Skip to content
This repository has been archived by the owner on Jul 26, 2024. It is now read-only.

landingzones-tf100 #1517

landingzones-tf100

landingzones-tf100 #1517

#
# Copyright (c) Microsoft Corporation
# Licensed under the MIT License.
#
name: landingzones-tf100
on:
workflow_dispatch:
pull_request:
paths-ignore:
- 'documentation/**'
- '_pictures/**'
- 'README.md'
- 'CHANGELOG.md'
schedule:
- cron: '0 3 * * *'
env:
TF_CLI_ARGS: '-no-color'
TF_CLI_ARGS_destroy: '-refresh=false'
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
TF_REGISTRY_DISCOVERY_RETRY: 5
TF_REGISTRY_CLIENT_TIMEOUT: 15
ROVER_RUNNER: true
jobs:
foundations100:
name: foundations-100
runs-on: ubuntu-latest
strategy:
fail-fast: true
max-parallel: 1
matrix:
random_length: ['5']
container:
image: aztfmod/rover:1.6.6-2401.0402
options: --user 0
steps:
- uses: actions/checkout@v3
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
echo "local user: $(whoami)"
- name: Github Actions permissions workaround
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: launchpad
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a apply \
-var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/100 \
-level level0 \
-launchpad \
-parallelism=30 \
--environment ${{ github.run_id }} \
'-var random_length=${{ matrix.random_length }}' \
'-var prefix=g${{ github.run_id }}' \
'-var tags={testing_job_id="${{ github.run_id }}"}'
- name: foundations
run: |
sleep 180
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a apply \
-var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/100-passthrough \
-tfstate caf_foundations.tfstate \
-level level1 \
-parallelism=30 \
--environment ${{ github.run_id }} \
'-var tags={testing_job_id="${{ github.run_id }}"}'
networking100:
name: networking-100
runs-on: ubuntu-latest
needs: foundations100
strategy:
fail-fast: false
matrix:
config_files: [
"caf_solution/scenario/networking/100-single-region-hub",
"caf_solution/scenario/networking/101-multi-region-hub",
"caf_solution/scenario/networking/105-hub-and-spoke",
"caf_solution/scenario/networking/106-hub-virtual-wan-firewall"
]
container:
image: aztfmod/rover:1.6.6-2401.0402
options: --user 0
steps:
- uses: actions/checkout@v3
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Github Actions permissions workaround
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: deploy example
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a apply \
-tfstate $(basename ${{ matrix.config_files }}).tfstate \
-level level2 \
-parallelism=30 \
-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
--environment ${{ github.run_id }}
- name: destroy example
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a destroy \
-tfstate $(basename ${{ matrix.config_files }}).tfstate \
-level level2 \
-parallelism=30 \
-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
--environment ${{ github.run_id }} \
-refresh=false
foundations200:
name: foundations-200
runs-on: ubuntu-latest
needs: networking100
if: always()
strategy:
fail-fast: true
max-parallel: 1
matrix:
random_length: ['5']
container:
image: aztfmod/rover:1.6.6-2401.0402
options: --user 0
steps:
- uses: actions/checkout@v3
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
echo "local user: $(whoami)"
- name: Github Actions permissions workaround
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: launchpad-200-upgrade
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a apply \
-var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/200 \
-level level0 \
-launchpad \
-parallelism=30 \
--environment ${{ github.run_id }} \
'-var random_length=${{ matrix.random_length }}' \
'-var prefix=g${{ github.run_id }}' \
'-var tags={testing_job_id="${{ github.run_id }}"}'
- name: foundations-200-upgrade
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a apply \
-var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/gitops \
-tfstate caf_foundations.tfstate \
-level level1 \
-parallelism=30 \
--environment ${{ github.run_id }} \
'-var tags={testing_job_id="${{ github.run_id }}"}'
networking200:
name: networking-200
runs-on: ubuntu-latest
needs: foundations200
strategy:
fail-fast: false
matrix:
config_files: [
"caf_solution/scenario/networking/200-single-region-hub",
"caf_solution/scenario/networking/201-multi-region-hub",
"caf_solution/scenario/networking/210-aks-private"
]
container:
image: aztfmod/rover:1.6.6-2401.0402
options: --user 0
steps:
- uses: actions/checkout@v3
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Github Actions permissions workaround
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: deploy example
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a apply \
-tfstate $(basename ${{ matrix.config_files }}).tfstate \
-level level2 \
-parallelism=30 \
-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
--environment ${{ github.run_id }}
- name: destroy example
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a destroy \
-tfstate $(basename ${{ matrix.config_files }}).tfstate \
-level level2 \
-parallelism=30 \
-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
--environment ${{ github.run_id }} \
-refresh=false
foundations_destroy:
name: foundations_destroy
runs-on: ubuntu-latest
if: always()
needs: networking200
strategy:
fail-fast: false
matrix:
random_length: ['5']
container:
image: aztfmod/rover:1.6.6-2401.0402
options: --user 0
steps:
- uses: actions/checkout@v3
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
echo "local user: $(whoami)"
- name: Github Actions permissions workaround
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: foundations
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a destroy \
-var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/gitops \
-tfstate caf_foundations.tfstate \
-level level1 \
-parallelism=30 \
--environment ${{ github.run_id }} \
'-var tags={testing_job_id="${{ github.run_id }}"}'
- name: Remove launchpad
run: |
/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a destroy \
-var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/200 \
-level level0 \
-launchpad \
-parallelism=30 \
--environment ${{ github.run_id }} \
'-var random_length=${{ matrix.random_length }}' \
'-var prefix=g${{ github.run_id }}' \
'-var tags={testing_job_id="${{ github.run_id }}"}'
- name: Complete purge
if: ${{ always() }}
run: |
for i in `az monitor diagnostic-settings subscription list -o tsv --query "value[?contains(name, '${{ github.run_id }}' )].name"`; do echo "purging subscription diagnostic-settings: $i" && $(az monitor diagnostic-settings subscription delete --name $i --yes); done
for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done
for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].objectId" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i || true); done
for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i || true); done
for i in `az keyvault list-deleted --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done
for i in `az group list --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done
for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i || true); done
for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done