From 23f1e5da09a5508c9f055c750670fa3a983a1b07 Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Fri, 21 Jul 2023 15:22:43 -0500 Subject: [PATCH 01/10] Add other impersonation B2C policy to upload --- .github/workflows/b2c-build-and-deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/b2c-build-and-deploy.yaml b/.github/workflows/b2c-build-and-deploy.yaml index 59b366b3..33383715 100644 --- a/.github/workflows/b2c-build-and-deploy.yaml +++ b/.github/workflows/b2c-build-and-deploy.yaml @@ -104,7 +104,7 @@ jobs: uses: azure-ad-b2c/deploy-trustframework-policy@v5.3 with: folder: "./dist/custom-policies" - files: "B2C_1A_${{ inputs.azureB2CProductId }}_SIGNINSIGNOUT_BASE.xml,B2C_1A_${{ inputs.azureB2CProductId }}_SIGNINSIGNOUT_EXTENSIONS.xml,B2C_1A_${{ inputs.azureB2CProductId }}_SIGNINSIGNOUT_POLICIES.xml,B2C_1A_${{ inputs.azureB2CProductId }}_IMPERSONATION.xml" + files: "B2C_1A_${{ inputs.azureB2CProductId }}_SIGNINSIGNOUT_BASE.xml,B2C_1A_${{ inputs.azureB2CProductId }}_SIGNINSIGNOUT_EXTENSIONS.xml,B2C_1A_${{ inputs.azureB2CProductId }}_SIGNINSIGNOUT_POLICIES.xml,B2C_1A_${{ inputs.azureB2CProductId }}_IMPERSONATION.xml,B2C_1A_${{ inputs.azureB2CProductId }}_SIGNINSIGNOUT_IMPERSONATION.xml" tenant: ${{ inputs.azureB2CDomain }} clientId: ${{ secrets.azureB2CClientId }} clientSecret: ${{ secrets.azureB2CClientSecret }} From 0705093051ad495720a4b37af417734cbd7876ab Mon Sep 17 00:00:00 2001 From: Ella Bronson <111298136+ebronson68@users.noreply.github.com> Date: Tue, 8 Aug 2023 09:23:27 -0500 Subject: [PATCH 02/10] [DEVOPS-242] add clear redis caches workflow (#46)
DEVOPS-242
Summary DevOps: Create GitHub Actions workflow for clearing Azure Redis Caches
Type Story Story
Status In Progress
Points N/A
Labels ServiceDesk
--- ## Description - Added workflow to clear Redis caches based off environment ## Related Issues - Jira Issue: DEVOPS-242 - Testing Environment: [![Clear Azure Redis Cache](https://github.com/Andrews-McMeel-Universal/reusable_workflows-test/actions/workflows/clear-azure-redis-cache.yml/badge.svg)](https://github.com/Andrews-McMeel-Universal/reusable_workflows-test/actions/workflows/clear-azure-redis-cache.yml) --- .../workflows/clear-azure-redis-cache.yaml | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/clear-azure-redis-cache.yaml diff --git a/.github/workflows/clear-azure-redis-cache.yaml b/.github/workflows/clear-azure-redis-cache.yaml new file mode 100644 index 00000000..aad84adf --- /dev/null +++ b/.github/workflows/clear-azure-redis-cache.yaml @@ -0,0 +1,70 @@ +name: Clear Azure Redis Cache + +on: + workflow_call: + inputs: + environment: + required: true + type: string + description: "Environment to clear caches for." + resourceGroupName: + default: "AMU_DevOps_RG" + type: string + description: "Name of Resource Group that the Azure Redis Instance is in." + secrets: + azureCredentials: + required: true + +jobs: + clear-redis-cache: + name: Clear Azure Redis Cache + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.azureCredentials }}" + + - name: Install Dependencies + uses: awalsh128/cache-apt-pkgs-action@v1 + with: + packages: redis-tools + version: 1.0 + + # Script is adapted from https://github.com/Andrews-McMeel-Universal/azure-content-management_tool/blob/main/Scripts/rundeck/Flush-RedisCache.ps1 + - name: Clear Redis Cache + uses: azure/powershell@v1 + with: + inlineScript: | + # Check to see if Azure Redis Cache PowerShell Module is installed + Install-Module -Name Az.RedisCache -Confirm:$false -Force + + # Get list of Redis instances using tags + $Redis = Get-AzRedisCache -ResourceGroupName "${{ inputs.resourceGroupName }}" | Where-Object { $_.Tag.Values -eq "${{ inputs.environment }}" } + + # Loop through Redis instances + $Redis | ForEach-Object { + $RedisHostname = $_.HostName + $RedisPort = $_.Port + $RedisName = $_.Name + $RedisKey = (Get-AzRedisCacheKey -Name $RedisName -ResourceGroupName "${{ inputs.resourceGroupName }}").PrimaryKey + + # Authenticate using Redis key and flush cache database + $RedisCommands = "AUTH $RedisKey + SELECT 0 + FLUSHDB" + $RedisResult = $RedisCommands | redis-cli -h "$RedisHostname" -p "$RedisPort" + + # Check if output from cache clearing command has correct status message + if ($RedisResult -match 'OK') { + Write-Host "Successfully flushed cache for $RedisHostname" -ForegroundColor Green + } + else { + Write-Error "Failed to clear cache for $RedisHostname" + } + } + azPSVersion: "latest" + From b9b982281acfce5259ad6f20cc1c053cb5a56c9a Mon Sep 17 00:00:00 2001 From: Ella Bronson <111298136+ebronson68@users.noreply.github.com> Date: Tue, 8 Aug 2023 15:28:57 -0500 Subject: [PATCH 03/10] [DEVOPS-XXX] Switch to major release tags for GitHub Actions (#49) ## Description - Switching to major release tags for GitHub actions ## Related Issues - Jira Issue: N/A --- .github/workflows/aks-deploy.yaml | 14 +++++++------- .github/workflows/dependabot-automations.yaml | 4 ++-- .github/workflows/mega-lint.yaml | 4 ++-- .github/workflows/purge-cdn.yaml | 4 ++-- .github/workflows/template-sync.yml | 2 +- .github/workflows/update-addns.yaml | 4 ++-- .github/workflows/update-azureapimanagement.yaml | 6 +++--- .github/workflows/wpe-deploy.yaml | 2 +- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/aks-deploy.yaml b/.github/workflows/aks-deploy.yaml index ac09dad7..e5db6f58 100644 --- a/.github/workflows/aks-deploy.yaml +++ b/.github/workflows/aks-deploy.yaml @@ -220,7 +220,7 @@ jobs: environmentKeyVault: ${{ inputs.environmentKeyVault }} - name: Generate build args from Azure Key Vaults - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: inlineScript: | if ("${{ inputs.environmentKeyVault }}") { @@ -248,7 +248,7 @@ jobs: azPSVersion: "latest" - name: Login to Azure Container Registry - uses: Azure/docker-login@v1.0.1 + uses: Azure/docker-login@v1 with: login-server: ${{ secrets.registryHostName }} username: ${{ secrets.registryUserName }} @@ -318,7 +318,7 @@ jobs: - name: Bake Helm Templates id: bake - uses: azure/k8s-bake@v2.4 + uses: azure/k8s-bake@v2 with: renderEngine: "helm" helmChart: ${{ inputs.chartsPath }} @@ -393,7 +393,7 @@ jobs: - name: Apply configMap if it exists if: ${{ needs.build.outputs.configMap != null }} - uses: swdotcom/update-and-apply-kubernetes-configs@v1.2.0 + uses: swdotcom/update-and-apply-kubernetes-configs@v1 with: k8-config-file-paths: deployments/k8s/config-${{ inputs.environment }}.yaml @@ -419,7 +419,7 @@ jobs: } - name: Create K8s Image Pull Secret - uses: Azure/k8s-create-secret@v4.0 + uses: Azure/k8s-create-secret@v4 with: container-registry-url: ${{ secrets.registryHostName }} container-registry-username: ${{ secrets.registryUserName }} @@ -428,7 +428,7 @@ jobs: - name: Deploy to Azure Kubernetes Service timeout-minutes: ${{ inputs.deploymentTimeout }} - uses: Azure/k8s-deploy@v4.9 + uses: Azure/k8s-deploy@v4 with: namespace: ${{ inputs.environment }} manifests: ${{ needs.build.outputs.manifestsBundle }} @@ -468,7 +468,7 @@ jobs: enable-AzPSSession: true - name: Create or Update Public DNS Record - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: inlineScript: | $NewRecords = New-AzDnsRecordConfig -Cname "${{ secrets.azureClusterName }}-${{ inputs.environment }}-ingress.centralus.cloudapp.azure.com." diff --git a/.github/workflows/dependabot-automations.yaml b/.github/workflows/dependabot-automations.yaml index a61b98c2..959bd4ce 100644 --- a/.github/workflows/dependabot-automations.yaml +++ b/.github/workflows/dependabot-automations.yaml @@ -26,12 +26,12 @@ jobs: # will not occur. - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.3.1 + uses: dependabot/fetch-metadata@v1 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Auto Approve Dependabot PRs - uses: hmarr/auto-approve-action@v2.0.0 + uses: hmarr/auto-approve-action@v3.2.1 if: ${{ inputs.autoApprove && github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' }} with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/mega-lint.yaml b/.github/workflows/mega-lint.yaml index d61493dc..c1ca0940 100644 --- a/.github/workflows/mega-lint.yaml +++ b/.github/workflows/mega-lint.yaml @@ -60,7 +60,7 @@ jobs: # Run the MegaLinter Github Action - name: MegaLinter id: ml - uses: oxsecurity/megalinter/flavors/cupcake@v6.20.1 + uses: oxsecurity/megalinter/flavors/cupcake@v7 env: VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }} GITHUB_TOKEN: ${{ secrets.PAT_ACTION_CI }} @@ -115,7 +115,7 @@ jobs: # Run the MegaLinter Github Action - name: MegaLinter id: ml - uses: oxsecurity/megalinter/flavors/dotnet@v6.20.1 + uses: oxsecurity/megalinter/flavors/dotnet@v7 env: VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }} GITHUB_TOKEN: ${{ secrets.PAT_ACTION_CI }} diff --git a/.github/workflows/purge-cdn.yaml b/.github/workflows/purge-cdn.yaml index 057df5d5..a056dba6 100644 --- a/.github/workflows/purge-cdn.yaml +++ b/.github/workflows/purge-cdn.yaml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check inputs - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: azPSVersion: "latest" inlineScript: | @@ -62,7 +62,7 @@ jobs: enable-AzPSSession: true - name: Purge CDN cache - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: azPSVersion: "latest" inlineScript: | diff --git a/.github/workflows/template-sync.yml b/.github/workflows/template-sync.yml index 600fefae..4a7300be 100644 --- a/.github/workflows/template-sync.yml +++ b/.github/workflows/template-sync.yml @@ -21,7 +21,7 @@ jobs: token: ${{ secrets.PAT_ACTION_CI }} - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v0.8.0 + uses: AndreasAugustin/actions-template-sync@v1.1.0 with: github_token: ${{ secrets.PAT_ACTION_CI }} source_repo_path: Andrews-McMeel-Universal/.github diff --git a/.github/workflows/update-addns.yaml b/.github/workflows/update-addns.yaml index 3a2c136e..26a08d99 100644 --- a/.github/workflows/update-addns.yaml +++ b/.github/workflows/update-addns.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Retrieve Application information id: getappinfo - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: azPSVersion: "latest" inlineScript: | @@ -81,7 +81,7 @@ jobs: echo "aksIngress=$aksIngress" >> $env:GITHUB_ENV - name: Update Internal Boley DNS - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: azPSVersion: "latest" inlineScript: | diff --git a/.github/workflows/update-azureapimanagement.yaml b/.github/workflows/update-azureapimanagement.yaml index 0cf2461c..57e29a3e 100644 --- a/.github/workflows/update-azureapimanagement.yaml +++ b/.github/workflows/update-azureapimanagement.yaml @@ -100,7 +100,7 @@ jobs: - name: Login via PowerShell if: ${{ inputs.azureUser && env.azurePassword && env.azureSubscription }} - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: azPSVersion: "latest" inlineScript: | @@ -114,7 +114,7 @@ jobs: - name: Retrieve Application information id: getappinfo - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: azPSVersion: "latest" inlineScript: | @@ -155,7 +155,7 @@ jobs: echo "aksIngress=$aksIngress" >> $env:GITHUB_ENV - name: Update Azure API Management - uses: azure/powershell@v1.2.0 + uses: azure/powershell@v1 with: azPSVersion: "latest" inlineScript: | diff --git a/.github/workflows/wpe-deploy.yaml b/.github/workflows/wpe-deploy.yaml index 6abcea72..2178ae71 100644 --- a/.github/workflows/wpe-deploy.yaml +++ b/.github/workflows/wpe-deploy.yaml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@v2 - name: Deploy to WP Engine - uses: wpengine/github-action-wpe-site-deploy@v3.2.2 + uses: wpengine/github-action-wpe-site-deploy@v3 with: # Deploy vars WPE_SSHG_KEY_PRIVATE: ${{ secrets.WPENGINE_ED25514 }} From 80b7e4237a66916a8f80868f8d4993d56d815b5c Mon Sep 17 00:00:00 2001 From: AMU Automations <63871640+amutechtest@users.noreply.github.com> Date: Wed, 9 Aug 2023 10:53:28 -0500 Subject: [PATCH 04/10] =?UTF-8?q?=F0=9F=94=84=20Sync=20with=20@Andrews-McM?= =?UTF-8?q?eel-Universal/.github=20(#48)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Merge Andrews-McMeel-Universal/.github c1290c5 --------- Co-authored-by: ebronson68 <111298136+ebronson68@users.noreply.github.com> --- .github/release.yml | 17 +++++++++++++++++ .github/workflows/template-sync.yml | 3 ++- .gitignore | 6 ++++++ .prettierignore | 8 ++++++-- 4 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 .github/release.yml diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 00000000..35d13580 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,17 @@ +changelog: + categories: + - title: General Changes + labels: + - "*" + exclude: + authors: + - dependabot + - title: DevOps Changes + labels: + - devops + exclude: + labels: + - dependencies + - title: Dependencies + labels: + - dependencies diff --git a/.github/workflows/template-sync.yml b/.github/workflows/template-sync.yml index 4a7300be..9797fda8 100644 --- a/.github/workflows/template-sync.yml +++ b/.github/workflows/template-sync.yml @@ -21,7 +21,7 @@ jobs: token: ${{ secrets.PAT_ACTION_CI }} - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1.1.0 + uses: AndreasAugustin/actions-template-sync@v1.1.1 with: github_token: ${{ secrets.PAT_ACTION_CI }} source_repo_path: Andrews-McMeel-Universal/.github @@ -30,6 +30,7 @@ jobs: pr_commit_msg: 🔄 Synchronize with @Andrews-McMeel-Universal/.github pr_title: 🔄 Sync with @Andrews-McMeel-Universal/.github pr_branch_name_prefix: sync/dotgithub/ + pr_reviewers: Andrews-McMeel-Universal/devops-engineers is_dry_run: ${{ inputs.isdryrun || 'false' }} git_user_name: amutechtest git_user_email: amu_deploy@amuniversal.com diff --git a/.gitignore b/.gitignore index a5ad2105..4f6097f5 100644 --- a/.gitignore +++ b/.gitignore @@ -255,6 +255,8 @@ megalinter-reports/* jscpd-report.json # Automated Testing +/coverage/integration +/test-results/ /playwright/storage-states/ /playwright/.cache/ /playwright-report/ @@ -754,3 +756,7 @@ Secrets.json ./history/ *.history .setup_done + +# Azure B2C +/**/src/custom-policies/B2C_1A_*_*_SIGNINSIGNOUT_*.xml +/custom-policies/**/B2C_1A_*_*_SIGNINSIGNOUT_*.xml diff --git a/.prettierignore b/.prettierignore index 13ce0ee2..cd1b88ba 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,8 +1,7 @@ # General .cache/ .git/ -storybook-static -src/helpers/utilities/tokens/_design_tokens.js + # GitHub Actions Workflows .github/dependabot.yml @@ -19,8 +18,13 @@ docker-compose.yml # Node.js .next build/ +coverage/ +playwright-report/ +test-results/ **.js.map **.bundle.js +storybook-static +src/helpers/utilities/tokens/_design_tokens.js # WordPress wp-content/ From 815d8283f5d9b967e4b16516eef930b5c4667b52 Mon Sep 17 00:00:00 2001 From: Ella Bronson <111298136+ebronson68@users.noreply.github.com> Date: Thu, 10 Aug 2023 16:15:38 -0500 Subject: [PATCH 05/10] [DEVOPS-XXX] Switching over to new cache-azure-login action (#47) ## Description - Switching over to new [cache-azure-login](https://github.com/Andrews-McMeel-Universal/cache-azure-login) GitHub Action ## Related Issues - Testing Environment: [![Test Azure Login Action](https://github.com/Andrews-McMeel-Universal/reusable_workflows-test/actions/workflows/test-azure-login.yml/badge.svg)](https://github.com/Andrews-McMeel-Universal/reusable_workflows-test/actions/workflows/test-azure-login.yml) --- .github/workflows/aks-deploy.yaml | 55 +++---------------- .github/workflows/azfunction-deploy.yaml | 6 +- .github/workflows/b2c-build-and-deploy.yaml | 24 +------- .github/workflows/dotnet-ci.yaml | 5 ++ .github/workflows/next-ci.yaml | 20 +++++++ .github/workflows/purge-cdn.yaml | 24 +------- .github/workflows/ruby-ci.yaml | 5 ++ .../workflows/update-azureapimanagement.yaml | 26 +-------- .github/workflows/update-game-config.yaml | 24 +------- 9 files changed, 54 insertions(+), 135 deletions(-) diff --git a/.github/workflows/aks-deploy.yaml b/.github/workflows/aks-deploy.yaml index e5db6f58..d089e34a 100644 --- a/.github/workflows/aks-deploy.yaml +++ b/.github/workflows/aks-deploy.yaml @@ -189,28 +189,10 @@ jobs: Write-Output "adminIngressWhitelist=$adminIngressWhitelist" >> $env:GITHUB_ENV Write-Output "release=$release" >> $env:GITHUB_ENV - - name: Hash azureCredentials secret - uses: pplanel/hash-calculator-action@v1.3.1 - id: hash + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - input: ${{ secrets.azureCredentials }} - method: MD5 - - - name: Cache Azure credentials - id: azure-cache - uses: actions/cache@v3 - with: - path: | - ~/.Azure - ${{ github.workspace }}/.Azure - key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }} - - - name: Login via Az module - if: steps.azure-cache.outputs.cache-hit != 'true' - uses: azure/login@v1 - with: - creds: "${{ secrets.azureCredentials }}" - enable-AzPSSession: true + azureCredentials: "${{ secrets.azureCredentials }}" - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 @@ -369,11 +351,10 @@ jobs: name: bake-manifests-bundle path: ${{ needs.build.outputs.manifestsBundle }} - - name: Login via Az module - uses: azure/login@v1 + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - creds: "${{ secrets.azureCredentials }}" - enable-AzPSSession: true + azureCredentials: "${{ secrets.azureCredentials }}" - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 @@ -444,28 +425,10 @@ jobs: runs-on: ubuntu-latest continue-on-error: false steps: - - name: Hash azureCredentials secret - uses: pplanel/hash-calculator-action@v1.3.1 - id: hash - with: - input: ${{ secrets.azureCredentials }} - method: MD5 - - - name: Cache Azure credentials - id: azure-cache - uses: actions/cache@v3 - with: - path: | - ~/.Azure - ${{ github.workspace }}/.Azure - key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }} - - - name: Login via Az module - if: steps.azure-cache.outputs.cache-hit != 'true' - uses: azure/login@v1 + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - creds: "${{ secrets.azureCredentials }}" - enable-AzPSSession: true + azureCredentials: "${{ secrets.azureCredentials }}" - name: Create or Update Public DNS Record uses: azure/powershell@v1 diff --git a/.github/workflows/azfunction-deploy.yaml b/.github/workflows/azfunction-deploy.yaml index 528f6f98..831074c0 100644 --- a/.github/workflows/azfunction-deploy.yaml +++ b/.github/workflows/azfunction-deploy.yaml @@ -73,10 +73,10 @@ jobs: dotnet build --configuration Release --output ./output popd - - name: Login via Az module - uses: azure/login@v1 + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - creds: "${{ secrets.AZURE_CREDENTIALS }}" + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - name: Whitelist Boley IPs uses: azure/CLI@v1 diff --git a/.github/workflows/b2c-build-and-deploy.yaml b/.github/workflows/b2c-build-and-deploy.yaml index 33383715..2c9653e4 100644 --- a/.github/workflows/b2c-build-and-deploy.yaml +++ b/.github/workflows/b2c-build-and-deploy.yaml @@ -62,28 +62,10 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Hash azureCredentials secret - uses: pplanel/hash-calculator-action@v1.3.1 - id: hash + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - input: ${{ secrets.azureCredentials }} - method: MD5 - - - name: Cache Azure credentials - id: azure-cache - uses: actions/cache@v3 - with: - path: | - ~/.Azure - ${{ github.workspace }}/.Azure - key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }} - - - name: Login via Az module - if: steps.azure-cache.outputs.cache-hit != 'true' - uses: azure/login@v1 - with: - creds: ${{ secrets.azureCredentials }} - enable-AzPSSession: true + azureCredentials: "${{ secrets.azureCredentials }}" - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 diff --git a/.github/workflows/dotnet-ci.yaml b/.github/workflows/dotnet-ci.yaml index 7cbd0c9e..b5c997b5 100644 --- a/.github/workflows/dotnet-ci.yaml +++ b/.github/workflows/dotnet-ci.yaml @@ -28,6 +28,11 @@ jobs: - name: Checkout uses: actions/checkout@v3 + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: diff --git a/.github/workflows/next-ci.yaml b/.github/workflows/next-ci.yaml index 4ae47143..1e2f3d29 100644 --- a/.github/workflows/next-ci.yaml +++ b/.github/workflows/next-ci.yaml @@ -40,6 +40,11 @@ jobs: commit_user_email: amu_deploy@amuniversal.com commit_message: "[Formatter] Apply prettier changes" + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -61,6 +66,11 @@ jobs: - name: Use cache-next-install action uses: Andrews-McMeel-Universal/cache-next-install@v1 + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -88,6 +98,11 @@ jobs: - name: Install Playwright Browsers run: yarn pretest:integration:ci + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -117,6 +132,11 @@ jobs: - name: Checkout uses: actions/checkout@v3 + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: diff --git a/.github/workflows/purge-cdn.yaml b/.github/workflows/purge-cdn.yaml index a056dba6..28939947 100644 --- a/.github/workflows/purge-cdn.yaml +++ b/.github/workflows/purge-cdn.yaml @@ -38,28 +38,10 @@ jobs: exit 1 } - - name: Hash azureCredentials secret - uses: pplanel/hash-calculator-action@v1.3.1 - id: hash + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - input: ${{ secrets.azureCredentials }} - method: MD5 - - - name: Cache Azure credentials - id: azure-cache - uses: actions/cache@v3 - with: - path: | - ~/.Azure - ${{ github.workspace }}/.Azure - key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }} - - - name: Login via Az module - if: steps.azure-cache.outputs.cache-hit != 'true' - uses: azure/login@v1 - with: - creds: ${{ secrets.azureCredentials }} - enable-AzPSSession: true + azureCredentials: "${{ secrets.azureCredentials }}" - name: Purge CDN cache uses: azure/powershell@v1 diff --git a/.github/workflows/ruby-ci.yaml b/.github/workflows/ruby-ci.yaml index 30f207bf..4c949041 100644 --- a/.github/workflows/ruby-ci.yaml +++ b/.github/workflows/ruby-ci.yaml @@ -37,6 +37,11 @@ jobs: - name: Checkout uses: actions/checkout@v3 + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: diff --git a/.github/workflows/update-azureapimanagement.yaml b/.github/workflows/update-azureapimanagement.yaml index 57e29a3e..97bc35fa 100644 --- a/.github/workflows/update-azureapimanagement.yaml +++ b/.github/workflows/update-azureapimanagement.yaml @@ -73,30 +73,10 @@ jobs: azurePassword: ${{ secrets.azurePassword }} azureSubscription: ${{ secrets.azureSubscription }} steps: - - name: Hash azureCredentials secret - if: ${{ env.azureCredentials }} - uses: pplanel/hash-calculator-action@v1.3.1 - id: hash + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - input: ${{ secrets.azureCredentials }} - method: MD5 - - - name: Cache Azure credentials - if: ${{ env.azureCredentials }} - id: azure-cache - uses: actions/cache@v3 - with: - path: | - ~/.Azure - ${{ github.workspace }}/.Azure - key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }} - - - name: Login via Az module - if: ${{ steps.azure-cache.outputs.cache-hit != 'true' && env.azureCredentials }} - uses: azure/login@v1 - with: - creds: ${{ secrets.azureCredentials }} - enable-AzPSSession: true + azureCredentials: "${{ secrets.azureCredentials }}" - name: Login via PowerShell if: ${{ inputs.azureUser && env.azurePassword && env.azureSubscription }} diff --git a/.github/workflows/update-game-config.yaml b/.github/workflows/update-game-config.yaml index ef462a57..05b2f6bd 100644 --- a/.github/workflows/update-game-config.yaml +++ b/.github/workflows/update-game-config.yaml @@ -19,28 +19,10 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Hash AZURE_CREDENTIALS secret - uses: pplanel/hash-calculator-action@v1.3.1 - id: hash + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 with: - input: ${{ secrets.AZURE_CREDENTIALS }} - method: MD5 - - - name: Cache Azure credentials - id: azure-cache - uses: actions/cache@v3 - with: - path: | - ~/.Azure - ${{ github.workspace }}/.Azure - key: ${{ runner.os }}-azurecreds-${{ steps.hash.outputs.digest }} - - - name: Login via Az module - if: steps.azure-cache.outputs.cache-hit != 'true' - uses: azure/login@v1 - with: - creds: "${{ secrets.AZURE_CREDENTIALS }}" - enable-AzPSSession: true + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 From 8fc2655227d59c8270385f7af6f661466c01642c Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Mon, 14 Aug 2023 12:51:12 -0500 Subject: [PATCH 06/10] Update dependabot automations --- .github/workflows/dependabot-automations.yaml | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/workflows/dependabot-automations.yaml b/.github/workflows/dependabot-automations.yaml index 959bd4ce..48a545f1 100644 --- a/.github/workflows/dependabot-automations.yaml +++ b/.github/workflows/dependabot-automations.yaml @@ -14,29 +14,27 @@ on: jobs: dependabot-automations: - name: Automatically Update Dependencies + name: Dependabot Automations runs-on: ubuntu-latest - # Checking the actor will prevent your Action run failing on non-Dependabot - # PRs but also ensures that it only does work for Dependabot PRs. - if: ${{ inputs.autoApprove || inputs.autoMerge && github.actor == 'dependabot[bot]' }} + if: ${{ inputs.autoApprove || inputs.autoMerge }} steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 - # This second step will fail if there's no metadata and so the approval - # will not occur. - - name: Dependabot metadata + # The approval step will fail if there's no metadata. + - name: Retrieve dependabot metadata id: dependabot-metadata uses: dependabot/fetch-metadata@v1 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Auto Approve Dependabot PRs + - name: Approve PR uses: hmarr/auto-approve-action@v3.2.1 - if: ${{ inputs.autoApprove && github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' }} + if: ${{ inputs.autoApprove }} with: github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Enable auto-merge for Dependabot PRs + - name: Enable auto-merge if: ${{ inputs.autoMerge && steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} run: gh pr merge --auto --squash "$PR_URL" env: From 639c3a09bf18d449c649aec11d88c800e8f96b52 Mon Sep 17 00:00:00 2001 From: Ella Bronson <111298136+ebronson68@users.noreply.github.com> Date: Mon, 14 Aug 2023 16:16:21 -0500 Subject: [PATCH 07/10] [DEVOPS-XXX] Fix aks-set-context bug with azure/login action (#50) ## Description - Revert back to `azure/login` action in deploy job in the `aks-deploy.yaml` workflow to fix bug with the `Azure/aks-set-context` action ## Related Issues - Jira Issue: N/A --- .github/workflows/aks-deploy.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/aks-deploy.yaml b/.github/workflows/aks-deploy.yaml index d089e34a..876ef627 100644 --- a/.github/workflows/aks-deploy.yaml +++ b/.github/workflows/aks-deploy.yaml @@ -351,10 +351,11 @@ jobs: name: bake-manifests-bundle path: ${{ needs.build.outputs.manifestsBundle }} - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 + - name: Azure Login + uses: azure/login@v1 with: - azureCredentials: "${{ secrets.azureCredentials }}" + creds: "${{ secrets.azureCredentials }}" + enable-AzPSSession: true - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 From 5b5233a65e9d70e907d54cb1d1c0e988dcb1946e Mon Sep 17 00:00:00 2001 From: Ella Bronson <111298136+ebronson68@users.noreply.github.com> Date: Mon, 14 Aug 2023 17:00:25 -0500 Subject: [PATCH 08/10] [DEVOPS-241] Add new UI CI workflow (#51) ## Description - Created a duplicate of `next-ci.yaml` to create `ui-ci.yaml` that accounts for the v3 Yarn install. ## Related Issues - Jira Issue: DEVOPS-241 --- .github/workflows/ui-ci.yaml | 164 +++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 .github/workflows/ui-ci.yaml diff --git a/.github/workflows/ui-ci.yaml b/.github/workflows/ui-ci.yaml new file mode 100644 index 00000000..fb10bd55 --- /dev/null +++ b/.github/workflows/ui-ci.yaml @@ -0,0 +1,164 @@ +name: Next.js Application CI + +on: + workflow_call: + inputs: + environment: + required: true + type: string + secrets: + AZURE_CREDENTIALS: + required: true + PAT_ACTION_CI: + required: true + +jobs: + build: + name: Build App + if: ${{ github.actor != 'dependabot[bot]' }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.PAT_ACTION_CI }} + fetch-depth: 0 + + - name: Use cache-yarn-install action + uses: Andrews-McMeel-Universal/cache-yarn-install@v1 + + - name: Lint javascript + run: yarn lint:js + + - name: Lint scss + run: yarn lint:styles + + - name: Push Linting Fixes + uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_user_name: amutechtest + commit_user_email: amu_deploy@amuniversal.com + commit_message: "[Formatter] Apply prettier changes" + + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + + - name: Use .env cache action + uses: Andrews-McMeel-Universal/get-envs@v1 + with: + azurecredentials: ${{ secrets.AZURE_CREDENTIALS }} + environment: ${{ inputs.environment }} + + - name: Use cache-next-build action + uses: Andrews-McMeel-Universal/cache-next-build@v1 + + unit-tests: + name: Unit Tests + needs: [build] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Use cache-yarn-install action + uses: Andrews-McMeel-Universal/cache-yarn-install@v1 + + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + + - name: Use .env cache action + uses: Andrews-McMeel-Universal/get-envs@v1 + with: + azurecredentials: ${{ secrets.AZURE_CREDENTIALS }} + environment: ${{ inputs.environment }} + + - name: Use cache-next-build action + uses: Andrews-McMeel-Universal/cache-next-build@v1 + + - name: Run Jest tests + run: yarn test:unit:ci + + integration-tests: + name: Integration Tests + needs: [build] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Use cache-yarn-install action + uses: Andrews-McMeel-Universal/cache-yarn-install@v1 + + - name: Install Playwright Browsers + run: yarn pretest:integration:ci + + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + + - name: Use .env cache action + uses: Andrews-McMeel-Universal/get-envs@v1 + with: + azurecredentials: ${{ secrets.AZURE_CREDENTIALS }} + environment: ${{ inputs.environment }} + + - name: Use cache-next-build action + uses: Andrews-McMeel-Universal/cache-next-build@v1 + + - name: Run Playwright tests + run: yarn test:integration:ci + + - uses: actions/upload-artifact@v3 + if: always() + with: + name: playwright-report + path: playwright-report/ + retention-days: 30 + + # Required status check + # Checks gzipped page sizes and application links + check-app: + name: Check Links and Size Limit + runs-on: ubuntu-latest + needs: [build] + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Login to Azure + uses: Andrews-McMeel-Universal/cache-azure-login@v1 + with: + azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + + - name: Use .env cache action + uses: Andrews-McMeel-Universal/get-envs@v1 + with: + azurecredentials: ${{ secrets.AZURE_CREDENTIALS }} + environment: ${{ inputs.environment }} + + - name: Use cache-yarn-install action + uses: Andrews-McMeel-Universal/cache-yarn-install@v1 + + - name: Use cache-next-build action + uses: Andrews-McMeel-Universal/cache-next-build@v1 + + - name: Run Broken Link Checker + id: link-checker-report + continue-on-error: true + run: yarn test:links + + - name: Link Checker Results + if: ${{ failure() }} + run: echo "::warning ${{steps.link-checker-report.outputs.result}}" + + - uses: andresz1/size-limit-action@v1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + # The size-limit-action tries to run a + # redundant yarn build + skip_step: build From 53faea826521ff270cc6b95730d4e2726a2a3484 Mon Sep 17 00:00:00 2001 From: Ella Bronson <111298136+ebronson68@users.noreply.github.com> Date: Tue, 15 Aug 2023 16:07:31 -0500 Subject: [PATCH 09/10] [DEVOPS-236] Use release in Docker image registry image tag (#52)
DEVOPS-236
Summary Switch to using semantic versioning on Azure Container Registry image tags
Type Bug Bug
Status Peer Review
Points N/A
Labels -
--- ## Description - Modified AKS deploy to automatically tag images as "latest" and for staging and production deploys, the major release version like so: ![image](https://github.com/Andrews-McMeel-Universal/reusable_workflows/assets/111298136/a999b768-e18f-454c-89a3-0920914aa725) ## Related Issues - Jira Issue: DEVOPS-236 - Testing environment: [![Staging AKS Deploy](https://github.com/Andrews-McMeel-Universal/reusable_workflows-test/actions/workflows/aks-staging.yml/badge.svg)](https://github.com/Andrews-McMeel-Universal/reusable_workflows-test/actions/workflows/aks-staging.yml) --- .github/workflows/aks-deploy.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/aks-deploy.yaml b/.github/workflows/aks-deploy.yaml index 876ef627..862d1b3b 100644 --- a/.github/workflows/aks-deploy.yaml +++ b/.github/workflows/aks-deploy.yaml @@ -45,7 +45,7 @@ on: required: false type: string description: "Docker image tag." - default: "${{ github.sha }}" + default: "${{ github.event.release.tag_name || github.sha }}" maximumReplicas: required: false type: string @@ -238,8 +238,12 @@ jobs: - name: Build & Push Docker Image run: | - docker build ${{ inputs.dockerFilePath }} ${{ env.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}" - docker push "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}" + docker build ${{ inputs.dockerFilePath }} ${{ env.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}" -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:latest" + if [[ "${{ inputs.dockerImageTag }}" == "${{ github.event.release.tag_name }}" ]]; then + MAJOR_RELEASE=$(echo "${{ github.event.release.tag_name }}" | cut -d "." -f 1) + docker tag "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ inputs.dockerImageTag }}" "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${MAJOR_RELEASE}" + fi + docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}" - name: Create values override file run: | From 407d8816785438062679f9ba863f4487e379f9cb Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Tue, 15 Aug 2023 16:37:52 -0500 Subject: [PATCH 10/10] Added applicationCacheKey input --- .../workflows/clear-azure-redis-cache.yaml | 29 ++++++++++++++----- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/workflows/clear-azure-redis-cache.yaml b/.github/workflows/clear-azure-redis-cache.yaml index aad84adf..723be869 100644 --- a/.github/workflows/clear-azure-redis-cache.yaml +++ b/.github/workflows/clear-azure-redis-cache.yaml @@ -11,6 +11,10 @@ on: default: "AMU_DevOps_RG" type: string description: "Name of Resource Group that the Azure Redis Instance is in." + applicationCacheKey: + default: "*" + type: string + description: "Cache key for the application" secrets: azureCredentials: required: true @@ -39,31 +43,40 @@ jobs: uses: azure/powershell@v1 with: inlineScript: | + $CacheKey = "${{ inputs.applicationCacheKey }}" + $ResourceGroupName = "${{ inputs.resourceGroupName }}" + $Environment = "${{ inputs.environment }}" + # Check to see if Azure Redis Cache PowerShell Module is installed - Install-Module -Name Az.RedisCache -Confirm:$false -Force + Install-Module -Name Az.RedisCache -Confirm:$false # Get list of Redis instances using tags - $Redis = Get-AzRedisCache -ResourceGroupName "${{ inputs.resourceGroupName }}" | Where-Object { $_.Tag.Values -eq "${{ inputs.environment }}" } + $Redis = Get-AzRedisCache -ResourceGroupName "$ResourceGroupName" | Where-Object { $_.Tag.Values -eq "$Environment" } # Loop through Redis instances $Redis | ForEach-Object { $RedisHostname = $_.HostName $RedisPort = $_.Port $RedisName = $_.Name - $RedisKey = (Get-AzRedisCacheKey -Name $RedisName -ResourceGroupName "${{ inputs.resourceGroupName }}").PrimaryKey + $RedisKey = (Get-AzRedisCacheKey -Name $RedisName -ResourceGroupName $ResourceGroupName).PrimaryKey - # Authenticate using Redis key and flush cache database + Write-Host "Authenticating to $RedisHostname..." -ForegroundColor DarkGray $RedisCommands = "AUTH $RedisKey SELECT 0 - FLUSHDB" - $RedisResult = $RedisCommands | redis-cli -h "$RedisHostname" -p "$RedisPort" + EVAL 'return redis.call(\'del\', unpack(redis.call(\'keys\', ARGV[1])))' 0 $CacheKey" + Write-Host "Clearing cache key: $CacheKey" -ForegroundColor DarkGray + $RedisResult = $RedisCommands | redis-cli -h $RedisHostname -p $RedisPort # Check if output from cache clearing command has correct status message - if ($RedisResult -match 'OK') { + if ($RedisResult -match '^\d+$') { Write-Host "Successfully flushed cache for $RedisHostname" -ForegroundColor Green } + elseif ($RedisResult -match 'Wrong number of args calling Redis command From Lua script') { + Write-Host "Cache key $CacheKey missing in $RedisHostname" -ForegroundColor Yellow + } else { - Write-Error "Failed to clear cache for $RedisHostname" + Write-Host "Cache key $CacheKey status unknown in $RedisHostname" -ForegroundColor Red + Write-Host "Full output: $RedisResult" } } azPSVersion: "latest"