Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .github/workflows/azure-login/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Azure Login
description: Logs into Azure using a service principal
inputs:
credentials:
description: Your credentials in JSON format
required: true

runs:
using: "composite"
steps:
- name: Process Azure credentials
uses: actions/github-script@v7
env:
AZURE_CREDENTIALS: ${{ inputs.credentials }}
with:
script: |
if (!process.env.AZURE_CREDENTIALS) {
core.setFailed('The AZURE_CREDENTIALS secret is required.')
process.exit(1)
}

const azureCredentials = JSON.parse(process.env.AZURE_CREDENTIALS)
const {clientId, clientSecret, tenantId, subscriptionId} = azureCredentials

core.setSecret(clientId)
core.exportVariable('AZURE_CLIENT_ID', clientId)

core.setSecret(clientSecret)
core.exportVariable('AZURE_CLIENT_SECRET', clientSecret)

core.setSecret(tenantId)
core.exportVariable('AZURE_TENANT_ID', tenantId)

core.setSecret(subscriptionId)
core.exportVariable('AZURE_SUBSCRIPTION_ID', subscriptionId)

- name: Azure Login
shell: bash
run: |
echo "Logging into Azure..."
az login --service-principal -u ${{ env.AZURE_CLIENT_ID }} -p ${{ env.AZURE_CLIENT_SECRET }} --tenant ${{ env.AZURE_TENANT_ID }}
echo "Setting subscription..."
az account set --subscription ${{ env.AZURE_SUBSCRIPTION_ID }} --output none
28 changes: 3 additions & 25 deletions .github/workflows/cleanup-self-hosted-runners.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,38 +21,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Process Azure credentials
uses: actions/github-script@v7
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure Login
uses: ./.github/workflows/azure-login
with:
script: |
if (!process.env.AZURE_CREDENTIALS) {
core.setFailed('The AZURE_CREDENTIALS secret is required.')
process.exit(1)
}

const azureCredentials = JSON.parse(process.env.AZURE_CREDENTIALS)
const {clientId, clientSecret, tenantId, subscriptionId} = azureCredentials

core.setSecret(clientId)
core.exportVariable('AZURE_CLIENT_ID', clientId)

core.setSecret(clientSecret)
core.exportVariable('AZURE_CLIENT_SECRET', clientSecret)

core.setSecret(tenantId)
core.exportVariable('AZURE_TENANT_ID', tenantId)
credentials: ${{ secrets.AZURE_CREDENTIALS }}

core.setSecret(subscriptionId)
core.exportVariable('AZURE_SUBSCRIPTION_ID', subscriptionId)
- name: Discover VMs to delete
env:
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
run: |
az login --service-principal -u ${{ env.AZURE_CLIENT_ID }} -p ${{ env.AZURE_CLIENT_SECRET }} --tenant ${{ env.AZURE_TENANT_ID }}
az account set --subscription ${{ env.AZURE_SUBSCRIPTION_ID }}
active_vms=$(az vm list -g ${{ secrets.AZURE_RESOURCE_GROUP }} | jq -c '.[] | {name,timeCreated}')
current_time=$(date +%s)
one_hour_ago=$(($current_time - 3600))
Expand Down
29 changes: 21 additions & 8 deletions .github/workflows/create-azure-self-hosted-runners.yml
Original file line number Diff line number Diff line change
Expand Up @@ -144,11 +144,11 @@ jobs:
)

echo "AZURE_ARM_PARAMETERS=$AZURE_ARM_PARAMETERS" >> $GITHUB_ENV

- name: Azure Login
uses: azure/login@v2
uses: ./.github/workflows/azure-login
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
credentials: ${{ secrets.AZURE_CREDENTIALS }}

- uses: azure/arm-deploy@v2
id: deploy-arm-template
Expand All @@ -158,16 +158,29 @@ jobs:
template: ./azure-self-hosted-runners/azure-arm-template.json
parameters: ./azure-self-hosted-runners/azure-arm-template-example-parameters.json ${{ env.AZURE_ARM_PARAMETERS }}
scope: resourcegroup

- name: Show some more information on failure
if: failure()
run: |
echo "::group::VM status"
az vm get-instance-view --resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} --name ${{ steps.generate-vm-name.outputs.vm_name }} --query "instanceView.statuses"
az vm get-instance-view --resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} --name ${{ steps.generate-vm-name.outputs.vm_name }} --query "statuses"
echo "::endgroup::"

echo "::group::Deployment logs"
az group deployment show --resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} --name deploy-${{ steps.generate-vm-name.outputs.vm_name }}
echo "::endgroup::"

echo "::group::Extension logs"
az vm extension show --resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} --vm-name ${{ steps.generate-vm-name.outputs.vm_name }} --name CustomScriptExtension
echo "::endgroup::"

- name: Show post-deployment script output
if: always()
env:
CUSTOM_SCRIPT_OUTPUT: ${{ steps.deploy-arm-template.outputs.customScriptInstanceView }}
run: echo "$CUSTOM_SCRIPT_OUTPUT" | jq -r '.substatuses[0].message'

- name: Deallocate the VM for later use
if: env.DEALLOCATE_IMMEDIATELY == 'true'
uses: azure/CLI@v2
with:
azcliversion: 2.64.0
inlineScript: |
az vm deallocate -n ${{ steps.generate-vm-name.outputs.vm_name }} -g ${{ secrets.AZURE_RESOURCE_GROUP }} --verbose
run: az vm deallocate -n ${{ steps.generate-vm-name.outputs.vm_name }} -g ${{ secrets.AZURE_RESOURCE_GROUP }} --verbose