diff --git a/.github/workflows/aks-deploy.yaml b/.github/workflows/aks-deploy.yaml index 8693339b..5a96fe5e 100644 --- a/.github/workflows/aks-deploy.yaml +++ b/.github/workflows/aks-deploy.yaml @@ -189,11 +189,6 @@ jobs: Write-Output "adminIngressWhitelist=$adminIngressWhitelist" >> $env:GITHUB_ENV Write-Output "release=$release" >> $env:GITHUB_ENV - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.azureCredentials }}" - - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -202,32 +197,47 @@ jobs: environmentKeyVault: ${{ inputs.environmentKeyVault }} - name: Generate build args from Azure Key Vaults - uses: azure/powershell@v1 - with: - inlineScript: | - if ("${{ inputs.environmentKeyVault }}") { - $KeyVaultName = "${{ inputs.environmentKeyVault }}" - } - else { - $KeyVaultName = (Get-AzKeyVault -Tag @{"environment" = "${{ inputs.environment }}" } | Get-AzKeyVault -Tag @{"repository-name" = "${{ github.event.repository.name }}" }).VaultName - } - [string]$KeyVaultName = $KeyVaultName.Replace(" ", "-") - $buildSecrets = (Get-AzKeyVaultSecret -VaultName $KeyVaultName | Where-Object { ($_.ContentType -contains 'BuildArg') -or ($_.ContentType -contains 'BuildArg Env') }).Name - if ($buildSecrets.Count -gt 0) { - $buildArgPredicate = ' --build-arg ' - } - else { - return - } - $buildSecrets | ForEach-Object { - $argName = $_.ToUpper() - $argName = $argName.Replace("-", "_") - $argSecret = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $_).secretvalue | ConvertFrom-SecureString -AsPlainText - $buildArguments = $buildArguments + $buildArgPredicate + $argName + "=" + $argSecret - } - - echo "buildArguments=$buildArguments" >> $env:GITHUB_ENV - azPSVersion: "latest" + shell: bash + run: | + ENVIRONMENT="${{ inputs.environment }}" + REPOSITORY_NAME="${{ inputs.repositoryName }}" + ENV_KEYVAULT_NAME="${{ inputs.environmentKeyVault }}" + + # Check if searching for key vaults by repository name or otherwise, if key vault name argument is given + if [ -z "${ENV_KEYVAULT_NAME}" ]; then + # Search for key vault using tags + KEYVAULT_NAME=$(az keyvault list --query "[?tags.\"repository-name\" == '${REPOSITORY_NAME}' && tags.environment == '${ENVIRONMENT}'].name" --output tsv) + else + KEYVAULT_NAME="${ENV_KEYVAULT_NAME}" + fi + + # Get key vault object + KEYVAULT=$(az keyvault list --query "[?name == '${KEYVAULT_NAME}']" ) + + # Check if key vault exists + if ! echo "${KEYVAULT}" | grep -Eq "\w"; then + echo -e "${RED}Invalid value provided for 'KeyVaultName'. Please confirm a Key Vault exists under the name specified. Value provided: ${KEYVAULT_NAME}" + exit 1 + fi + KEYVAULT_NAME="${KEYVAULT_NAME// /}" + + # Set secrets list + SECRETS=$(az keyvault secret list --vault-name "${KEYVAULT_NAME}" --query "[?contentType == 'BuildArg Env' || contentType == 'BuildArg'].name" --output tsv) + + # Loop through secrets and add them to .env + if echo "${SECRETS}" | grep -Eq "\w"; then + while IFS= read -r SECRET; do + # Convert to upper case snake case and remove quotes + SECRET_NAME=$(echo "${SECRET}" | tr '[:upper:][:lower:]' '[:lower:][:upper:]' | tr "-" "_" | tr -d '"') + + # Get secret value and set it to the secret name + SECRET_VALUE=$(az keyvault secret show --vault-name "${KEYVAULT_NAME}" -n "${SECRET}" --query "value" --output tsv) + + # Add secret to file + BUILDARGS="${BUILDARGS} --build-arg ${SECRET_NAME}=${SECRET_VALUE}" + done < <(echo "${SECRETS[*]}") + fi + echo "buildArguments=${BUILDARGS}" >> $GITHUB_ENV - name: Login to Azure Container Registry uses: Azure/docker-login@v1 @@ -358,12 +368,6 @@ jobs: name: bake-manifests-bundle path: ${{ needs.build.outputs.manifestsBundle }} - - name: Azure Login - uses: azure/login@v1 - with: - creds: "${{ secrets.azureCredentials }}" - enable-AzPSSession: true - - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -433,19 +437,14 @@ jobs: runs-on: ubuntu-latest continue-on-error: false steps: - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 + - name: Login via Az module + uses: azure/login@v1 with: - azureCredentials: "${{ secrets.azureCredentials }}" + creds: "${{ secrets.azureCredentials }}" - name: Create or Update Public DNS Record - uses: azure/powershell@v1 - with: - inlineScript: | - $NewRecords = New-AzDnsRecordConfig -Cname "${{ secrets.azureClusterName }}-${{ inputs.environment }}-ingress.centralus.cloudapp.azure.com." - - New-AzDnsRecordSet -Name "${{ needs.build.outputs.hostName }}" -RecordType CNAME -ZoneName "${{ needs.build.outputs.domainName }}" -ResourceGroupName ${{ inputs.dnsResourceGroup }} -Ttl 3600 -DnsRecords $NewRecords -Overwrite; - azPSVersion: "latest" + run: | + az network dns record-set cname set-record --resource-group ${{ inputs.dnsResourceGroup }} --zone-name "${{ needs.build.outputs.domainName }}" --record-set-name ${{ needs.build.outputs.hostName }} --cname "${{ secrets.azureClusterName }}-${{ inputs.environment }}-ingress.centralus.cloudapp.azure.com." --ttl 3600 - name: Record deployment information in Azure Storage Table uses: LadyCailin/azure-table-storage-upload@v1.0.1 diff --git a/.github/workflows/azfunction-deploy.yaml b/.github/workflows/azfunction-deploy.yaml index 831074c0..528f6f98 100644 --- a/.github/workflows/azfunction-deploy.yaml +++ b/.github/workflows/azfunction-deploy.yaml @@ -73,10 +73,10 @@ jobs: dotnet build --configuration Release --output ./output popd - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 + - name: Login via Az module + uses: azure/login@v1 with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" + creds: "${{ secrets.AZURE_CREDENTIALS }}" - name: Whitelist Boley IPs uses: azure/CLI@v1 diff --git a/.github/workflows/b2c-build-and-deploy.yaml b/.github/workflows/b2c-build-and-deploy.yaml index 067c92f1..ef728158 100644 --- a/.github/workflows/b2c-build-and-deploy.yaml +++ b/.github/workflows/b2c-build-and-deploy.yaml @@ -62,11 +62,6 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.azureCredentials }}" - - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 with: diff --git a/.github/workflows/bump-versions.yaml b/.github/workflows/bump-versions.yaml index a8a3226f..a3b2b2e1 100644 --- a/.github/workflows/bump-versions.yaml +++ b/.github/workflows/bump-versions.yaml @@ -88,7 +88,7 @@ jobs: find: '"version": .*' replace: '"version": "${{ env.release }}",' regex: true - include: "package.json" + include: "**package.json" - name: Update version in Chart.yaml uses: jacobtomlinson/gha-find-replace@v3 @@ -109,8 +109,8 @@ jobs: title: "⬆️ Version bump: ${{ env.release }}" body: | Updating version to ${{ env.release }} in: - - `deployments/charts/Charts.yaml` - - `package.json` + - `**/Charts.yaml` + - `**/package.json` labels: | maintenance diff --git a/.github/workflows/clear-azure-redis-cache.yaml b/.github/workflows/clear-azure-redis-cache.yaml index 723be869..14a75bd2 100644 --- a/.github/workflows/clear-azure-redis-cache.yaml +++ b/.github/workflows/clear-azure-redis-cache.yaml @@ -27,10 +27,11 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 + - name: Login via Az module + uses: azure/login@v1 with: - azureCredentials: "${{ secrets.azureCredentials }}" + creds: "${{ secrets.azureCredentials }}" + enable-AzPSSession: true - name: Install Dependencies uses: awalsh128/cache-apt-pkgs-action@v1 diff --git a/.github/workflows/next-ci.yaml b/.github/workflows/next-ci.yaml index 1e2f3d29..a12baacf 100644 --- a/.github/workflows/next-ci.yaml +++ b/.github/workflows/next-ci.yaml @@ -40,11 +40,6 @@ jobs: commit_user_email: amu_deploy@amuniversal.com commit_message: "[Formatter] Apply prettier changes" - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -66,11 +61,6 @@ jobs: - name: Use cache-next-install action uses: Andrews-McMeel-Universal/cache-next-install@v1 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -83,7 +73,6 @@ jobs: - name: Run Jest tests run: yarn test:unit:ci - # Required status check integration-tests: name: Integration Tests needs: [build] @@ -98,11 +87,6 @@ jobs: - name: Install Playwright Browsers run: yarn pretest:integration:ci - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -132,11 +116,6 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: diff --git a/.github/workflows/purge-cdn.yaml b/.github/workflows/purge-cdn.yaml index 28939947..4c6aafb8 100644 --- a/.github/workflows/purge-cdn.yaml +++ b/.github/workflows/purge-cdn.yaml @@ -38,10 +38,11 @@ jobs: exit 1 } - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 + - name: Login via Az module + uses: azure/login@v1 with: - azureCredentials: "${{ secrets.azureCredentials }}" + creds: "${{ secrets.azureCredentials }}" + enable-AzPSSession: true - name: Purge CDN cache uses: azure/powershell@v1 diff --git a/.github/workflows/ruby-ci.yaml b/.github/workflows/ruby-ci.yaml index 4c949041..30f207bf 100644 --- a/.github/workflows/ruby-ci.yaml +++ b/.github/workflows/ruby-ci.yaml @@ -37,11 +37,6 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: diff --git a/.github/workflows/ui-ci.yaml b/.github/workflows/ui-ci.yaml index fb10bd55..0865f418 100644 --- a/.github/workflows/ui-ci.yaml +++ b/.github/workflows/ui-ci.yaml @@ -40,11 +40,6 @@ jobs: commit_user_email: amu_deploy@amuniversal.com commit_message: "[Formatter] Apply prettier changes" - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -65,11 +60,6 @@ jobs: - name: Use cache-yarn-install action uses: Andrews-McMeel-Universal/cache-yarn-install@v1 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -96,11 +86,6 @@ jobs: - name: Install Playwright Browsers run: yarn pretest:integration:ci - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -130,11 +115,6 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Use .env cache action uses: Andrews-McMeel-Universal/get-envs@v1 with: diff --git a/.github/workflows/update-azureapimanagement.yaml b/.github/workflows/update-azureapimanagement.yaml index 97bc35fa..07f8b040 100644 --- a/.github/workflows/update-azureapimanagement.yaml +++ b/.github/workflows/update-azureapimanagement.yaml @@ -73,10 +73,12 @@ jobs: azurePassword: ${{ secrets.azurePassword }} azureSubscription: ${{ secrets.azureSubscription }} steps: - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 + - name: Login via Az module + if: ${{ env.azureCredentials }} + uses: azure/login@v1 with: - azureCredentials: "${{ secrets.azureCredentials }}" + creds: "${{ secrets.azureCredentials }}" + enable-AzPSSession: true - name: Login via PowerShell if: ${{ inputs.azureUser && env.azurePassword && env.azureSubscription }} diff --git a/.github/workflows/update-game-config.yaml b/.github/workflows/update-game-config.yaml index 05b2f6bd..37c12094 100644 --- a/.github/workflows/update-game-config.yaml +++ b/.github/workflows/update-game-config.yaml @@ -19,11 +19,6 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Login to Azure - uses: Andrews-McMeel-Universal/cache-azure-login@v1 - with: - azureCredentials: "${{ secrets.AZURE_CREDENTIALS }}" - - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 with: