Enhance deployment scripts to include managed identity client ID and … #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy-Test-Cleanup (Non-Waf) | |
| on: | |
| push: | |
| branches: | |
| - deploy-azd-waf | |
| workflow_run: | |
| workflows: ["Build Docker and Optional Push - Client Advisor"] | |
| types: | |
| - completed | |
| branches: | |
| - main | |
| - hotfix | |
| - dev | |
| - demo | |
| - deploy-azd-waf | |
| workflow_dispatch: | |
| inputs: | |
| cleanup_resources: | |
| description: 'cleanup deployed resources' | |
| required: false | |
| default: 'true' | |
| type: choice | |
| options: | |
| - 'true' | |
| - 'false' | |
| schedule: | |
| - cron: "0 6,18 * * *" # Runs at 6:00 AM and 6:00 PM GMT | |
| env: | |
| GPT_MIN_CAPACITY: 200 | |
| TEXT_EMBEDDING_MIN_CAPACITY: 80 | |
| BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| RESOURCE_GROUP_NAME: ${{ steps.check_create_rg.outputs.RESOURCE_GROUP_NAME }} | |
| WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }} | |
| DEPLOYMENT_SUCCESS: ${{ steps.deployment_status.outputs.SUCCESS }} | |
| AI_SERVICES_NAME: ${{ steps.get_ai_services_name.outputs.AI_SERVICES_NAME }} | |
| KEYVAULTS: ${{ steps.list_keyvaults.outputs.KEYVAULTS }} | |
| AZURE_LOCATION: ${{ steps.set_region.outputs.AZURE_LOCATION }} | |
| SOLUTION_PREFIX: ${{ steps.generate_solution_prefix.outputs.SOLUTION_PREFIX }} | |
| ENV_NAME: ${{ steps.generate_env_name.outputs.ENV_NAME }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install ODBC Driver 18 for SQL Server | |
| run: | | |
| curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - | |
| sudo add-apt-repository "$(curl https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list)" | |
| sudo apt-get update | |
| sudo ACCEPT_EULA=Y apt-get install -y msodbcsql18 | |
| sudo apt-get install -y unixodbc-dev | |
| - name: Run Quota Check | |
| id: quota-check | |
| run: | | |
| export AZURE_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" | |
| export AZURE_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" | |
| export AZURE_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" | |
| export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
| export GPT_MIN_CAPACITY="${{ env.GPT_MIN_CAPACITY }}" | |
| export TEXT_EMBEDDING_MIN_CAPACITY="${{ env.TEXT_EMBEDDING_MIN_CAPACITY }}" | |
| export AZURE_REGIONS="${{ vars.AZURE_REGIONS_CA }}" | |
| chmod +x infra/scripts/checkquota.sh | |
| if ! infra/scripts/checkquota.sh; then | |
| if grep -q "No region with sufficient quota found" infra/scripts/checkquota_ca.sh; then | |
| echo "QUOTA_FAILED=true" >> $GITHUB_ENV | |
| fi | |
| exit 1 | |
| fi | |
| - name: Notify on Quota Failure | |
| if: env.QUOTA_FAILED == 'true' | |
| run: | | |
| RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| curl -X POST "${{ secrets.LOGIC_APP_URL }}" \ | |
| -H "Content-Type: application/json" \ | |
| -d '{ | |
| "subject": "CA Deployment - Quota Check Failed", | |
| "body": "<p>Dear Team,</p><p>We would like to inform you that the Build-your-own-copilot-Solution-Accelerator(Client Advisor) Deployment Automation process has encountered a quota issue. Hence, unable to proceed with the deployment.</p><p><a href=\"'${RUN_URL}'\">View run</a></p>" | |
| }' | |
| - name: Fail on Quota Check | |
| if: env.QUOTA_FAILED == 'true' | |
| run: exit 1 | |
| - name: Set Deployment Region | |
| id: set_region | |
| run: | | |
| echo "Selected Region: $VALID_REGION" | |
| echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV | |
| echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_OUTPUT | |
| - name: Generate Resource Group Name | |
| id: generate_rg_name | |
| run: | | |
| echo "Generating a unique resource group name..." | |
| ACCL_NAME="ca" # Account name as specified | |
| SHORT_UUID=$(uuidgen | cut -d'-' -f1) | |
| UNIQUE_RG_NAME="arg-${ACCL_NAME}-${SHORT_UUID}" | |
| echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV | |
| echo "Generated RESOURCE_GROUP_NAME: ${UNIQUE_RG_NAME}" | |
| - name: Setup Azure CLI | |
| run: | | |
| curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash | |
| az --version # Verify installation | |
| - name: Setup Azure Developer CLI | |
| run: | | |
| curl -fsSL https://aka.ms/install-azd.sh | sudo bash | |
| azd version | |
| - name: Login to Azure | |
| id: login-azure | |
| run: | | |
| az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} | |
| azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }} | |
| - name: Install Bicep CLI | |
| run: az bicep install | |
| - name: Check and Create Resource Group | |
| id: check_create_rg | |
| run: | | |
| echo "RESOURCE_GROUP: ${{ env.RESOURCE_GROUP_NAME }}" | |
| set -e | |
| echo "Checking if resource group exists..." | |
| rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) | |
| if [ "$rg_exists" = "false" ]; then | |
| echo "Resource group does not exist. Creating..." | |
| az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location ${{ env.AZURE_LOCATION }} || { echo "Error creating resource group"; exit 1; } | |
| else | |
| echo "Resource group already exists." | |
| fi | |
| # Set output for other jobs | |
| echo "RESOURCE_GROUP_NAME=${{ env.RESOURCE_GROUP_NAME }}" >> $GITHUB_OUTPUT | |
| - name: Generate Unique Solution Prefix | |
| id: generate_solution_prefix | |
| run: | | |
| set -e | |
| COMMON_PART="pslc" | |
| TIMESTAMP=$(date +%s) | |
| UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 3) | |
| UNIQUE_SOLUTION_PREFIX="${COMMON_PART}${UPDATED_TIMESTAMP}" | |
| echo "SOLUTION_PREFIX=${UNIQUE_SOLUTION_PREFIX}" >> $GITHUB_ENV | |
| echo "SOLUTION_PREFIX=${UNIQUE_SOLUTION_PREFIX}" >> $GITHUB_OUTPUT | |
| echo "Generated SOLUTION_PREFIX: ${UNIQUE_SOLUTION_PREFIX}" | |
| - name: Determine Tag | |
| id: determine_tag | |
| run: | | |
| BRANCH=${{ github.ref_name }} | |
| if [[ "$BRANCH" == "main" ]]; then TAG="latest_waf" | |
| elif [[ "$BRANCH" == "dev" ]]; then TAG="dev" | |
| elif [[ "$BRANCH" == "demo" ]]; then TAG="demo" | |
| else TAG="latest_Non-waf"; fi | |
| echo "IMAGE_TAG=$TAG" >> $GITHUB_ENV | |
| echo "Image Tag: $TAG" | |
| - name: Generate Unique Environment Name | |
| id: generate_env_name | |
| run: | | |
| COMMON_PART="pslc" | |
| TIMESTAMP=$(date +%s) | |
| UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 6) | |
| UNIQUE_ENV_NAME="${COMMON_PART}${UPDATED_TIMESTAMP}" | |
| echo "ENV_NAME=${UNIQUE_ENV_NAME}" >> $GITHUB_ENV | |
| echo "Generated Environment Name: ${UNIQUE_ENV_NAME}" | |
| echo "ENV_NAME=${UNIQUE_ENV_NAME}" >> $GITHUB_OUTPUT | |
| - name: Deploy using azd up and extract values | |
| id: get_output | |
| run: | | |
| set -e | |
| echo "Starting azd deployment..." | |
| # Install azd (Azure Developer CLI) | |
| curl -fsSL https://aka.ms/install-azd.sh | bash | |
| # Generate current timestamp in desired format: YYYY-MM-DDTHH:MM:SS.SSSSSSSZ | |
| current_date=$(date -u +"%Y-%m-%dT%H:%M:%S.%7NZ") | |
| echo "Creating environment..." | |
| azd env new ${{ env.ENV_NAME }} --no-prompt | |
| echo "Environment created: ${{ env.ENV_NAME }}" | |
| echo "Setting default subscription..." | |
| azd config set defaults.subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Set additional parameters | |
| azd env set AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
| azd env set AZURE_ENV_OPENAI_LOCATION="${{ env.AZURE_LOCATION }}" | |
| azd env set AZURE_RESOURCE_GROUP="${{ env.RESOURCE_GROUP_NAME }}" | |
| # Deploy using azd up | |
| azd up --no-prompt | |
| # Get deployment outputs using azd | |
| echo "Extracting deployment outputs..." | |
| DEPLOY_OUTPUT=$(azd env get-values --output json) | |
| echo "Deployment output: $DEPLOY_OUTPUT" | |
| if [[ -z "$DEPLOY_OUTPUT" ]]; then | |
| echo "Error: Deployment output is empty. Please check the deployment logs." | |
| exit 1 | |
| fi | |
| # Extract values from azd output (adjust these based on actual output variable names) | |
| export AI_FOUNDRY_RESOURCE_ID=$(echo "$DEPLOY_OUTPUT" | jq -r '.AI_FOUNDRY_RESOURCE_ID // empty') | |
| echo "AI_FOUNDRY_RESOURCE_ID=$AI_FOUNDRY_RESOURCE_ID" >> $GITHUB_ENV | |
| export AI_SEARCH_SERVICE_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.AI_SEARCH_SERVICE_NAME // empty') | |
| echo "AI_SEARCH_SERVICE_NAME=$AI_SEARCH_SERVICE_NAME" >> $GITHUB_ENV | |
| export COSMOS_DB_ACCOUNT_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.COSMOS_DB_ACCOUNT_NAME // empty') | |
| echo "COSMOS_DB_ACCOUNT_NAME=$COSMOS_DB_ACCOUNT_NAME" >> $GITHUB_ENV | |
| export STORAGE_ACCOUNT=$(echo "$DEPLOY_OUTPUT" | jq -r '.STORAGE_ACCOUNT_NAME // empty') | |
| echo "STORAGE_ACCOUNT=$STORAGE_ACCOUNT" >> $GITHUB_ENV | |
| export STORAGE_CONTAINER=$(echo "$DEPLOY_OUTPUT" | jq -r '.STORAGE_CONTAINER_NAME // empty') | |
| echo "STORAGE_CONTAINER=$STORAGE_CONTAINER" >> $GITHUB_ENV | |
| export KEYVAULT_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.KEY_VAULT_NAME // empty') | |
| echo "KEYVAULT_NAME=$KEYVAULT_NAME" >> $GITHUB_ENV | |
| export SQL_SERVER_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.SQLDB_SERVER_NAME // empty') | |
| echo "SQL_SERVER_NAME=$SQL_SERVER_NAME" >> $GITHUB_ENV | |
| export SQL_DATABASE=$(echo "$DEPLOY_OUTPUT" | jq -r '.SQLDB_DATABASE // empty') | |
| echo "SQL_DATABASE=$SQL_DATABASE" >> $GITHUB_ENV | |
| export CLIENT_ID=$(echo "$DEPLOY_OUTPUT" | jq -r '.MANAGEDIDENTITY_SQL_CLIENTID // empty') | |
| echo "CLIENT_ID=$CLIENT_ID" >> $GITHUB_ENV | |
| export CLIENT_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.MANAGEDIDENTITY_SQL_NAME // empty') | |
| echo "CLIENT_NAME=$CLIENT_NAME" >> $GITHUB_ENV | |
| export MANAGEDIDENTITY_WEBAPP_CLIENTID=$(echo "$DEPLOY_OUTPUT" | jq -r '.MANAGEDIDENTITY_WEBAPP_CLIENTID // empty') | |
| echo "MANAGEDIDENTITY_WEBAPP_CLIENTID=$MANAGEDIDENTITY_WEBAPP_CLIENTID" >> $GITHUB_ENV | |
| export RG_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.RESOURCE_GROUP_NAME // .AZURE_RESOURCE_GROUP // empty') | |
| [[ -z "$RG_NAME" ]] && export RG_NAME="${{ env.RESOURCE_GROUP_NAME }}" | |
| echo "RG_NAME=$RG_NAME" >> $GITHUB_ENV | |
| WEBAPP_URL=$(echo "$DEPLOY_OUTPUT" | jq -r '.WEB_APP_URL // .SERVICE_BACKEND_ENDPOINT_URL // empty') | |
| echo "WEBAPP_URL=$WEBAPP_URL" >> $GITHUB_OUTPUT | |
| WEB_APP_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.WEB_APP_NAME // .SERVICE_BACKEND_NAME // empty') | |
| echo "WEB_APP_NAME=$WEB_APP_NAME" >> $GITHUB_ENV | |
| echo "🔧 Disabling AUTH_ENABLED for the web app..." | |
| if [[ -n "$WEB_APP_NAME" && -n "$RG_NAME" ]]; then | |
| az webapp config appsettings set -g "$RG_NAME" -n "$WEB_APP_NAME" --settings AUTH_ENABLED=false | |
| else | |
| echo "Warning: Could not disable AUTH_ENABLED - WEB_APP_NAME or RG_NAME not found" | |
| fi | |
| sleep 30 | |
| - name: Set Deployment Status | |
| id: deployment_status | |
| if: always() | |
| run: | | |
| if [ "${{ job.status }}" == "success" ]; then | |
| echo "SUCCESS=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "SUCCESS=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Run Post-Deployment Script | |
| id: post_deploy | |
| env: | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| run: | | |
| set -e | |
| az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
| echo "Running post-deployment script..." | |
| bash ./infra/scripts/process_sample_data.sh \ | |
| "${{ env.RG_NAME }}" \ | |
| "${{ env.COSMOS_DB_ACCOUNT_NAME }}" \ | |
| "${{ env.STORAGE_ACCOUNT }}" \ | |
| "${{ env.STORAGE_CONTAINER }}" \ | |
| "${{ env.KEYVAULT_NAME }}" \ | |
| "${{ env.SQL_SERVER_NAME }}" \ | |
| "${{ env.SQL_DATABASE }}" \ | |
| "${{ env.CLIENT_ID }}" \ | |
| "${{ env.CLIENT_NAME }}" \ | |
| "${{ env.AI_SEARCH_SERVICE_NAME }}" \ | |
| "${{ env.AI_FOUNDRY_RESOURCE_ID }}" \ | |
| "${{ env.MANAGEDIDENTITY_WEBAPP_CLIENTID }}" | |
| - name: Logout | |
| if: always() | |
| run: az logout | |
| e2e-test: | |
| needs: deploy | |
| if: needs.deploy.outputs.DEPLOYMENT_SUCCESS == 'true' | |
| uses: ./.github/workflows/test_automation.yml | |
| with: | |
| CA_WEB_URL: ${{ needs.deploy.outputs.WEBAPP_URL }} | |
| secrets: inherit | |
| cleanup-deployment: | |
| if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' | |
| needs: [deploy, e2e-test] | |
| runs-on: ubuntu-latest | |
| env: | |
| RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }} | |
| AZURE_LOCATION: ${{ needs.deploy.outputs.AZURE_LOCATION }} | |
| ENV_NAME: ${{ needs.deploy.outputs.ENV_NAME }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Setup Azure Developer CLI | |
| run: | | |
| curl -fsSL https://aka.ms/install-azd.sh | sudo bash | |
| azd version | |
| - name: Login to Azure | |
| run: | | |
| azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }} | |
| azd config set defaults.subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Select Environment | |
| run: | | |
| # Try to select the environment if it exists, otherwise create a minimal environment for cleanup | |
| azd env list | |
| if azd env list | grep -q "${{ env.ENV_NAME }}"; then | |
| echo "Environment ${{ env.ENV_NAME }} found, selecting it..." | |
| azd env select ${{ env.ENV_NAME }} | |
| else | |
| echo "Environment ${{ env.ENV_NAME }} not found, creating minimal environment for cleanup..." | |
| azd env new ${{ env.ENV_NAME }} --no-prompt | |
| azd env set AZURE_RESOURCE_GROUP "${{ env.RESOURCE_GROUP_NAME }}" | |
| azd env set AZURE_SUBSCRIPTION_ID "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
| azd env set AZURE_ENV_OPENAI_LOCATION="${{ env.AZURE_LOCATION }}" | |
| fi | |
| - name: Delete deployment using azd | |
| run: | | |
| set -e | |
| echo "Deleting deployment..." | |
| azd down --purge --force --no-prompt | |
| echo "Deployment deleted successfully." | |
| - name: Send Notification on Failure | |
| if: always() && (failure() || needs.deploy.result == 'failure') | |
| run: | | |
| RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| # Construct the email body | |
| EMAIL_BODY=$(cat <<EOF | |
| { | |
| "body": "<p>Dear Team,</p><p>We would like to inform you that the Multi-Agent-Custom-Automation-Engine-Solution-Accelerator Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> ${RUN_URL}<br> ${OUTPUT}</p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>" | |
| } | |
| EOF | |
| ) | |
| # Send the notification | |
| curl -X POST "${{ secrets.LOGIC_APP_URL }}" \ | |
| -H "Content-Type: application/json" \ | |
| -d "$EMAIL_BODY" || echo "Failed to send notification" | |
| - name: Logout from Azure | |
| if: always() | |
| run: | | |
| azd auth logout | |
| echo "Logged out from Azure." |