Merge pull request Azure#62 from MaxHorstmann/maxhorstmann/deployment-stacks-runner

Add DeploymentStacks runner

Author: varshagangu9

Runner-Images/DeploymentStacks/Dockerfile

@@ -0,0 +1,25 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+ARG BASE_IMAGE=mcr.microsoft.com/deployment-environments/runners/core
+ARG IMAGE_VERSION=latest
+
+FROM ${BASE_IMAGE}:${IMAGE_VERSION}
+WORKDIR /
+
+ARG IMAGE_VERSION
+
+# Metadata as defined at http://label-schema.org
+ARG BUILD_DATE
+
+# install bicep
+RUN az bicep install
+
+# suppress warnings (temp solution until we can snap to Azure Linux)
+RUN az config set core.only_show_errors=true
+
+# Grab all .sh files from scripts, copy to
+# root scripts, replace line-endings and make them all executable
+COPY scripts/* /scripts/
+RUN find /scripts/ -type f -iname "*.sh" -exec dos2unix '{}' '+'
+RUN find /scripts/ -type f -iname "*.sh" -exec chmod +x {} \;

Runner-Images/DeploymentStacks/scripts/_common.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+source "/shared/commands.sh"
+
+trackDeployment() {
+
+    trace="$( echo "$1" | jq --raw-output '.[] | [.operationId, .properties.timestamp, .properties.provisioningOperation, .properties.provisioningState, .properties.targetResource.id // ""] | @tsv' )"
+
+    echo "$trace" | while read -r line; do
+        if [[ ! -z "$line" ]]; then
+
+            operationId="$( echo "$line" | cut -f 1 )"
+            operationTimestamp="$( echo "$line" | cut -f 2 | cut -d . -f 1 | sed 's/T/ /g' )"
+            operationType="$( echo "$line" | cut -f 3 )"
+            operationState="$( echo "$line" | cut -f 4 )"
+            operationTarget="$( echo "$line" | cut -f 5 )"
+            operationHash="$( echo "$operationId|$operationState" | md5sum | cut -d ' ' -f 1 )"
+
+            if ! grep -q "$operationHash" /tmp/hashes 2>/dev/null ; then
+
+                echo -e "\n$operationTimestamp\t$operationId - $operationType ($operationState)"
+
+                if [[ ! -z "$operationTarget" ]]; then
+                    echo -e "\t\t\t$operationTarget"
+                fi
+
+                echo "$operationHash" >> /tmp/hashes
+
+            fi
+        fi
+    done
+}
+
+outputDeploymentErrors() {
+    echo -e "Deployment failed with the following errors:\n" 1>&2
+    readarray errors -t <<< $(echo $1 | jq -c '.[] | .properties | select(has("statusMessage") and (.statusMessage | has("error")))')
+    echo -e "Number of errors: ${#errors[@]}\n" 1>&2
+    for item in "${errors[@]}"; do
+        echo -e "Target Resource ID: $( echo $item | jq '. | .targetResource.id' )\nError Code: $( echo $item | jq '.statusMessage.error.code' )\nError Message: $( echo $item | jq '.statusMessage.error.message' )\n" 1>&2
+        readarray errorDetails -t <<< $(echo $item | jq -c '.statusMessage.error.details')
+
+        if [[ -z $errorDetails ]]; then
+            for detail in "${errorDetails[@]}"; do
+                echo -e "Error Detail Code: $( echo $detail | jq '.[] | .code')\nError Detail Message: $(echo $detail | jq '.[] | .message')\n" 1>&2
+            done
+        fi
+    done
+}
+
+#below - used for deployment stack deletion -> not given deployment info, so use deployment stack resource
+outputDeletionErrors() {
+    echo "Deletion failed with the following resources:\n"
+    failedResources=$(az stack group show --name $ADE_ENVIRONMENT_NAME --resource-group $ADE_RESOURCE_GROUP_NAME --query "failedResources" )
+    readarray errors -t <<< $(echo $1)
+    echo "Number of failed resources: ${#errors[@]}\n" 1>&2
+    for item in ${errors[@]}; do
+        echo "Resource ID: $( echo $item | jq '.id')\nError Code: $( echo $item | jq '.error.code')\nError Message: $(echo $item | jq '.error.message')" 1>&2
+    done
+}
+
+setOutputs() {
+    outputs=$1
+    outputs=$(jq 'walk(if type == "object" then
+                    if .type == "Bool" then .type = "boolean"
+                    elif .type == "Int" then .type = "number"
+                    else . 
+                    end 
+                 else . 
+                 end)' <<< "$outputs")
+    echo "{\"outputs\": $outputs}" > $ADE_OUTPUTS
+}

Runner-Images/DeploymentStacks/scripts/delete.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+set -e # exit on error
+
+DIR=$(dirname "$0")
+. $DIR/_common.sh
+
+echo "Deleting resource group: $ADE_RESOURCE_GROUP_NAME"
+
+echo "Signing into Azure using MSI"
+while true; do
+    # managed identity isn't available immediately
+    # we need to do retry after a short nap
+    az login --identity --only-show-errors --output none && {
+        echo "Successfully signed into Azure"
+        az account set --subscription $ADE_SUBSCRIPTION_ID
+        break
+    } || sleep 5
+done
+
+echo -e "\n>>> Beginning Deletion ...\n"
+
+az stack group delete --resource-group "$ADE_RESOURCE_GROUP_NAME" \
+    --name "$ADE_ENVIRONMENT_NAME" \
+    --yes \
+    --action-on-unmanage deleteResources
+
+if [ $? -eq 0 ]; then # deployment successfully created
+    echo "Successfully Deleted Resources"
+else
+    echo "Failed to Delete Resources"
+    outputDeletionErrors
+    exit 1
+fi

Runner-Images/DeploymentStacks/scripts/deploy.sh

@@ -0,0 +1,105 @@
+#!/bin/bash
+
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+set -e # exit on error
+
+DIR=$(dirname "$0")
+source  $DIR/_common.sh
+
+deploymentOutput=""
+
+# format the parameters as arm parameters
+deploymentParameters=$(echo "$ADE_OPERATION_PARAMETERS" | jq --compact-output '{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": (to_entries | if length == 0 then {} else (map( { (.key): { "value": .value } } ) | add) end) }' )
+
+
+# We can resolve linked templates with
+# relativePaths before submitting the deployment to ARM by:
+#
+#   1. Use `bicep decompile` to transpile the ARM template into
+#      bicep modules. During this process bicep will resolve the linked
+#      templates locally and convert them each into bicep modules.
+#
+#   2. Then run `bicep build` to transpile those bicep modules back
+#      into ARM. This will output a new, single ARM template with the
+#      linked templates embedded as nested templates
+if [[ $ADE_TEMPLATE_FILE == *.json ]]; then
+
+    hasRelativePath=$( cat $ADE_TEMPLATE_FILE | jq '[.. | objects | select(has("templateLink") and (.templateLink | has("relativePath")))] | any' )
+
+    if [ "$hasRelativePath" = "true" ]; then
+        echo "Resolving linked ARM templates"
+
+        bicepTemplate="${ADE_TEMPLATE_FILE/.json/.bicep}"
+        generatedTemplate="${ADE_TEMPLATE_FILE/.json/.generated.json}"
+
+        az bicep decompile --file "$ADE_TEMPLATE_FILE"
+        az bicep build --file "$bicepTemplate" --outfile "$generatedTemplate"
+
+        # Correctly reassign ADE_TEMPLATE_FILE without the $ prefix during assignment
+        ADE_TEMPLATE_FILE="$generatedTemplate"
+    else
+        echo "Not linked template"
+    fi
+fi
+
+
+echo "Signing into Azure using MSI"
+while true; do
+    # managed identity isn't available immediately
+    # we need to do retry after a short nap
+    az login --identity --only-show-errors --output none && {
+        echo "Successfully signed into Azure"
+        az account set --subscription $ADE_SUBSCRIPTION_ID
+        break
+    } || sleep 5
+done
+
+echo -e "\n>>>Deploying ARM/Bicep template...\n"
+az stack group create --subscription $ADE_SUBSCRIPTION_ID \
+    --resource-group "$ADE_RESOURCE_GROUP_NAME" \
+    --name "$ADE_ENVIRONMENT_NAME" \
+    --deny-settings-mode "none" \
+    --no-wait --yes \
+    --template-file "$ADE_TEMPLATE_FILE" \
+    --parameters "$deploymentParameters" \
+    --action-on-unmanage deleteResources
+
+if [ $? -eq 0 ]; then # deployment successfully created
+    sleep 30 # sleep for 30 seconds to ensure deployment ID is set correctly
+    while true; do
+    
+        sleep 1
+        
+        deploymentId=$(az stack group show --resource-group "$ADE_RESOURCE_GROUP_NAME" --name "$ADE_ENVIRONMENT_NAME" --query "deploymentId" -o tsv)
+        deploymentName=$(echo "$deploymentId" | cut -d '/' -f 9)
+        ProvisioningState=$(az deployment group show --resource-group "$ADE_RESOURCE_GROUP_NAME" --name "$deploymentName" --query "properties.provisioningState" -o tsv)
+        ProvisioningDetails=$(az deployment operation group list --resource-group "$ADE_RESOURCE_GROUP_NAME" --name "$deploymentName")
+
+        trackDeployment "$ProvisioningDetails"
+
+        if [[ "CANCELED|FAILED|SUCCEEDED" == *"${ProvisioningState^^}"* ]]; then
+
+            echo "\nDeployment $deploymentName: $ProvisioningState"
+
+            if [[ "CANCELED|FAILED" == *"${ProvisioningState^^}"* ]]; then
+                outputDeploymentErrors "$ProvisioningDetails"
+                exit 1
+            else
+                break
+            fi
+        fi
+
+    done
+
+    echo -e "\n>>> Generating outputs for ADE...\n"
+    deploymentOutput=$(az deployment group show -g "$ADE_RESOURCE_GROUP_NAME" -n "$deploymentName" --query properties.outputs)
+    if [ -z "$deploymentOutput" ]; then
+        echo "No outputs found for deployment"
+    else
+        setOutputs "$deploymentOutput"
+        echo "Outputs successfully generated for ADE"
+    fi
+else
+    echo "Deployment failed to create."
+fi

Runner-Images/DeploymentStacks/scripts/empty.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {},
+  "variables": {},
+  "resources": [],
+  "outputs": {}
+}

Runner-Images/README.md

@@ -3,6 +3,7 @@
 ## Featured Repos
 + Core: Core ADE Image
 + ARM-Bicep: ADE Image for ARM/Bicep Deployments/Deletions
++ DeploymentStacks: ADE Image for Azure [Deployment stacks](https://github.com/Azure/deployment-stacks)
 
 ## About Azure Deployment Environments
 Azure Deployment Environments empowers development teams to quickly and easily spin up app infrastructure with project-based templates that establish consistency and best practices while maximizing security. This on-demand access to secure environments accelerates the stages of the software development lifecycle in a compliant and cost-efficient way.