Skip to content

Remove contributer role from CS Managed Identity #127

Remove contributer role from CS Managed Identity

Remove contributer role from CS Managed Identity #127

Workflow file for this run

---
name: ARO HCP Continuous Deployment
env:
DEPLOY_ENV: dev
PERSIST: true
SKIP_CONFIRM: true
on:
workflow_dispatch:
pull_request:
branches:
- main
paths:
- '.github/workflows/aro-hcp-cd.yml'
- '.github/workflows/environment-infra-cd.yml'
- '.github/workflows/services-cd.yml'
- '.github/workflows/services-ci.yml'
- 'config/config.yaml'
- 'dev-infrastructure/**/*.bicep'
- 'dev-infrastructure/**/*.bicepparam'
- 'dev-infrastructure/configurations/*'
- 'frontend/**'
- 'backend/**'
- 'cluster-service/**'
- 'internal/**'
- 'maestro/**'
- 'pko/**'
- 'acm/**'
- 'hypershiftoperator/**'
- 'image-sync/**/'
- 'tooling/image-sync/**'
- 'tooling/templatize/**'
- 'config/*'
types:
- opened
- synchronize
- reopened
- closed
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
is_running_on_fork:
name: 'Ensure PR is submitted from Azure/ARO-HCP'
if: github.event_name != 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- name: Fail if PR submitted from fork
if: ${{ github.event.pull_request.head.repo.full_name != 'Azure/ARO-HCP' }}
run: core.setFailed('Expected source repository to be Azure/ARO-HCP, re-create PR as a branch of Azure/ARO-HCP')
deploy_global_rg:
name: 'Deploy global resources'
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
permissions:
id-token: 'write'
contents: 'read'
env:
DEPLOY_ENV: dev
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: "install azure-cli"
uses: "Azure/ARO-HCP@main"
- name: 'Az CLI login'
uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: 'Deploy'
run: |
cd dev-infrastructure/
# Manage ACR
make acr-svc acr-ocp
deploy_image_sync_rg:
name: 'Deploy Image Sync'
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
needs:
- deploy_global_rg
permissions:
id-token: 'write'
contents: 'read'
env:
DEPLOY_ENV: dev
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: "install azure-cli"
uses: "Azure/ARO-HCP@main"
- name: 'Az CLI login'
uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: 'Deploy'
run: |
cd dev-infrastructure/
make imagesync
service_ci:
name: 'Build service images'
permissions:
id-token: 'write'
contents: 'read'
secrets: inherit
uses: ./.github/workflows/services-ci.yml
with:
push: ${{ github.event.pull_request.merged == true }}
deploy_dev_environment_infra:
name: 'Deploy integrated DEV infrastructure'
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
needs:
- deploy_global_rg
permissions:
id-token: 'write'
contents: 'read'
secrets: inherit
uses: ./.github/workflows/environment-infra-cd.yml
with:
deploy_env: dev
deploy_dev_environment_services:
name: 'Deploy services to integrated DEV'
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
needs:
- service_ci
- deploy_dev_environment_infra
permissions:
id-token: 'write'
contents: 'read'
secrets: inherit
uses: ./.github/workflows/services-cd.yml
with:
deploy_env: dev
# CS PR env deployment disabled during testing
deploy_cs_pr_environment_infra:
name: 'Deploy CS PR infrastructure'
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
needs:
- deploy_global_rg
permissions:
id-token: 'write'
contents: 'read'
secrets: inherit
uses: ./.github/workflows/environment-infra-cd.yml
with:
deploy_env: cs-pr
deploy_cs_pr_check_deps: true
deploy_cs_pr_environment_services:
name: 'Deploy services to CS PR'
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
needs:
- service_ci
- deploy_cs_pr_environment_infra
permissions:
id-token: 'write'
contents: 'read'
secrets: inherit
uses: ./.github/workflows/services-cd.yml
with:
deploy_env: cs-pr
deploy_cs_pr_check_deps: true