Merge pull request #3 from cse-labs/erisch/service/v1

Adding Github Actions Workflow for Pipeline Config

Author: erikschlegel

.github/workflows/azure-dev.yaml

@@ -0,0 +1,80 @@
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'azure.yaml' 
+      - 'infra/**'
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/azure-dev.yml'
+
+permissions:
+    id-token: write
+    contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+      AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+      AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+      GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+      GITOPS_REPO: ${{ vars.GITOPS_REPO }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Install azd
+        uses: Azure/[email protected]
+      - name: pre validation
+        shell: bash
+        run: |
+            for varName in GITHUB_TOKEN AZURE_ENV_NAME AZURE_LOCATION AZURE_SUBSCRIPTION_ID GITOPS_REPO AZURE_TENANT_ID; do
+                varVal=$(eval echo "\${$varName}")
+                [[ -z $varVal ]] && {
+                echo "💥 Error! Required env variable or secret '$varName' is not set!"
+                envUnset=true
+            }
+            done
+            if [ "$envUnset" = true ]; then 
+                exit 1
+            fi
+
+      - name: Kubectl Install
+        uses: azure/setup-kubectl@v3
+
+      - name: Log in with Azure
+        if: ${{ env.AZURE_CLIENT_ID != '' }}
+        run: |
+            azd auth login --no-prompt `
+                --client-id "$Env:AZURE_CLIENT_ID" `
+                --federated-credential-provider "github" `
+                --tenant-id "$Env:AZURE_TENANT_ID"
+        shell: pwsh
+
+      - name: Azure login (for the preprovision script)
+        uses: azure/login@v1
+        with:
+          client-id: ${{ env.AZURE_CLIENT_ID }}
+          subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
+          tenant-id: ${{ env.AZURE_TENANT_ID }}
+
+      - name: Github CLI install
+        run: |
+            type -p curl >/dev/null || apt install curl -y
+            sudo curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+            && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
+            && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+            && sudo apt update \
+            && sudo apt install gh jq gettext-base -y
+
+      - name: Azure Dev Provision
+        run: |
+            git config --global user.name github-actions
+            git config --global user.email [email protected]
+
+            azd up --no-prompt

scripts/postpipelineconfig.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+PWD=$(dirname "$0")
+
+function sourceAzdEnvVars() {
+while IFS='=' read -r key value; do
+  value=$(echo "$value" | sed 's/^"//' | sed 's/"$//')
+  export "$key=$value"
+done <<EOF
+$(azd env get-values)
+EOF
+}
+
+GIT_CONTROLLER_URL=$(git remote get-url origin)
+
+function pre_validation () {
+  local git_url=$1
+
+  [[ ! -z $git_url ]] && {
+        echo "💥 Error! Git remote is missing. This script should run after azd pipeline config!"
+        exit
+  }
+
+  for varName in AZURE_AKS_CLUSTER_NAME GITHUB_TOKEN; do
+    varVal=$(eval echo "\${$varName}")
+    [[ -z $varVal ]] && {
+      echo "💥 Error! Required variable '$varName' is not set!"
+      varUnset=true
+    }
+  done
+}
+
+sourceAzdEnvVars
+pre_validation
+GIT_CONTROLLER_REPO=$(echo $GIT_CONTROLLER_URL | sed 's|https://github.com/||')
+
+gh secret set GH_TOKEN --body "${GITHUB_TOKEN}" --repo $GIT_CONTROLLER_REPO
+
+for env in AZURE_AKS_CLUSTER_NAME; do
+  echo "setting env variable: ${env} in repo: ${GIT_CONTROLLER_REPO}"
+  envVal=$(eval echo "\${$env}")
+  gh variable set $env --body "${envVal}" --repo $GIT_CONTROLLER_REPO
+done

src/.gitignore

@@ -6,7 +6,7 @@ COPY requirements.txt .
 
 RUN pip3 install -r requirements.txt
 
-COPY . /app
+COPY . .
 
 EXPOSE 5000
-ENTRYPOINT [ "python3", "api/app.py" ]
+ENTRYPOINT ["gunicorn", "-c", "gunicorn.conf.py", "app:app"]

src/Dockerfile

@@ -0,0 +1,22 @@
+import os
+
+from flask import Flask
+from opencensus.ext.azure.trace_exporter import AzureExporter
+from opencensus.ext.flask.flask_middleware import FlaskMiddleware
+from opencensus.trace.samplers import ProbabilitySampler
+
+app_insights_connection_string = os.getenv('APPLICATIONINSIGHTS_CONNECTION_STRING')
+
+def create_app():
+    flask = Flask(__name__)
+
+    from . import app
+    flask.register_blueprint(app.bp, threaded=True)
+    _ = FlaskMiddleware(\
+        flask, \
+        exporter=AzureExporter(\
+        connection_string=app_insights_connection_string), \
+        sampler=ProbabilitySampler(rate=1.0)
+    )
+
+    return flask

src/api/__init__.py

@@ -1,14 +1,25 @@
-from flask import Flask, jsonify
+import logging
+
+from flask import jsonify, Blueprint
+from opencensus.trace import config_integration
+from opencensus.trace.samplers import AlwaysOnSampler
+from opencensus.trace.tracer import Tracer
 import randomname
 
-app = Flask(__name__)
+bp = Blueprint("names", __name__)
+config_integration.trace_integrations(['logging'])
+logging.basicConfig(format='%(asctime)s traceId=%(traceId)s spanId=%(spanId)s %(message)s')
+tracer = Tracer(sampler=AlwaysOnSampler())
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.DEBUG)
 
-@app.route('/')
+@bp.route("/")
 def hello_world():
     # Generate a random name including a first name and adjective
     random_name = randomname.generate()
+    with tracer.span(name=__name__):
+        logger.info("Random Name Selected: - %s", random_name)
+
     json = {"name": random_name}
-    return jsonify(json)
 
-if __name__ == '__main__':
-    app.run(debug=True,host='0.0.0.0')
+    return jsonify(json)

src/api/app.py

@@ -1,5 +1,7 @@
 nameOverride: ${SERVICE_NAME}-istio-svc
 fullnameOverride: ${SERVICE_NAME}-istio-svc
+virtualServicePort: 5000
+
 replicas: 1
 
 istio:
@@ -13,4 +15,18 @@ image:
   pullSecret: private-registry
 
 service:
-  port: 5000
+  port: 5000
+  
+secretStore:
+  enabled: true
+  keyvaultName: ${AZURE_KEY_VAULT_NAME}
+  tenantId: ${AZURE_TENANT_ID}
+  useVMManagedIdentity: "true"
+  usePodIdentity: "false"
+  cloudName: AzureCloud
+  secrets:
+  - envName: APPLICATIONINSIGHTS_CONNECTION_STRING
+    objectName: appInsightsConnectionString
+    alias: appsinsights
+  identity:
+    clientId: ${AZURE_AKS_KV_PROVIDER_CLIENT_ID}

src/api/manifests/values.yaml.tmpl

@@ -0,0 +1,3 @@
+from api import create_app
+
+app = create_app()

src/app.py

@@ -0,0 +1,4 @@
+bind = "[::]:5000"
+workers = 4
+threads = 4
+timeout = 120