Deploy Control Plane by @cloudcosmonaut #21

Workflow file for this run

.github/workflows/01-deploy-control-plane.yaml at cacd0e3

	# /*---------------------------------------------------------------------------8
	# \| \|
	# \| This workflows deploys the control plane with GitHub Actions \|
	# \| \|
	# +------------------------------------4--------------------------------------*/

	name: Deploy Control Plane
	run-name: Deploy Control Plane by @${{ github.actor }}
	on:
	workflow_dispatch:
	inputs:
	deployer:
	description: "Select the deployer you created"
	required: true
	type: environment
	library:
	default: MGMT-NOEU-SAP_LIBRARY
	description: "Select the SAP Library to deploy"
	type: choice
	options:
	- ACC-NOEU-SAP_LIBRARY
	use_webapp:
	default: true
	description: Deploy the configuration web application infrastructure
	type: boolean
	# deploy_webapp_software:
	# default: true
	# description: "Deploy the configuration web application software"
	# type: boolean
	force_reset:
	default: false
	description: Force a re-install - may require multiple re-runs
	type: boolean
	permissions:
	contents: write
	id-token: write
	issues: write
	jobs:
	setup_deployer:
	name: Prepare the self hosted runners(s)
	environment: ${{ inputs.deployer }}
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/xpiritbv/azure-sap-automation:github-workflow
	steps:
	- name: Checkout the code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	# Required permissions: org level runner registration permissions
	- name: Get app token
	id: get_workflow_token
	uses: peter-murray/workflow-application-token-action@v3
	with:
	application_id: ${{ secrets.APPLICATION_ID }}
	application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
	organization: ${{ github.repository_owner }}
	- name: Azure Login
	uses: Azure/Login@v2
	with:
	creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
	- name: Setup deployer
	run: \|
	echo '${{ toJSON(github) }}' > /tmp/github_context.json
	cd ${SAP_AUTOMATION_REPO_PATH}
	deploy/automation/01-deploy-control-plane/01-setup-deployer.sh
	env:
	APP_REGISTRATION_APP_ID: ${{ secrets.APP_REGISTRATION_APP_ID }}
	APP_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
	ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
	CONFIG_REPO_PATH: ${{ github.workspace }}/WORKSPACES
	SAP_AUTOMATION_REPO_PATH: /source
	WEB_APP_CLIENT_SECRET: ${{ secrets.WEB_APP_CLIENT_SECRET }}
	deployerconfig: ${{ inputs.deployer }}.tfvars
	deployerfolder: ${{ inputs.deployer }}
	force_reset: ${{ inputs.force_reset }}
	libraryconfig: ${{ inputs.library }}.tfvars
	libraryfolder: ${{ inputs.library }}
	use_webapp: ${{ inputs.use_webapp }}
	deploy_controlplane:
	name: Deploy the control plane
	environment: ${{ inputs.deployer }}
	needs: setup_deployer
	runs-on: self-hosted
	container:
	image: ghcr.io/xpiritbv/azure-sap-automation:github-workflow
	steps:
	- name: Checkout the code
	uses: actions/checkout@v4
	# Required permissions: org level runner registration permissions
	- name: Get app token
	id: get_workflow_token
	uses: peter-murray/workflow-application-token-action@v3
	with:
	application_id: ${{ secrets.APPLICATION_ID }}
	application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
	organization: ${{ github.repository_owner }}
	- name: Azure Login
	uses: Azure/Login@v1
	with:
	creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
	- uses: flcdrg/get-azure-app-configuration-action@v2
	id: get-app-configuration
	with:
	resourceGroup: ${{ vars.APP_CONFIGURATION_RESOURCE_GROUP }}
	appConfigurationName: ${{ vars.APP_CONFIGURATION_NAME }}
	labelFilter: ${{ inputs.deployer }}
	- name: Deploy control plane
	run: \|
	echo '${{ toJSON(github) }}' > /tmp/github_context.json
	cd ${SAP_AUTOMATION_REPO_PATH}
	deploy/automation/01-deploy-control-plane/02-deploy-control-plane.sh
	env:
	APP_REGISTRATION_APP_ID: ${{ secrets.APP_REGISTRATION_APP_ID }}
	APP_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
	CONFIG_REPO_PATH: ${{ github.workspace }}/WORKSPACES
	SAP_AUTOMATION_REPO_PATH: /source
	CP_ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
	CP_ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
	CP_ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	CP_ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
	WEB_APP_CLIENT_SECRET: ${{ secrets.WEB_APP_CLIENT_SECRET }}
	deployerconfig: ${{ inputs.deployer }}.tfvars
	deployerfolder: ${{ inputs.deployer }}
	libraryconfig: ${{ inputs.library }}.tfvars
	libraryfolder: ${{ inputs.library }}
	use_webapp: ${{ inputs.use_webapp }}
	web_app_deployment:
	if: ${{ inputs.use_webapp }}
	name: Deploy SAP configuration Web App
	environment: ${{ inputs.deployer }}
	needs: deploy_controlplane
	runs-on: self-hosted
	container:
	image: ghcr.io/xpiritbv/azure-sap-automation:github-workflow
	steps:
	- name: Checkout the code
	uses: actions/checkout@v4
	- name: Azure Login
	uses: Azure/Login@v1
	with:
	creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
	- uses: flcdrg/get-azure-app-configuration-action@v2
	id: get-app-configuration
	with:
	resourceGroup: ${{ vars.APP_CONFIGURATION_RESOURCE_GROUP }}
	appConfigurationName: ${{ vars.APP_CONFIGURATION_NAME }}
	labelFilter: ${{ inputs.deployer }}
	- name: Build the Configuration Web Application
	run: dotnet build Webapp/SDAF/*.csproj
	- name: Publish the Configuration Web Application
	run: \|
	dotnet publish Webapp/*/.csproj \
	--configuration Release \
	--nologo \
	--output WebApp
	- name: Deploy the Configuration Web Application
	uses: azure/webapps-deploy@v2
	with:
	app-name: ${{ env.webapp_url_base }}
	package: WebApp
	#publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
	# - uses: azure/appservice-settings@v1
	# with:
	# app-name: "my-app"
	# slot-name: "staging" # Optional and needed only if the settings have to be configured on the specific deployment slot
	# app-settings-json: "${{ secrets.APP_SETTINGS }}"
	# appSettings: '-CollectionUri $(System.CollectionUri)
	# -ProjectName "$(System.TeamProject)"
	# -RepositoryId $(Build.Repository.ID)
	# -SourceBranch "$(Build.SourceBranchName)"
	# -WORKLOADZONE_PIPELINE_ID $(WORKLOADZONE_PIPELINE_ID)
	# -SYSTEM_PIPELINE_ID $(SYSTEM_PIPELINE_ID)
	# -SAP_INSTALL_PIPELINE_ID $(SAP_INSTALL_PIPELINE_ID)
	# -SDAF_GENERAL_GROUP_ID $(SDAF_GENERAL_GROUP_ID)
	# -IS_PIPELINE_DEPLOYMENT true
	# -CONTROLPLANE_ENV $(ControlPlaneEnvironment)
	# -CONTROLPLANE_LOC $(ControlPlaneLocation)'
	- name: Configure Web Application Authentication
	run: \|
	echo "Configure the Web Application authentication using the following script." >> "Web Application Configuration.md"
	echo "\`\`\`bash" >> "Web Application Configuration.md"
	echo "az ad app update --id ${{ secrets.APP_REGISTRATION_APP_ID }} \\" >> "Web Application Configuration.md"
	echo " --web-home-page-url https://${{ env.webapp_url_base }}.azurewebsites.net \\" >> "Web Application Configuration.md"
	echo " --web-redirect-uris https://${{ env.webapp_url_base }}.azurewebsites.net/ https://${{ env.webapp_url_base }}.azurewebsites.net/.auth/login/aad/callback" >> "Web Application Configuration.md"
	echo "" >> "Web Application Configuration.md"
	echo "az role assignment create \\" >> "Web Application Configuration.md"
	echo " --assignee ${{ env.webapp_identity }} \\" >> "Web Application Configuration.md"
	echo " --role reader \\" >> "Web Application Configuration.md"
	echo " --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} \\" >> "Web Application Configuration.md"
	echo " --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.resourcegroup_name }}" >> "Web Application Configuration.md"
	echo "" >> "Web Application Configuration.md"
	echo "az webapp restart \\" >> "Web Application Configuration.md"
	echo " --resource-group ${{ env.resourcegroup_name }} \\" >> "Web Application Configuration.md"
	echo " --name ${{ env.webapp_url_base }}" >> "Web Application Configuration.md"
	echo "" >> "Web Application Configuration.md"
	echo "\`\`\`" >> "Web Application Configuration.md"
	echo "[Access the Web App](https://${{ env.webapp_url_base }}.azurewebsites.net)" >> "Web Application Configuration.md"
	echo "" >> "Web Application Configuration.md"
	cat "Web Application Configuration.md" > $GITHUB_STEP_SUMMARY
	- uses: actions/upload-artifact@v4
	with:
	name: "web-application-configuration-${{ github.run_number }}-${{ github.run_attempt }}"
	path: "Web Application Configuration.md"
	- name: Create GitHub issue
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	git config --global --add safe.directory ${GITHUB_WORKSPACE}
	gh label create setup-webapp -c 00FF00 -d "Label for issues related to the setup of the configuration web application" --force
	gh issue create -t "Configure the Web Application authentication" -F "Web Application Configuration.md" -l "setup-webapp"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy Control Plane by @cloudcosmonaut #21

Workflow file

Deploy Control Plane by @cloudcosmonaut #21

Jobs

Run details

Workflow file for this run