Skip to content

Commit

Permalink
[DEVOPS-513] Update Azure Function Environment Variables on Deploy (#144
Browse files Browse the repository at this point in the history 
)

<details open>
<summary><a href="https://amuniversal.atlassian.net/browse/DEVOPS-513"
title="DEVOPS-513" target="_blank">DEVOPS-513</a></summary>
  <br />
  <table>
    <tr>
      <th>Summary</th>
<td>Azure Function deploy workflows not updating environment
variables</td>
    </tr>
    <tr>
      <th>Type</th>
      <td>
<img alt="Bug"
src="https://amuniversal.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10308?size=medium"
/>
        Bug
      </td>
    </tr>
    <tr>
      <th>Status</th>
      <td>Peer Review</td>
    </tr>
    <tr>
      <th>Points</th>
      <td>N/A</td>
    </tr>
    <tr>
      <th>Labels</th>
      <td>-</td>
    </tr>
  </table>
</details>
<!--
do not remove this marker as it will break action-jira-linter's
functionality.
  added_by_jira_lint
-->
---

<!-- Please make sure you read the contribution guidelines and then fill
out the blanks below.

Please format the PR title appropriately based on the type of change:
  [JIRA-XXX]: <description>
-->

## Description

- Update Azure Function Environment Variables on Deploy
Result:
![Screenshot 2024-08-21 at 9 24
24 AM](https://github.com/user-attachments/assets/77e426da-e552-4b39-978b-ee6f6c997a60)


## Related Links

<!-- List any links related to this pull request here

Replace "JIRA-XXX" with the your Jira issue key -->

- Jira Issue: DEVOPS-513
- Testing environment: [![🚀
Deploy](https://github.com/Andrews-McMeel-Universal/subscription-webhook-manager_function/actions/workflows/deploy.yml/badge.svg?branch=bug%2FDEVOPS-513%2Ftest-functionapp-env-set-workflow)](https://github.com/Andrews-McMeel-Universal/subscription-webhook-manager_function/actions/workflows/deploy.yml)
  • Loading branch information
@ebronson68
ebronson68 committed Aug 21, 2024
1 parent 19e4676 commit 9653d2b
Showing 1 changed file with 101 additions and 0 deletions.
101 changes: 101 additions & 0 deletions .github/workflows/azfunction-deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,107 @@ jobs:
package: "${{ inputs.AZURE_FUNCTIONAPP_PACKAGE_PATH }}/output"
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE }}

- name: Enable identity for Azure Function
uses: azure/cli@v2
with:
inlineScript: |
set -eu
if [[ "${{ inputs.environment }}" == "production" ]]; then
az functionapp identity assign \
-g "${{ inputs.AZURE_FUNCTIONAPP_RESOURCEGROUP }}" \
-n "${{ inputs.AZURE_FUNCTIONAPP_NAME }}" | tee
else
az functionapp identity assign \
-g "${{ inputs.AZURE_FUNCTIONAPP_RESOURCEGROUP }}" \
-n "${{ inputs.AZURE_FUNCTIONAPP_NAME }}" \
--slot "${{ inputs.environment }}" | tee
fi
- name: Get Azure Function Managed Identity
id: identity
uses: azure/cli@v2
with:
inlineScript: |
set -eu
if [[ "${{ inputs.environment }}" == "production" ]]; then
IDENTITY=$(az functionapp identity show \
-g "${{ inputs.AZURE_FUNCTIONAPP_RESOURCEGROUP }}" \
-n "${{ inputs.AZURE_FUNCTIONAPP_NAME }}" | tee)
else
IDENTITY=$(az functionapp identity show \
-g "${{ inputs.AZURE_FUNCTIONAPP_RESOURCEGROUP }}" \
-n "${{ inputs.AZURE_FUNCTIONAPP_NAME }}" \
--slot "${{ inputs.environment }}" | tee)
fi
echo "functionAppIdentity=$(echo $IDENTITY | jq -r '.principalId')" >> $GITHUB_ENV
- name: Retrieve key vault name
uses: azure/cli@v2
with:
inlineScript: |
set -eu
ENVIRONMENT="${{ inputs.environment }}"
REPOSITORY_NAME="${{ github.event.repository.name }}"
echo -e "Searching for key vault with tags: \"repository-name=${REPOSITORY_NAME};environment=${ENVIRONMENT}\""
KEYVAULT_NAME=$(az keyvault list --query "[?tags.\"repository-name\" == '${REPOSITORY_NAME}' && tags.environment == '${ENVIRONMENT}'].name" --output tsv)
# Check if key vault was found
if [[ -z "$KEYVAULT_NAME" ]]; then
echo "Key Vault not found with tags: repository-name=${REPOSITORY_NAME};environment=${ENVIRONMENT}"
exit 1
fi
# Get key vault object
KEYVAULT_NAME=${KEYVAULT_NAME// /}
echo "keyVaultName=${KEYVAULT_NAME}" >> $GITHUB_ENV
- name: Assign Azure Function System Managed Identity to Key Vault
uses: azure/cli@v2
with:
inlineScript: |
set -eu
# Retrieve the Key Vault ID
keyVaultId=$(az keyvault show --name ${{ env.keyVaultName }} --query id --output tsv)
# Assign the Key Vault Secrets User role to the managed identity using object ID and principal type
az role assignment create --role "Key Vault Secrets User" --assignee-object-id ${{ env.functionAppIdentity }} --assignee-principal-type ServicePrincipal --scope $keyVaultId
- name: Retrieve environment variables
if: ${{ env.AZURE_CREDENTIALS_SET != 'false' }}
id: get-envs
uses: Andrews-McMeel-Universal/get-envs@v1
with:
azurecredentials: ${{ secrets.AZURE_CREDENTIALS }}
environment: ${{ inputs.environment }}
contentTypes: Env

- name: Add environment variables to function app
uses: azure/cli@v2
with:
inlineScript: |
set -eu
# Iterate over each environment variable
ENV_VARS=($(echo '${{ steps.get-envs.outputs.environmentVariables }}'))
for part in ${ENV_VARS[@]}; do
IFS='=' read -r key value <<< "$part"
VARIABLE_LC=$(echo "$key" | tr '[:upper:]' '[:lower:]' | tr "_" "-")
if [[ "${{ inputs.environment }}" == "production" ]]; then
az functionapp config appsettings set \
-g "${{ inputs.AZURE_FUNCTIONAPP_RESOURCEGROUP }}" \
-n "${{ inputs.AZURE_FUNCTIONAPP_NAME }}" \
--slot-settings "$key=@Microsoft.KeyVault(VaultName=${{ env.keyVaultName }};SecretName=${VARIABLE_LC})" | tee
else
az functionapp config appsettings set \
-g "${{ inputs.AZURE_FUNCTIONAPP_RESOURCEGROUP }}" \
-n "${{ inputs.AZURE_FUNCTIONAPP_NAME }}" \
--slot "${{ inputs.environment }}" \
--slot-settings "$key=@Microsoft.KeyVault(VaultName=${{ env.keyVaultName }};SecretName=${VARIABLE_LC})" | tee
fi
done
- name: Remove GitHub Runner IP from Whitelist
if: always()
uses: azure/cli@v2
Expand Down

0 comments on commit 9653d2b

Please sign in to comment.