Skip to content

Commit

Permalink
Update cd pipeline to deploy to microsoft.com tenant (#244)
Browse files Browse the repository at this point in the history
  • Loading branch information
msftsettiy authored Nov 17, 2023
1 parent 098617d commit 08fe4b1
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 13 deletions.
30 changes: 17 additions & 13 deletions .github/workflows/cd.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,22 @@
name: "Test samples in mCCF environment"
name: "deploy-test-app-samples-to-mccf"

on:
push:
branches: [main]
workflow_dispatch:

permissions:
id-token: write

jobs:
deploy:
name: Managed CCF
runs-on: ubuntu-20.04
environment: dev
env:
ccfName: mCCF${{ github.run_number }}
ResourceGroupLocation: "westeurope"
ccfName: ccf-app-samples-test-${{ github.run_number }}
rgName: ccf-app-samples-test-${{ github.run_number }}-rg
ResourceGroupLocation: "southcentralus"
steps:
- name: Checkout repository
uses: actions/checkout@v3
Expand All @@ -23,7 +27,9 @@ jobs:
- name: Azure Login
uses: Azure/[email protected]
with:
creds: '{"clientId":"${{ secrets.ARM_CLIENT_ID }}","clientSecret":"${{ secrets.ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.ARM_TENANT_ID }}"}' # editorconfig-checker-disable-line
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Login to GH-CR to push the updated devcontainer image
uses: docker/login-action@v1
Expand All @@ -37,24 +43,22 @@ jobs:
with:
inlineScript: |
#!/bin/bash
az group create --name ${{ env.ccfName }} --location ${{ env.ResourceGroupLocation }}
az group create --name ${{ env.rgName }} --location ${{ env.ResourceGroupLocation }}
- name: Deploy Managed CCF Network
uses: azure/arm-deploy@v1
with:
resourceGroupName: ${{ env.ccfName }}
resourceGroupName: ${{ env.rgName }}
template: ./deploy/arm/mccf.json
parameters: ./deploy/arm/parameters.json mccfMemberBasedSecurityPrincipals="[{\"cert\":\"${{ secrets.PUBLIC_CERT }}\", \"encryptionKey\":\"\"}]" resourceName="${{ env.ccfName }}"
parameters: ./deploy/arm/parameters.json mccfMemberBasedSecurityPrincipals="[{\"cert\":\"${{ secrets.ARM_TEMPLATE_PUBLIC_CERT }}\", \"encryptionKey\":\"\"}]" resourceName="${{ env.ccfName }}"

- name: Deploy Banking Sample to mCCF
uses: devcontainers/[email protected]
with:
imageName: ghcr.io/microsoft/ccf-samples-devcontainer
cacheFrom: ghcr.io/microsoft/ccf-samples-devcontainer
eventFilterForPush: push
refFilterForPush: refs/heads/main
runCmd: |
cd banking-app && make test-mccf
cd banking-app && make test-mccf-cd
env: |
PUBLIC_CERT=${{ secrets.PUBLIC_CERT }}
PRIVATE_CERT=${{ secrets.PRIVATE_CERT }}
Expand All @@ -65,7 +69,7 @@ jobs:
with:
imageName: ghcr.io/microsoft/ccf-samples-devcontainer
runCmd: |
cd data-reconciliation-app && make test-mccf
cd data-reconciliation-app && make test-mccf-cd
env: |
PUBLIC_CERT=${{ secrets.PUBLIC_CERT }}
PRIVATE_CERT=${{ secrets.PRIVATE_CERT }}
Expand All @@ -77,5 +81,5 @@ jobs:
with:
inlineScript: |
#!/bin/bash
echo "Always delete resource group because of quota"
az group delete --name ${{ env.ccfName }} --yes --no-wait
echo "Always delete resource group because of quota limit"
az group delete --name ${{ env.rgName }} --yes --no-wait
7 changes: 7 additions & 0 deletions banking-app/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,13 @@ test-mccf: build ## 🧪 Test the Banking Application in a Managed CCF environme
$(call check_defined, PRIVATE_CERT)
@. ../scripts/test_mccf.sh --address "${CCF_NAME}.confidential-ledger.azure.com" --signing-cert "${PUBLIC_CERT}" --signing-key "${PRIVATE_CERT}"

test-mccf-cd: build ## 🧪 Test the Banking Application in a Managed CCF environment
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, CCF_NAME)
$(call check_defined, PUBLIC_CERT)
$(call check_defined, PRIVATE_CERT)
@. ../scripts/test_mccf-cd.sh --address "${CCF_NAME}.confidential-ledger.azure.com" --signing-cert "${PUBLIC_CERT}" --signing-key "${PRIVATE_CERT}"

# Run sandbox. Consider 3 members as 3 banks.
# This is used in the demo scripts
start-host: build ## 🏁 Start the CCF Sandbox for the demo
Expand Down
9 changes: 9 additions & 0 deletions data-reconciliation-app/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,15 @@ test-mccf: build ## 🧪 Test the Data Reconciliation Application in a Managed C
$(call check_defined, PRIVATE_CERT)
@. ../scripts/test_mccf.sh --address "${CCF_NAME}.confidential-ledger.azure.com" --signing-cert "${PUBLIC_CERT}" --signing-key "${PRIVATE_CERT}"

## This command is called from the Github workflow.
## PUBLIC_CERT and PRIVATE_CERT are base64 encoded.
test-mccf-cd: build ## 🧪 Test the Data Reconciliation Application in a Managed CCF environment
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, CCF_NAME)
$(call check_defined, PUBLIC_CERT)
$(call check_defined, PRIVATE_CERT)
@. ../scripts/test_mccf-cd.sh --address "${CCF_NAME}.confidential-ledger.azure.com" --signing-cert "${PUBLIC_CERT}" --signing-key "${PRIVATE_CERT}"

unit-test: ## 🧪 Unit Test the Application
@echo -e "\e[34m$@\e[0m" || true
@npm run unit-test
Expand Down
58 changes: 58 additions & 0 deletions scripts/test_mccf-cd.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/bin/bash
set -euo pipefail

declare signing_cert=""
declare signing_key=""

function usage {
echo ""
echo "Open a network in mCCF and then run the tests."
echo ""
echo "usage: ./test_mccf.sh --address <ADDRESS> --signing-cert <CERT> --signing-key <CERT> [--interactive]"
echo ""
echo " --address string The address of the primary CCF node"
echo " --signing-cert string The signing certificate (member0)"
echo " --signing-key string The signing key (member0)"
echo " --interactive boolean Optional. Run in Demo mode"
echo ""
}

function failed {
printf "💥 Script failed: %s\n\n" "$1"
exit 1
}

# parse parameters

if [ $# -gt 7 ]; then
usage
exit 1
fi

while [ $# -gt 0 ]
do
case "$1" in
--address) address="$2"; shift 2;;
--signing-cert) signing_cert="$2"; shift 2;;
--signing-key) signing_key="$2"; shift 2;;
--interactive) interactive=1; shift;;
--help) usage; exit 0;;
*) usage; exit 1;;
esac
done

# validate parameters
if [ -z "${signing_cert}" ]; then
failed "You must supply --signing-cert"
fi
if [ -z "${signing_key}" ]; then
failed "You must supply --signing-key"
fi
if [ -z "$address" ]; then
failed "You must supply --address"
fi

# Base64 decode
export PUBLIC_CERT=$(echo "${signing_cert}" | base64 --decode)
export PRIVATE_CERT=$(echo "${signing_key}" | base64 --decode)
../scripts/test_mccf.sh --address "${address}" --signing-cert "${PUBLIC_CERT}" --signing-key "${PRIVATE_CERT}"

0 comments on commit 08fe4b1

Please sign in to comment.