.github/actions/tf-deploy/action.yml index d45b72a0..6678b6b6 100644 --- a/.github/actions/tf-deploy/action.yml +++ b/.github/actions/tf-deploy/action.yml @@ -13,21 +13,18 @@ inputs: deploy_env: description: The environment to deploy to required: true - terraform_arm_client_id: - description: Terraform ARM client ID - required: true - terraform_arm_client_secret: - description: Terraform ARM client secret - required: true - terraform_arm_subscription_id: - description: Terraform ARM subscription ID - required: true - terraform_arm_tenant_id: - description: Terraform ARM tenant ID - required: true - okta_api_token: - description: Okta API token - required: true + # terraform_arm_client_id: + # description: Terraform ARM client ID + # required: true + # terraform_arm_client_secret: + # description: Terraform ARM client secret + # required: true + # terraform_arm_subscription_id: + # description: Terraform ARM subscription ID + # required: true + # terraform_arm_tenant_id: + # description: Terraform ARM tenant ID + # required: true runs: using: composite @@ -39,29 +36,39 @@ runs: subscription-id: ${{ inputs.azure_subscription_id }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - - name: Build ReportStream function app - uses: ./.github/actions/build-reportstream-functions - with: - deploy-env: ${{ inputs.deploy_env }} - - name: Terraform Init - working-directory: ./ops/terraform/envs - env: # all Azure interaction is through Terraform - ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} - ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} - ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} - ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} - OKTA_API_TOKEN: ${{ inputs.okta_api_token }} + # - name: Terraform Init + # working-directory: ./ops/terraform/envs + # env: # all Azure interaction is through Terraform + # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} + # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} + # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} + # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} + # shell: bash + # run: make init-${{ inputs.deploy_env }} + - name: Set environment shell: bash - run: make init-${{ inputs.deploy_env }} - - name: Terraform deploy (infrastructure and staging slot) + id: set-environment + env: + CLIENT_ID: ${{ inputs.azure_client_id }} + run: |- + echo "tf_env=$( + echo ${{ github.event.inputs.environment }} + )" >> $GITHUB_OUTPUT + - name: Terraform deploy working-directory: ./ops/terraform/envs - env: # all Azure interaction is through Terraform - ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} - ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} - ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} - ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} - OKTA_API_TOKEN: ${{ inputs.okta_api_token }} + env: + ARM_CLIENT_ID: ${{ inputs.azure_client_id }} + ARM_TENANT_ID: ${{ inputs.azure_tenant_id }} + ARM_SUBSCRIPTION_ID: ${{ inputs.azure_subscription_id }} + TF_ENV: ${{ steps.set-environment.outputs.tf_env }} + + # env: # all Azure interaction is through Terraform + # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} + # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} + # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} + # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} shell: bash run: | terraform -chdir=${{ inputs.deploy_env }} init - terraform -chdir=${{ inputs.deploy_env }} plan -var-file=../api.tfvars -lock-timeout=30m \ No newline at end of file + terraform -chdir=${{ inputs.deploy_env }} plan -lock-timeout=30m + terraform -chdir=${{ inputs.deploy_env }} apply -auto-approve -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 68aa1dd7..3773ef06 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,22 +1,24 @@ name: Build and Deploy full app on: - workflow_dispatch: - inputs: - deploy_env: - description: 'The environment to deploy to' - required: true - type: choice - options: - - dev - - dev2 - - dev3 - - dev4 - - dev5 - - dev6 - ocr-version: - description: 'The environment to deploy to' - required: true + push: + branches: reusable-actions-combine-frontend-api + # workflow_dispatch: + # inputs: + # deploy_env: + # description: 'The environment to deploy to' + # required: true + # type: choice + # options: + # - dev + # - dev2 + # - dev3 + # - dev4 + # - dev5 + # - dev6 + # ocr-version: + # description: 'The environment to deploy to' + # required: true permissions: id-token: write @@ -24,64 +26,64 @@ permissions: env: NODE_VERSION: 20 + VERSION: ${{ inputs.ocr-version }} + deploy_env: dev jobs: - build_frontend: + build_publish_ocr: runs-on: ubuntu-latest - environment: ${{ inputs.deploy_env }} steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/build-frontend - name: Build front-end application + - name: Build and Push backend + uses: ./.github/actions/build-publish-ocr with: - frontend_tarball: ./frontend.tgz - deploy_env: ${{ inputs.deploy_env }} + deploy_env: ${{ env.deploy_env }} - prerelease_backend: - runs-on: ubuntu-latest - needs: [build_frontend, build_docker] - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/tf-deploy - name: Deploy with Terraform - with: - azure_creds: ${{ secrets.AZURE_CREDENTIALS }} - deploy_env: ${{ inputs.deploy_env }} - terraform_arm_client_id: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }} - terraform_arm_client_secret: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }} - terraform_arm_subscription_id: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }} - terraform_arm_tenant_id: ${{ secrets.TERRAFORM_ARM_TENANT_ID }} - okta_api_token: ${{ secrets.OKTA_API_TOKEN_NONPROD }} - - uses: ./.github/actions/stg-wait-for-slot-commit - name: Wait for correct commit to be deployed in staging slot - timeout-minutes: 5 - with: - deploy_env: ${{ inputs.deploy_env }} - - uses: ./.github/actions/stg-wait-for-slot-readiness - name: Wait for staging deploy to be ready - timeout-minutes: 1 - with: - deploy_env: ${{ inputs.deploy_env }} + # build_frontend: + # runs-on: ubuntu-latest + # environment: ${{ env.deploy_env }} + # steps: + # - uses: actions/checkout@v4 + # - uses: ./.github/actions/build-frontend + # name: Build front-end application + # with: + # frontend_tarball: ./frontend.tgz + # deploy_env: ${{ env.deploy_env }} - deploy: - name: Deploy - runs-on: ubuntu-latest - environment: ${{ inputs.deploy_env }} - needs: [build_frontend] - steps: - - uses: actions/checkout@v4 - - name: Promote and deploy - uses: ./.github/actions/deploy-frontend - with: - azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} - azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} - azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - frontend_tarball: frontend.tgz - deploy_env: ${{ inputs.deploy_env }} - - name: Deploy to Azure Web App - id: deploy-to-webapp - uses: azure/webapps-deploy@v3 - with: - app-name: reportvision-ocr-api-${{ inputs.deploy_env }} - publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} - images: 'ghcr.io/ReportVision:${{ inputs.ocr-version }}' \ No newline at end of file + # prerelease_backend: + # runs-on: ubuntu-latest + # needs: [build_frontend, build_docker_ocr] + # steps: + # - uses: actions/checkout@v4 + # - uses: ./.github/actions/tf-deploy + # name: Deploy with Terraform + # with: + # deploy_env: ${{ env.deploy_env }} + # azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + # azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + # azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + # deploy: + # name: Deploy + # runs-on: ubuntu-latest + # environment: ${{ env.deploy_env }} + # needs: [build_frontend] + # steps: + # - uses: actions/checkout@v4 + # - name: Promote and deploy + # uses: ./.github/actions/deploy-frontend + # with: + # azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + # azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + # azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # frontend_tarball: frontend.tgz + # deploy_env: ${{ env.deploy_env }} + # - name: Lowercase the repo name + # run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + # - name: Deploy to Azure Web App + # id: deploy-to-webapp + # uses: azure/webapps-deploy@v3 + # with: + # app-name: reportvision-ocr-api-${{ env.deploy_env }} + # publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} + # images: '${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }}-${{ env.deploy_env }}' \ No newline at end of file From 0af8c278a3ae49c947bef548e380fa54d4ad17fa Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 15:35:18 -0600 Subject: [PATCH 05/69] token --- .github/actions/build-publish-ocr/action.yml | 6 ++++-- .github/workflows/deploy-dev.yml | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index ed969c58..8c025e78 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -4,7 +4,9 @@ inputs: deploy_env: description: The environment to deploy to required: true - + token: + description: Github Token + required: true runs: using: composite @@ -16,7 +18,7 @@ runs: with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ inputs.token }} - name: Lowercase the repo name shell: bash run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 3773ef06..b014562a 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -38,6 +38,7 @@ jobs: uses: ./.github/actions/build-publish-ocr with: deploy_env: ${{ env.deploy_env }} + token: ${{ secrets.GITHUB_TOKEN }} # build_frontend: # runs-on: ubuntu-latest From 48d9557146d24374ebf21e3215a6a4113756143a Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 15:37:56 -0600 Subject: [PATCH 06/69] registry --- .github/workflows/deploy-dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index b014562a..a79c40bc 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -26,6 +26,7 @@ permissions: env: NODE_VERSION: 20 + REGISTRY: ghcr.io VERSION: ${{ inputs.ocr-version }} deploy_env: dev From 2b5c20dd15c9b3ef6e5c9c8ec4e680a852f604e2 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 15:41:01 -0600 Subject: [PATCH 07/69] version --- .github/actions/build-publish-ocr/action.yml | 2 +- .github/workflows/deploy-dev.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index 8c025e78..cb108506 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -34,4 +34,4 @@ runs: context: ./OCR/ file: ./OCR/Dockerfile push: true - tags: ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }}-${{ inputs.deploy_env }} \ No newline at end of file + tags: ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index a79c40bc..53faf927 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -27,7 +27,7 @@ permissions: env: NODE_VERSION: 20 REGISTRY: ghcr.io - VERSION: ${{ inputs.ocr-version }} + VERSION: derek-dev-combine deploy_env: dev jobs: @@ -88,4 +88,4 @@ jobs: # with: # app-name: reportvision-ocr-api-${{ env.deploy_env }} # publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} - # images: '${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }}-${{ env.deploy_env }}' \ No newline at end of file + # images: '${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }}' \ No newline at end of file From e81977591c853630435c2f535df1192b7673bbed Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 15:52:31 -0600 Subject: [PATCH 08/69] try outcomes --- .github/actions/build-publish-ocr/action.yml | 6 ++++-- .github/workflows/deploy-dev.yml | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index cb108506..ac81f007 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -7,7 +7,9 @@ inputs: token: description: Github Token required: true - + registered: + description: image registered or not + required: true runs: using: composite steps: @@ -28,7 +30,7 @@ runs: run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and push Docker image id: push - if: steps.image_check.outcome == 1 + if: ${{ inputs.registered }} == 1 uses: docker/build-push-action@v6 with: context: ./OCR/ diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 53faf927..000e209c 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -33,13 +33,21 @@ env: jobs: build_publish_ocr: runs-on: ubuntu-latest + outputs: + register_outcome: ${{ steps.image_check.outcome }} steps: - uses: actions/checkout@v4 + - name: Lowercase the repo name + run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + - name: Check if image exists + id: image_check + run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and Push backend uses: ./.github/actions/build-publish-ocr with: deploy_env: ${{ env.deploy_env }} token: ${{ secrets.GITHUB_TOKEN }} + registered: ${{ steps.image_check.outputs.register_outcome }} # build_frontend: # runs-on: ubuntu-latest From f4a0e5dd253ee7a9fd578eb0b3a151666ef256ed Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 15:53:47 -0600 Subject: [PATCH 09/69] try outcomes --- .github/workflows/deploy-dev.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 000e209c..ed601a97 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -33,8 +33,6 @@ env: jobs: build_publish_ocr: runs-on: ubuntu-latest - outputs: - register_outcome: ${{ steps.image_check.outcome }} steps: - uses: actions/checkout@v4 - name: Lowercase the repo name @@ -47,7 +45,7 @@ jobs: with: deploy_env: ${{ env.deploy_env }} token: ${{ secrets.GITHUB_TOKEN }} - registered: ${{ steps.image_check.outputs.register_outcome }} + registered: ${{ steps.image_check.outcome }} # build_frontend: # runs-on: ubuntu-latest From fc7655ce298a019989aa63696a37e7351aa577d5 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 15:56:51 -0600 Subject: [PATCH 10/69] try outcomes --- .github/actions/build-publish-ocr/action.yml | 9 +-------- .github/workflows/deploy-dev.yml | 2 +- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index ac81f007..695bed8e 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -7,9 +7,7 @@ inputs: token: description: Github Token required: true - registered: - description: image registered or not - required: true + runs: using: composite steps: @@ -24,13 +22,8 @@ runs: - name: Lowercase the repo name shell: bash run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Check if image exists - shell: bash - id: image_check - run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and push Docker image id: push - if: ${{ inputs.registered }} == 1 uses: docker/build-push-action@v6 with: context: ./OCR/ diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index ed601a97..f3c2c66d 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -42,10 +42,10 @@ jobs: run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and Push backend uses: ./.github/actions/build-publish-ocr + if: steps.image_check.outcome == 1 with: deploy_env: ${{ env.deploy_env }} token: ${{ secrets.GITHUB_TOKEN }} - registered: ${{ steps.image_check.outcome }} # build_frontend: # runs-on: ubuntu-latest From aa2445163683e99c98f8bc175f25aaa0aef1239b Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:02:23 -0600 Subject: [PATCH 11/69] try outcomes --- .github/workflows/deploy-dev.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index f3c2c66d..5428c43f 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -35,6 +35,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Lowercase the repo name run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - name: Check if image exists From 3c1f03ab5d8784418eb7345eb941fe7d17de34f2 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:03:40 -0600 Subject: [PATCH 12/69] try outcomes --- .github/workflows/deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 5428c43f..659f8faa 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -48,7 +48,7 @@ jobs: run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and Push backend uses: ./.github/actions/build-publish-ocr - if: steps.image_check.outcome == 1 + if: steps.image_check.outcome == "manifest unknown" with: deploy_env: ${{ env.deploy_env }} token: ${{ secrets.GITHUB_TOKEN }} From 6feb648e528af0947b7e01f388a72f0b78ca87b1 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:13:23 -0600 Subject: [PATCH 13/69] rm inspect --- .github/workflows/deploy-dev.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 659f8faa..53faf927 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -35,20 +35,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Lowercase the repo name - run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Check if image exists - id: image_check - run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and Push backend uses: ./.github/actions/build-publish-ocr - if: steps.image_check.outcome == "manifest unknown" with: deploy_env: ${{ env.deploy_env }} token: ${{ secrets.GITHUB_TOKEN }} From 9a4f9c74f22161ab3d15ebe1b504665112160f81 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:19:25 -0600 Subject: [PATCH 14/69] put auth prior --- .github/actions/build-publish-ocr/action.yml | 6 ------ .github/workflows/deploy-dev.yml | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index 695bed8e..3eee1e84 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -13,12 +13,6 @@ runs: steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ inputs.token }} - name: Lowercase the repo name shell: bash run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 53faf927..3970e340 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -35,6 +35,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and Push backend uses: ./.github/actions/build-publish-ocr with: From e3e1ac4b85ecfac30b0f0b0de8950afd950ec5f6 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:28:10 -0600 Subject: [PATCH 15/69] use cli --- .github/actions/build-publish-ocr/action.yml | 7 ++++++- .github/workflows/deploy-dev.yml | 7 +------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index 3eee1e84..5126313b 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -7,7 +7,9 @@ inputs: token: description: Github Token required: true - + username: + description: Github Token + required: true runs: using: composite steps: @@ -16,6 +18,9 @@ runs: - name: Lowercase the repo name shell: bash run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + - name: Login to ACR + shell: bash + run: docker login ${{ env.REGISTRY }} -u ${{ input.username }} -p ${{ inputs.token }} - name: Build and push Docker image id: push uses: docker/build-push-action@v6 diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 3970e340..4ce52cf0 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -35,17 +35,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - name: Build and Push backend uses: ./.github/actions/build-publish-ocr with: deploy_env: ${{ env.deploy_env }} token: ${{ secrets.GITHUB_TOKEN }} + username: ${{ github.actor }} # build_frontend: # runs-on: ubuntu-latest From 0cca9ed3307d0492864b70aca7b98c9cc8da8ad6 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:29:21 -0600 Subject: [PATCH 16/69] s --- .github/actions/build-publish-ocr/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index 5126313b..43d4cf77 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -20,7 +20,7 @@ runs: run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - name: Login to ACR shell: bash - run: docker login ${{ env.REGISTRY }} -u ${{ input.username }} -p ${{ inputs.token }} + run: docker login ${{ env.REGISTRY }} -u ${{ inputs.username }} -p ${{ inputs.token }} - name: Build and push Docker image id: push uses: docker/build-push-action@v6 From 0cba12e9ade6fb6e78c1963ebe417fc09249f2a4 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:34:27 -0600 Subject: [PATCH 17/69] with permissions --- .github/workflows/deploy-dev.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 4ce52cf0..9473d548 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -33,6 +33,11 @@ env: jobs: build_publish_ocr: runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write steps: - uses: actions/checkout@v4 - name: Build and Push backend From 384fb6000bf9186b5250d571c8a4dec8ca27d477 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:38:39 -0600 Subject: [PATCH 18/69] with permissions --- .github/actions/build-publish-ocr/action.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index 43d4cf77..cb108506 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -7,22 +7,28 @@ inputs: token: description: Github Token required: true - username: - description: Github Token - required: true + runs: using: composite steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ inputs.token }} - name: Lowercase the repo name shell: bash run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Login to ACR + - name: Check if image exists shell: bash - run: docker login ${{ env.REGISTRY }} -u ${{ inputs.username }} -p ${{ inputs.token }} + id: image_check + run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and push Docker image id: push + if: steps.image_check.outcome == 1 uses: docker/build-push-action@v6 with: context: ./OCR/ From 140e2847301c602588360a99178a6939214618fd Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 8 Oct 2024 16:39:20 -0600 Subject: [PATCH 19/69] with permissions --- .github/actions/build-publish-ocr/action.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index cb108506..695bed8e 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -22,13 +22,8 @@ runs: - name: Lowercase the repo name shell: bash run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Check if image exists - shell: bash - id: image_check - run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and push Docker image id: push - if: steps.image_check.outcome == 1 uses: docker/build-push-action@v6 with: context: ./OCR/ From 8828fc5319df40dfbeab95eab66ce14f11e58644 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 9 Oct 2024 11:00:12 -0600 Subject: [PATCH 20/69] move to frontend --- .github/workflows/deploy-dev.yml | 42 ++++++++++++++++---------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 9473d548..a8a7bf48 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -31,32 +31,32 @@ env: deploy_env: dev jobs: - build_publish_ocr: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - attestations: write - id-token: write - steps: - - uses: actions/checkout@v4 - - name: Build and Push backend - uses: ./.github/actions/build-publish-ocr - with: - deploy_env: ${{ env.deploy_env }} - token: ${{ secrets.GITHUB_TOKEN }} - username: ${{ github.actor }} - - # build_frontend: + # build_publish_ocr: # runs-on: ubuntu-latest - # environment: ${{ env.deploy_env }} + # permissions: + # contents: read + # packages: write + # attestations: write + # id-token: write # steps: # - uses: actions/checkout@v4 - # - uses: ./.github/actions/build-frontend - # name: Build front-end application + # - name: Build and Push backend + # uses: ./.github/actions/build-publish-ocr # with: - # frontend_tarball: ./frontend.tgz # deploy_env: ${{ env.deploy_env }} + # token: ${{ secrets.GITHUB_TOKEN }} + # username: ${{ github.actor }} + + build_frontend: + runs-on: ubuntu-latest + environment: ${{ env.deploy_env }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/build-frontend + name: Build front-end application + with: + frontend_tarball: ./frontend.tgz + deploy_env: ${{ env.deploy_env }} # prerelease_backend: # runs-on: ubuntu-latest From 4d3ce26732872694223f198d6f4372abe7aa9087 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 9 Oct 2024 11:02:06 -0600 Subject: [PATCH 21/69] move to frontend --- .github/workflows/deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index a8a7bf48..5e0d5337 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -49,7 +49,7 @@ jobs: build_frontend: runs-on: ubuntu-latest - environment: ${{ env.deploy_env }} + environment: dev steps: - uses: actions/checkout@v4 - uses: ./.github/actions/build-frontend From f19cacab6c88391d180f37d3c779b0b7c9be998d Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 9 Oct 2024 12:27:06 -0600 Subject: [PATCH 22/69] use dist dir --- .github/actions/build-frontend/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index 34045e81..62d5adfe 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -41,7 +41,7 @@ runs: - name: Pack frontend into a tarball shell: bash run: | - tar -C ./frontend/build -czf ${{ inputs.frontend_tarball }} . + tar -C ./frontend/dist/ -czf ${{ inputs.frontend_tarball }} . - name: Upload frontend build files uses: actions/upload-artifact@v4 if: success() From e26081f6b32abc0d0eaea3cbf3867277a7ff58b8 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 9 Oct 2024 13:08:19 -0600 Subject: [PATCH 23/69] wip --- .github/actions/tf-deploy/action.yml | 1 + .github/workflows/deploy-dev.yml | 36 ++++++++++++++-------------- .gitignore | 1 + 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/.github/actions/tf-deploy/action.yml b/.github/actions/tf-deploy/action.yml index 6678b6b6..d045f582 100644 --- a/.github/actions/tf-deploy/action.yml +++ b/.github/actions/tf-deploy/action.yml @@ -70,5 +70,6 @@ runs: shell: bash run: | terraform -chdir=${{ inputs.deploy_env }} init + terraform workspace select -or-create $TF_ENV terraform -chdir=${{ inputs.deploy_env }} plan -lock-timeout=30m terraform -chdir=${{ inputs.deploy_env }} apply -auto-approve -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 5e0d5337..5a89bb76 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -47,29 +47,29 @@ jobs: # token: ${{ secrets.GITHUB_TOKEN }} # username: ${{ github.actor }} - build_frontend: - runs-on: ubuntu-latest - environment: dev - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/build-frontend - name: Build front-end application - with: - frontend_tarball: ./frontend.tgz - deploy_env: ${{ env.deploy_env }} - - # prerelease_backend: + # build_frontend: # runs-on: ubuntu-latest - # needs: [build_frontend, build_docker_ocr] + # environment: dev # steps: # - uses: actions/checkout@v4 - # - uses: ./.github/actions/tf-deploy - # name: Deploy with Terraform + # - uses: ./.github/actions/build-frontend + # name: Build front-end application # with: + # frontend_tarball: ./frontend.tgz # deploy_env: ${{ env.deploy_env }} - # azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} - # azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} - # azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + prerelease_backend: + runs-on: ubuntu-latest + # needs: [build_frontend, build_docker_ocr] + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/tf-deploy + name: Deploy with Terraform + with: + deploy_env: ${{ env.deploy_env }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} # deploy: # name: Deploy diff --git a/.gitignore b/.gitignore index 89d91479..6af91327 100644 --- a/.gitignore +++ b/.gitignore @@ -417,4 +417,5 @@ sketch .terraform *.tfplan* *.tfstate* +*.tfvars From ea2beafbdd008dbdda34636f5047d559a0ebcab4 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 9 Oct 2024 14:12:31 -0600 Subject: [PATCH 24/69] load vars --- .github/actions/tf-deploy/action.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/actions/tf-deploy/action.yml b/.github/actions/tf-deploy/action.yml index d045f582..55c530bb 100644 --- a/.github/actions/tf-deploy/action.yml +++ b/.github/actions/tf-deploy/action.yml @@ -45,6 +45,18 @@ runs: # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} # shell: bash # run: make init-${{ inputs.deploy_env }} + - name: Load input variables + working-directory: ./ops/terraform/envs/dev + shell: bash + env: + SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }} + RESOURCE_GROUP_NAME: ${{ secrets.RESOURCE_GROUP_NAME }} #the one thats selected + CLIENT_ID: ${{ secrets.CLIENT_ID }} + run: | + echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars + echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars + echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars + az config set defaults.group=$RESOURCE_GROUP_NAME - name: Set environment shell: bash id: set-environment @@ -55,7 +67,7 @@ runs: echo ${{ github.event.inputs.environment }} )" >> $GITHUB_OUTPUT - name: Terraform deploy - working-directory: ./ops/terraform/envs + working-directory: ./ops/terraform/envs/dev env: ARM_CLIENT_ID: ${{ inputs.azure_client_id }} ARM_TENANT_ID: ${{ inputs.azure_tenant_id }} @@ -69,7 +81,7 @@ runs: # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} shell: bash run: | - terraform -chdir=${{ inputs.deploy_env }} init + terraform init terraform workspace select -or-create $TF_ENV - terraform -chdir=${{ inputs.deploy_env }} plan -lock-timeout=30m - terraform -chdir=${{ inputs.deploy_env }} apply -auto-approve -lock-timeout=30m \ No newline at end of file + terraform plan -lock-timeout=30m + terraform apply -auto-approve -lock-timeout=30m \ No newline at end of file From 9bd6f38dd84a324a25ddf513dd937f0a26c598ea Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 10 Oct 2024 10:30:24 -0600 Subject: [PATCH 25/69] build front and back together --- .github/actions/deploy-frontend/action.yml | 46 ------------ .github/actions/tf-deploy/action.yml | 87 ---------------------- .github/workflows/deploy-dev.yml | 78 +++++-------------- 3 files changed, 20 insertions(+), 191 deletions(-) delete mode 100644 .github/actions/deploy-frontend/action.yml delete mode 100644 .github/actions/tf-deploy/action.yml diff --git a/.github/actions/deploy-frontend/action.yml b/.github/actions/deploy-frontend/action.yml deleted file mode 100644 index f8c22a26..00000000 --- a/.github/actions/deploy-frontend/action.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Deploy ReportVision Frontend -description: Promote API from secondary slot, and deploy frontend from tarball -inputs: - deploy_env: - description: The environment being deployed (e.g. "prod" or "test") - required: true - frontend_tarball: - description: The path to the tar file containing the frontend code to deploy - required: true - azure_client_id: - description: The Azure client_id for this environment. - required: true - azure_tenant_id: - description: The Azure tenant_id for this environment. - required: true - azure_subscription_id: - description: The Azure subscription_id for this environment. - required: true - -runs: - using: composite - steps: - - uses: azure/login@v2 - with: - client-id: ${{ inputs.azure_client_id }} - tenant-id: ${{ inputs.azure_tenant_id }} - subscription-id: ${{ inputs.azure_subscription_id }} - - name: Retrieve frontend build - uses: actions/download-artifact@v4 - with: - name: frontend-tarball - - name: Unpack frontend tarball - shell: bash - run: | - mkdir frontend-build; - tar -C frontend-build -zxvf ${{ inputs.frontend_tarball }} - - name: Deploy frontend to Azure Blob Storage - shell: bash - run: | - az storage blob upload-batch -s frontend-build/ -d '$web' \ - --account-name reportvisionfrontend${{ inputs.deploy_env }} \ - --overwrite - - name: Azure logout - shell: bash - run: | - az logout \ No newline at end of file diff --git a/.github/actions/tf-deploy/action.yml b/.github/actions/tf-deploy/action.yml deleted file mode 100644 index 55c530bb..00000000 --- a/.github/actions/tf-deploy/action.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: Terraform Action Deployment -description: Build and push Docker image to the registry -inputs: - azure_client_id: - description: The Azure client_id for this environment. - required: true - azure_tenant_id: - description: The Azure tenant_id for this environment. - required: true - azure_subscription_id: - description: The Azure subscription_id for this environment. - required: true - deploy_env: - description: The environment to deploy to - required: true - # terraform_arm_client_id: - # description: Terraform ARM client ID - # required: true - # terraform_arm_client_secret: - # description: Terraform ARM client secret - # required: true - # terraform_arm_subscription_id: - # description: Terraform ARM subscription ID - # required: true - # terraform_arm_tenant_id: - # description: Terraform ARM tenant ID - # required: true - -runs: - using: composite - steps: - - uses: azure/login@v2 - with: - client-id: ${{ inputs.azure_client_id }} - tenant-id: ${{ inputs.azure_tenant_id }} - subscription-id: ${{ inputs.azure_subscription_id }} - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - # - name: Terraform Init - # working-directory: ./ops/terraform/envs - # env: # all Azure interaction is through Terraform - # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} - # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} - # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} - # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} - # shell: bash - # run: make init-${{ inputs.deploy_env }} - - name: Load input variables - working-directory: ./ops/terraform/envs/dev - shell: bash - env: - SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }} - RESOURCE_GROUP_NAME: ${{ secrets.RESOURCE_GROUP_NAME }} #the one thats selected - CLIENT_ID: ${{ secrets.CLIENT_ID }} - run: | - echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars - echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars - echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars - az config set defaults.group=$RESOURCE_GROUP_NAME - - name: Set environment - shell: bash - id: set-environment - env: - CLIENT_ID: ${{ inputs.azure_client_id }} - run: |- - echo "tf_env=$( - echo ${{ github.event.inputs.environment }} - )" >> $GITHUB_OUTPUT - - name: Terraform deploy - working-directory: ./ops/terraform/envs/dev - env: - ARM_CLIENT_ID: ${{ inputs.azure_client_id }} - ARM_TENANT_ID: ${{ inputs.azure_tenant_id }} - ARM_SUBSCRIPTION_ID: ${{ inputs.azure_subscription_id }} - TF_ENV: ${{ steps.set-environment.outputs.tf_env }} - - # env: # all Azure interaction is through Terraform - # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} - # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} - # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} - # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} - shell: bash - run: | - terraform init - terraform workspace select -or-create $TF_ENV - terraform plan -lock-timeout=30m - terraform apply -auto-approve -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 5a89bb76..7c16d7e6 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -31,67 +31,29 @@ env: deploy_env: dev jobs: - # build_publish_ocr: - # runs-on: ubuntu-latest - # permissions: - # contents: read - # packages: write - # attestations: write - # id-token: write - # steps: - # - uses: actions/checkout@v4 - # - name: Build and Push backend - # uses: ./.github/actions/build-publish-ocr - # with: - # deploy_env: ${{ env.deploy_env }} - # token: ${{ secrets.GITHUB_TOKEN }} - # username: ${{ github.actor }} - - # build_frontend: - # runs-on: ubuntu-latest - # environment: dev - # steps: - # - uses: actions/checkout@v4 - # - uses: ./.github/actions/build-frontend - # name: Build front-end application - # with: - # frontend_tarball: ./frontend.tgz - # deploy_env: ${{ env.deploy_env }} - - prerelease_backend: + build_publish_ocr: runs-on: ubuntu-latest - # needs: [build_frontend, build_docker_ocr] + permissions: + contents: read + packages: write + attestations: write + id-token: write steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/tf-deploy - name: Deploy with Terraform + - name: Build and Push backend + uses: ./.github/actions/build-publish-ocr with: deploy_env: ${{ env.deploy_env }} - azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} - azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} - azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + token: ${{ secrets.GITHUB_TOKEN }} + username: ${{ github.actor }} - # deploy: - # name: Deploy - # runs-on: ubuntu-latest - # environment: ${{ env.deploy_env }} - # needs: [build_frontend] - # steps: - # - uses: actions/checkout@v4 - # - name: Promote and deploy - # uses: ./.github/actions/deploy-frontend - # with: - # azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} - # azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} - # azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # frontend_tarball: frontend.tgz - # deploy_env: ${{ env.deploy_env }} - # - name: Lowercase the repo name - # run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - # - name: Deploy to Azure Web App - # id: deploy-to-webapp - # uses: azure/webapps-deploy@v3 - # with: - # app-name: reportvision-ocr-api-${{ env.deploy_env }} - # publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} - # images: '${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }}' \ No newline at end of file + build_frontend: + runs-on: ubuntu-latest + environment: dev + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/build-frontend + name: Build front-end application + with: + frontend_tarball: ./frontend.tgz + deploy_env: ${{ env.deploy_env }} \ No newline at end of file From 0d10bdf8ebbace5305ae48a2a9af165748628bfb Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 10 Oct 2024 14:41:51 -0600 Subject: [PATCH 26/69] clean-up --- .github/actions/build-publish-ocr/action.yml | 5 ++- .github/workflows/deploy-dev.yml | 43 +++++++++----------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index 695bed8e..c7fe5f52 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -7,6 +7,9 @@ inputs: token: description: Github Token required: true + version: + description: ocr-api version + required: true runs: using: composite @@ -29,4 +32,4 @@ runs: context: ./OCR/ file: ./OCR/Dockerfile push: true - tags: ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} \ No newline at end of file + tags: ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ inputs.version }} \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 7c16d7e6..18699619 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,24 +1,22 @@ name: Build and Deploy full app on: - push: - branches: reusable-actions-combine-frontend-api - # workflow_dispatch: - # inputs: - # deploy_env: - # description: 'The environment to deploy to' - # required: true - # type: choice - # options: - # - dev - # - dev2 - # - dev3 - # - dev4 - # - dev5 - # - dev6 - # ocr-version: - # description: 'The environment to deploy to' - # required: true + workflow_dispatch: + inputs: + deploy_env: + description: 'The environment to deploy to' + required: true + type: choice + options: + - dev + - dev2 + - dev3 + - dev4 + - dev5 + - dev6 + ocr-version: + description: 'The environment to deploy to' + required: true permissions: id-token: write @@ -27,8 +25,7 @@ permissions: env: NODE_VERSION: 20 REGISTRY: ghcr.io - VERSION: derek-dev-combine - deploy_env: dev + jobs: build_publish_ocr: @@ -43,9 +40,9 @@ jobs: - name: Build and Push backend uses: ./.github/actions/build-publish-ocr with: - deploy_env: ${{ env.deploy_env }} + deploy_env: ${{ inputs.deploy_env }} token: ${{ secrets.GITHUB_TOKEN }} - username: ${{ github.actor }} + version: ${{ inputs.ocr-version }} build_frontend: runs-on: ubuntu-latest @@ -56,4 +53,4 @@ jobs: name: Build front-end application with: frontend_tarball: ./frontend.tgz - deploy_env: ${{ env.deploy_env }} \ No newline at end of file + deploy_env: ${{ inputs.deploy_env }} \ No newline at end of file From d2cde091e2c4d5d1f3afda957718ba6abfbc63db Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 10 Oct 2024 14:51:32 -0600 Subject: [PATCH 27/69] clean-up --- .github/actions/build-frontend/action.yml | 1 + .github/actions/build-publish-ocr/action.yml | 2 +- .github/workflows/deploy-dev.yml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index 62d5adfe..01f8ce56 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -7,6 +7,7 @@ inputs: frontend_tarball: description: The path to the tar file containing the client code to deploy required: true + runs: using: composite steps: diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml index c7fe5f52..b89efcfb 100644 --- a/.github/actions/build-publish-ocr/action.yml +++ b/.github/actions/build-publish-ocr/action.yml @@ -1,4 +1,4 @@ -name: Terraform Action Deployment +name: Build and publish ReportVision's OCR API description: Build and push Docker image to the registry inputs: deploy_env: diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 18699619..9ca29a20 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,4 +1,4 @@ -name: Build and Deploy full app +name: Build and deploy all of ReportVision's services to a development environment on: workflow_dispatch: @@ -15,7 +15,7 @@ on: - dev5 - dev6 ocr-version: - description: 'The environment to deploy to' + description: 'Create a version for this OCR API image' required: true permissions: From 8163469e2e5a6af7ba7f3fc65bef3c3533c942e2 Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 10 Oct 2024 15:34:18 -0600 Subject: [PATCH 28/69] test clean-up --- .github/actions/build-frontend/action.yml | 25 +++++---- .github/actions/build-publish-api/action.yml | 47 +++++++++++++++++ .github/actions/build-publish-ocr/action.yml | 35 ------------- .github/workflows/deploy-dev.yml | 55 ++++++++++++-------- 4 files changed, 93 insertions(+), 69 deletions(-) create mode 100644 .github/actions/build-publish-api/action.yml delete mode 100644 .github/actions/build-publish-ocr/action.yml diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index 01f8ce56..e8b8fa5c 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -1,12 +1,15 @@ name: Build ReportVision's Front End description: Build the React application inputs: - deploy_env: + deploy-env: description: The environment being deployed (e.g. "prod" or "test") required: true - frontend_tarball: + frontend-tarball: description: The path to the tar file containing the client code to deploy required: true + frontend-path: + description: The path to the root of the frontend files + required: true runs: using: composite @@ -18,35 +21,35 @@ runs: uses: actions/cache@v4 with: path: | - ./frontend/node_modules + ${{ inputs.frontend-path }}/node_modules key: npm-${{ env.NODE_VERSION }}-${{ hashFiles('frontend/package.json') }} - name: Install dependencies - working-directory: ./frontend + working-directory: ${{ inputs.frontend-path }} shell: bash run: | npm ci - name: Build deployable frontend shell: bash - working-directory: ./frontend + working-directory: ${{ inputs.frontend-path }} env: - DEPLOY_ENV: ${{ inputs.deploy_env }} + DEPLOY_ENV: ${{ inputs.deploy-env }} run: | - VITE_API_URL='https://reportvision-ocr-api-dev.azurewebsites.net/' npm run build + VITE_API_URL=${{ env.OCR_API_URL }} npm run build - name: Test frontend shell: bash - working-directory: ./frontend + working-directory: ${{ inputs.frontend-path }} env: - DEPLOY_ENV: ${{ inputs.deploy_env }} + DEPLOY_ENV: ${{ inputs.deploy-env }} run: | npm run test - name: Pack frontend into a tarball shell: bash run: | - tar -C ./frontend/dist/ -czf ${{ inputs.frontend_tarball }} . + tar -C ${{ inputs.frontend-build-path }} -czf ${{ inputs.frontend-tarball }} . - name: Upload frontend build files uses: actions/upload-artifact@v4 if: success() with: name: frontend-tarball - path: ${{ inputs.frontend_tarball }} + path: ${{ inputs.frontend-tarball }} retention-days: 1 \ No newline at end of file diff --git a/.github/actions/build-publish-api/action.yml b/.github/actions/build-publish-api/action.yml new file mode 100644 index 00000000..d94ff779 --- /dev/null +++ b/.github/actions/build-publish-api/action.yml @@ -0,0 +1,47 @@ +name: Build and publish a ReportVision's API +description: Build and push Docker image to the registry +inputs: + docker-registry: + description: The Docker registry. i.e. ghcr, acr, ecr, jfrog, docker.io + required: true + docker-pw: + description: Github Token + required: true + docker-username: + description: Docker registry username + required: true + version: + description: API version + required: true + dockerfile-path: + description: Dockerfile path + required: true + docker-context-path: + description: Path of the docker context + required: true + api-name: + description: The name of the api being built + required: true + +runs: + using: composite + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ inputs.docker-registry }} + username: ${{ inputs.docker-username }} + password: ${{ inputs.docker-pw }} + - name: Lowercase the repo name + shell: bash + run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: ${{ inputs.docker-context-path }} + file: ${{ inputs.dockerfile-path }} + push: true + tags: ${{ inputs.docker-registry }}/${{ env.REPO }}-${{ inputs.api-name }}:${{ inputs.version }} \ No newline at end of file diff --git a/.github/actions/build-publish-ocr/action.yml b/.github/actions/build-publish-ocr/action.yml deleted file mode 100644 index b89efcfb..00000000 --- a/.github/actions/build-publish-ocr/action.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Build and publish ReportVision's OCR API -description: Build and push Docker image to the registry -inputs: - deploy_env: - description: The environment to deploy to - required: true - token: - description: Github Token - required: true - version: - description: ocr-api version - required: true - -runs: - using: composite - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ inputs.token }} - - name: Lowercase the repo name - shell: bash - run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Build and push Docker image - id: push - uses: docker/build-push-action@v6 - with: - context: ./OCR/ - file: ./OCR/Dockerfile - push: true - tags: ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ inputs.version }} \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 9ca29a20..2ebf293c 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,22 +1,24 @@ name: Build and deploy all of ReportVision's services to a development environment on: - workflow_dispatch: - inputs: - deploy_env: - description: 'The environment to deploy to' - required: true - type: choice - options: - - dev - - dev2 - - dev3 - - dev4 - - dev5 - - dev6 - ocr-version: - description: 'Create a version for this OCR API image' - required: true + push: + branches: reusable-actions-combine-frontend-api + # workflow_dispatch: + # inputs: + # deploy-env: + # description: 'The environment to deploy to' + # required: true + # type: choice + # options: + # - dev + # - dev2 + # - dev3 + # - dev4 + # - dev5 + # - dev6 + # ocr-version: + # description: 'Create a version for this OCR API image' + # required: true permissions: id-token: write @@ -24,7 +26,8 @@ permissions: env: NODE_VERSION: 20 - REGISTRY: ghcr.io + OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/' + jobs: @@ -38,11 +41,15 @@ jobs: steps: - uses: actions/checkout@v4 - name: Build and Push backend - uses: ./.github/actions/build-publish-ocr + uses: ./.github/actions/build-publish-api with: - deploy_env: ${{ inputs.deploy_env }} - token: ${{ secrets.GITHUB_TOKEN }} - version: ${{ inputs.ocr-version }} + docker-registry: ghcr.io + docker-pw: ${{ secrets.GITHUB_TOKEN }} + docker-username: ${{ github.actor }} + version: derek-dev-combine + dockerfile-path: ./OCR/Dockerfile + docker-context-path: ./OCR/ + api-name: ocr-api build_frontend: runs-on: ubuntu-latest @@ -52,5 +59,7 @@ jobs: - uses: ./.github/actions/build-frontend name: Build front-end application with: - frontend_tarball: ./frontend.tgz - deploy_env: ${{ inputs.deploy_env }} \ No newline at end of file + frontend-tarball: ./frontend.tgz + deploy-env: dev + frontend-path: ./frontend + frontend-build-path: ./frontend/dist/ \ No newline at end of file From 6cc1cdb25d752cc2746d34f92f83c8027791752c Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 10 Oct 2024 15:42:30 -0600 Subject: [PATCH 29/69] worked --- .github/actions/build-frontend/action.yml | 3 ++ .github/workflows/deploy-dev.yml | 38 +++++++++++------------ 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index e8b8fa5c..00b8f9d3 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -10,6 +10,9 @@ inputs: frontend-path: description: The path to the root of the frontend files required: true + frontend-build-path: + description: The temporary path where build files are storaged + required: true runs: using: composite diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 2ebf293c..cf2725f0 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,24 +1,22 @@ name: Build and deploy all of ReportVision's services to a development environment on: - push: - branches: reusable-actions-combine-frontend-api - # workflow_dispatch: - # inputs: - # deploy-env: - # description: 'The environment to deploy to' - # required: true - # type: choice - # options: - # - dev - # - dev2 - # - dev3 - # - dev4 - # - dev5 - # - dev6 - # ocr-version: - # description: 'Create a version for this OCR API image' - # required: true + workflow_dispatch: + inputs: + deploy-env: + description: 'The environment to deploy to' + required: true + type: choice + options: + - dev + - dev2 + - dev3 + - dev4 + - dev5 + - dev6 + ocr-version: + description: 'Create a version for this OCR API image' + required: true permissions: id-token: write @@ -46,7 +44,7 @@ jobs: docker-registry: ghcr.io docker-pw: ${{ secrets.GITHUB_TOKEN }} docker-username: ${{ github.actor }} - version: derek-dev-combine + version: ${{ inputs.ocr-version }} dockerfile-path: ./OCR/Dockerfile docker-context-path: ./OCR/ api-name: ocr-api @@ -60,6 +58,6 @@ jobs: name: Build front-end application with: frontend-tarball: ./frontend.tgz - deploy-env: dev + deploy-env: ${{ inputs.deploy-env }} frontend-path: ./frontend frontend-build-path: ./frontend/dist/ \ No newline at end of file From 64aea5a4e2115a43da0c4b6e50f0b2e35dac461a Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 10 Oct 2024 15:51:19 -0600 Subject: [PATCH 30/69] clean more --- .github/workflows/deploy-dev.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index cf2725f0..517fcb68 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -26,8 +26,6 @@ env: NODE_VERSION: 20 OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/' - - jobs: build_publish_ocr: runs-on: ubuntu-latest From 1fdc4dbcf31bde608477ea948337cde45dfec17a Mon Sep 17 00:00:00 2001 From: Administrator Date: Fri, 11 Oct 2024 11:24:15 -0600 Subject: [PATCH 31/69] wip --- .github/actions/build-publish-api/action.yml | 6 +- .github/actions/deploy-tf/action.yml | 95 ++++++++++++++++++++ .github/workflows/deploy-dev.yml | 50 +++++++---- 3 files changed, 130 insertions(+), 21 deletions(-) create mode 100644 .github/actions/deploy-tf/action.yml diff --git a/.github/actions/build-publish-api/action.yml b/.github/actions/build-publish-api/action.yml index d94ff779..65ace41b 100644 --- a/.github/actions/build-publish-api/action.yml +++ b/.github/actions/build-publish-api/action.yml @@ -10,8 +10,8 @@ inputs: docker-username: description: Docker registry username required: true - version: - description: API version + docker-tag: + description: Docker tag, typically an API version required: true dockerfile-path: description: Dockerfile path @@ -44,4 +44,4 @@ runs: context: ${{ inputs.docker-context-path }} file: ${{ inputs.dockerfile-path }} push: true - tags: ${{ inputs.docker-registry }}/${{ env.REPO }}-${{ inputs.api-name }}:${{ inputs.version }} \ No newline at end of file + tags: ${{ inputs.docker-registry }}/${{ env.REPO }}-${{ inputs.api-name }}:${{ inputs.docker-tag }} \ No newline at end of file diff --git a/.github/actions/deploy-tf/action.yml b/.github/actions/deploy-tf/action.yml new file mode 100644 index 00000000..e82299cb --- /dev/null +++ b/.github/actions/deploy-tf/action.yml @@ -0,0 +1,95 @@ +name: Deploy Terraform +description: Deploy needed resources with Terraform to individual environments. +inputs: + docker-tag: + description: The environment to deploy to + required: true + deploy-env: + description: The environment to deploy to + required: true + azure-resource-group: + description: The Azure Resource Group for this environment. + required: true + azure-client-id: + description: The Azure client_id for this environment. + required: true + azure-tenant-id: + description: The Azure tenant_id for this environment. + required: true + azure-subscription-id: + description: The Azure subscription_id for this environment. + required: true + # terraform_arm_client_id: + # description: Terraform ARM client ID + # required: true + # terraform_arm_client_secret: + # description: Terraform ARM client secret + # required: true + # terraform_arm_subscription_id: + # description: Terraform ARM subscription ID + # required: true + # terraform_arm_tenant_id: + # description: Terraform ARM tenant ID + # required: true + +runs: + using: composite + steps: + - uses: azure/login@v2 + with: + client-id: ${{ inputs.azure-client-id }} + tenant-id: ${{ inputs.azure-tenant-id }} + subscription-id: ${{ inputs.azure-subscription-id }} + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + # - name: Terraform Init + # working-directory: ./ops/terraform/envs + # env: # all Azure interaction is through Terraform + # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} + # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} + # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} + # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} + # shell: bash + # run: make init-${{ inputs.deploy_env }} + - name: Load input variables + working-directory: ./ops/terraform + shell: bash + env: + SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} + RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }} + CLIENT_ID: ${{ inputs.azure-client-id }} + DOCKER_TAG: ${{ inputs.docker-tag }} + run: | + echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars + echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars + echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars + echo docker_tag=\""$DOCKER_TAG"\" >> terraform.tfvars + az config set defaults.group=$RESOURCE_GROUP_NAME + - name: Set environment + shell: bash + id: set-environment + env: + DEPLOY_ENV: ${{ inputs.deploy-env }} + run: |- + echo "tf-env=$( + echo ${DEPLOY_ENV} + )" >> $GITHUB_OUTPUT + - name: Terraform deploy + working-directory: ./ops/terraform + env: + ARM_CLIENT_ID: ${{ inputs.azure-client-id }} + ARM_TENANT_ID: ${{ inputs.azure-tenant-id }} + ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} + TF_ENV: ${{ steps.set-environment.outputs.tf-env }} + + # env: # all Azure interaction is through Terraform + # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} + # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} + # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} + # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} + shell: bash + run: | + terraform init + terraform workspace select -or-create $TF_ENV + terraform plan -lock-timeout=30m + terraform apply -auto-approve -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 517fcb68..b5b9e868 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -36,26 +36,40 @@ jobs: id-token: write steps: - uses: actions/checkout@v4 - - name: Build and Push backend - uses: ./.github/actions/build-publish-api - with: - docker-registry: ghcr.io - docker-pw: ${{ secrets.GITHUB_TOKEN }} - docker-username: ${{ github.actor }} - version: ${{ inputs.ocr-version }} - dockerfile-path: ./OCR/Dockerfile - docker-context-path: ./OCR/ - api-name: ocr-api + # - name: Build and Push backend + # uses: ./.github/actions/build-publish-api + # with: + # docker-registry: ghcr.io + # docker-pw: ${{ secrets.GITHUB_TOKEN }} + # docker-username: ${{ github.actor }} + # docker-tag: ${{ inputs.ocr-version }} + # dockerfile-path: ./OCR/Dockerfile + # docker-context-path: ./OCR/ + # api-name: ocr-api + + # build_frontend: + # runs-on: ubuntu-latest + # environment: dev + # steps: + # - uses: actions/checkout@v4 + # - uses: ./.github/actions/build-frontend + # name: Build front-end application + # with: + # frontend-tarball: ./frontend.tgz + # deploy-env: ${{ inputs.deploy-env }} + # frontend-path: ./frontend + # frontend-build-path: ./frontend/dist/ - build_frontend: + prerelease_backend: runs-on: ubuntu-latest - environment: dev + # needs: [build_frontend, build_docker_ocr] steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/build-frontend - name: Build front-end application + - uses: ./.github/actions/tf-deploy + name: Deploy with Terraform with: - frontend-tarball: ./frontend.tgz - deploy-env: ${{ inputs.deploy-env }} - frontend-path: ./frontend - frontend-build-path: ./frontend/dist/ \ No newline at end of file + deploy-env: dev + docker-tag: derek-dev-combine + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} \ No newline at end of file From 19951a8564fb50429f553c971740e9073868daac Mon Sep 17 00:00:00 2001 From: Administrator Date: Fri, 11 Oct 2024 12:58:34 -0600 Subject: [PATCH 32/69] Terraform variable clean-up and creation --- ops/terraform/locals.tf | 3 +- ops/terraform/main.tf | 20 ++++++--- ops/terraform/modules/app_gateway/main.tf | 44 +++++++++---------- .../modules/app_gateway/variables.tf | 5 +-- ops/terraform/modules/app_service/main.tf | 12 ++--- .../modules/app_service/variables.tf | 11 +++-- ops/terraform/modules/compute/variables.tf | 1 + .../modules/container_instances/main.tf | 2 +- .../modules/container_instances/variables.tf | 1 + ops/terraform/modules/network/main.tf | 10 ++--- ops/terraform/modules/network/variables.tf | 1 + ops/terraform/modules/security/main.tf | 2 +- ops/terraform/modules/security/variables.tf | 1 + ops/terraform/modules/storage/main.tf | 2 +- ops/terraform/modules/storage/variables.tf | 1 + ops/terraform/variables.tf | 12 +++++ 16 files changed, 74 insertions(+), 54 deletions(-) diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index 5a609c97..1b0a15d4 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -1,8 +1,7 @@ locals { - environment = "${terraform.workspace}" + environment = terraform.workspace init = { environment = local.environment - resource_group_name = "reportvision-rg-${terraform.workspace}" location = "eastus2" } network = { diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index 03cf19c8..bb7e11d0 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -10,6 +10,7 @@ locals { ########## module "networking" { source = "./modules/network" + name = var.name location = data.azurerm_resource_group.dev.location resource_group = data.azurerm_resource_group.dev.name vnetcidr = local.network.config.vnetcidr @@ -26,6 +27,7 @@ module "networking" { module "securitygroup" { source = "./modules/security" + name = var.name location = data.azurerm_resource_group.dev.location resource_group = data.azurerm_resource_group.dev.name web_subnet_id = module.networking.websubnet_id @@ -37,6 +39,7 @@ module "securitygroup" { module "app_gateway" { source = "./modules/app_gateway" + name = var.name resource_group_location = data.azurerm_resource_group.dev.location resource_group_name = data.azurerm_resource_group.dev.name @@ -55,6 +58,7 @@ module "app_gateway" { module "storage" { source = "./modules/storage" + name = var.name location = data.azurerm_resource_group.dev.location resource_group = data.azurerm_resource_group.dev.name env = local.environment @@ -68,12 +72,16 @@ module "storage" { ########## module "ocr_api" { - source = "./modules/app_service" - location = local.init.location - resource_group = data.azurerm_resource_group.dev.name - app_subnet_id = module.networking.lbsubnet_id - env = local.environment - vnet = module.networking.network_name + source = "./modules/app_service" + name = var.name + location = local.init.location + resource_group = data.azurerm_resource_group.dev.name + docker_tag = var.docker_tag + docker_registry_path = var.docker_registry_path + docker_registry_url = var.docker_registry_url + app_subnet_id = module.networking.lbsubnet_id + env = local.environment + vnet = module.networking.network_name } # module "compute" { diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf index c69d9b20..d4da84f5 100644 --- a/ops/terraform/modules/app_gateway/main.tf +++ b/ops/terraform/modules/app_gateway/main.tf @@ -1,5 +1,5 @@ resource "azurerm_public_ip" "lb-pip" { - name = "reportvision-pip-lb-${var.env}" + name = "${var.name}-pip-lb-${var.env}" resource_group_name = var.resource_group_name location = var.resource_group_location allocation_method = "Static" @@ -10,25 +10,25 @@ resource "azurerm_public_ip" "lb-pip" { # since these variables are re-used - a locals block makes this more maintainable locals { - backend_address_pool_name_static = "${var.vnet-name}-beap-static" - backend_address_pool_name_api = "${var.vnet-name}-beap-api" - frontend_port_name_api = "${var.vnet-name}-feport-api" - frontend_port_name_static = "${var.vnet-name}-feport-static" - frontend_ip_configuration_name = "${var.vnet-name}-feip" - http_setting_name_static = "${var.vnet-name}-be-htst-static" - http_setting_name_api = "${var.vnet-name}-be-htst-api" - listener_name_static = "${var.vnet-name}-httplstn-static" - listener_name_api = "${var.vnet-name}-httplstn-api" - request_routing_rule_name_api = "${var.vnet-name}-rqrt-api" - request_routing_rule_name_static = "${var.vnet-name}-rqrt-static" - redirect_configuration_name = "${var.vnet-name}-rdrcfg" - static_probe_name_app = "${var.vnet-name}-be-probe-app-static" - api_probe_name_app = "${var.vnet-name}-be-probe-app-api" - redirect_rule = "${var.vnet-name}-redirect" + backend_address_pool_name_static = "${var.name}-${var.env}-beap-static" + backend_address_pool_name_api = "${var.name}-${var.env}-beap-api" + frontend_port_name_api = "${var.name}-${var.env}-feport-api" + frontend_port_name_static = "${var.name}-${var.env}-feport-static" + frontend_ip_configuration_name = "${var.name}-${var.env}-feip" + http_setting_name_static = "${var.name}-${var.env}-be-htst-static" + http_setting_name_api = "${var.name}-${var.env}-be-htst-api" + listener_name_static = "${var.name}-${var.env}-httplstn-static" + listener_name_api = "${var.name}-${var.env}-httplstn-api" + request_routing_rule_name_api = "${var.name}-${var.env}-rqrt-api" + request_routing_rule_name_static = "${var.name}-${var.env}-rqrt-static" + redirect_configuration_name = "${var.name}-${var.env}-rdrcfg" + static_probe_name_app = "${var.name}-${var.env}-be-probe-app-static" + api_probe_name_app = "${var.name}-${var.env}-be-probe-app-api" + redirect_rule = "${var.name}-${var.env}-redirect" } resource "azurerm_application_gateway" "load_balancer" { - name = "reportvision-appgateway-${var.env}" + name = "${var.name}-appgateway-${var.env}" resource_group_name = var.resource_group_name location = var.resource_group_location @@ -39,7 +39,7 @@ resource "azurerm_application_gateway" "load_balancer" { } gateway_ip_configuration { - name = "reportvision-gateway-ip-configuration" + name = "${var.name}-gateway-ip-configuration" subnet_id = var.web-subnet } @@ -154,10 +154,10 @@ resource "azurerm_application_gateway" "load_balancer" { url_path_map { - name = "${var.vnet-name}-urlmap" + name = "${var.name}${var.env}-urlmap" default_backend_address_pool_name = local.backend_address_pool_name_static default_backend_http_settings_name = local.http_setting_name_static - default_rewrite_rule_set_name = "mde-routing" + default_rewrite_rule_set_name = "${var.name}-routing" path_rule { name = "api" @@ -166,11 +166,11 @@ resource "azurerm_application_gateway" "load_balancer" { backend_http_settings_name = local.http_setting_name_api // this is the default, why would we set it again? // because if we don't do this we get 404s on API calls - rewrite_rule_set_name = "mde-routing" + rewrite_rule_set_name = "${var.name}-routing" } } rewrite_rule_set { - name = "mde-routing" + name = "${var.name}-routing" rewrite_rule { name = "api-wildcard" diff --git a/ops/terraform/modules/app_gateway/variables.tf b/ops/terraform/modules/app_gateway/variables.tf index 4aa71b84..a4bf2bad 100644 --- a/ops/terraform/modules/app_gateway/variables.tf +++ b/ops/terraform/modules/app_gateway/variables.tf @@ -1,7 +1,4 @@ -variable "vnet-name" { - type = string - default = "reportvision-dev" -} +variable "name" {} variable "resource_group_name" {} variable "resource_group_location" {} variable "web-subnet" {} diff --git a/ops/terraform/modules/app_service/main.tf b/ops/terraform/modules/app_service/main.tf index 19a03ce8..24eb32e9 100644 --- a/ops/terraform/modules/app_service/main.tf +++ b/ops/terraform/modules/app_service/main.tf @@ -3,7 +3,7 @@ locals { } resource "azurerm_service_plan" "asp" { - name = "${var.name_ocr}-appserviceplan-${var.env}" + name = "${var.name}-ocr-appserviceplan-${var.env}" location = var.location os_type = "Linux" resource_group_name = var.resource_group @@ -11,7 +11,7 @@ resource "azurerm_service_plan" "asp" { } resource "azurerm_linux_web_app" "linux_webapp" { - name = "${var.name_ocr}-${var.env}" + name = "${var.name}-ocr-${var.env}" https_only = var.https_only location = var.location resource_group_name = var.resource_group @@ -33,10 +33,10 @@ resource "azurerm_linux_web_app" "linux_webapp" { ftps_state = "Disabled" vnet_route_all_enabled = false - # application_stack { - # docker_image_name = "cdcgov/reportvision-ocr-api:derek-main-dev" - # docker_registry_url = "https://ghcr.io" - # } + application_stack { + docker_image_name = "${var.docker_registry_path}:${var.docker_tag}" + docker_registry_url = var.docker_registry_url + } ip_restriction { virtual_network_subnet_id = var.app_subnet_id diff --git a/ops/terraform/modules/app_service/variables.tf b/ops/terraform/modules/app_service/variables.tf index b81b4571..0dc427a0 100644 --- a/ops/terraform/modules/app_service/variables.tf +++ b/ops/terraform/modules/app_service/variables.tf @@ -1,23 +1,22 @@ variable "env" {} +variable "name" {} variable "resource_group" {} variable "location" {} -variable "name_ocr" { - default = "reportvision-ocr-api" -} + variable "app_subnet_id" {} variable "sku_name" { default = "P1v3" } -variable "az_account" { - default = "reportvision" -} variable "https_only" { type = bool default = false } variable "vnet" {} +variable "docker_tag" {} +variable "docker_registry_path" {} +variable "docker_registry_url" {} variable "app_settings" { type = map(string) default = {} diff --git a/ops/terraform/modules/compute/variables.tf b/ops/terraform/modules/compute/variables.tf index aaf0435b..3e19fd1c 100644 --- a/ops/terraform/modules/compute/variables.tf +++ b/ops/terraform/modules/compute/variables.tf @@ -1,4 +1,5 @@ variable "resource_group" {} +variable "name" {} variable "location" {} variable "web_subnet_id" {} variable "app_subnet_id" {} diff --git a/ops/terraform/modules/container_instances/main.tf b/ops/terraform/modules/container_instances/main.tf index ea537a53..55a7c742 100644 --- a/ops/terraform/modules/container_instances/main.tf +++ b/ops/terraform/modules/container_instances/main.tf @@ -1,5 +1,5 @@ resource "azurerm_container_group" "example" { - name = "reportvision-ocr" + name = "${var.name}-cg" location = var.location resource_group_name = var.resource_group ip_address_type = "Private" diff --git a/ops/terraform/modules/container_instances/variables.tf b/ops/terraform/modules/container_instances/variables.tf index 3c46a99f..95ad5d89 100644 --- a/ops/terraform/modules/container_instances/variables.tf +++ b/ops/terraform/modules/container_instances/variables.tf @@ -1,4 +1,5 @@ variable "environment" {} +variable "name" {} variable "resource_group" {} variable "location" {} variable "app_subnet" {} \ No newline at end of file diff --git a/ops/terraform/modules/network/main.tf b/ops/terraform/modules/network/main.tf index ae2e1c07..9156a2b7 100644 --- a/ops/terraform/modules/network/main.tf +++ b/ops/terraform/modules/network/main.tf @@ -1,12 +1,12 @@ resource "azurerm_virtual_network" "vnet" { - name = "reportvision-vnet-${var.env}" + name = "${var.name}-vnet-${var.env}" resource_group_name = var.resource_group location = var.location address_space = [var.vnetcidr] } resource "azurerm_subnet" "web-subnet" { - name = "reportvision-web-subnet-${var.env}" + name = "${var.name}-web-subnet-${var.env}" virtual_network_name = azurerm_virtual_network.vnet.name resource_group_name = var.resource_group address_prefixes = [var.websubnetcidr] @@ -15,7 +15,7 @@ resource "azurerm_subnet" "web-subnet" { } resource "azurerm_subnet" "app-subnet" { - name = "reportvision-app-subnet-${var.env}" + name = "${var.name}-app-subnet-${var.env}" virtual_network_name = azurerm_virtual_network.vnet.name resource_group_name = var.resource_group address_prefixes = [var.appsubnetcidr] @@ -31,7 +31,7 @@ resource "azurerm_subnet" "app-subnet" { } resource "azurerm_subnet" "lb-subnet" { - name = "reportvision-lb-subnet-${var.env}" + name = "${var.name}-lb-subnet-${var.env}" virtual_network_name = azurerm_virtual_network.vnet.name resource_group_name = var.resource_group address_prefixes = [var.lbsubnetcidr] @@ -39,7 +39,7 @@ resource "azurerm_subnet" "lb-subnet" { } resource "azurerm_subnet" "db-subnet" { - name = "reportvision-db-subnet-${var.env}" + name = "${var.name}-db-subnet-${var.env}" virtual_network_name = azurerm_virtual_network.vnet.name resource_group_name = var.resource_group address_prefixes = [var.dbsubnetcidr] diff --git a/ops/terraform/modules/network/variables.tf b/ops/terraform/modules/network/variables.tf index 4c14a078..a01c9363 100644 --- a/ops/terraform/modules/network/variables.tf +++ b/ops/terraform/modules/network/variables.tf @@ -1,4 +1,5 @@ variable "resource_group" {} +variable "name" {} variable "location" {} variable "vnetcidr" {} variable "websubnetcidr" {} diff --git a/ops/terraform/modules/security/main.tf b/ops/terraform/modules/security/main.tf index 37f89977..260f69c5 100644 --- a/ops/terraform/modules/security/main.tf +++ b/ops/terraform/modules/security/main.tf @@ -1,5 +1,5 @@ resource "azurerm_network_security_group" "web-nsg" { - name = "reportvision-web-nsg-${var.env}" + name = "${var.name}-web-nsg-${var.env}" location = var.location resource_group_name = var.resource_group diff --git a/ops/terraform/modules/security/variables.tf b/ops/terraform/modules/security/variables.tf index 8b9fc986..6004ce0d 100644 --- a/ops/terraform/modules/security/variables.tf +++ b/ops/terraform/modules/security/variables.tf @@ -1,4 +1,5 @@ variable "location" {} +variable "name" {} variable "env" {} variable "resource_group" {} variable "web_subnet_id" {} diff --git a/ops/terraform/modules/storage/main.tf b/ops/terraform/modules/storage/main.tf index 1b3c8a18..67424e72 100644 --- a/ops/terraform/modules/storage/main.tf +++ b/ops/terraform/modules/storage/main.tf @@ -4,7 +4,7 @@ resource "azurerm_storage_account" "frontend" { account_kind = "StorageV2" location = var.location resource_group_name = var.resource_group - name = "reportvisionfrontend${var.env}" + name = "${var.name}frontend${var.env}" https_traffic_only_enabled = false static_website { diff --git a/ops/terraform/modules/storage/variables.tf b/ops/terraform/modules/storage/variables.tf index fd6d6edf..4ec3d4b0 100644 --- a/ops/terraform/modules/storage/variables.tf +++ b/ops/terraform/modules/storage/variables.tf @@ -1,4 +1,5 @@ variable "resource_group" {} +variable "name" {} variable "env" {} variable "location" {} variable "management_tags" {} diff --git a/ops/terraform/variables.tf b/ops/terraform/variables.tf index bdd404ad..12fa3c86 100644 --- a/ops/terraform/variables.tf +++ b/ops/terraform/variables.tf @@ -8,4 +8,16 @@ variable "subscription_id" { variable "client_id" { description = "Client ID" +} + +variable "docker_tag" { +} + +variable "docker_registry_path" { +} + +variable "docker_registry_url" { +} + +variable "name" { } \ No newline at end of file From 9b4f06ff10c3bbf6f8f49bf31ac799c6696e42b3 Mon Sep 17 00:00:00 2001 From: Administrator Date: Fri, 11 Oct 2024 13:00:59 -0600 Subject: [PATCH 33/69] wip --- ops/terraform/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index 1b0a15d4..77e0cc0b 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -1,5 +1,5 @@ locals { - environment = terraform.workspace + environment = "${terraform.workspace}" init = { environment = local.environment location = "eastus2" From 177b3807133587bd980f8b80ce54a7b537e8e913 Mon Sep 17 00:00:00 2001 From: Administrator Date: Fri, 11 Oct 2024 13:04:09 -0600 Subject: [PATCH 34/69] - --- ops/terraform/modules/app_gateway/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf index d4da84f5..dd50ef9b 100644 --- a/ops/terraform/modules/app_gateway/main.tf +++ b/ops/terraform/modules/app_gateway/main.tf @@ -154,7 +154,7 @@ resource "azurerm_application_gateway" "load_balancer" { url_path_map { - name = "${var.name}${var.env}-urlmap" + name = "${var.name}-${var.env}-urlmap" default_backend_address_pool_name = local.backend_address_pool_name_static default_backend_http_settings_name = local.http_setting_name_static default_rewrite_rule_set_name = "${var.name}-routing" From 57f567df2ccdd31d1cc0f723074707f18924a1ae Mon Sep 17 00:00:00 2001 From: Administrator Date: Fri, 11 Oct 2024 15:47:43 -0600 Subject: [PATCH 35/69] add different env configs for state --- ops/terraform/config/dev.config | 3 +++ ops/terraform/config/dev2.config | 3 +++ ops/terraform/config/dev3.config | 3 +++ ops/terraform/config/dev4.config | 3 +++ ops/terraform/config/dev5.config | 3 +++ ops/terraform/config/dev6.config | 3 +++ ops/terraform/data.tf | 2 +- ops/terraform/main.tf | 24 +++++++++++------------ ops/terraform/modules/app_gateway/main.tf | 6 +++--- ops/terraform/providers.tf | 3 --- 10 files changed, 34 insertions(+), 19 deletions(-) create mode 100644 ops/terraform/config/dev.config create mode 100644 ops/terraform/config/dev2.config create mode 100644 ops/terraform/config/dev3.config create mode 100644 ops/terraform/config/dev4.config create mode 100644 ops/terraform/config/dev5.config create mode 100644 ops/terraform/config/dev6.config diff --git a/ops/terraform/config/dev.config b/ops/terraform/config/dev.config new file mode 100644 index 00000000..eca35f68 --- /dev/null +++ b/ops/terraform/config/dev.config @@ -0,0 +1,3 @@ + storage_account_name = "tfstaterv2024" + container_name = "rv-tfstate" + key = "dev.terraform.tfstate" \ No newline at end of file diff --git a/ops/terraform/config/dev2.config b/ops/terraform/config/dev2.config new file mode 100644 index 00000000..651e6e72 --- /dev/null +++ b/ops/terraform/config/dev2.config @@ -0,0 +1,3 @@ + storage_account_name = "tfstaterv2024" + container_name = "rv-tfstate" + key = "dev2.terraform.tfstate" \ No newline at end of file diff --git a/ops/terraform/config/dev3.config b/ops/terraform/config/dev3.config new file mode 100644 index 00000000..e1c3a6b8 --- /dev/null +++ b/ops/terraform/config/dev3.config @@ -0,0 +1,3 @@ + storage_account_name = "tfstaterv2024" + container_name = "rv-tfstate" + key = "dev3.terraform.tfstate" \ No newline at end of file diff --git a/ops/terraform/config/dev4.config b/ops/terraform/config/dev4.config new file mode 100644 index 00000000..2c64a7b5 --- /dev/null +++ b/ops/terraform/config/dev4.config @@ -0,0 +1,3 @@ + storage_account_name = "tfstaterv2024" + container_name = "rv-tfstate" + key = "dev4.terraform.tfstate" \ No newline at end of file diff --git a/ops/terraform/config/dev5.config b/ops/terraform/config/dev5.config new file mode 100644 index 00000000..e24ed17a --- /dev/null +++ b/ops/terraform/config/dev5.config @@ -0,0 +1,3 @@ + storage_account_name = "tfstaterv2024" + container_name = "rv-tfstate" + key = "dev5.terraform.tfstate" \ No newline at end of file diff --git a/ops/terraform/config/dev6.config b/ops/terraform/config/dev6.config new file mode 100644 index 00000000..07b3ed03 --- /dev/null +++ b/ops/terraform/config/dev6.config @@ -0,0 +1,3 @@ + storage_account_name = "tfstaterv2024" + container_name = "rv-tfstate" + key = "dev6.terraform.tfstate" \ No newline at end of file diff --git a/ops/terraform/data.tf b/ops/terraform/data.tf index b3cd8975..641213c6 100644 --- a/ops/terraform/data.tf +++ b/ops/terraform/data.tf @@ -1,3 +1,3 @@ -data "azurerm_resource_group" "dev" { +data "azurerm_resource_group" "rg" { name = var.resource_group_name } \ No newline at end of file diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index bb7e11d0..5e7b9440 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -1,7 +1,7 @@ locals { management_tags = { environment = local.environment - resource_group = data.azurerm_resource_group.dev.name + resource_group = data.azurerm_resource_group.rg.name } } @@ -11,8 +11,8 @@ locals { module "networking" { source = "./modules/network" name = var.name - location = data.azurerm_resource_group.dev.location - resource_group = data.azurerm_resource_group.dev.name + location = data.azurerm_resource_group.rg.location + resource_group = data.azurerm_resource_group.rg.name vnetcidr = local.network.config.vnetcidr websubnetcidr = local.network.config.websubnetcidr appsubnetcidr = local.network.config.appsubnetcidr @@ -28,8 +28,8 @@ module "networking" { module "securitygroup" { source = "./modules/security" name = var.name - location = data.azurerm_resource_group.dev.location - resource_group = data.azurerm_resource_group.dev.name + location = data.azurerm_resource_group.rg.location + resource_group = data.azurerm_resource_group.rg.name web_subnet_id = module.networking.websubnet_id app_subnet_id = module.networking.appsubnet_id db_subnet_id = module.networking.dbsubnet_id @@ -40,8 +40,8 @@ module "securitygroup" { module "app_gateway" { source = "./modules/app_gateway" name = var.name - resource_group_location = data.azurerm_resource_group.dev.location - resource_group_name = data.azurerm_resource_group.dev.name + resource_group_location = data.azurerm_resource_group.rg.location + resource_group_name = data.azurerm_resource_group.rg.name blob_endpoint = module.storage.primary_web_host web-subnet = module.networking.lbsubnet_id @@ -59,8 +59,8 @@ module "app_gateway" { module "storage" { source = "./modules/storage" name = var.name - location = data.azurerm_resource_group.dev.location - resource_group = data.azurerm_resource_group.dev.name + location = data.azurerm_resource_group.rg.location + resource_group = data.azurerm_resource_group.rg.name env = local.environment management_tags = local.management_tags app_gateway_ip = module.app_gateway.app_gateway_ip @@ -75,7 +75,7 @@ module "ocr_api" { source = "./modules/app_service" name = var.name location = local.init.location - resource_group = data.azurerm_resource_group.dev.name + resource_group = data.azurerm_resource_group.rg.name docker_tag = var.docker_tag docker_registry_path = var.docker_registry_path docker_registry_url = var.docker_registry_url @@ -86,8 +86,8 @@ module "ocr_api" { # module "compute" { # source = "./modules/container_instances" -# location = data.azurerm_resource_group.test.location -# resource_group = data.azurerm_resource_group.test.name +# location = data.azurerm_resource_group.rg.location +# resource_group = data.azurerm_resource_group.rg.name # environment = local.environment # app_subnet = module.networking.appsubnet_id # # web_subnet_id = module.networking.websubnet_id diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf index dd50ef9b..c2fd5acd 100644 --- a/ops/terraform/modules/app_gateway/main.tf +++ b/ops/terraform/modules/app_gateway/main.tf @@ -84,7 +84,7 @@ resource "azurerm_application_gateway" "load_balancer" { port = 80 protocol = "Http" request_timeout = 120 - path = "/api" + path = "/" pick_host_name_from_backend_address = true probe_name = local.api_probe_name_app } @@ -161,7 +161,7 @@ resource "azurerm_application_gateway" "load_balancer" { path_rule { name = "api" - paths = ["/api/*", "/api"] + paths = ["/*", "/"] backend_address_pool_name = local.backend_address_pool_name_api backend_http_settings_name = local.http_setting_name_api // this is the default, why would we set it again? @@ -178,7 +178,7 @@ resource "azurerm_application_gateway" "load_balancer" { condition { ignore_case = true negate = false - pattern = ".*api/(.*)" + pattern = "./(.*)" variable = "var_uri_path" } diff --git a/ops/terraform/providers.tf b/ops/terraform/providers.tf index 20350122..554c8664 100644 --- a/ops/terraform/providers.tf +++ b/ops/terraform/providers.tf @@ -1,9 +1,6 @@ terraform { backend "azurerm" { resource_group_name = "reportvision-rg-global" - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev/terraform.tfstate" } required_providers { azurerm = { From 45a1c15e9aed57e42052ab357778d09020b00844 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 10:11:48 -0600 Subject: [PATCH 36/69] try az app service action without publish secret --- .github/actions/deploy-tf/action.yml | 21 ++++++++++++++++++--- .github/workflows/build-deploy-ocr.yml | 21 ++++++++++++++------- .github/workflows/deploy-dev.yml | 7 ++++++- 3 files changed, 38 insertions(+), 11 deletions(-) diff --git a/.github/actions/deploy-tf/action.yml b/.github/actions/deploy-tf/action.yml index e82299cb..e4b8274d 100644 --- a/.github/actions/deploy-tf/action.yml +++ b/.github/actions/deploy-tf/action.yml @@ -2,10 +2,16 @@ name: Deploy Terraform description: Deploy needed resources with Terraform to individual environments. inputs: docker-tag: - description: The environment to deploy to + description: The environment to deploy to. + required: true + docker-registry-path: + description: Docker path in the registry. + required: true + docker-registry-url: + description: Docker registry url. required: true deploy-env: - description: The environment to deploy to + description: The environment to deploy to. required: true azure-resource-group: description: The Azure Resource Group for this environment. @@ -19,6 +25,9 @@ inputs: azure-subscription-id: description: The Azure subscription_id for this environment. required: true + app-name: + description: The name of the application being deployed in Terraform. + required: true # terraform_arm_client_id: # description: Terraform ARM client ID # required: true @@ -59,11 +68,17 @@ runs: RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }} CLIENT_ID: ${{ inputs.azure-client-id }} DOCKER_TAG: ${{ inputs.docker-tag }} + DOCKER_REGISTRY_PATH: ${{ inputs.docker-registry-path }} + DOCKER_REGISTRY_URL: ${{ inputs.docker-registry-url }} + NAME: ${{ inputs.app-name }} run: | echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars echo docker_tag=\""$DOCKER_TAG"\" >> terraform.tfvars + echo docker_registry_path=\""DOCKER_REGISTRY_PATH"\" >> terraform.tfvars + echo docker_registry_url=\""$DOCKER_REGISTRY_URL"\" >> terraform.tfvars + echo name=\""$NAME"\" >> terraform.tfvars az config set defaults.group=$RESOURCE_GROUP_NAME - name: Set environment shell: bash @@ -89,7 +104,7 @@ runs: # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} shell: bash run: | - terraform init + terraform init -backend-config=config/$TF_ENV.config terraform workspace select -or-create $TF_ENV terraform plan -lock-timeout=30m terraform apply -auto-approve -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index eb39079d..694852e1 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -1,15 +1,17 @@ name: Create, publish, deploy a OCR API image on: - workflow_dispatch: - inputs: - tag: - description: 'Version tag for new release' - required: true + push: + branches: reusable-gha-tf-deploy + # workflow_dispatch: + # inputs: + # tag: + # description: 'Version tag for new release' + # required: true env: REGISTRY: ghcr.io - VERSION: ${{ inputs.tag }} + VERSION: derek-dev-combine jobs: @@ -51,6 +53,12 @@ jobs: needs: build-and-push-image environment: dev steps: + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Lowercase the repo name run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} @@ -59,6 +67,5 @@ jobs: uses: azure/webapps-deploy@v3 with: app-name: reportvision-ocr-api-dev - publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} images: '${{ env.REGISTRY }}/${{ env.REPO}}-ocr-api:${{ env.VERSION }}' diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index b5b9e868..1a53a682 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,6 +1,8 @@ name: Build and deploy all of ReportVision's services to a development environment on: + # push: + # branches: reusable-gha-tf-deploy workflow_dispatch: inputs: deploy-env: @@ -70,6 +72,9 @@ jobs: with: deploy-env: dev docker-tag: derek-dev-combine + docker-registry-path: "cdcgov/reportvision-ocr-api" + docker-registry-url: "https://ghcr.io" azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} \ No newline at end of file + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + app-name: reportvision \ No newline at end of file From 5d45bea94cc5e6add44b3d165971aaae78b87b18 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 10:13:37 -0600 Subject: [PATCH 37/69] permissions --- .github/workflows/build-deploy-ocr.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index 694852e1..55a9fc8d 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -50,6 +50,11 @@ jobs: deploy: runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write needs: build-and-push-image environment: dev steps: From 06861a28738e6705cb1ff822c88e981a9bce699a Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 10:15:27 -0600 Subject: [PATCH 38/69] change app name --- .github/workflows/build-deploy-ocr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index 55a9fc8d..f7bbb20c 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -71,6 +71,6 @@ jobs: id: deploy-to-webapp uses: azure/webapps-deploy@v3 with: - app-name: reportvision-ocr-api-dev + app-name: reportvision-ocr-dev images: '${{ env.REGISTRY }}/${{ env.REPO}}-ocr-api:${{ env.VERSION }}' From fa7a96a7861f274328a4865eca775afe2a2409f3 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 10:17:47 -0600 Subject: [PATCH 39/69] try without login --- .github/workflows/build-deploy-ocr.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index f7bbb20c..8507b48f 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -58,11 +58,11 @@ jobs: needs: build-and-push-image environment: dev steps: - - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # - uses: azure/login@v2 + # with: + # client-id: ${{ secrets.AZURE_CLIENT_ID }} + # tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Lowercase the repo name run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} From 02774d5ac856b5f25c75ab43e34d1b085ca678c3 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 10:35:48 -0600 Subject: [PATCH 40/69] try building dev2 from action --- .../{deploy-tf => tf-setup}/action.yml | 24 ++-------- .github/workflows/build-deploy-ocr.yml | 22 ++++----- .github/workflows/deploy-dev.yml | 47 +++++++++---------- 3 files changed, 36 insertions(+), 57 deletions(-) rename .github/actions/{deploy-tf => tf-setup}/action.yml (80%) diff --git a/.github/actions/deploy-tf/action.yml b/.github/actions/tf-setup/action.yml similarity index 80% rename from .github/actions/deploy-tf/action.yml rename to .github/actions/tf-setup/action.yml index e4b8274d..2160000a 100644 --- a/.github/actions/deploy-tf/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -1,15 +1,6 @@ -name: Deploy Terraform -description: Deploy needed resources with Terraform to individual environments. +name: Setup Environment with Terraform +description: This action sets up the given environment using Terraform. inputs: - docker-tag: - description: The environment to deploy to. - required: true - docker-registry-path: - description: Docker path in the registry. - required: true - docker-registry-url: - description: Docker registry url. - required: true deploy-env: description: The environment to deploy to. required: true @@ -49,8 +40,8 @@ runs: client-id: ${{ inputs.azure-client-id }} tenant-id: ${{ inputs.azure-tenant-id }} subscription-id: ${{ inputs.azure-subscription-id }} - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + # - name: Setup Terraform + # uses: hashicorp/setup-terraform@v3 # - name: Terraform Init # working-directory: ./ops/terraform/envs # env: # all Azure interaction is through Terraform @@ -67,17 +58,10 @@ runs: SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }} CLIENT_ID: ${{ inputs.azure-client-id }} - DOCKER_TAG: ${{ inputs.docker-tag }} - DOCKER_REGISTRY_PATH: ${{ inputs.docker-registry-path }} - DOCKER_REGISTRY_URL: ${{ inputs.docker-registry-url }} - NAME: ${{ inputs.app-name }} run: | echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars - echo docker_tag=\""$DOCKER_TAG"\" >> terraform.tfvars - echo docker_registry_path=\""DOCKER_REGISTRY_PATH"\" >> terraform.tfvars - echo docker_registry_url=\""$DOCKER_REGISTRY_URL"\" >> terraform.tfvars echo name=\""$NAME"\" >> terraform.tfvars az config set defaults.group=$RESOURCE_GROUP_NAME - name: Set environment diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index 8507b48f..448150e7 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -1,13 +1,11 @@ name: Create, publish, deploy a OCR API image on: - push: - branches: reusable-gha-tf-deploy - # workflow_dispatch: - # inputs: - # tag: - # description: 'Version tag for new release' - # required: true + workflow_dispatch: + inputs: + tag: + description: 'Version tag for new release' + required: true env: REGISTRY: ghcr.io @@ -58,11 +56,11 @@ jobs: needs: build-and-push-image environment: dev steps: - # - uses: azure/login@v2 - # with: - # client-id: ${{ secrets.AZURE_CLIENT_ID }} - # tenant-id: ${{ secrets.AZURE_TENANT_ID }} - # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Lowercase the repo name run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 1a53a682..c548d667 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,24 +1,24 @@ name: Build and deploy all of ReportVision's services to a development environment on: - # push: - # branches: reusable-gha-tf-deploy - workflow_dispatch: - inputs: - deploy-env: - description: 'The environment to deploy to' - required: true - type: choice - options: - - dev - - dev2 - - dev3 - - dev4 - - dev5 - - dev6 - ocr-version: - description: 'Create a version for this OCR API image' - required: true + push: + branches: reusable-gha-tf-deploy + # workflow_dispatch: + # inputs: + # deploy-env: + # description: 'The environment to deploy to' + # required: true + # type: choice + # options: + # - dev + # - dev2 + # - dev3 + # - dev4 + # - dev5 + # - dev6 + # ocr-version: + # description: 'Create a version for this OCR API image' + # required: true permissions: id-token: write @@ -62,18 +62,15 @@ jobs: # frontend-path: ./frontend # frontend-build-path: ./frontend/dist/ - prerelease_backend: + env-setup: runs-on: ubuntu-latest # needs: [build_frontend, build_docker_ocr] steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/tf-deploy - name: Deploy with Terraform + - uses: ./.github/actions/tf-setup + name: Setup this environment with Terraform with: - deploy-env: dev - docker-tag: derek-dev-combine - docker-registry-path: "cdcgov/reportvision-ocr-api" - docker-registry-url: "https://ghcr.io" + deploy-env: dev2 azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} From f57a2df12e8d53232981abbd0a0fb4d18bfe08f2 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 10:43:54 -0600 Subject: [PATCH 41/69] try global env --- .github/actions/tf-setup/action.yml | 6 +++--- .github/workflows/deploy-dev.yml | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml index 2160000a..4ebc25c8 100644 --- a/.github/actions/tf-setup/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -37,9 +37,9 @@ runs: steps: - uses: azure/login@v2 with: - client-id: ${{ inputs.azure-client-id }} - tenant-id: ${{ inputs.azure-tenant-id }} - subscription-id: ${{ inputs.azure-subscription-id }} + client-id: ${{ env.CLIENT_ID }} + tenant-id: ${{ env.TENANT_ID }} + subscription-id: ${{ env.SUBSCRIPTION_ID }} # - name: Setup Terraform # uses: hashicorp/setup-terraform@v3 # - name: Terraform Init diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index c548d667..a82cdbcb 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -27,6 +27,9 @@ permissions: env: NODE_VERSION: 20 OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/' + SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} jobs: build_publish_ocr: From bf48dc71641806b7ad95fa160fd66622c6c83623 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 10:51:14 -0600 Subject: [PATCH 42/69] inherit --- .github/actions/tf-setup/action.yml | 6 +++--- .github/workflows/deploy-dev.yml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml index 4ebc25c8..49c1c09c 100644 --- a/.github/actions/tf-setup/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -37,9 +37,9 @@ runs: steps: - uses: azure/login@v2 with: - client-id: ${{ env.CLIENT_ID }} - tenant-id: ${{ env.TENANT_ID }} - subscription-id: ${{ env.SUBSCRIPTION_ID }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} # - name: Setup Terraform # uses: hashicorp/setup-terraform@v3 # - name: Terraform Init diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index a82cdbcb..cde71443 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -77,4 +77,5 @@ jobs: azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - app-name: reportvision \ No newline at end of file + app-name: reportvision + secrets: inherit \ No newline at end of file From 40ae68e3814a452d5e7b52bfe03f20c7de71a14c Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 11:33:38 -0600 Subject: [PATCH 43/69] use login at a higher level --- .github/actions/tf-setup/action.yml | 34 +++++++++++++---------------- .github/workflows/deploy-dev.yml | 15 ++++++++----- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml index 49c1c09c..3318ca43 100644 --- a/.github/actions/tf-setup/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -7,15 +7,15 @@ inputs: azure-resource-group: description: The Azure Resource Group for this environment. required: true - azure-client-id: - description: The Azure client_id for this environment. - required: true - azure-tenant-id: - description: The Azure tenant_id for this environment. - required: true - azure-subscription-id: - description: The Azure subscription_id for this environment. - required: true + # azure-client-id: + # description: The Azure client_id for this environment. + # required: true + # azure-tenant-id: + # description: The Azure tenant_id for this environment. + # required: true + # azure-subscription-id: + # description: The Azure subscription_id for this environment. + # required: true app-name: description: The name of the application being deployed in Terraform. required: true @@ -35,11 +35,7 @@ inputs: runs: using: composite steps: - - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # - name: Setup Terraform # uses: hashicorp/setup-terraform@v3 # - name: Terraform Init @@ -59,9 +55,9 @@ runs: RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }} CLIENT_ID: ${{ inputs.azure-client-id }} run: | - echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars + # echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars - echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars + # echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars echo name=\""$NAME"\" >> terraform.tfvars az config set defaults.group=$RESOURCE_GROUP_NAME - name: Set environment @@ -76,9 +72,9 @@ runs: - name: Terraform deploy working-directory: ./ops/terraform env: - ARM_CLIENT_ID: ${{ inputs.azure-client-id }} - ARM_TENANT_ID: ${{ inputs.azure-tenant-id }} - ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} + # ARM_CLIENT_ID: ${{ inputs.azure-client-id }} + # ARM_TENANT_ID: ${{ inputs.azure-tenant-id }} + # ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} TF_ENV: ${{ steps.set-environment.outputs.tf-env }} # env: # all Azure interaction is through Terraform diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index cde71443..f406ee3b 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -70,12 +70,17 @@ jobs: # needs: [build_frontend, build_docker_ocr] steps: - uses: actions/checkout@v4 + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - uses: ./.github/actions/tf-setup name: Setup this environment with Terraform with: deploy-env: dev2 - azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} - azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - app-name: reportvision - secrets: inherit \ No newline at end of file + azure-resource-group: reportvision-rg-dev2 + # azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + # azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + app-name: reportvision \ No newline at end of file From 4374feb76ec2fb3d7713359b7b84c104a5058968 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:08:29 -0600 Subject: [PATCH 44/69] wip --- .github/workflows/deploy-dev.yml | 52 ++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 12 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index f406ee3b..afddb4cd 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -26,11 +26,11 @@ permissions: env: NODE_VERSION: 20 - OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/' + APP_NAME: reportversion + DEPLOY_ENV: dev2 SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - + jobs: build_publish_ocr: runs-on: ubuntu-latest @@ -75,12 +75,40 @@ jobs: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - uses: ./.github/actions/tf-setup - name: Setup this environment with Terraform - with: - deploy-env: dev2 - azure-resource-group: reportvision-rg-dev2 - # azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} - # azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - # azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - app-name: reportvision \ No newline at end of file + - name: Load input variables + working-directory: ./ops/terraform + shell: bash + env: + RESOURCE_GROUP_NAME: ${{ env.APP_NAME}}-rg-${{ env.DEPLOY_ENV }} + run: | + # echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars + echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars + # echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars + echo name=\""$APP_NAME"\" >> terraform.tfvars + az config set defaults.group=$RESOURCE_GROUP_NAME + - name: Set environment + shell: bash + id: set-environment + run: |- + echo "tf-env=$( + echo ${DEPLOY_ENV} + )" >> $GITHUB_OUTPUT + - name: Terraform deploy + working-directory: ./ops/terraform + env: + TF_ENV: ${{ steps.set-environment.outputs.tf-env }} + shell: bash + run: | + terraform init -backend-config=config/$TF_ENV.config + terraform workspace select -or-create $TF_ENV + terraform plan -lock-timeout=30m + terraform apply -auto-approve -lock-timeout=30m + # - uses: ./.github/actions/tf-setup + # name: Setup this environment with Terraform + # with: + # deploy-env: dev2 + # azure-resource-group: reportvision-rg-dev2 + # # azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + # # azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # # azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # app-name: reportvision \ No newline at end of file From f4e39be8281c787d5f4f87bc3727e1901bdcf8c1 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:12:40 -0600 Subject: [PATCH 45/69] moved everything to base --- .github/workflows/deploy-dev.yml | 6 +----- ops/terraform/variables.tf | 17 ----------------- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index afddb4cd..737e5d76 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -28,9 +28,7 @@ env: NODE_VERSION: 20 APP_NAME: reportversion DEPLOY_ENV: dev2 - SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - + jobs: build_publish_ocr: runs-on: ubuntu-latest @@ -81,9 +79,7 @@ jobs: env: RESOURCE_GROUP_NAME: ${{ env.APP_NAME}}-rg-${{ env.DEPLOY_ENV }} run: | - # echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars - # echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars echo name=\""$APP_NAME"\" >> terraform.tfvars az config set defaults.group=$RESOURCE_GROUP_NAME - name: Set environment diff --git a/ops/terraform/variables.tf b/ops/terraform/variables.tf index 12fa3c86..860fea7d 100644 --- a/ops/terraform/variables.tf +++ b/ops/terraform/variables.tf @@ -2,22 +2,5 @@ variable "resource_group_name" { description = "value of the Azure resource group to deploy to" } -variable "subscription_id" { - description = "value of the Azure Subscription ID to use" -} - -variable "client_id" { - description = "Client ID" -} - -variable "docker_tag" { -} - -variable "docker_registry_path" { -} - -variable "docker_registry_url" { -} - variable "name" { } \ No newline at end of file From 324427b15b7f6800461ae6f3d796be96b484f353 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:17:13 -0600 Subject: [PATCH 46/69] use environment... --- .github/actions/tf-setup/action.yml | 4 --- .github/workflows/deploy-dev.yml | 51 ++++++++--------------------- 2 files changed, 14 insertions(+), 41 deletions(-) diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml index 3318ca43..7b92c9cd 100644 --- a/.github/actions/tf-setup/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -51,13 +51,9 @@ runs: working-directory: ./ops/terraform shell: bash env: - SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }} - CLIENT_ID: ${{ inputs.azure-client-id }} run: | - # echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars - # echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars echo name=\""$NAME"\" >> terraform.tfvars az config set defaults.group=$RESOURCE_GROUP_NAME - name: Set environment diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 737e5d76..e78463c1 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -26,8 +26,10 @@ permissions: env: NODE_VERSION: 20 - APP_NAME: reportversion - DEPLOY_ENV: dev2 + OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/' + SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} jobs: build_publish_ocr: @@ -66,6 +68,7 @@ jobs: env-setup: runs-on: ubuntu-latest # needs: [build_frontend, build_docker_ocr] + environment: dev2 steps: - uses: actions/checkout@v4 - uses: azure/login@v2 @@ -73,38 +76,12 @@ jobs: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Load input variables - working-directory: ./ops/terraform - shell: bash - env: - RESOURCE_GROUP_NAME: ${{ env.APP_NAME}}-rg-${{ env.DEPLOY_ENV }} - run: | - echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars - echo name=\""$APP_NAME"\" >> terraform.tfvars - az config set defaults.group=$RESOURCE_GROUP_NAME - - name: Set environment - shell: bash - id: set-environment - run: |- - echo "tf-env=$( - echo ${DEPLOY_ENV} - )" >> $GITHUB_OUTPUT - - name: Terraform deploy - working-directory: ./ops/terraform - env: - TF_ENV: ${{ steps.set-environment.outputs.tf-env }} - shell: bash - run: | - terraform init -backend-config=config/$TF_ENV.config - terraform workspace select -or-create $TF_ENV - terraform plan -lock-timeout=30m - terraform apply -auto-approve -lock-timeout=30m - # - uses: ./.github/actions/tf-setup - # name: Setup this environment with Terraform - # with: - # deploy-env: dev2 - # azure-resource-group: reportvision-rg-dev2 - # # azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} - # # azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - # # azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # app-name: reportvision \ No newline at end of file + - uses: ./.github/actions/tf-setup + name: Setup this environment with Terraform + with: + deploy-env: dev2 + azure-resource-group: reportvision-rg-dev2 + # azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + # azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + app-name: reportvision \ No newline at end of file From c09540f58e07647f14d2a5bfe4b1fc25a84698c9 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:26:15 -0600 Subject: [PATCH 47/69] wip --- .github/actions/tf-setup/action.yml | 36 ++++++++++++----------------- .github/workflows/deploy-dev.yml | 6 ++--- 2 files changed, 18 insertions(+), 24 deletions(-) diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml index 7b92c9cd..9de20f3d 100644 --- a/.github/actions/tf-setup/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -7,15 +7,15 @@ inputs: azure-resource-group: description: The Azure Resource Group for this environment. required: true - # azure-client-id: - # description: The Azure client_id for this environment. - # required: true - # azure-tenant-id: - # description: The Azure tenant_id for this environment. - # required: true - # azure-subscription-id: - # description: The Azure subscription_id for this environment. - # required: true + azure-client-id: + description: The Azure client_id for this environment. + required: true + azure-tenant-id: + description: The Azure tenant_id for this environment. + required: true + azure-subscription-id: + description: The Azure subscription_id for this environment. + required: true app-name: description: The name of the application being deployed in Terraform. required: true @@ -68,19 +68,13 @@ runs: - name: Terraform deploy working-directory: ./ops/terraform env: - # ARM_CLIENT_ID: ${{ inputs.azure-client-id }} - # ARM_TENANT_ID: ${{ inputs.azure-tenant-id }} - # ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} - TF_ENV: ${{ steps.set-environment.outputs.tf-env }} - - # env: # all Azure interaction is through Terraform - # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} - # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} - # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} - # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} + ARM_CLIENT_ID: ${{ inputs.azure-client-id }} + ARM_TENANT_ID: ${{ inputs.azure-tenant-id }} + ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} + # TF_ENV: ${{ steps.set-environment.outputs.tf-env }} shell: bash run: | - terraform init -backend-config=config/$TF_ENV.config - terraform workspace select -or-create $TF_ENV + terraform init -backend-config=config/${{ inputs.deploy-env }}.config + terraform workspace select -or-create ${{ inputs.deploy-env }} terraform plan -lock-timeout=30m terraform apply -auto-approve -lock-timeout=30m \ No newline at end of file diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index e78463c1..ea16b1a2 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -81,7 +81,7 @@ jobs: with: deploy-env: dev2 azure-resource-group: reportvision-rg-dev2 - # azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} - # azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - # azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} app-name: reportvision \ No newline at end of file From 1ac85b8c4a7c7f17ac919dc0a734440a5a0b53fc Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:33:38 -0600 Subject: [PATCH 48/69] oidc true --- ops/terraform/providers.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/ops/terraform/providers.tf b/ops/terraform/providers.tf index 554c8664..d9c4c5a4 100644 --- a/ops/terraform/providers.tf +++ b/ops/terraform/providers.tf @@ -16,4 +16,5 @@ terraform { provider "azurerm" { features {} + use_oidc = true } \ No newline at end of file From 5ef2bc57ddd9cd6dda0c8b13dd96dbed99e480d5 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:35:40 -0600 Subject: [PATCH 49/69] oidc true --- ops/terraform/config/dev2.config | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ops/terraform/config/dev2.config b/ops/terraform/config/dev2.config index 651e6e72..c6eec405 100644 --- a/ops/terraform/config/dev2.config +++ b/ops/terraform/config/dev2.config @@ -1,3 +1,4 @@ storage_account_name = "tfstaterv2024" container_name = "rv-tfstate" - key = "dev2.terraform.tfstate" \ No newline at end of file + key = "dev2.terraform.tfstate" + use_oidc = true \ No newline at end of file From 6d88c348b6d858275f58ecbc68d41dcec331044a Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:37:50 -0600 Subject: [PATCH 50/69] wip --- ops/terraform/main.tf | 3 --- ops/terraform/modules/app_service/main.tf | 5 ----- ops/terraform/modules/app_service/variables.tf | 3 --- 3 files changed, 11 deletions(-) diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index 5e7b9440..c02f8730 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -76,9 +76,6 @@ module "ocr_api" { name = var.name location = local.init.location resource_group = data.azurerm_resource_group.rg.name - docker_tag = var.docker_tag - docker_registry_path = var.docker_registry_path - docker_registry_url = var.docker_registry_url app_subnet_id = module.networking.lbsubnet_id env = local.environment vnet = module.networking.network_name diff --git a/ops/terraform/modules/app_service/main.tf b/ops/terraform/modules/app_service/main.tf index 24eb32e9..6b2ddb02 100644 --- a/ops/terraform/modules/app_service/main.tf +++ b/ops/terraform/modules/app_service/main.tf @@ -33,11 +33,6 @@ resource "azurerm_linux_web_app" "linux_webapp" { ftps_state = "Disabled" vnet_route_all_enabled = false - application_stack { - docker_image_name = "${var.docker_registry_path}:${var.docker_tag}" - docker_registry_url = var.docker_registry_url - } - ip_restriction { virtual_network_subnet_id = var.app_subnet_id action = "Allow" diff --git a/ops/terraform/modules/app_service/variables.tf b/ops/terraform/modules/app_service/variables.tf index 0dc427a0..9105a884 100644 --- a/ops/terraform/modules/app_service/variables.tf +++ b/ops/terraform/modules/app_service/variables.tf @@ -14,9 +14,6 @@ variable "https_only" { default = false } variable "vnet" {} -variable "docker_tag" {} -variable "docker_registry_path" {} -variable "docker_registry_url" {} variable "app_settings" { type = map(string) default = {} From 4be6671d10269bfcec6c8fc9948929c56a26173a Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:41:36 -0600 Subject: [PATCH 51/69] rm unused vars --- ops/terraform/providers.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/ops/terraform/providers.tf b/ops/terraform/providers.tf index d9c4c5a4..554c8664 100644 --- a/ops/terraform/providers.tf +++ b/ops/terraform/providers.tf @@ -16,5 +16,4 @@ terraform { provider "azurerm" { features {} - use_oidc = true } \ No newline at end of file From 953c5caf6f8d50bb6bd0676e3e198b883a2e2507 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 14:51:05 -0600 Subject: [PATCH 52/69] rm unused vars --- .github/actions/tf-setup/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml index 9de20f3d..b2106da4 100644 --- a/.github/actions/tf-setup/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -52,6 +52,7 @@ runs: shell: bash env: RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }} + NAME: ${{ inputs.app-name }} run: | echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars echo name=\""$NAME"\" >> terraform.tfvars From 6970e7ba135091f648030510beae903d33873528 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 15:56:58 -0600 Subject: [PATCH 53/69] make cidr different for each env --- ops/terraform/locals.tf | 49 ++++++++++++++++----- ops/terraform/main.tf | 12 ++--- ops/terraform/modules/network/main.tf | 38 ++++++++-------- ops/terraform/modules/network/variables.tf | 3 +- ops/terraform/modules/security/variables.tf | 1 - 5 files changed, 63 insertions(+), 40 deletions(-) diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index 77e0cc0b..6fc1c396 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -4,21 +4,46 @@ locals { environment = local.environment location = "eastus2" } - network = { - config = { + dev = { + dev = { vnetcidr = "10.0.0.0/16" websubnetcidr = "10.0.1.0/24" - appsubnetcidr = "10.0.2.0/24" - dbsubnetcidr = "10.0.3.0/24" - lbsubnetcidr = "10.0.4.0/24" + lbsubnetcidr = "10.0.2.0/24" } } - app = { - web_host_name = "webserver" - web_username = "web_user" - web_os_password = "@Webuser1" - app_host_name = "appserver" - app_username = "app_user" - app_os_password = "@Appuser1" + dev2 = { + dev2 = { + vnetcidr = "10.2.0.0/16" + websubnetcidr = "10.2.1.0/24" + lbsubnetcidr = "10.2.2.0/24" + } + } + dev3 = { + dev3 = { + vnetcidr = "10.3.0.0/16" + websubnetcidr = "10.3.1.0/24" + lbsubnetcidr = "10.3.2.0/24" + } + } + dev4 = { + dev4 = { + vnetcidr = "10.4.0.0/16" + websubnetcidr = "10.4.1.0/24" + lbsubnetcidr = "10.4.2.0/24" + } + } + dev5 = { + dev5 = { + vnetcidr = "10.5.0.0/16" + websubnetcidr = "10.5.1.0/24" + lbsubnetcidr = "10.5.2.0/24" + } + } + dev6 = { + dev6 = { + vnetcidr = "10.6.0.0/16" + websubnetcidr = "10.6.1.0/24" + lbsubnetcidr = "10.6.2.0/24" + } } } \ No newline at end of file diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index c02f8730..489a48ae 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -1,4 +1,7 @@ locals { + workspaces = "${merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6)}" + workspace = "${local.workspaces[terraform.workspace]}" + management_tags = { environment = local.environment resource_group = data.azurerm_resource_group.rg.name @@ -13,11 +16,9 @@ module "networking" { name = var.name location = data.azurerm_resource_group.rg.location resource_group = data.azurerm_resource_group.rg.name - vnetcidr = local.network.config.vnetcidr - websubnetcidr = local.network.config.websubnetcidr - appsubnetcidr = local.network.config.appsubnetcidr - lbsubnetcidr = local.network.config.lbsubnetcidr - dbsubnetcidr = local.network.config.dbsubnetcidr + vnetcidr = local.workspace["vnetcidr"] + websubnetcidr = local.workspace["websubnetcidr"] + lbsubnetcidr = local.workspace["lbsubnetcidr"] env = local.environment } @@ -31,7 +32,6 @@ module "securitygroup" { location = data.azurerm_resource_group.rg.location resource_group = data.azurerm_resource_group.rg.name web_subnet_id = module.networking.websubnet_id - app_subnet_id = module.networking.appsubnet_id db_subnet_id = module.networking.dbsubnet_id lb_subnet_id = module.networking.lbsubnet_id env = local.environment diff --git a/ops/terraform/modules/network/main.tf b/ops/terraform/modules/network/main.tf index 9156a2b7..56cd44dc 100644 --- a/ops/terraform/modules/network/main.tf +++ b/ops/terraform/modules/network/main.tf @@ -14,21 +14,21 @@ resource "azurerm_subnet" "web-subnet" { depends_on = [azurerm_virtual_network.vnet] } -resource "azurerm_subnet" "app-subnet" { - name = "${var.name}-app-subnet-${var.env}" - virtual_network_name = azurerm_virtual_network.vnet.name - resource_group_name = var.resource_group - address_prefixes = [var.appsubnetcidr] +# resource "azurerm_subnet" "app-subnet" { +# name = "${var.name}-app-subnet-${var.env}" +# virtual_network_name = azurerm_virtual_network.vnet.name +# resource_group_name = var.resource_group +# address_prefixes = [var.appsubnetcidr] - delegation { - name = "delegation" +# delegation { +# name = "delegation" - service_delegation { - name = "Microsoft.ContainerInstance/containerGroups" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] - } - } -} +# service_delegation { +# name = "Microsoft.ContainerInstance/containerGroups" +# actions = ["Microsoft.Network/virtualNetworks/subnets/action"] +# } +# } +# } resource "azurerm_subnet" "lb-subnet" { name = "${var.name}-lb-subnet-${var.env}" @@ -38,9 +38,9 @@ resource "azurerm_subnet" "lb-subnet" { depends_on = [azurerm_virtual_network.vnet] } -resource "azurerm_subnet" "db-subnet" { - name = "${var.name}-db-subnet-${var.env}" - virtual_network_name = azurerm_virtual_network.vnet.name - resource_group_name = var.resource_group - address_prefixes = [var.dbsubnetcidr] -} \ No newline at end of file +# resource "azurerm_subnet" "db-subnet" { +# name = "${var.name}-db-subnet-${var.env}" +# virtual_network_name = azurerm_virtual_network.vnet.name +# resource_group_name = var.resource_group +# address_prefixes = [var.dbsubnetcidr] +# } \ No newline at end of file diff --git a/ops/terraform/modules/network/variables.tf b/ops/terraform/modules/network/variables.tf index a01c9363..301bbef4 100644 --- a/ops/terraform/modules/network/variables.tf +++ b/ops/terraform/modules/network/variables.tf @@ -3,7 +3,6 @@ variable "name" {} variable "location" {} variable "vnetcidr" {} variable "websubnetcidr" {} -variable "appsubnetcidr" {} variable "lbsubnetcidr" {} -variable "dbsubnetcidr" {} +# variable "dbsubnetcidr" {} variable "env" {} \ No newline at end of file diff --git a/ops/terraform/modules/security/variables.tf b/ops/terraform/modules/security/variables.tf index 6004ce0d..f008b4f0 100644 --- a/ops/terraform/modules/security/variables.tf +++ b/ops/terraform/modules/security/variables.tf @@ -3,6 +3,5 @@ variable "name" {} variable "env" {} variable "resource_group" {} variable "web_subnet_id" {} -variable "app_subnet_id" {} variable "db_subnet_id" {} variable "lb_subnet_id" {} \ No newline at end of file From 31a2e522fb8a48191ac68cfe618a06c1bd2537ee Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 15:58:08 -0600 Subject: [PATCH 54/69] make cidr different for each env --- ops/terraform/modules/network/outputs.tf | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/ops/terraform/modules/network/outputs.tf b/ops/terraform/modules/network/outputs.tf index 7880de2c..f3e6da98 100644 --- a/ops/terraform/modules/network/outputs.tf +++ b/ops/terraform/modules/network/outputs.tf @@ -8,15 +8,10 @@ output "websubnet_id" { description = "Id of websubnet in the network" } -output "appsubnet_id" { - value = azurerm_subnet.app-subnet.id - description = "Id of appsubnet in the network" -} - -output "dbsubnet_id" { - value = azurerm_subnet.db-subnet.id - description = "Id of dbsubnet in the network" -} +# output "dbsubnet_id" { +# value = azurerm_subnet.db-subnet.id +# description = "Id of dbsubnet in the network" +# } output "lbsubnet_id" { value = azurerm_subnet.lb-subnet.id From 60df27e2db631e02fad6bc4eadac2aa932260931 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 16:02:35 -0600 Subject: [PATCH 55/69] make cidr different for each env --- ops/terraform/main.tf | 2 +- ops/terraform/modules/security/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index 489a48ae..b0d7ca19 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -32,7 +32,7 @@ module "securitygroup" { location = data.azurerm_resource_group.rg.location resource_group = data.azurerm_resource_group.rg.name web_subnet_id = module.networking.websubnet_id - db_subnet_id = module.networking.dbsubnet_id + # db_subnet_id = module.networking.dbsubnet_id lb_subnet_id = module.networking.lbsubnet_id env = local.environment } diff --git a/ops/terraform/modules/security/variables.tf b/ops/terraform/modules/security/variables.tf index f008b4f0..9c62eaba 100644 --- a/ops/terraform/modules/security/variables.tf +++ b/ops/terraform/modules/security/variables.tf @@ -3,5 +3,5 @@ variable "name" {} variable "env" {} variable "resource_group" {} variable "web_subnet_id" {} -variable "db_subnet_id" {} +# variable "db_subnet_id" {} variable "lb_subnet_id" {} \ No newline at end of file From 02c99934c68622f75a61c85069fd15d784d3d41a Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 16:21:47 -0600 Subject: [PATCH 56/69] remove path thing --- ops/terraform/modules/app_gateway/main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf index c2fd5acd..1f8e1637 100644 --- a/ops/terraform/modules/app_gateway/main.tf +++ b/ops/terraform/modules/app_gateway/main.tf @@ -55,7 +55,6 @@ resource "azurerm_application_gateway" "load_balancer" { port = 80 protocol = "Http" request_timeout = 60 - path = "/" pick_host_name_from_backend_address = true probe_name = local.static_probe_name_app } @@ -84,7 +83,6 @@ resource "azurerm_application_gateway" "load_balancer" { port = 80 protocol = "Http" request_timeout = 120 - path = "/" pick_host_name_from_backend_address = true probe_name = local.api_probe_name_app } From 5e3f960476aa2b8ec0fcb49acc0be11afe86f82c Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 15 Oct 2024 17:03:10 -0600 Subject: [PATCH 57/69] add back api to path --- ops/terraform/locals.tf | 28 +++++++++++++-------- ops/terraform/main.tf | 18 +++++++++++++ ops/terraform/modules/app_gateway/main.tf | 2 +- ops/terraform/modules/network/main.tf | 26 +++++++++---------- ops/terraform/modules/network/outputs.tf | 5 ++++ ops/terraform/modules/network/variables.tf | 1 + ops/terraform/modules/security/variables.tf | 1 + 7 files changed, 56 insertions(+), 25 deletions(-) diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index 6fc1c396..d42f56af 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -7,43 +7,49 @@ locals { dev = { dev = { vnetcidr = "10.0.0.0/16" - websubnetcidr = "10.0.1.0/24" + appsubnetcidr = "10.0.1.0/24" + websubnetcidr = "10.0.2.0/24" lbsubnetcidr = "10.0.2.0/24" } } dev2 = { dev2 = { vnetcidr = "10.2.0.0/16" - websubnetcidr = "10.2.1.0/24" - lbsubnetcidr = "10.2.2.0/24" + appsubnetcidr = "10.2.1.0/24" + websubnetcidr = "10.2.2.0/24" + lbsubnetcidr = "10.2.3.0/24" } } dev3 = { dev3 = { vnetcidr = "10.3.0.0/16" - websubnetcidr = "10.3.1.0/24" - lbsubnetcidr = "10.3.2.0/24" + appsubnetcidr = "10.3.1.0/24" + websubnetcidr = "10.3.2.0/24" + lbsubnetcidr = "10.3.3.0/24" } } dev4 = { dev4 = { vnetcidr = "10.4.0.0/16" - websubnetcidr = "10.4.1.0/24" - lbsubnetcidr = "10.4.2.0/24" + appsubnetcidr = "10.4.1.0/24" + websubnetcidr = "10.4.2.0/24" + lbsubnetcidr = "10.4.3.0/24" } } dev5 = { dev5 = { vnetcidr = "10.5.0.0/16" - websubnetcidr = "10.5.1.0/24" - lbsubnetcidr = "10.5.2.0/24" + appsubnetcidr = "10.5.1.0/24" + websubnetcidr = "10.5.2.0/24" + lbsubnetcidr = "10.5.3.0/24" } } dev6 = { dev6 = { vnetcidr = "10.6.0.0/16" - websubnetcidr = "10.6.1.0/24" - lbsubnetcidr = "10.6.2.0/24" + appsubnetcidr = "10.6.1.0/24" + websubnetcidr = "10.6.2.0/24" + lbsubnetcidr = "10.6.3.0/24" } } } \ No newline at end of file diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index b0d7ca19..a01d3c83 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -8,6 +8,22 @@ locals { } } +output "workspace" { + value = "${terraform.workspace}" +} + +output "vnetcidr" { + value = "${local.workspace["vnetcidr"]}" +} + +output "websubnetcidr" { + value = "${local.workspace["websubnetcidr"]}" +} + +output "lbsubnetcidr" { + value = "${local.workspace["lbsubnetcidr"]}" +} + ########## ## 02-network ########## @@ -19,6 +35,7 @@ module "networking" { vnetcidr = local.workspace["vnetcidr"] websubnetcidr = local.workspace["websubnetcidr"] lbsubnetcidr = local.workspace["lbsubnetcidr"] + appsubnetcidr = local.workspace["appsubnetcidr"] env = local.environment } @@ -32,6 +49,7 @@ module "securitygroup" { location = data.azurerm_resource_group.rg.location resource_group = data.azurerm_resource_group.rg.name web_subnet_id = module.networking.websubnet_id + app_subnet_id = module.networking.appsubnet_id # db_subnet_id = module.networking.dbsubnet_id lb_subnet_id = module.networking.lbsubnet_id env = local.environment diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf index 1f8e1637..ce2a5a15 100644 --- a/ops/terraform/modules/app_gateway/main.tf +++ b/ops/terraform/modules/app_gateway/main.tf @@ -159,7 +159,7 @@ resource "azurerm_application_gateway" "load_balancer" { path_rule { name = "api" - paths = ["/*", "/"] + paths = ["/api/*", "/api"] backend_address_pool_name = local.backend_address_pool_name_api backend_http_settings_name = local.http_setting_name_api // this is the default, why would we set it again? diff --git a/ops/terraform/modules/network/main.tf b/ops/terraform/modules/network/main.tf index 56cd44dc..4abef522 100644 --- a/ops/terraform/modules/network/main.tf +++ b/ops/terraform/modules/network/main.tf @@ -14,21 +14,21 @@ resource "azurerm_subnet" "web-subnet" { depends_on = [azurerm_virtual_network.vnet] } -# resource "azurerm_subnet" "app-subnet" { -# name = "${var.name}-app-subnet-${var.env}" -# virtual_network_name = azurerm_virtual_network.vnet.name -# resource_group_name = var.resource_group -# address_prefixes = [var.appsubnetcidr] +resource "azurerm_subnet" "app-subnet" { + name = "${var.name}-app-subnet-${var.env}" + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = var.resource_group + address_prefixes = [var.appsubnetcidr] -# delegation { -# name = "delegation" + delegation { + name = "delegation" -# service_delegation { -# name = "Microsoft.ContainerInstance/containerGroups" -# actions = ["Microsoft.Network/virtualNetworks/subnets/action"] -# } -# } -# } + service_delegation { + name = "Microsoft.ContainerInstance/containerGroups" + actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + } + } +} resource "azurerm_subnet" "lb-subnet" { name = "${var.name}-lb-subnet-${var.env}" diff --git a/ops/terraform/modules/network/outputs.tf b/ops/terraform/modules/network/outputs.tf index f3e6da98..c04deb55 100644 --- a/ops/terraform/modules/network/outputs.tf +++ b/ops/terraform/modules/network/outputs.tf @@ -8,6 +8,11 @@ output "websubnet_id" { description = "Id of websubnet in the network" } +output "appsubnet_id" { + value = azurerm_subnet.app-subnet.id + description = "Id of appsubnet in the network" +} + # output "dbsubnet_id" { # value = azurerm_subnet.db-subnet.id # description = "Id of dbsubnet in the network" diff --git a/ops/terraform/modules/network/variables.tf b/ops/terraform/modules/network/variables.tf index 301bbef4..d7648952 100644 --- a/ops/terraform/modules/network/variables.tf +++ b/ops/terraform/modules/network/variables.tf @@ -3,6 +3,7 @@ variable "name" {} variable "location" {} variable "vnetcidr" {} variable "websubnetcidr" {} +variable "appsubnetcidr" {} variable "lbsubnetcidr" {} # variable "dbsubnetcidr" {} variable "env" {} \ No newline at end of file diff --git a/ops/terraform/modules/security/variables.tf b/ops/terraform/modules/security/variables.tf index 9c62eaba..295e8e03 100644 --- a/ops/terraform/modules/security/variables.tf +++ b/ops/terraform/modules/security/variables.tf @@ -3,5 +3,6 @@ variable "name" {} variable "env" {} variable "resource_group" {} variable "web_subnet_id" {} +variable "app_subnet_id" {} # variable "db_subnet_id" {} variable "lb_subnet_id" {} \ No newline at end of file From f584c9051d33f2c5abf63e927b777145ac416ee9 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 08:30:59 -0600 Subject: [PATCH 58/69] revert network vars --- ops/terraform/locals.tf | 57 +++++---------------- ops/terraform/main.tf | 30 +++-------- ops/terraform/modules/app_gateway/main.tf | 4 +- ops/terraform/modules/network/outputs.tf | 8 +-- ops/terraform/modules/network/variables.tf | 2 +- ops/terraform/modules/security/variables.tf | 2 +- 6 files changed, 28 insertions(+), 75 deletions(-) diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index d42f56af..77e0cc0b 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -4,52 +4,21 @@ locals { environment = local.environment location = "eastus2" } - dev = { - dev = { + network = { + config = { vnetcidr = "10.0.0.0/16" - appsubnetcidr = "10.0.1.0/24" - websubnetcidr = "10.0.2.0/24" - lbsubnetcidr = "10.0.2.0/24" + websubnetcidr = "10.0.1.0/24" + appsubnetcidr = "10.0.2.0/24" + dbsubnetcidr = "10.0.3.0/24" + lbsubnetcidr = "10.0.4.0/24" } } - dev2 = { - dev2 = { - vnetcidr = "10.2.0.0/16" - appsubnetcidr = "10.2.1.0/24" - websubnetcidr = "10.2.2.0/24" - lbsubnetcidr = "10.2.3.0/24" - } - } - dev3 = { - dev3 = { - vnetcidr = "10.3.0.0/16" - appsubnetcidr = "10.3.1.0/24" - websubnetcidr = "10.3.2.0/24" - lbsubnetcidr = "10.3.3.0/24" - } - } - dev4 = { - dev4 = { - vnetcidr = "10.4.0.0/16" - appsubnetcidr = "10.4.1.0/24" - websubnetcidr = "10.4.2.0/24" - lbsubnetcidr = "10.4.3.0/24" - } - } - dev5 = { - dev5 = { - vnetcidr = "10.5.0.0/16" - appsubnetcidr = "10.5.1.0/24" - websubnetcidr = "10.5.2.0/24" - lbsubnetcidr = "10.5.3.0/24" - } - } - dev6 = { - dev6 = { - vnetcidr = "10.6.0.0/16" - appsubnetcidr = "10.6.1.0/24" - websubnetcidr = "10.6.2.0/24" - lbsubnetcidr = "10.6.3.0/24" - } + app = { + web_host_name = "webserver" + web_username = "web_user" + web_os_password = "@Webuser1" + app_host_name = "appserver" + app_username = "app_user" + app_os_password = "@Appuser1" } } \ No newline at end of file diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index a01d3c83..c02f8730 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -1,29 +1,10 @@ locals { - workspaces = "${merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6)}" - workspace = "${local.workspaces[terraform.workspace]}" - management_tags = { environment = local.environment resource_group = data.azurerm_resource_group.rg.name } } -output "workspace" { - value = "${terraform.workspace}" -} - -output "vnetcidr" { - value = "${local.workspace["vnetcidr"]}" -} - -output "websubnetcidr" { - value = "${local.workspace["websubnetcidr"]}" -} - -output "lbsubnetcidr" { - value = "${local.workspace["lbsubnetcidr"]}" -} - ########## ## 02-network ########## @@ -32,10 +13,11 @@ module "networking" { name = var.name location = data.azurerm_resource_group.rg.location resource_group = data.azurerm_resource_group.rg.name - vnetcidr = local.workspace["vnetcidr"] - websubnetcidr = local.workspace["websubnetcidr"] - lbsubnetcidr = local.workspace["lbsubnetcidr"] - appsubnetcidr = local.workspace["appsubnetcidr"] + vnetcidr = local.network.config.vnetcidr + websubnetcidr = local.network.config.websubnetcidr + appsubnetcidr = local.network.config.appsubnetcidr + lbsubnetcidr = local.network.config.lbsubnetcidr + dbsubnetcidr = local.network.config.dbsubnetcidr env = local.environment } @@ -50,7 +32,7 @@ module "securitygroup" { resource_group = data.azurerm_resource_group.rg.name web_subnet_id = module.networking.websubnet_id app_subnet_id = module.networking.appsubnet_id - # db_subnet_id = module.networking.dbsubnet_id + db_subnet_id = module.networking.dbsubnet_id lb_subnet_id = module.networking.lbsubnet_id env = local.environment } diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf index ce2a5a15..c2fd5acd 100644 --- a/ops/terraform/modules/app_gateway/main.tf +++ b/ops/terraform/modules/app_gateway/main.tf @@ -55,6 +55,7 @@ resource "azurerm_application_gateway" "load_balancer" { port = 80 protocol = "Http" request_timeout = 60 + path = "/" pick_host_name_from_backend_address = true probe_name = local.static_probe_name_app } @@ -83,6 +84,7 @@ resource "azurerm_application_gateway" "load_balancer" { port = 80 protocol = "Http" request_timeout = 120 + path = "/" pick_host_name_from_backend_address = true probe_name = local.api_probe_name_app } @@ -159,7 +161,7 @@ resource "azurerm_application_gateway" "load_balancer" { path_rule { name = "api" - paths = ["/api/*", "/api"] + paths = ["/*", "/"] backend_address_pool_name = local.backend_address_pool_name_api backend_http_settings_name = local.http_setting_name_api // this is the default, why would we set it again? diff --git a/ops/terraform/modules/network/outputs.tf b/ops/terraform/modules/network/outputs.tf index c04deb55..7880de2c 100644 --- a/ops/terraform/modules/network/outputs.tf +++ b/ops/terraform/modules/network/outputs.tf @@ -13,10 +13,10 @@ output "appsubnet_id" { description = "Id of appsubnet in the network" } -# output "dbsubnet_id" { -# value = azurerm_subnet.db-subnet.id -# description = "Id of dbsubnet in the network" -# } +output "dbsubnet_id" { + value = azurerm_subnet.db-subnet.id + description = "Id of dbsubnet in the network" +} output "lbsubnet_id" { value = azurerm_subnet.lb-subnet.id diff --git a/ops/terraform/modules/network/variables.tf b/ops/terraform/modules/network/variables.tf index d7648952..a01c9363 100644 --- a/ops/terraform/modules/network/variables.tf +++ b/ops/terraform/modules/network/variables.tf @@ -5,5 +5,5 @@ variable "vnetcidr" {} variable "websubnetcidr" {} variable "appsubnetcidr" {} variable "lbsubnetcidr" {} -# variable "dbsubnetcidr" {} +variable "dbsubnetcidr" {} variable "env" {} \ No newline at end of file diff --git a/ops/terraform/modules/security/variables.tf b/ops/terraform/modules/security/variables.tf index 295e8e03..6004ce0d 100644 --- a/ops/terraform/modules/security/variables.tf +++ b/ops/terraform/modules/security/variables.tf @@ -4,5 +4,5 @@ variable "env" {} variable "resource_group" {} variable "web_subnet_id" {} variable "app_subnet_id" {} -# variable "db_subnet_id" {} +variable "db_subnet_id" {} variable "lb_subnet_id" {} \ No newline at end of file From bc05ad5f28583ddde5fca68cad96908cb184f6bd Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 09:13:50 -0600 Subject: [PATCH 59/69] wipe --- .github/workflows/deploy-dev.yml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index ea16b1a2..1e83ca61 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -52,18 +52,19 @@ jobs: # docker-context-path: ./OCR/ # api-name: ocr-api - # build_frontend: - # runs-on: ubuntu-latest - # environment: dev - # steps: - # - uses: actions/checkout@v4 - # - uses: ./.github/actions/build-frontend - # name: Build front-end application - # with: - # frontend-tarball: ./frontend.tgz - # deploy-env: ${{ inputs.deploy-env }} - # frontend-path: ./frontend - # frontend-build-path: ./frontend/dist/ + build_frontend: + runs-on: ubuntu-latest + environment: dev + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/build-frontend + name: Build front-end application + with: + api-url: ${{ env.OCR_API_URL }} + frontend-tarball: ./frontend.tgz + deploy-env: ${{ inputs.deploy-env }} + frontend-path: ./frontend + frontend-build-path: ./frontend/dist/ env-setup: runs-on: ubuntu-latest From cfde56a8a6799237d75c30a14e7af3f2aad1af6d Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 09:53:47 -0600 Subject: [PATCH 60/69] wip --- .github/actions/build-frontend/action.yml | 5 ++++- .github/workflows/build-deploy-frontend.yml | 2 +- .github/workflows/deploy-dev.yml | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index 00b8f9d3..1c9ea9f2 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -13,6 +13,9 @@ inputs: frontend-build-path: description: The temporary path where build files are storaged required: true + api-endpoint: + description: The endpoint to connect the frontend to an api + required: true runs: using: composite @@ -37,7 +40,7 @@ runs: env: DEPLOY_ENV: ${{ inputs.deploy-env }} run: | - VITE_API_URL=${{ env.OCR_API_URL }} npm run build + VITE_API_URL=${{ inputs.api-endpoint }} npm run build - name: Test frontend shell: bash working-directory: ${{ inputs.frontend-path }} diff --git a/.github/workflows/build-deploy-frontend.yml b/.github/workflows/build-deploy-frontend.yml index 75a002b5..08b59912 100644 --- a/.github/workflows/build-deploy-frontend.yml +++ b/.github/workflows/build-deploy-frontend.yml @@ -25,7 +25,7 @@ jobs: - name: Install NPM packages run: npm ci - name: Build project - run: VITE_API_URL='https://reportvision-ocr-api-dev.azurewebsites.net/' npm run build + run: VITE_API_URL='https://reportvision-ocr-dev.azurewebsites.net/' npm run build - name: Run unit tests run: npm run test - name: Create client build archive diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 1e83ca61..abce4cb1 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -26,7 +26,7 @@ permissions: env: NODE_VERSION: 20 - OCR_API_URL: 'https://reportvision-ocr-api-dev.azurewebsites.net/' + OCR_API_URL: 'https://reportvision-ocr-dev.azurewebsites.net/' SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} @@ -60,7 +60,7 @@ jobs: - uses: ./.github/actions/build-frontend name: Build front-end application with: - api-url: ${{ env.OCR_API_URL }} + api-endpoint: ${{ env.OCR_API_URL }} frontend-tarball: ./frontend.tgz deploy-env: ${{ inputs.deploy-env }} frontend-path: ./frontend From d4494db201ce5afd6d0c5f9626754de61d877f88 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 14:59:47 -0600 Subject: [PATCH 61/69] clean-up for merge --- .github/actions/tf-setup/action.yml | 25 -------- .github/workflows/build-deploy-ocr.yml | 8 +-- .github/workflows/deploy-dev.yml | 81 ++++++++++++-------------- 3 files changed, 40 insertions(+), 74 deletions(-) diff --git a/.github/actions/tf-setup/action.yml b/.github/actions/tf-setup/action.yml index b2106da4..eb2b6a55 100644 --- a/.github/actions/tf-setup/action.yml +++ b/.github/actions/tf-setup/action.yml @@ -19,34 +19,10 @@ inputs: app-name: description: The name of the application being deployed in Terraform. required: true - # terraform_arm_client_id: - # description: Terraform ARM client ID - # required: true - # terraform_arm_client_secret: - # description: Terraform ARM client secret - # required: true - # terraform_arm_subscription_id: - # description: Terraform ARM subscription ID - # required: true - # terraform_arm_tenant_id: - # description: Terraform ARM tenant ID - # required: true runs: using: composite steps: - - # - name: Setup Terraform - # uses: hashicorp/setup-terraform@v3 - # - name: Terraform Init - # working-directory: ./ops/terraform/envs - # env: # all Azure interaction is through Terraform - # ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }} - # ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }} - # ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }} - # ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }} - # shell: bash - # run: make init-${{ inputs.deploy_env }} - name: Load input variables working-directory: ./ops/terraform shell: bash @@ -72,7 +48,6 @@ runs: ARM_CLIENT_ID: ${{ inputs.azure-client-id }} ARM_TENANT_ID: ${{ inputs.azure-tenant-id }} ARM_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} - # TF_ENV: ${{ steps.set-environment.outputs.tf-env }} shell: bash run: | terraform init -backend-config=config/${{ inputs.deploy-env }}.config diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index 448150e7..4dee581e 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -33,12 +33,12 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Lowercase the repo name run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Check if image exists - id: image_check - run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? + # - name: Check if image exists + # id: image_check + # run: docker manifest inspect ${{ env.REGISTRY }}/${{ env.REPO }}-ocr-api:${{ env.VERSION }} > /dev/null ; echo $? - name: Build and push Docker image id: push - if: steps.image_check.outcome == 1 + # if: steps.image_check.outcome == 1 uses: docker/build-push-action@v6 with: context: ./OCR/ diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index abce4cb1..297407ae 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,60 +1,52 @@ name: Build and deploy all of ReportVision's services to a development environment on: - push: - branches: reusable-gha-tf-deploy - # workflow_dispatch: - # inputs: - # deploy-env: - # description: 'The environment to deploy to' - # required: true - # type: choice - # options: - # - dev - # - dev2 - # - dev3 - # - dev4 - # - dev5 - # - dev6 - # ocr-version: - # description: 'Create a version for this OCR API image' - # required: true + workflow_dispatch: + inputs: + deploy-env: + description: 'The environment to deploy to' + required: true + type: choice + options: + - dev + - dev2 + - dev3 + - dev4 + - dev5 + - dev6 + ocr-version: + description: 'Create a version for this OCR API image' + required: true permissions: - id-token: write contents: read + packages: write + attestations: write + id-token: write env: NODE_VERSION: 20 OCR_API_URL: 'https://reportvision-ocr-dev.azurewebsites.net/' - SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} jobs: - build_publish_ocr: + build-publish-ocr: runs-on: ubuntu-latest - permissions: - contents: read - packages: write - attestations: write - id-token: write steps: - uses: actions/checkout@v4 - # - name: Build and Push backend - # uses: ./.github/actions/build-publish-api - # with: - # docker-registry: ghcr.io - # docker-pw: ${{ secrets.GITHUB_TOKEN }} - # docker-username: ${{ github.actor }} - # docker-tag: ${{ inputs.ocr-version }} - # dockerfile-path: ./OCR/Dockerfile - # docker-context-path: ./OCR/ - # api-name: ocr-api + - name: Build and Push backend + uses: ./.github/actions/build-publish-api + with: + docker-registry: ghcr.io + docker-pw: ${{ secrets.GITHUB_TOKEN }} + docker-username: ${{ github.actor }} + docker-tag: ${{ inputs.ocr-version }} + dockerfile-path: ./OCR/Dockerfile + docker-context-path: ./OCR/ + api-name: ocr-api - build_frontend: + build-frontend: runs-on: ubuntu-latest - environment: dev + environment: ${{ inputs.deploy-env }} steps: - uses: actions/checkout@v4 - uses: ./.github/actions/build-frontend @@ -66,10 +58,9 @@ jobs: frontend-path: ./frontend frontend-build-path: ./frontend/dist/ - env-setup: + environment-setup: runs-on: ubuntu-latest - # needs: [build_frontend, build_docker_ocr] - environment: dev2 + environment: ${{ inputs.deploy-env }} steps: - uses: actions/checkout@v4 - uses: azure/login@v2 @@ -80,8 +71,8 @@ jobs: - uses: ./.github/actions/tf-setup name: Setup this environment with Terraform with: - deploy-env: dev2 - azure-resource-group: reportvision-rg-dev2 + deploy-env: ${{ inputs.deploy-env }} + azure-resource-group: reportvision-rg-${{ inputs.deploy-env }} azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} From 61d0ffc3b9cc3c2250f657669b210ff4d226fead Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:10:01 -0600 Subject: [PATCH 62/69] tab state config files to the left --- ops/terraform/config/dev.config | 8 ++++---- ops/terraform/config/dev2.config | 8 ++++---- ops/terraform/config/dev3.config | 8 ++++---- ops/terraform/config/dev4.config | 8 ++++---- ops/terraform/config/dev5.config | 8 ++++---- ops/terraform/config/dev6.config | 8 ++++---- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/ops/terraform/config/dev.config b/ops/terraform/config/dev.config index 33871c36..aae91794 100644 --- a/ops/terraform/config/dev.config +++ b/ops/terraform/config/dev.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev.terraform.tfstate" - use_oidc = true +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev2.config b/ops/terraform/config/dev2.config index c6eec405..d88c2583 100644 --- a/ops/terraform/config/dev2.config +++ b/ops/terraform/config/dev2.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev2.terraform.tfstate" - use_oidc = true \ No newline at end of file +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev2.terraform.tfstate" +use_oidc = true \ No newline at end of file diff --git a/ops/terraform/config/dev3.config b/ops/terraform/config/dev3.config index 8dbad857..f49dff49 100644 --- a/ops/terraform/config/dev3.config +++ b/ops/terraform/config/dev3.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev3.terraform.tfstate" - use_oidc = true +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev3.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev4.config b/ops/terraform/config/dev4.config index 14bd6830..bbad19f8 100644 --- a/ops/terraform/config/dev4.config +++ b/ops/terraform/config/dev4.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev4.terraform.tfstate" - use_oidc = true +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev4.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev5.config b/ops/terraform/config/dev5.config index 9101677e..ff1eb38a 100644 --- a/ops/terraform/config/dev5.config +++ b/ops/terraform/config/dev5.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev5.terraform.tfstate" - use_oidc = true +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev5.terraform.tfstate" +use_oidc = true diff --git a/ops/terraform/config/dev6.config b/ops/terraform/config/dev6.config index c0a7cfb7..dee86db8 100644 --- a/ops/terraform/config/dev6.config +++ b/ops/terraform/config/dev6.config @@ -1,4 +1,4 @@ - storage_account_name = "tfstaterv2024" - container_name = "rv-tfstate" - key = "dev6.terraform.tfstate" - use_oidc = true +storage_account_name = "tfstaterv2024" +container_name = "rv-tfstate" +key = "dev6.terraform.tfstate" +use_oidc = true From fcdfeeb5dd0026075aa3e589432f0ccc9bbe6c14 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:11:38 -0600 Subject: [PATCH 63/69] ft fmt --- ops/terraform/locals.tf | 6 +++--- ops/terraform/main.tf | 24 ++++++++++++------------ ops/terraform/providers.tf | 2 +- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf index d42f56af..b8ae70b5 100644 --- a/ops/terraform/locals.tf +++ b/ops/terraform/locals.tf @@ -1,8 +1,8 @@ locals { - environment = "${terraform.workspace}" + environment = terraform.workspace init = { - environment = local.environment - location = "eastus2" + environment = local.environment + location = "eastus2" } dev = { dev = { diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf index 88dc80ce..f1116bc3 100644 --- a/ops/terraform/main.tf +++ b/ops/terraform/main.tf @@ -1,6 +1,6 @@ locals { - workspaces = "${merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6)}" - workspace = "${local.workspaces[terraform.workspace]}" + workspaces = merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6) + workspace = local.workspaces[terraform.workspace] management_tags = { environment = local.environment @@ -20,7 +20,7 @@ module "networking" { websubnetcidr = local.workspace["websubnetcidr"] lbsubnetcidr = local.workspace["lbsubnetcidr"] # dbsubnetcidr = local.network.config.dbsubnetcidr - env = local.environment + env = local.environment } ########## @@ -34,8 +34,8 @@ module "securitygroup" { resource_group = data.azurerm_resource_group.rg.name web_subnet_id = module.networking.websubnet_id # db_subnet_id = module.networking.dbsubnet_id - lb_subnet_id = module.networking.lbsubnet_id - env = local.environment + lb_subnet_id = module.networking.lbsubnet_id + env = local.environment } module "app_gateway" { @@ -73,13 +73,13 @@ module "storage" { ########## module "ocr_api" { - source = "./modules/app_service" - name = var.name - location = local.init.location - resource_group = data.azurerm_resource_group.rg.name - app_subnet_id = module.networking.lbsubnet_id - env = local.environment - vnet = module.networking.network_name + source = "./modules/app_service" + name = var.name + location = local.init.location + resource_group = data.azurerm_resource_group.rg.name + app_subnet_id = module.networking.lbsubnet_id + env = local.environment + vnet = module.networking.network_name } # module "compute" { diff --git a/ops/terraform/providers.tf b/ops/terraform/providers.tf index 554c8664..4148ac52 100644 --- a/ops/terraform/providers.tf +++ b/ops/terraform/providers.tf @@ -1,6 +1,6 @@ terraform { backend "azurerm" { - resource_group_name = "reportvision-rg-global" + resource_group_name = "reportvision-rg-global" } required_providers { azurerm = { From f6dfb7459dc9425fc0f0f1ca1769b214d3d95c1a Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:15:30 -0600 Subject: [PATCH 64/69] add back var in old workflow --- .github/workflows/build-deploy-ocr.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml index 82e8f4bc..9c558297 100644 --- a/.github/workflows/build-deploy-ocr.yml +++ b/.github/workflows/build-deploy-ocr.yml @@ -9,7 +9,7 @@ on: env: REGISTRY: ghcr.io - VERSION: derek-dev-combine + VERSION: ${{ inputs.tag }} jobs: @@ -20,8 +20,6 @@ jobs: packages: write attestations: write id-token: write - outputs: - result: ${{ steps.image_check.outputs.result}} steps: - name: Checkout repository uses: actions/checkout@v4 From ab6e0ea9a75513e3241091d8124d42386938f21b Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:53:13 -0600 Subject: [PATCH 65/69] gitignore tf lock --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 1390ec91..5539d88b 100644 --- a/.gitignore +++ b/.gitignore @@ -415,6 +415,7 @@ sketch ## Terraform ## .terraform +.terraform.lock.hcl *.tfplan* *.tfstate* *.tfvars From 14a75d3bdf8d09803eb0b1eb5681f155997a5bf9 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:54:51 -0600 Subject: [PATCH 66/69] gitignore tf lock --- ops/terraform/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/ops/terraform/.gitignore b/ops/terraform/.gitignore index 03815788..a50e47bc 100644 --- a/ops/terraform/.gitignore +++ b/ops/terraform/.gitignore @@ -1,4 +1,5 @@ .terraform +.terraform.lock.hcl *.tfplan* *.tfstate* *.tfvars \ No newline at end of file From c2f603f1330769e3be35e613ad5041b62faca950 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:56:00 -0600 Subject: [PATCH 67/69] gitignore tf lock --- ops/terraform/.terraform.lock.hcl | 42 ------------------------------- 1 file changed, 42 deletions(-) delete mode 100644 ops/terraform/.terraform.lock.hcl diff --git a/ops/terraform/.terraform.lock.hcl b/ops/terraform/.terraform.lock.hcl deleted file mode 100644 index 0ca4d37c..00000000 --- a/ops/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,42 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.116.0" - constraints = "~> 3.0" - hashes = [ - "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", - "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", - "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", - "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", - "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", - "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", - "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", - "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", - "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", - "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", - "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.3" - constraints = "~> 3.0" - hashes = [ - "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=", - "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", - "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", - "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", - "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", - "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", - "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", - "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", - "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", - "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", - "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", - ] -} From 0c9042e6c53c086396e217123b55acecc3c28cc9 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:58:41 -0600 Subject: [PATCH 68/69] gitignore tf lock --- ops/terraform/.gitignore | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 ops/terraform/.gitignore diff --git a/ops/terraform/.gitignore b/ops/terraform/.gitignore deleted file mode 100644 index a50e47bc..00000000 --- a/ops/terraform/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -.terraform -.terraform.lock.hcl -*.tfplan* -*.tfstate* -*.tfvars \ No newline at end of file From 9a6cbcce89577290cb82abd00e4dc85053987104 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 16 Oct 2024 15:59:55 -0600 Subject: [PATCH 69/69] gitignore tf lock --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 5539d88b..4956c4d4 100644 --- a/.gitignore +++ b/.gitignore @@ -414,8 +414,8 @@ sketch # End of https://www.toptal.com/developers/gitignore/api/react ## Terraform ## -.terraform -.terraform.lock.hcl +*.terraform +*.lock.hcl *.tfplan* *.tfstate* *.tfvars