Azure IPAM Deployment & Testing #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Azure IPAM Testing | |
| # permissions: | |
| # id-token: write | |
| # contents: read | |
| run-name: Azure IPAM Deployment & Testing | |
| on: | |
| push: | |
| branches: [ github-actions ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| ACR_NAME: azureipamtest | |
| IPAM_UI_ID: ipam-ui-${{ github.run_id }}-${{ github.run_attempt }} | |
| IPAM_ENGINE_ID: ipam-engine-${{ github.run_id }}-${{ github.run_attempt }} | |
| jobs: | |
| deploy: | |
| name: Deploy Azure IPAM | |
| runs-on: ubuntu-latest | |
| outputs: | |
| ipamURL: ${{ steps.pwshScript.outputs.ipamURL }} | |
| ipamUIAppId: ${{ steps.pwshScript.outputs.ipamUIAppId }} | |
| ipamEngineAppId: ${{ steps.pwshScript.outputs.ipamEngineAppId }} | |
| ipamSuffix: ${{ steps.pwshScript.outputs.ipamSuffix }} | |
| ipamResourceGroup: ${{ steps.pwshScript.outputs.ipamResourceGroup }} | |
| steps: | |
| - run: echo "Job triggered by a ${{ github.event_name }} event from ${{ github.head_ref }} to main." | |
| - name: Install Deployment Prerequisites | |
| shell: pwsh | |
| run: | | |
| Set-PSRepository PSGallery -InstallationPolicy Trusted | |
| Install-Module Az, Microsoft.Graph, powershell-yaml -AllowClobber -Force | |
| # - name: "Azure Login" | |
| # uses: azure/login@v1 | |
| # with: | |
| # client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| # enable-AzPSSession: true | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| enable-AzPSSession: true | |
| - name: Checkout Azure IPAM Code | |
| uses: actions/checkout@v3 | |
| with: | |
| sparse-checkout: | | |
| deploy | |
| engine | |
| ui | |
| lb | |
| - name: Build Azure IPAM Containers | |
| run: | | |
| az acr build -r $ACR_NAME -t ipam-engine:${{ github.run_id }}-${{ github.run_attempt }} -f ./engine/Dockerfile.deb ./engine | |
| az acr build -r $ACR_NAME -t ipam-func:${{ github.run_id }}-${{ github.run_attempt }} -f ./engine/Dockerfile.func ./engine | |
| az acr build -r $ACR_NAME -t ipam-ui:${{ github.run_id }}-${{ github.run_attempt }} -f ./ui/Dockerfile.deb ./ui | |
| az acr build -r $ACR_NAME -t ipam-lb:${{ github.run_id }}-${{ github.run_attempt }} -f ./lb/Dockerfile ./lb | |
| - name: Update Docker-Compose YAML | |
| shell: pwsh | |
| run: | | |
| $uiContainer = "$env:ACR_NAME.azurecr.io/ipam-ui:${{ github.run_id }}-${{ github.run_attempt }}" | |
| $engineContainer = "$env:ACR_NAME.azurecr.io/ipam-engine:${{ github.run_id }}-${{ github.run_attempt }}" | |
| $lbContainer = "$env:ACR_NAME.azurecr.io/ipam-lb:${{ github.run_id }}-${{ github.run_attempt }}" | |
| $composeFile = Get-Content -Path ./docker-compose.prod.yml | |
| $composeYaml = $composeFile | ConvertFrom-Yaml | |
| $composeYaml['services']['ipam-ui'].image = $uiContainer | |
| $composeYaml['services']['ipam-engine'].image = $engineContainer | |
| $composeYaml['services']['nginx-proxy'].image = $lbContainer | |
| $composeYaml | ConvertTo-Yaml | Out-File -FilePath ./docker-compose-prod.yml | |
| Write-Host "-----------------------------------" | |
| Get-ChildItem | Select-Object Name | |
| Write-Host "-----------------------------------" | |
| $composeYaml | ConvertTo-Yaml | |
| Write-Host "-----------------------------------" | |
| Get-Content -Path ./docker-compose.prod.yml | |
| Write-Host "-----------------------------------" | |
| - name: Deploy Azure IPAM | |
| working-directory: deploy | |
| id: "pwshScript" | |
| shell: pwsh | |
| run: ./deploy.ps1 -Location "westus3" -UIAppName $Env:IPAM_UI_ID -EngineAppName $Env:IPAM_ENGINE_ID | |
| - name: "Output PowerShell Value 'ipamSuffix'" | |
| run: echo "${{ steps.pwshScript.outputs.ipamSuffix }}" | |
| - name: "Upload Logs" | |
| working-directory: logs | |
| shell: pwsh | |
| run: | | |
| $dateStamp = (Get-Date -UFormat "%Y-%m-%d_%I-%M-%S_%p").tostring() | |
| $archiveName = "ipam-${dateStamp}.zip" | |
| Compress-Archive -Pat ./* -DestinationPath /tmp/$archiveName | |
| $storage = Get-AzStorageAccount -Name "ipamghactionlogs" -ResourceGroupName "Logging-RG" | |
| $context = $storage.Context | |
| $uploadDetails = @{ | |
| File = "/tmp/$archiveName" | |
| Container = "deploy-logs" | |
| Blob = $archiveName | |
| Context = $context | |
| StandardBlobTier = "Hot" | |
| } | |
| Set-AzStorageBlobContent @uploadDetails | |
| - run: echo "${{ github.job }} status is ${{ job.status }}." | |
| sleep: | |
| name: Sleep for 5 Minutes | |
| runs-on: ubuntu-latest | |
| needs: deploy | |
| steps: | |
| - name: Test Sleepy Time | |
| run: | | |
| echo "Time: $(date +'%T')" | |
| echo "Sleeping for 30 seconds" | |
| sleep 30 | |
| echo "Time: $(date +'%T')" | |
| test: | |
| name: Test Azure IPAM via Pester | |
| runs-on: ubuntu-latest | |
| needs: [ deploy, sleep ] | |
| steps: | |
| - name: Install Testing Prerequisites | |
| shell: pwsh | |
| run: | | |
| Set-PSRepository PSGallery -InstallationPolicy Trusted | |
| Install-Module Az, Pester -AllowClobber -Force | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| enable-AzPSSession: true | |
| - name: Checkout Azure IPAM Code | |
| uses: actions/checkout@v3 | |
| with: | |
| sparse-checkout: | | |
| tests | |
| - name: Invoke Pester Tests | |
| working-directory: tests | |
| env: | |
| IPAM_RESOURCE_GROUP: ${{ needs.deploy.outputs.ipamResourceGroup }} | |
| IPAM_URL: ${{ needs.deploy.outputs.ipamURL }} | |
| IPAM_ENGINE_APP_ID: ${{ needs.deploy.outputs.ipamEngineAppId }} | |
| shell: pwsh | |
| run: | | |
| Import-Module Pester -PassThru | |
| Invoke-Pester -Output Detailed ./azureipam.tests.ps1 -PassThru | |
| cleanup: | |
| name: Cleanup Azure IPAM Deployment | |
| runs-on: ubuntu-latest | |
| needs: [ deploy, sleep, test ] | |
| steps: | |
| - name: Install Deployment Prerequisites | |
| shell: pwsh | |
| run: | | |
| Set-PSRepository PSGallery -InstallationPolicy Trusted | |
| Install-Module Az -AllowClobber -Force | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| enable-AzPSSession: true | |
| - name : Cleanup Azure IPAM Deployment | |
| shell: pwsh | |
| run: | | |
| $tenantId = (Get-AzContext).Tenant.Id | |
| $scope = "/providers/Microsoft.Management/managementGroups/$TenantId" | |
| $uiApp = Get-AzADApplication -ApplicationId ${{ needs.deploy.outputs.ipamUIAppId }} | |
| $engineApp = Get-AzADApplication -ApplicationId ${{ needs.deploy.outputs.ipamEngineAppId }} | |
| Remove-AzResourceGroup -Name ${{ needs.deploy.outputs.ipamResourceGroup }} -Force | |
| Remove-AzRoleAssignment -ObjectId $engineApp.ObjectId -Scope $scope -RoleDefinitionName Reader | |
| $uiApp | Remove-AzADApplication | |
| $engineApp | Remove-AzADApplication | |
| - name: "Remove Azure IPAM Containers" | |
| run: | | |
| az acr repository delete -r $ACR_NAME -n ipam-engine | |
| az acr repository delete -r $ACR_NAME -n ipam-func | |
| az acr repository delete -r $ACR_NAME -n ipam-ui | |
| az acr repository delete -r $ACR_NAME -n ipam-lb |