Merge branch 'main' into story/DEVOPS-263/ephemeral-deployments-workflow

Andrews-McMeel-Universal · Oct 9, 2023 · bc9b30b · bc9b30b
2 parents 1d30efa + 8e80049
commit bc9b30b
Show file tree

Hide file tree

Showing 11 changed files with 65 additions and 118 deletions.
diff --git a/.github/workflows/aks-deploy.yaml b/.github/workflows/aks-deploy.yaml
@@ -189,11 +189,6 @@ jobs:
           Write-Output "adminIngressWhitelist=$adminIngressWhitelist" >> $env:GITHUB_ENV
           Write-Output "release=$release" >> $env:GITHUB_ENV
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.azureCredentials }}"
-
       - name: Generate .env file from Azure Key Vaults
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -202,32 +197,47 @@ jobs:
           environmentKeyVault: ${{ inputs.environmentKeyVault }}
 
       - name: Generate build args from Azure Key Vaults
-        uses: azure/powershell@v1
-        with:
-          inlineScript: |
-            if ("${{ inputs.environmentKeyVault }}") {
-                $KeyVaultName = "${{ inputs.environmentKeyVault }}"
-            }
-            else {
-                $KeyVaultName = (Get-AzKeyVault -Tag @{"environment" = "${{ inputs.environment }}" } | Get-AzKeyVault -Tag @{"repository-name" = "${{ github.event.repository.name }}" }).VaultName
-            }
-            [string]$KeyVaultName = $KeyVaultName.Replace(" ", "-")
-            $buildSecrets = (Get-AzKeyVaultSecret -VaultName $KeyVaultName  | Where-Object { ($_.ContentType -contains 'BuildArg') -or ($_.ContentType -contains 'BuildArg Env') }).Name
-            if ($buildSecrets.Count -gt 0) {
-                $buildArgPredicate = ' --build-arg '
-            }
-            else {
-                return
-            }
-            $buildSecrets | ForEach-Object {
-                $argName = $_.ToUpper()
-                $argName = $argName.Replace("-", "_")
-                $argSecret = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $_).secretvalue | ConvertFrom-SecureString -AsPlainText
-                $buildArguments = $buildArguments + $buildArgPredicate + $argName + "=" + $argSecret
-            }
-
-            echo "buildArguments=$buildArguments" >> $env:GITHUB_ENV
-          azPSVersion: "latest"
+        shell: bash
+        run: |
+          ENVIRONMENT="${{ inputs.environment }}"
+          REPOSITORY_NAME="${{ inputs.repositoryName }}"
+          ENV_KEYVAULT_NAME="${{ inputs.environmentKeyVault }}"
+
+          # Check if searching for key vaults by repository name or otherwise, if key vault name argument is given
+          if [ -z "${ENV_KEYVAULT_NAME}" ]; then
+              # Search for key vault using tags
+              KEYVAULT_NAME=$(az keyvault list --query "[?tags.\"repository-name\" == '${REPOSITORY_NAME}' && tags.environment == '${ENVIRONMENT}'].name" --output tsv)
+          else
+              KEYVAULT_NAME="${ENV_KEYVAULT_NAME}"
+          fi
+
+          # Get key vault object
+          KEYVAULT=$(az keyvault list --query "[?name == '${KEYVAULT_NAME}']" )
+
+          # Check if key vault exists
+          if ! echo "${KEYVAULT}" | grep -Eq "\w"; then
+              echo -e "${RED}Invalid value provided for 'KeyVaultName'. Please confirm a Key Vault exists under the name specified. Value provided: ${KEYVAULT_NAME}"
+              exit 1
+          fi
+          KEYVAULT_NAME="${KEYVAULT_NAME// /}"
+
+          # Set secrets list
+          SECRETS=$(az keyvault secret list --vault-name "${KEYVAULT_NAME}" --query "[?contentType == 'BuildArg Env' || contentType == 'BuildArg'].name" --output tsv)
+
+          # Loop through secrets and add them to .env
+          if echo "${SECRETS}" | grep -Eq "\w"; then
+              while IFS= read -r SECRET; do
+                  # Convert to upper case snake case and remove quotes
+                  SECRET_NAME=$(echo "${SECRET}" | tr '[:upper:][:lower:]' '[:lower:][:upper:]' | tr "-" "_" | tr -d '"')
+
+                  # Get secret value and set it to the secret name
+                  SECRET_VALUE=$(az keyvault secret show --vault-name "${KEYVAULT_NAME}" -n "${SECRET}" --query "value" --output tsv)
+
+                  # Add secret to file
+                  BUILDARGS="${BUILDARGS} --build-arg ${SECRET_NAME}=${SECRET_VALUE}"
+              done < <(echo "${SECRETS[*]}")
+          fi
+          echo "buildArguments=${BUILDARGS}" >> $GITHUB_ENV
 
       - name: Login to Azure Container Registry
         uses: Azure/docker-login@v1
@@ -358,12 +368,6 @@ jobs:
           name: bake-manifests-bundle
           path: ${{ needs.build.outputs.manifestsBundle }}
 
-      - name: Azure Login
-        uses: azure/login@v1
-        with:
-          creds: "${{ secrets.azureCredentials }}"
-          enable-AzPSSession: true
-
       - name: Generate .env file from Azure Key Vaults
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -433,19 +437,14 @@ jobs:
     runs-on: ubuntu-latest
     continue-on-error: false
     steps:
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
+      - name: Login via Az module
+        uses: azure/login@v1
         with:
-          azureCredentials: "${{ secrets.azureCredentials }}"
+          creds: "${{ secrets.azureCredentials }}"
 
       - name: Create or Update Public DNS Record
-        uses: azure/powershell@v1
-        with:
-          inlineScript: |
-            $NewRecords = New-AzDnsRecordConfig -Cname "${{ secrets.azureClusterName }}-${{ inputs.environment }}-ingress.centralus.cloudapp.azure.com."
-
-            New-AzDnsRecordSet -Name "${{ needs.build.outputs.hostName }}" -RecordType CNAME -ZoneName "${{ needs.build.outputs.domainName }}" -ResourceGroupName ${{ inputs.dnsResourceGroup }} -Ttl 3600 -DnsRecords $NewRecords -Overwrite;
-          azPSVersion: "latest"
+        run: |
+          az network dns record-set cname set-record --resource-group ${{ inputs.dnsResourceGroup }} --zone-name "${{ needs.build.outputs.domainName }}" --record-set-name ${{ needs.build.outputs.hostName }} --cname "${{ secrets.azureClusterName }}-${{ inputs.environment }}-ingress.centralus.cloudapp.azure.com." --ttl 3600
 
       - name: Record deployment information in Azure Storage Table
         uses: LadyCailin/azure-table-storage-upload@v1.0.1

diff --git a/.github/workflows/azfunction-deploy.yaml b/.github/workflows/azfunction-deploy.yaml
@@ -73,10 +73,10 @@ jobs:
           dotnet build --configuration Release --output ./output
           popd
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
+      - name: Login via Az module
+        uses: azure/login@v1
         with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
+          creds: "${{ secrets.AZURE_CREDENTIALS }}"
 
       - name: Whitelist Boley IPs
         uses: azure/CLI@v1

diff --git a/.github/workflows/b2c-build-and-deploy.yaml b/.github/workflows/b2c-build-and-deploy.yaml
@@ -62,11 +62,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.azureCredentials }}"
-
       - name: Generate .env file from Azure Key Vaults
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:

diff --git a/.github/workflows/bump-versions.yaml b/.github/workflows/bump-versions.yaml
@@ -88,7 +88,7 @@ jobs:
           find: '"version": .*'
           replace: '"version": "${{ env.release }}",'
           regex: true
-          include: "package.json"
+          include: "**package.json"
 
       - name: Update version in Chart.yaml
         uses: jacobtomlinson/gha-find-replace@v3
@@ -109,8 +109,8 @@ jobs:
           title: "⬆️ Version bump: ${{ env.release }}"
           body: |
             Updating version to ${{ env.release }} in:
-            - `deployments/charts/Charts.yaml`
-            - `package.json`
+            - `**/Charts.yaml`
+            - `**/package.json`
           labels: |
             maintenance
 

diff --git a/.github/workflows/clear-azure-redis-cache.yaml b/.github/workflows/clear-azure-redis-cache.yaml
@@ -27,10 +27,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
+      - name: Login via Az module
+        uses: azure/login@v1
         with:
-          azureCredentials: "${{ secrets.azureCredentials }}"
+          creds: "${{ secrets.azureCredentials }}"
+          enable-AzPSSession: true
 
       - name: Install Dependencies
         uses: awalsh128/cache-apt-pkgs-action@v1

diff --git a/.github/workflows/next-ci.yaml b/.github/workflows/next-ci.yaml
@@ -40,11 +40,6 @@ jobs:
           commit_user_email: amu_deploy@amuniversal.com
           commit_message: "[Formatter] Apply prettier changes"
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -66,11 +61,6 @@ jobs:
       - name: Use cache-next-install action
         uses: Andrews-McMeel-Universal/cache-next-install@v1
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -83,7 +73,6 @@ jobs:
       - name: Run Jest tests
         run: yarn test:unit:ci
 
-  # Required status check
   integration-tests:
     name: Integration Tests
     needs: [build]
@@ -98,11 +87,6 @@ jobs:
       - name: Install Playwright Browsers
         run: yarn pretest:integration:ci
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -132,11 +116,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:

diff --git a/.github/workflows/purge-cdn.yaml b/.github/workflows/purge-cdn.yaml
@@ -38,10 +38,11 @@ jobs:
               exit 1
             }
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
+      - name: Login via Az module
+        uses: azure/login@v1
         with:
-          azureCredentials: "${{ secrets.azureCredentials }}"
+          creds: "${{ secrets.azureCredentials }}"
+          enable-AzPSSession: true
 
       - name: Purge CDN cache
         uses: azure/powershell@v1

diff --git a/.github/workflows/ruby-ci.yaml b/.github/workflows/ruby-ci.yaml
@@ -37,11 +37,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:

diff --git a/.github/workflows/ui-ci.yaml b/.github/workflows/ui-ci.yaml
@@ -40,11 +40,6 @@ jobs:
           commit_user_email: amu_deploy@amuniversal.com
           commit_message: "[Formatter] Apply prettier changes"
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -65,11 +60,6 @@ jobs:
       - name: Use cache-yarn-install action
         uses: Andrews-McMeel-Universal/cache-yarn-install@v1
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -96,11 +86,6 @@ jobs:
       - name: Install Playwright Browsers
         run: yarn pretest:integration:ci
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:
@@ -130,11 +115,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Use .env cache action
         uses: Andrews-McMeel-Universal/get-envs@v1
         with:

diff --git a/.github/workflows/update-azureapimanagement.yaml b/.github/workflows/update-azureapimanagement.yaml
@@ -73,10 +73,12 @@ jobs:
       azurePassword: ${{ secrets.azurePassword }}
       azureSubscription: ${{ secrets.azureSubscription }}
     steps:
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
+      - name: Login via Az module
+        if: ${{ env.azureCredentials }}
+        uses: azure/login@v1
         with:
-          azureCredentials: "${{ secrets.azureCredentials }}"
+          creds: "${{ secrets.azureCredentials }}"
+          enable-AzPSSession: true
 
       - name: Login via PowerShell
         if: ${{ inputs.azureUser && env.azurePassword && env.azureSubscription }}

diff --git a/.github/workflows/update-game-config.yaml b/.github/workflows/update-game-config.yaml
@@ -19,11 +19,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Login to Azure
-        uses: Andrews-McMeel-Universal/cache-azure-login@v1
-        with:
-          azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}"
-
       - name: Generate .env file from Azure Key Vaults
         uses: Andrews-McMeel-Universal/get-envs@v1
         with: