This repository has been archived by the owner on Jul 26, 2024. It is now read-only.

landingzones-tf100 #1489

Workflow file for this run

.github/workflows/landingzones-tf100.yml at a2d3cb5

	#
	# Copyright (c) Microsoft Corporation
	# Licensed under the MIT License.
	#

	name: landingzones-tf100

	on:
	workflow_dispatch:
	pull_request:
	paths-ignore:
	- 'documentation/**'
	- '_pictures/**'
	- 'README.md'
	- 'CHANGELOG.md'
	schedule:
	- cron: '0 3 * * *'

	env:
	TF_CLI_ARGS: '-no-color'
	TF_CLI_ARGS_destroy: '-refresh=false'
	ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
	ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
	TF_REGISTRY_DISCOVERY_RETRY: 5
	TF_REGISTRY_CLIENT_TIMEOUT: 15
	ROVER_RUNNER: true

	jobs:
	foundations100:
	name: foundations-100
	runs-on: ubuntu-latest

	strategy:
	fail-fast: true
	max-parallel: 1
	matrix:
	random_length: ['5']

	container:
	image: aztfmod/rover:1.6.6-2401.0402
	options: --user 0

	steps:
	- uses: actions/checkout@v3

	- name: Login azure
	run: \|
	az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
	az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}

	echo "local user: $(whoami)"

	- name: Github Actions permissions workaround
	run: \|
	git config --global --add safe.directory ${GITHUB_WORKSPACE}

	- name: launchpad
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a apply \
	-var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/100 \
	-level level0 \
	-launchpad \
	-parallelism=30 \
	--environment ${{ github.run_id }} \
	'-var random_length=${{ matrix.random_length }}' \
	'-var prefix=g${{ github.run_id }}' \
	'-var tags={testing_job_id="${{ github.run_id }}"}'

	- name: foundations
	run: \|
	sleep 180
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a apply \
	-var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/100-passthrough \
	-tfstate caf_foundations.tfstate \
	-level level1 \
	-parallelism=30 \
	--environment ${{ github.run_id }} \
	'-var tags={testing_job_id="${{ github.run_id }}"}'

	networking100:
	name: networking-100
	runs-on: ubuntu-latest

	needs: foundations100

	strategy:
	fail-fast: false
	matrix:
	config_files: [
	"caf_solution/scenario/networking/100-single-region-hub",
	"caf_solution/scenario/networking/101-multi-region-hub",
	"caf_solution/scenario/networking/105-hub-and-spoke",
	"caf_solution/scenario/networking/106-hub-virtual-wan-firewall"
	]

	container:
	image: aztfmod/rover:1.6.6-2401.0402
	options: --user 0

	steps:
	- uses: actions/checkout@v3

	- name: Login azure
	run: \|
	az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
	az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}

	- name: Github Actions permissions workaround
	run: \|
	git config --global --add safe.directory ${GITHUB_WORKSPACE}

	- name: deploy example
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a apply \
	-tfstate $(basename ${{ matrix.config_files }}).tfstate \
	-level level2 \
	-parallelism=30 \
	-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
	--environment ${{ github.run_id }}

	- name: destroy example
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a destroy \
	-tfstate $(basename ${{ matrix.config_files }}).tfstate \
	-level level2 \
	-parallelism=30 \
	-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
	--environment ${{ github.run_id }} \
	-refresh=false

	foundations200:
	name: foundations-200
	runs-on: ubuntu-latest
	needs: networking100
	if: always()

	strategy:
	fail-fast: true
	max-parallel: 1
	matrix:
	random_length: ['5']

	container:
	image: aztfmod/rover:1.6.6-2401.0402
	options: --user 0

	steps:
	- uses: actions/checkout@v3

	- name: Login azure
	run: \|
	az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
	az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}

	echo "local user: $(whoami)"

	- name: Github Actions permissions workaround
	run: \|
	git config --global --add safe.directory ${GITHUB_WORKSPACE}

	- name: launchpad-200-upgrade
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a apply \
	-var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/200 \
	-level level0 \
	-launchpad \
	-parallelism=30 \
	--environment ${{ github.run_id }} \
	'-var random_length=${{ matrix.random_length }}' \
	'-var prefix=g${{ github.run_id }}' \
	'-var tags={testing_job_id="${{ github.run_id }}"}'

	- name: foundations-200-upgrade
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a apply \
	-var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/gitops \
	-tfstate caf_foundations.tfstate \
	-level level1 \
	-parallelism=30 \
	--environment ${{ github.run_id }} \
	'-var tags={testing_job_id="${{ github.run_id }}"}'

	networking200:
	name: networking-200
	runs-on: ubuntu-latest

	needs: foundations200

	strategy:
	fail-fast: false
	matrix:
	config_files: [
	"caf_solution/scenario/networking/200-single-region-hub",
	"caf_solution/scenario/networking/201-multi-region-hub",
	"caf_solution/scenario/networking/210-aks-private"
	]

	container:
	image: aztfmod/rover:1.6.6-2401.0402
	options: --user 0

	steps:
	- uses: actions/checkout@v3

	- name: Login azure
	run: \|
	az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
	az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}

	- name: Github Actions permissions workaround
	run: \|
	git config --global --add safe.directory ${GITHUB_WORKSPACE}

	- name: deploy example
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a apply \
	-tfstate $(basename ${{ matrix.config_files }}).tfstate \
	-level level2 \
	-parallelism=30 \
	-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
	--environment ${{ github.run_id }}

	- name: destroy example
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution/ -a destroy \
	-tfstate $(basename ${{ matrix.config_files }}).tfstate \
	-level level2 \
	-parallelism=30 \
	-var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \
	--environment ${{ github.run_id }} \
	-refresh=false

	foundations_destroy:
	name: foundations_destroy
	runs-on: ubuntu-latest
	if: always()
	needs: networking200

	strategy:
	fail-fast: false
	matrix:
	random_length: ['5']

	container:
	image: aztfmod/rover:1.6.6-2401.0402
	options: --user 0

	steps:
	- uses: actions/checkout@v3

	- name: Login azure
	run: \|
	az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
	az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}

	echo "local user: $(whoami)"

	- name: Github Actions permissions workaround
	run: \|
	git config --global --add safe.directory ${GITHUB_WORKSPACE}

	- name: foundations
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a destroy \
	-var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/gitops \
	-tfstate caf_foundations.tfstate \
	-level level1 \
	-parallelism=30 \
	--environment ${{ github.run_id }} \
	'-var tags={testing_job_id="${{ github.run_id }}"}'

	- name: Remove launchpad
	run: \|
	/tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_launchpad -a destroy \
	-var-folder ${GITHUB_WORKSPACE}/caf_launchpad/scenario/200 \
	-level level0 \
	-launchpad \
	-parallelism=30 \
	--environment ${{ github.run_id }} \
	'-var random_length=${{ matrix.random_length }}' \
	'-var prefix=g${{ github.run_id }}' \
	'-var tags={testing_job_id="${{ github.run_id }}"}'


	- name: Complete purge
	if: ${{ always() }}
	run: \|
	for i in `az monitor diagnostic-settings subscription list -o tsv --query "value[?contains(name, '${{ github.run_id }}' )].name"`; do echo "purging subscription diagnostic-settings: $i" && $(az monitor diagnostic-settings subscription delete --name $i --yes); done
	for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done
	for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].objectId" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i \|\| true); done
	for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i \|\| true); done
	for i in `az keyvault list-deleted --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done
	for i in `az group list --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait \|\| true); done
	for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i \|\| true); done
	for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i \|\| true); done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

landingzones-tf100 #1489

Workflow file

landingzones-tf100 #1489

Jobs

Run details

Workflow file for this run