Skip to content

Commit

Permalink
Copy source code from Azure-Samples/app-templates-Liberty-on-aks. (#1)
Browse files Browse the repository at this point in the history
  • Loading branch information
@galiacheng
galiacheng authored Apr 3, 2023
1 parent 25aef01 commit 1c9f6b0
Show file tree
Hide file tree
Showing 231 changed files with 43,513 additions and 34 deletions.
191 changes: 191 additions & 0 deletions .github/GITHUB_ACTIONS_CONFIG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
# Configuration for GitHub Actions

The newly created GitHub repo uses GitHub Actions to deploy Azure resources and application code automatically. Your subscription is accessed using an Azure Service Principal with **Contributor** and **User Access Administrator** permissions. This is an identity created for use by applications, hosted services, and automated tools to access Azure resources. Make sure your identity that runs the scripts has at least **Contributor** and **User Access Administrator**.

If you have [GitHub CLI](https://cli.github.com/) installed, the script will create GitHub Action secrets automatically. Otherwise, you have to create the secrets following steps in [set up GitHub Actions to deploy Azure applications](https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md)

## Set up configuration

Follow the steps to set up configuration:

1. Log in Azure

```bash
az login --tenant <your-tenant>
```

2. Run the setup script

```bash
cd .github/workflows

bash setup.sh
```

You are required to input values:

* Enter a disambiguation prefix
* Enter owner/reponame

Then you'll get similar output as the following content shows.

If you have no GitHub CLI installed:

```bash
$ bash setup.sh
Enter a disambiguation prefix (try initials with a sequence number, such as ejb01): test01
Enter owner/reponame (blank for upsteam of current fork): contoso/app-templates-Liberty-on-aks
Using disambiguation prefix test010307
(1/4) Checking Azure CLI status...
Azure CLI is installed and configured!
(2/4) Checking GitHub CLI status...
setup.sh: line 116: gh: command not found
Cannot use the GitHub CLI. No worries! We'll set up the GitHub secrets manually.
(3/4) Create Azure credentials test010307sp with Contributor and User Access Administrator role in subscription scope.
{
"canDelegate": null,
"condition": null,
"conditionVersion": null,
"description": null,
"id": "/subscriptions/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx/providers/Microsoft.Authorization/roleAssignments/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"name": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"principalId": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"principalType": "ServicePrincipal",
"roleDefinitionId": "/subscriptions/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"scope": "/subscriptions/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"type": "Microsoft.Authorization/roleAssignments"
}
(4/4) Create secrets in GitHub
======================MANUAL SETUP======================================
Using your Web browser to set up secrets...
Go to the GitHub repository you want to configure.
In the "settings", go to the "secrets" tab and the following secrets:
(in yellow the secret name and in green the secret value)
"AZURE_CREDENTIALS"
{
"clientId": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"clientSecret": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"subscriptionId": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"tenantId": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
"DB_PASSWORD"
Secret123!
========================================================================
Secrets configured
```
If you have GitHub CLI installed:
```bash
$ bash setup.sh
Enter a disambiguation prefix (try initials with a sequence number, such as ejb01): test02
Enter owner/reponame (blank for upsteam of current fork): contoso/app-templates-Liberty-on-aks
Using disambiguation prefix test020307
(1/4) Checking Azure CLI status...
Azure CLI is installed and configured!
(2/4) Checking GitHub CLI status...
github.com
✓ Logged in to github.com as contoso (/home/contoso/.config/gh/hosts.yml)
✓ Git operations for github.com configured to use ssh protocol.
✓ Token: gho_************************************
✓ Token scopes: admin:public_key, gist, read:org, repo
GitHub CLI is installed and configured!
(3/4) Create Azure credentials test020307sp with Contributor and User Access Administrator role in subscription scope.
{
"canDelegate": null,
"condition": null,
"conditionVersion": null,
"description": null,
"id": "/subscriptions/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx/providers/Microsoft.Authorization/roleAssignments/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"name": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"principalId": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"principalType": "ServicePrincipal",
"roleDefinitionId": "/subscriptions/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"scope": "/subscriptions/xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"type": "Microsoft.Authorization/roleAssignments"
}
(4/4) Create secrets in GitHub
Using the GitHub CLI to set secrets.
✓ Set Actions secret AZURE_CREDENTIALS for contoso/app-templates-Liberty-on-aks
"AZURE_CREDENTIALS"
{
"clientId": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"clientSecret": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"subscriptionId": "xxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx",
"tenantId": "814a03f9-f7c3-41a4-8ecc-907f2fc42a88",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
✓ Set Actions secret DB_PASSWORD for contoso/app-templates-Liberty-on-aks
Secrets configured
```
## Tear down configuration
Run the teardown script
```bash
cd .github/workflows
bash teardown.sh
```
You are required to enter values:
* Enter disambiguation prefix, which can be found in the output of setup script.
* Enter owner/reponame,
Then you'll get similar output as the following content shows.

If you have no GitHub CLI installed:

```bash
$ bash teardown.sh
Enter disambiguation prefix: test010307
Enter owner/reponame (blank for upsteam of current fork): contoso/app-templates-Liberty-on-aks
(1/3) Delete service principal test010307sp
(2/3) Checking GitHub CLI status...
teardown.sh: line 61: gh: command not found
Cannot use the GitHub CLI. No worries! We'll set up the GitHub secrets manually.
(3/3) Removing secrets...
======================MANUAL REMOVAL======================================
Using your Web browser to remove secrets...
Go to the GitHub repository you want to configure.
In the "settings", go to the "secrets" tab and remove the following secrets:
(in yellow the secret name)
"AZURE_CREDENTIALS"
"DB_PASSWORD"
========================================================================
Secrets removed
```
If you have GitHub CLI installed:
```bash
$ bash teardown.sh
Enter disambiguation prefix: test020307
Enter owner/reponame (blank for upsteam of current fork): contoso/app-templates-Liberty-on-aks
(1/3) Delete service principal test020307sp
(2/3) Checking GitHub CLI status...
github.com
✓ Logged in to github.com as contoso (/home/contoso/.config/gh/hosts.yml)
✓ Git operations for github.com configured to use ssh protocol.
✓ Token: gho_************************************
✓ Token scopes: admin:public_key, gist, read:org, repo
GitHub CLI is installed and configured!
(3/3) Removing secrets...
Using the GitHub CLI to remove secrets.
✓ Deleted Actions secret AZURE_CREDENTIALS from contoso/app-templates-Liberty-on-aks
✓ Deleted Actions secret DB_PASSWORD from contoso/app-templates-Liberty-on-aks
Secrets removed
```
159 changes: 159 additions & 0 deletions .github/workflows/setup.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
#!/usr/bin/env bash
################################################
# This script is invoked by a human who:
# - has done az login.
# - can create repository secrets in the github repo from which this file was cloned.
# - has the gh client >= 2.0.0 installed.
#
# This script initializes the repo from which this file is was cloned
# with the necessary secrets to run the workflows.
#
# Script design taken from https://github.com/microsoft/NubesGen.
#
################################################

################################################
# Set environment variables - the main variables you might want to configure.
#
DB_PASSWORD="Secret123!"
# Three letters to disambiguate names.
DISAMBIG_PREFIX=
# The location of the resource group. For example `eastus`. Leave blank to use your default location.
LOCATION=
OWNER_REPONAME=
SLEEP_VALUE=30s

# End set environment variables
################################################


set -Eeuo pipefail
trap cleanup SIGINT SIGTERM ERR EXIT

cleanup() {
trap - SIGINT SIGTERM ERR EXIT
# script cleanup here
}

setup_colors() {
if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then
NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m'
else
NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW=''
fi
}

msg() {
echo >&2 -e "${1-}"
}

setup_colors

read -r -p "Enter a disambiguation prefix (try initials with a sequence number, such as ejb01): " DISAMBIG_PREFIX

if [ "$DISAMBIG_PREFIX" == '' ] ; then
msg "${RED}You must enter a disambiguation prefix."
exit 1;
fi

echo -e "\n"

# get OWNER_REPONAME if not set at the beginning of this file
if [ "$OWNER_REPONAME" == '' ] ; then
read -r -p "Enter owner/reponame (blank for upsteam of current fork): " OWNER_REPONAME
fi

if [ -z "${OWNER_REPONAME}" ] ; then
GH_FLAGS=""
else
GH_FLAGS="--repo ${OWNER_REPONAME}"
fi

DISAMBIG_PREFIX=${DISAMBIG_PREFIX}`date +%m%d`
msg "${GREEN}Using disambiguation prefix ${DISAMBIG_PREFIX}${NOFORMAT}"

SERVICE_PRINCIPAL_NAME=${DISAMBIG_PREFIX}sp

# get default location if not set at the beginning of this file
if [ "$LOCATION" == '' ] ; then
{
az config get defaults.location --only-show-errors > /dev/null 2>&1
LOCATION_DEFAULTS_SETUP=$?
} || {
LOCATION_DEFAULTS_SETUP=0
}
# if no default location is set, fallback to "eastus"
if [ "$LOCATION_DEFAULTS_SETUP" -eq 1 ]; then
LOCATION=eastus
else
LOCATION=$(az config get defaults.location --only-show-errors | jq -r .value)
fi
fi

# Check AZ CLI status
msg "${GREEN}(1/4) Checking Azure CLI status...${NOFORMAT}"
{
az > /dev/null
} || {
msg "${RED}Azure CLI is not installed."
msg "${GREEN}Go to https://aka.ms/nubesgen-install-az-cli to install Azure CLI."
exit 1;
}
{
az account show > /dev/null
} || {
msg "${RED}You are not authenticated with Azure CLI."
msg "${GREEN}Run \"az login\" to authenticate."
exit 1;
}

msg "${YELLOW}Azure CLI is installed and configured!"

# Check GitHub CLI status
msg "${GREEN}(2/4) Checking GitHub CLI status...${NOFORMAT}"
USE_GITHUB_CLI=false
{
gh auth status && USE_GITHUB_CLI=true && msg "${YELLOW}GitHub CLI is installed and configured!"
} || {
msg "${YELLOW}Cannot use the GitHub CLI. ${GREEN}No worries! ${YELLOW}We'll set up the GitHub secrets manually."
USE_GITHUB_CLI=false
}

# Execute commands
msg "${GREEN}(3/4) Create Azure credentials ${SERVICE_PRINCIPAL_NAME} with Contributor and User Access Administrator role in subscription scope."
SUBSCRIPTION_ID=$(az account show --query id --output tsv --only-show-errors)

### AZ ACTION CREATE
AZURE_CREDENTIALS=$(az ad sp create-for-rbac --name ${SERVICE_PRINCIPAL_NAME} --role "Contributor" --scopes "/subscriptions/${SUBSCRIPTION_ID}" --sdk-auth --only-show-errors)
SP_OBJECT_ID_ARRAY=$(az ad sp list --display-name ${SERVICE_PRINCIPAL_NAME} --query "[].appId") || true
# remove whitespace
SP_OBJECT_ID_ARRAY=$(echo ${SP_OBJECT_ID_ARRAY} | xargs) || true
SP_OBJECT_ID_ARRAY=${SP_OBJECT_ID_ARRAY//[/}
SP_OBJECT_ID=${SP_OBJECT_ID_ARRAY//]/}
az role assignment create --assignee ${SP_OBJECT_ID} --role "User Access Administrator" --subscription "${SUBSCRIPTION_ID}"

msg "${GREEN}(4/4) Create secrets in GitHub"
if $USE_GITHUB_CLI; then
{
msg "${GREEN}Using the GitHub CLI to set secrets.${NOFORMAT}"
gh ${GH_FLAGS} secret set AZURE_CREDENTIALS -b"${AZURE_CREDENTIALS}"
msg "${YELLOW}\"AZURE_CREDENTIALS\""
msg "${GREEN}${AZURE_CREDENTIALS}"
gh ${GH_FLAGS} secret set DB_PASSWORD -b"${DB_PASSWORD}"
} || {
USE_GITHUB_CLI=false
}
fi
if [ $USE_GITHUB_CLI == false ]; then
msg "${NOFORMAT}======================MANUAL SETUP======================================"
msg "${GREEN}Using your Web browser to set up secrets..."
msg "${NOFORMAT}Go to the GitHub repository you want to configure."
msg "${NOFORMAT}In the \"settings\", go to the \"secrets\" tab and the following secrets:"
msg "(in ${YELLOW}yellow the secret name and${NOFORMAT} in ${GREEN}green the secret value)"
msg "${YELLOW}\"AZURE_CREDENTIALS\""
msg "${GREEN}${AZURE_CREDENTIALS}"
msg "${YELLOW}\"DB_PASSWORD\""
msg "${GREEN}${DB_PASSWORD}"
msg "${NOFORMAT}========================================================================"
fi
msg "${GREEN}Secrets configured"
Loading

0 comments on commit 1c9f6b0

Please sign in to comment.