-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
125 lines (102 loc) · 6.26 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
.DEFAULT_GOAL :=help
SHELL :=/bin/bash
.PHONY: help
help: ## Show this help
@grep -E '^[a-zA-Z\.\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
##@ Set environment and corresponding configuratio
.PHONY: dev
dev:
$(eval DEPLOY_ENV=dev)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development)
$(eval RESOURCE_NAME_PREFIX=s165d01)
$(eval ENV_SHORT=dv)
$(eval ENV_TAG=dev)
.PHONY: test
test:
$(eval DEPLOY_ENV=test)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test)
$(eval RESOURCE_NAME_PREFIX=s165t01)
$(eval ENV_SHORT=ts)
$(eval ENV_TAG=test)
.PHONY: preprod
preprod:
$(eval DEPLOY_ENV=preprod)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test)
$(eval RESOURCE_NAME_PREFIX=s165t01)
$(eval ENV_SHORT=pp)
$(eval ENV_TAG=pre-prod)
.PHONY: production
production:
$(eval DEPLOY_ENV=production)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production)
$(eval RESOURCE_NAME_PREFIX=s165p01)
$(eval ENV_SHORT=pd)
$(eval ENV_TAG=prod)
$(eval AZURE_BACKUP_STORAGE_ACCOUNT_NAME=s165p01trngendbbackuppd)
$(eval AZURE_BACKUP_STORAGE_CONTAINER_NAME=trngen)
.PHONY: domain
domain:
$(eval DEPLOY_ENV=production)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production)
$(eval RESOURCE_NAME_PREFIX=s165p01)
$(eval ENV_SHORT=pd)
$(eval ENV_TAG=prod)
ci: ## Run in automation environment
$(eval DISABLE_PASSCODE=true)
$(eval AUTO_APPROVE=-auto-approve)
$(eval SP_AUTH=true)
set-azure-resource-group-tags: ##Tags that will be added to resource group on it's creation in ARM template
$(eval RG_TAGS=$(shell echo '{"Portfolio": "Early Years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Database of Qualified Teachers", "Service Line": "Teaching Workforce", "Service": "Teacher Services", "Service Offering": "Database of Qualified Teachers", "Environment" : "$(ENV_TAG)"}' | jq . ))
set-azure-template-tag:
$(eval ARM_TEMPLATE_TAG=1.0.0)
.PHONY: read-keyvault-config
read-keyvault-config:
$(eval KEY_VAULT_NAME=$(shell jq -r '.key_vault_name' terraform/workspace_variables/$(DEPLOY_ENV).tfvars.json))
$(eval KEY_VAULT_SECRET_NAME=INFRASTRUCTURE)
set-azure-account: ${environment}
echo "Logging on to ${AZURE_SUBSCRIPTION}"
az account set -s ${AZURE_SUBSCRIPTION}
.PHONY: install-fetch-config
install-fetch-config: ## Install the fetch-config script, for viewing/editing secrets in Azure Key Vault
[ ! -f bin/fetch_config.rb ] \
&& curl -s https://raw.githubusercontent.com/DFE-Digital/bat-platform-building-blocks/master/scripts/fetch_config/fetch_config.rb -o bin/fetch_config.rb \
&& chmod +x bin/fetch_config.rb \
|| true
edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \
-e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c
create-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \
-i -e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c
print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml
validate-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -d quiet \
&& echo Data in ${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} looks valid
terraform-init:
$(if $(IMAGE_TAG), , $(eval export IMAGE_TAG=main))
[[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true
terraform -chdir=terraform init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars $(backend_config) -upgrade -reconfigure
terraform-plan: terraform-init # make dev terraform-plan
terraform -chdir=terraform plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json
terraform-apply: terraform-init # make dev terraform-apply
terraform -chdir=terraform apply -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE}
terraform-destroy: terraform-init # make dev terraform-destroy
terraform -chdir=terraform destroy -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE}
deploy-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags# make dev deploy-azure-resources AUTO_APPROVE=1
$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-trngen-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${RESOURCE_NAME_PREFIX}trngentfstate${ENV_SHORT}" "tfStorageContainerName=trngen-tfstate" \
"keyVaultName=${RESOURCE_NAME_PREFIX}-trngen-${ENV_SHORT}-kv"
validate-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags# make dev validate-azure-resources
az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-trngen-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${RESOURCE_NAME_PREFIX}trngentfstate${ENV_SHORT}" "tfStorageContainerName=trngen-tfstate" \
"keyVaultName=${RESOURCE_NAME_PREFIX}-trngen-${ENV_SHORT}-kv" \
--what-if
domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags# make domain domain-azure-resources AUTO_APPROVE=1
$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-trngendomains-rg" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${RESOURCE_NAME_PREFIX}trngendomainstf" "tfStorageContainerName=trngendomains-tf" "keyVaultName=${RESOURCE_NAME_PREFIX}-trngendomains-kv"