-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update cd pipeline to deploy to microsoft.com tenant (#244)
- Loading branch information
1 parent
098617d
commit 08fe4b1
Showing
4 changed files
with
91 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,22 @@ | ||
name: "Test samples in mCCF environment" | ||
name: "deploy-test-app-samples-to-mccf" | ||
|
||
on: | ||
push: | ||
branches: [main] | ||
workflow_dispatch: | ||
|
||
permissions: | ||
id-token: write | ||
|
||
jobs: | ||
deploy: | ||
name: Managed CCF | ||
runs-on: ubuntu-20.04 | ||
environment: dev | ||
env: | ||
ccfName: mCCF${{ github.run_number }} | ||
ResourceGroupLocation: "westeurope" | ||
ccfName: ccf-app-samples-test-${{ github.run_number }} | ||
rgName: ccf-app-samples-test-${{ github.run_number }}-rg | ||
ResourceGroupLocation: "southcentralus" | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
@@ -23,7 +27,9 @@ jobs: | |
- name: Azure Login | ||
uses: Azure/[email protected] | ||
with: | ||
creds: '{"clientId":"${{ secrets.ARM_CLIENT_ID }}","clientSecret":"${{ secrets.ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.ARM_TENANT_ID }}"}' # editorconfig-checker-disable-line | ||
client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
|
||
- name: Login to GH-CR to push the updated devcontainer image | ||
uses: docker/login-action@v1 | ||
|
@@ -37,24 +43,22 @@ jobs: | |
with: | ||
inlineScript: | | ||
#!/bin/bash | ||
az group create --name ${{ env.ccfName }} --location ${{ env.ResourceGroupLocation }} | ||
az group create --name ${{ env.rgName }} --location ${{ env.ResourceGroupLocation }} | ||
- name: Deploy Managed CCF Network | ||
uses: azure/arm-deploy@v1 | ||
with: | ||
resourceGroupName: ${{ env.ccfName }} | ||
resourceGroupName: ${{ env.rgName }} | ||
template: ./deploy/arm/mccf.json | ||
parameters: ./deploy/arm/parameters.json mccfMemberBasedSecurityPrincipals="[{\"cert\":\"${{ secrets.PUBLIC_CERT }}\", \"encryptionKey\":\"\"}]" resourceName="${{ env.ccfName }}" | ||
parameters: ./deploy/arm/parameters.json mccfMemberBasedSecurityPrincipals="[{\"cert\":\"${{ secrets.ARM_TEMPLATE_PUBLIC_CERT }}\", \"encryptionKey\":\"\"}]" resourceName="${{ env.ccfName }}" | ||
|
||
- name: Deploy Banking Sample to mCCF | ||
uses: devcontainers/[email protected] | ||
with: | ||
imageName: ghcr.io/microsoft/ccf-samples-devcontainer | ||
cacheFrom: ghcr.io/microsoft/ccf-samples-devcontainer | ||
eventFilterForPush: push | ||
refFilterForPush: refs/heads/main | ||
runCmd: | | ||
cd banking-app && make test-mccf | ||
cd banking-app && make test-mccf-cd | ||
env: | | ||
PUBLIC_CERT=${{ secrets.PUBLIC_CERT }} | ||
PRIVATE_CERT=${{ secrets.PRIVATE_CERT }} | ||
|
@@ -65,7 +69,7 @@ jobs: | |
with: | ||
imageName: ghcr.io/microsoft/ccf-samples-devcontainer | ||
runCmd: | | ||
cd data-reconciliation-app && make test-mccf | ||
cd data-reconciliation-app && make test-mccf-cd | ||
env: | | ||
PUBLIC_CERT=${{ secrets.PUBLIC_CERT }} | ||
PRIVATE_CERT=${{ secrets.PRIVATE_CERT }} | ||
|
@@ -77,5 +81,5 @@ jobs: | |
with: | ||
inlineScript: | | ||
#!/bin/bash | ||
echo "Always delete resource group because of quota" | ||
az group delete --name ${{ env.ccfName }} --yes --no-wait | ||
echo "Always delete resource group because of quota limit" | ||
az group delete --name ${{ env.rgName }} --yes --no-wait |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
#!/bin/bash | ||
set -euo pipefail | ||
|
||
declare signing_cert="" | ||
declare signing_key="" | ||
|
||
function usage { | ||
echo "" | ||
echo "Open a network in mCCF and then run the tests." | ||
echo "" | ||
echo "usage: ./test_mccf.sh --address <ADDRESS> --signing-cert <CERT> --signing-key <CERT> [--interactive]" | ||
echo "" | ||
echo " --address string The address of the primary CCF node" | ||
echo " --signing-cert string The signing certificate (member0)" | ||
echo " --signing-key string The signing key (member0)" | ||
echo " --interactive boolean Optional. Run in Demo mode" | ||
echo "" | ||
} | ||
|
||
function failed { | ||
printf "💥 Script failed: %s\n\n" "$1" | ||
exit 1 | ||
} | ||
|
||
# parse parameters | ||
|
||
if [ $# -gt 7 ]; then | ||
usage | ||
exit 1 | ||
fi | ||
|
||
while [ $# -gt 0 ] | ||
do | ||
case "$1" in | ||
--address) address="$2"; shift 2;; | ||
--signing-cert) signing_cert="$2"; shift 2;; | ||
--signing-key) signing_key="$2"; shift 2;; | ||
--interactive) interactive=1; shift;; | ||
--help) usage; exit 0;; | ||
*) usage; exit 1;; | ||
esac | ||
done | ||
|
||
# validate parameters | ||
if [ -z "${signing_cert}" ]; then | ||
failed "You must supply --signing-cert" | ||
fi | ||
if [ -z "${signing_key}" ]; then | ||
failed "You must supply --signing-key" | ||
fi | ||
if [ -z "$address" ]; then | ||
failed "You must supply --address" | ||
fi | ||
|
||
# Base64 decode | ||
export PUBLIC_CERT=$(echo "${signing_cert}" | base64 --decode) | ||
export PRIVATE_CERT=$(echo "${signing_key}" | base64 --decode) | ||
../scripts/test_mccf.sh --address "${address}" --signing-cert "${PUBLIC_CERT}" --signing-key "${PRIVATE_CERT}" |