diff --git a/.github/workflows/aro-hcp-dev-env-cd.yml b/.github/workflows/aro-hcp-dev-env-cd.yml index 0103663ee..ffba0948e 100644 --- a/.github/workflows/aro-hcp-dev-env-cd.yml +++ b/.github/workflows/aro-hcp-dev-env-cd.yml @@ -153,7 +153,7 @@ PRINCIPAL_ID=${{ secrets.GHA_PRINCIPAL_ID }} make svc svc.aks.admin-access svc.enable-aks-metrics # grant GH action user access to resources - PRINCIPAL_ID=${{ secrets.GHA_PRINCIPAL_ID }} make svc.dev-role-assignments + # PRINCIPAL_ID=${{ secrets.GHA_PRINCIPAL_ID }} make svc.dev-role-assignments deploy_management_cluster_rg: #if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' diff --git a/.github/workflows/aro-hcp-dev-what-if.yml b/.github/workflows/aro-hcp-dev-what-if.yml index 703d114b7..5013b9197 100644 --- a/.github/workflows/aro-hcp-dev-what-if.yml +++ b/.github/workflows/aro-hcp-dev-what-if.yml @@ -2,6 +2,7 @@ name: ARO HCP Integrated DEV Bicep What-If env: DEPLOY_ENV: dev + DEPLOYMENT_NAME_SUFFIX: "-dev-${GITHUB_RUN_ID}" on: pull_request: branches: diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile index da8538796..f90ba7051 100644 --- a/dev-infrastructure/Makefile +++ b/dev-infrastructure/Makefile @@ -11,11 +11,15 @@ endif MGMT_KUBECONFIG_FILE ?= ${HOME}/.kube/${MGMT_RESOURCEGROUP}.kubeconfig SVC_KUBECONFIG_FILE ?= ${HOME}/.kube/${SVC_RESOURCEGROUP}.kubeconfig -MGMG_RG_DEPLOYMENT_NAME ?= "mgmt" -SVC_RG_DEPLOYMENT_NAME ?= "svc" -IMAGE_SYNC_RG_DEPLOYMENT_NAME ?= "image-sync" -REGIONAL_RG_DEPLOYMENT_NAME ?= "region" -METRICS_INFRA_RG_DEPLOYMENT_NAME ?= "metrics-infra" + +DEPLOYMENT_NAME_SUFFIX ?= +GLOBAL_RG_DEPLOYMENT_NAME ?= "global${DEPLOYMENT_NAME_SUFFIX}" +MGMG_RG_DEPLOYMENT_NAME ?= "mgmt${DEPLOYMENT_NAME_SUFFIX}" +SVC_RG_DEPLOYMENT_NAME ?= "svc${DEPLOYMENT_NAME_SUFFIX}" +IMAGE_SYNC_RG_DEPLOYMENT_NAME ?= "image-sync${DEPLOYMENT_NAME_SUFFIX}" +REGIONAL_RG_DEPLOYMENT_NAME ?= "region${DEPLOYMENT_NAME_SUFFIX}" +METRICS_INFRA_RG_DEPLOYMENT_NAME ?= "metrics-infra${DEPLOYMENT_NAME_SUFFIX}" +ROLE_ASSIGNMENTS_DEPLOYMENT_NAME ?= "role-assignments${DEPLOYMENT_NAME_SUFFIX}" list: @grep '^[^#[:space:]].*:' Makefile @@ -165,7 +169,7 @@ region.clean: region.what-if: region.wait regional.rg az deployment group what-if \ - --name "region" \ + --name $(REGIONAL_RG_DEPLOYMENT_NAME) \ --resource-group $(REGIONAL_RESOURCEGROUP) \ --template-file templates/region.bicep \ --parameters \ @@ -191,7 +195,7 @@ svc.wait: svc: svc.wait svc.rg cleanup-orphaned-rolebindings az deployment group create \ - --name "svc" \ + --name $(SVC_RG_DEPLOYMENT_NAME) \ --resource-group $(SVC_RESOURCEGROUP) \ --template-file templates/svc-cluster.bicep \ $(PROMPT_TO_CONFIRM) \ @@ -229,7 +233,7 @@ svc.init: region svc svc.aks.admin-access svc.aks.kubeconfig metrics-infra svc.e svc.what-if: svc.rg az deployment group what-if \ - --name "svc" \ + --name $(SVC_RG_DEPLOYMENT_NAME) \ --resource-group $(SVC_RESOURCEGROUP) \ --template-file templates/svc-cluster.bicep \ --parameters \ @@ -237,9 +241,9 @@ svc.what-if: svc.rg .PHONY: svc.what-if svc.dev-role-assignments: - @./ensure-no-running-deployment.sh $(SVC_RESOURCEGROUP) svc-roleassigns + @./ensure-no-running-deployment.sh $(SVC_RESOURCEGROUP) ${ROLE_ASSIGNMENTS_DEPLOYMENT_NAME} az deployment group create \ - --name svc-roleassigns \ + --name ${ROLE_ASSIGNMENTS_DEPLOYMENT_NAME} \ --resource-group "${SVC_RESOURCEGROUP}" \ --template-file templates/dev-roleassignments.bicep \ --parameters configurations/dev-role-assignments.bicepparam \ @@ -309,7 +313,7 @@ mgmt.init: region mgmt mgmt.aks.admin-access mgmt.aks.kubeconfig metrics-infra m mgmt.what-if: mgmt.rg az deployment group what-if \ - --name "mgmt" \ + --name $(MGMG_RG_DEPLOYMENT_NAME) \ --resource-group $(MGMT_RESOURCEGROUP) \ --template-file templates/mgmt-cluster.bicep \ --parameters \ @@ -334,9 +338,9 @@ global.rg: .PHONY: global.rg acr: global.rg - @./ensure-no-running-deployment.sh $(GLOBAL_RESOURCEGROUP) acr + @./ensure-no-running-deployment.sh $(GLOBAL_RESOURCEGROUP) ${GLOBAL_RG_DEPLOYMENT_NAME}-acr az deployment group create \ - --name "acr" \ + --name ${GLOBAL_RG_DEPLOYMENT_NAME}-acr \ --resource-group $(GLOBAL_RESOURCEGROUP) \ --template-file templates/dev-acr.bicep \ $(PROMPT_TO_CONFIRM) \ @@ -346,7 +350,7 @@ acr: global.rg acr.what-if: global.rg az deployment group what-if \ - --name "acr" \ + --name ${GLOBAL_RG_DEPLOYMENT_NAME}-acr \ --resource-group $(GLOBAL_RESOURCEGROUP) \ --template-file templates/dev-acr.bicep \ --parameters \ @@ -354,9 +358,9 @@ acr.what-if: global.rg .PHONY: acr.what-if acr-svc: global.rg - @./ensure-no-running-deployment.sh $(GLOBAL_RESOURCEGROUP) acr-svc + @./ensure-no-running-deployment.sh $(GLOBAL_RESOURCEGROUP) ${GLOBAL_RG_DEPLOYMENT_NAME}-acr-svc az deployment group create \ - --name "acr-svc" \ + --name ${GLOBAL_RG_DEPLOYMENT_NAME}-acr-svc \ --resource-group $(GLOBAL_RESOURCEGROUP) \ --template-file templates/dev-acr.bicep \ $(PROMPT_TO_CONFIRM) \ @@ -366,7 +370,7 @@ acr-svc: global.rg acr-svc.what-if: global.rg az deployment group what-if \ - --name "acr-svc" \ + --name ${GLOBAL_RG_DEPLOYMENT_NAME}-acr-svc \ --resource-group $(GLOBAL_RESOURCEGROUP) \ --template-file templates/dev-acr.bicep \ --parameters \ @@ -374,9 +378,9 @@ acr-svc.what-if: global.rg .PHONY: acr-svc.what-if acr-ocp: global.rg - @./ensure-no-running-deployment.sh $(GLOBAL_RESOURCEGROUP) acr-ocp + @./ensure-no-running-deployment.sh $(GLOBAL_RESOURCEGROUP) ${GLOBAL_RG_DEPLOYMENT_NAME}-acr-ocp az deployment group create \ - --name "acr-ocp" \ + --name ${GLOBAL_RG_DEPLOYMENT_NAME}-acr-ocp \ --resource-group $(GLOBAL_RESOURCEGROUP) \ --template-file templates/dev-acr.bicep \ $(PROMPT_TO_CONFIRM) \ @@ -386,7 +390,7 @@ acr-ocp: global.rg acr-ocp.what-if: global.rg az deployment group what-if \ - --name "acr-ocp" \ + --name ${GLOBAL_RG_DEPLOYMENT_NAME}-acr-ocp \ --resource-group $(GLOBAL_RESOURCEGROUP) \ --template-file templates/dev-acr.bicep \ --parameters \ diff --git a/dev-infrastructure/templates/dev-acr.bicep b/dev-infrastructure/templates/dev-acr.bicep index 26e9f4286..6b6d7e24c 100644 --- a/dev-infrastructure/templates/dev-acr.bicep +++ b/dev-infrastructure/templates/dev-acr.bicep @@ -23,7 +23,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = { } module acr '../modules/acr/acr.bicep' = { - name: acrName + name: '${deployment().name}-acrName' params: { acrName: acrName location: location