Merge branch 'main' into DEVOPS-XXX-use-new-docker-based-b2c-action

.github/release.yml

@@ -0,0 +1,17 @@
+changelog:
+ categories:
+ - title: General Changes
+ labels:
+ - "*"
+ exclude:
+ authors:
+ - dependabot
+ - title: DevOps Changes
+ labels:
+ - devops
+ exclude:
+ labels:
+ - dependencies
+ - title: Dependencies
+ labels:
+ - dependencies

.github/workflows/aks-deploy.yaml

@@ -45,7 +45,7 @@ on:
  required: false
  type: string
  description: "Docker image tag."
- default: "${{ github.sha }}"
+ default: "${{ github.event.release.tag_name || github.sha }}"
  maximumReplicas:
  required: false
  type: string
@@ -189,28 +189,10 @@ jobs:
  Write-Output "adminIngressWhitelist=$adminIngressWhitelist" >> $env:GITHUB_ENV
  Write-Output "release=$release" >> $env:GITHUB_ENV
 
- - name: Hash azureCredentials secret
- uses: pplanel/hash-calculator-action@v1.3.1
- id: hash
+ - name: Login to Azure
+ uses: Andrews-McMeel-Universal/cache-azure-login@v1
  with:
- input: ${{ secrets.azureCredentials }}
- method: MD5
-
- - name: Cache Azure credentials
- id: azure-cache
- uses: actions/cache@v3
- with:
- path: |
- ~/.Azure
- ${{ github.workspace }}/.Azure
- key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }}
-
- - name: Login via Az module
- if: steps.azure-cache.outputs.cache-hit != 'true'
- uses: azure/login@v1
- with:
- creds: "${{ secrets.azureCredentials }}"
- enable-AzPSSession: true
+ azureCredentials: "${{ secrets.azureCredentials }}"
 
  - name: Generate .env file from Azure Key Vaults
  uses: Andrews-McMeel-Universal/get-envs@v1
@@ -220,7 +202,7 @@ jobs:
  environmentKeyVault: ${{ inputs.environmentKeyVault }}
 
  - name: Generate build args from Azure Key Vaults
- uses: azure/powershell@v1.2.0
+ uses: azure/powershell@v1
  with:
  inlineScript: |
  if ("${{ inputs.environmentKeyVault }}") {
@@ -248,16 +230,20 @@ jobs:
  azPSVersion: "latest"
 
  - name: Login to Azure Container Registry
- uses: Azure/docker-login@v1.0.1
+ uses: Azure/docker-login@v1
  with:
  login-server: ${{ secrets.registryHostName }}
  username: ${{ secrets.registryUserName }}
  password: ${{ secrets.registryPassword }}
 
  - name: Build & Push Docker Image
  run: |
- docker build ${{ inputs.dockerFilePath }} ${{ env.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}"
- docker push "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}"
+ docker build ${{ inputs.dockerFilePath }} ${{ env.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}" -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:latest"
+ if [[ "${{ inputs.dockerImageTag }}" == "${{ github.event.release.tag_name }}" ]]; then
+ MAJOR_RELEASE=$(echo "${{ github.event.release.tag_name }}" | cut -d "." -f 1)
+ docker tag "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}" "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${MAJOR_RELEASE}"
+ fi
+ docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}"
 
  - name: Create values override file
  run: |
@@ -318,7 +304,7 @@ jobs:
 
  - name: Bake Helm Templates
  id: bake
- uses: azure/k8s-bake@v2.4
+ uses: azure/k8s-bake@v2
  with:
  renderEngine: "helm"
  helmChart: ${{ inputs.chartsPath }}
@@ -369,7 +355,7 @@ jobs:
  name: bake-manifests-bundle
  path: ${{ needs.build.outputs.manifestsBundle }}
 
- - name: Login via Az module
+ - name: Azure Login
  uses: azure/login@v1
  with:
  creds: "${{ secrets.azureCredentials }}"
@@ -393,7 +379,7 @@ jobs:
 
  - name: Apply configMap if it exists
  if: ${{ needs.build.outputs.configMap != null }}
- uses: swdotcom/update-and-apply-kubernetes-configs@v1.2.0
+ uses: swdotcom/update-and-apply-kubernetes-configs@v1
  with:
  k8-config-file-paths: deployments/k8s/config-${{ inputs.environment }}.yaml
 
@@ -419,7 +405,7 @@ jobs:
  }
 
  - name: Create K8s Image Pull Secret
- uses: Azure/k8s-create-secret@v4.0
+ uses: Azure/k8s-create-secret@v4
  with:
  container-registry-url: ${{ secrets.registryHostName }}
  container-registry-username: ${{ secrets.registryUserName }}
@@ -428,7 +414,7 @@ jobs:
 
  - name: Deploy to Azure Kubernetes Service
  timeout-minutes: ${{ inputs.deploymentTimeout }}
- uses: Azure/k8s-deploy@v4.9
+ uses: Azure/k8s-deploy@v4
  with:
  namespace: ${{ inputs.environment }}
  manifests: ${{ needs.build.outputs.manifestsBundle }}
@@ -444,31 +430,13 @@ jobs:
  runs-on: ubuntu-latest
  continue-on-error: false
  steps:
- - name: Hash azureCredentials secret
- uses: pplanel/hash-calculator-action@v1.3.1
- id: hash
+ - name: Login to Azure
+ uses: Andrews-McMeel-Universal/cache-azure-login@v1
  with:
- input: ${{ secrets.azureCredentials }}
- method: MD5
-
- - name: Cache Azure credentials
- id: azure-cache
- uses: actions/cache@v3
- with:
- path: |
- ~/.Azure
- ${{ github.workspace }}/.Azure
- key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }}
-
- - name: Login via Az module
- if: steps.azure-cache.outputs.cache-hit != 'true'
- uses: azure/login@v1
- with:
- creds: "${{ secrets.azureCredentials }}"
- enable-AzPSSession: true
+ azureCredentials: "${{ secrets.azureCredentials }}"
 
  - name: Create or Update Public DNS Record
- uses: azure/powershell@v1.2.0
+ uses: azure/powershell@v1
  with:
  inlineScript: |
  $NewRecords = New-AzDnsRecordConfig -Cname "${{ secrets.azureClusterName }}-${{ inputs.environment }}-ingress.centralus.cloudapp.azure.com."

.github/workflows/azfunction-deploy.yaml

@@ -73,10 +73,10 @@ jobs:
  dotnet build --configuration Release --output ./output
  popd
 
- - name: Login via Az module
- uses: azure/login@v1
+ - name: Login to Azure
+ uses: Andrews-McMeel-Universal/cache-azure-login@v1
  with:
- creds: "${{ secrets.AZURE_CREDENTIALS }}"
+ azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
 
  - name: Whitelist Boley IPs
  uses: azure/CLI@v1

.github/workflows/b2c-build-and-deploy.yaml

@@ -66,28 +66,10 @@ jobs:
  - name: Checkout
  uses: actions/checkout@v3
 
- - name: Hash azureCredentials secret
- uses: pplanel/hash-calculator-action@v1.3.1
- id: hash
+ - name: Login to Azure
+ uses: Andrews-McMeel-Universal/cache-azure-login@v1
  with:
- input: ${{ secrets.azureCredentials }}
- method: MD5
-
- - name: Cache Azure credentials
- id: azure-cache
- uses: actions/cache@v3
- with:
- path: |
- ~/.Azure
- ${{ github.workspace }}/.Azure
- key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }}
-
- - name: Login via Az module
- if: steps.azure-cache.outputs.cache-hit != 'true'
- uses: azure/login@v1
- with:
- creds: ${{ secrets.azureCredentials }}
- enable-AzPSSession: true
+ azureCredentials: "${{ secrets.azureCredentials }}"
 
  - name: Generate .env file from Azure Key Vaults
  uses: Andrews-McMeel-Universal/get-envs@v1

.github/workflows/clear-azure-redis-cache.yaml

@@ -0,0 +1,83 @@
+name: Clear Azure Redis Cache
+
+on:
+ workflow_call:
+ inputs:
+ environment:
+ required: true
+ type: string
+ description: "Environment to clear caches for."
+ resourceGroupName:
+ default: "AMU_DevOps_RG"
+ type: string
+ description: "Name of Resource Group that the Azure Redis Instance is in."
+ applicationCacheKey:
+ default: "*"
+ type: string
+ description: "Cache key for the application"
+ secrets:
+ azureCredentials:
+ required: true
+
+jobs:
+ clear-redis-cache:
+ name: Clear Azure Redis Cache
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Login to Azure
+ uses: Andrews-McMeel-Universal/cache-azure-login@v1
+ with:
+ azureCredentials: "${{ secrets.azureCredentials }}"
+
+ - name: Install Dependencies
+ uses: awalsh128/cache-apt-pkgs-action@v1
+ with:
+ packages: redis-tools
+ version: 1.0
+
+ # Script is adapted from https://github.com/Andrews-McMeel-Universal/azure-content-management_tool/blob/main/Scripts/rundeck/Flush-RedisCache.ps1
+ - name: Clear Redis Cache
+ uses: azure/powershell@v1
+ with:
+ inlineScript: |
+ $CacheKey = "${{ inputs.applicationCacheKey }}"
+ $ResourceGroupName = "${{ inputs.resourceGroupName }}"
+ $Environment = "${{ inputs.environment }}"
+
+ # Check to see if Azure Redis Cache PowerShell Module is installed
+ Install-Module -Name Az.RedisCache -Confirm:$false
+
+ # Get list of Redis instances using tags
+ $Redis = Get-AzRedisCache -ResourceGroupName "$ResourceGroupName" | Where-Object { $_.Tag.Values -eq "$Environment" }
+
+ # Loop through Redis instances
+ $Redis | ForEach-Object {
+ $RedisHostname = $_.HostName
+ $RedisPort = $_.Port
+ $RedisName = $_.Name
+ $RedisKey = (Get-AzRedisCacheKey -Name $RedisName -ResourceGroupName $ResourceGroupName).PrimaryKey
+
+ Write-Host "Authenticating to $RedisHostname..." -ForegroundColor DarkGray
+ $RedisCommands = "AUTH $RedisKey
+ SELECT 0
+ EVAL 'return redis.call(\'del\', unpack(redis.call(\'keys\', ARGV[1])))' 0 $CacheKey"
+ Write-Host "Clearing cache key: $CacheKey" -ForegroundColor DarkGray
+ $RedisResult = $RedisCommands | redis-cli -h $RedisHostname -p $RedisPort
+
+ # Check if output from cache clearing command has correct status message
+ if ($RedisResult -match '^\d+$') {
+ Write-Host "Successfully flushed cache for $RedisHostname" -ForegroundColor Green
+ }
+ elseif ($RedisResult -match 'Wrong number of args calling Redis command From Lua script') {
+ Write-Host "Cache key $CacheKey missing in $RedisHostname" -ForegroundColor Yellow
+ }
+ else {
+ Write-Host "Cache key $CacheKey status unknown in $RedisHostname" -ForegroundColor Red
+ Write-Host "Full output: $RedisResult"
+ }
+ }
+ azPSVersion: "latest"
+

.github/workflows/dependabot-automations.yaml

@@ -14,29 +14,27 @@ on:
 
 jobs:
  dependabot-automations:
- name: Automatically Update Dependencies
+ name: Dependabot Automations
  runs-on: ubuntu-latest
- # Checking the actor will prevent your Action run failing on non-Dependabot
- # PRs but also ensures that it only does work for Dependabot PRs.
- if: ${{ inputs.autoApprove || inputs.autoMerge && github.actor == 'dependabot[bot]' }}
+ if: ${{ inputs.autoApprove || inputs.autoMerge }}
  steps:
- - uses: actions/checkout@v3
+ - name: Checkout
+ uses: actions/checkout@v3
 
- # This second step will fail if there's no metadata and so the approval
- # will not occur.
- - name: Dependabot metadata
+ # The approval step will fail if there's no metadata.
+ - name: Retrieve dependabot metadata
  id: dependabot-metadata
- uses: dependabot/fetch-metadata@v1.3.1
+ uses: dependabot/fetch-metadata@v1
  with:
  github-token: "${{ secrets.GITHUB_TOKEN }}"
 
- - name: Auto Approve Dependabot PRs
- uses: hmarr/auto-approve-action@v2.0.0
- if: ${{ inputs.autoApprove && github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' }}
+ - name: Approve PR
+ uses: hmarr/auto-approve-action@v3.2.1
+ if: ${{ inputs.autoApprove }}
  with:
  github-token: "${{ secrets.GITHUB_TOKEN }}"
 
- - name: Enable auto-merge for Dependabot PRs
+ - name: Enable auto-merge
  if: ${{ inputs.autoMerge && steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
  run: gh pr merge --auto --squash "$PR_URL"
  env:

.github/workflows/dotnet-ci.yaml

@@ -28,6 +28,11 @@ jobs:
  - name: Checkout
  uses: actions/checkout@v3
 
+ - name: Login to Azure
+ uses: Andrews-McMeel-Universal/cache-azure-login@v1
+ with:
+ azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
+
  - name: Use .env cache action
  uses: Andrews-McMeel-Universal/get-envs@v1
  with:

.github/workflows/mega-lint.yaml

@@ -60,7 +60,7 @@ jobs:
  # Run the MegaLinter Github Action
  - name: MegaLinter
  id: ml
- uses: oxsecurity/megalinter/flavors/cupcake@v6.20.1
+ uses: oxsecurity/megalinter/flavors/cupcake@v7
  env:
  VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }}
  GITHUB_TOKEN: ${{ secrets.PAT_ACTION_CI }}
@@ -115,7 +115,7 @@ jobs:
  # Run the MegaLinter Github Action
  - name: MegaLinter
  id: ml
- uses: oxsecurity/megalinter/flavors/dotnet@v6.20.1
+ uses: oxsecurity/megalinter/flavors/dotnet@v7
  env:
  VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }}
  GITHUB_TOKEN: ${{ secrets.PAT_ACTION_CI }}