[#153676720] script provisioner for website git repo (#40)

* [#153676720] refactors cosmosdb collection provisioner to extract env check

* [#153676720] Adds website git provisioner

README.md

@@ -322,8 +322,6 @@ script:
 | `yarn resources:apim:api`        | [Synch Digital Citizenship API from OpenAPI specs to API management](./infrastructure/tasks/25-apim_api.ts)                                                |
 | `yarn resources:devapp:apikey`   | [Create a Digital Citizenship API user and setup its API Key in the developer portal web application settings](./infrastructure/tasks/30-devapp_apikey.ts) |
 | `yarn resources:devapp:setup`    | [Setup developer portal application settings](./infrastructure/tasks/31-devapp_setup.ts)                                                                   |
-| `yarn resources:devapp:git`      | [Setup developer portal application deployment from the GitHub repository](./infrastructure/tasks/34-devapp_git.ts)                                        |
-| `yarn deploy:devapp:sync`        | [Deploy developer portal application code from the GitHub repository](./infrastructure/tasks/35-devapp_sync.ts)                                            |
 | `yarn resources:ip:restrict`     | [Setup IP restrictions to access resources](./infrastructure/tasks/70-ip_security.ts)                                                                      |
 
 ### Finishing the installation

infrastructure/azure.tf

@@ -99,6 +99,16 @@ variable "azurerm_app_service_portal" {
     type = "string"
 }
 
+variable "app_service_portal_git_repo" {
+  type = "string"
+  description = "URL of the GitHub repository providing the source of the App Service Portal"
+}
+
+variable "app_service_portal_git_branch" {
+  default = "master"
+  description = "Branch of the GitHub repository providing the source of the App Service Portal"
+}
+
 # Redirect to this page after developer portal login
 variable "app_service_portal_post_login_url" {
     type = "string"
@@ -152,6 +162,10 @@ variable "cosmosdb_collection_provisioner" {
   default = "infrastructure/local-provisioners/azurerm_cosmosdb_collection.ts"
 }
 
+variable "website_git_provisioner" {
+  default = "infrastructure/local-provisioners/azurerm_website_git.ts"
+}
+
 ## RESOURCE GROUP
 
 # Create a resource group if it doesn’t exist
@@ -373,6 +387,25 @@ resource "azurerm_app_service" "azurerm_app_service_portal" {
     }
 }
 
+resource "null_resource" "azurerm_app_service_portal_git" {
+  triggers = {
+    azurerm_app_service_portal_id = "${azurerm_app_service.azurerm_app_service_portal.id}"
+
+    # trigger recreation of this resource when the following variables change
+    app_service_portal_git_repo = "${var.app_service_portal_git_repo}"
+    app_service_portal_git_branch = "${var.app_service_portal_git_branch}"
+
+    # increment the following value when changing the provisioner script to
+    # trigger the re-execution of the script
+    # TODO: consider using the hash of the script content instead
+    provisioner_version = "1"
+  }
+
+  provisioner "local-exec" {
+    command = "ts-node ${var.website_git_provisioner} --resource-group-name ${azurerm_resource_group.azurerm_resource_group.name} --appservice-portal-name ${azurerm_app_service.azurerm_app_service_portal.name} --git-repo ${var.app_service_portal_git_repo} --git-branch ${var.app_service_portal_git_branch}"
+  }
+}
+
 # TODO: assign role to the MSI to let the App Service access API Management users
 # resource "azurerm_virtual_machine_extension" "app_service_portal_msi" {
 #     name                 = "app_service_portal_msi"

infrastructure/env/common/config.json

@@ -1,8 +1,4 @@
 {
-  "app_service_portal_git_repo":
-    "https://github.com/teamdigitale/digital-citizenship-onboarding",
-  "app_service_portal_git_branch": "master",
-  "app_service_portal_scm_type": "GitHub",
   "functionapp_git_repo":
     "https://github.com/teamdigitale/digital-citizenship-functions",
   "functionapp_git_branch": "funcpack-release-latest",

infrastructure/env/common/tfvars.json

@@ -6,5 +6,6 @@
     "profiles": "fiscalCode",
     "notifications": "messageId",
     "services": "serviceId"
-  }
+  },
+  "app_service_portal_git_repo": "https://github.com/teamdigitale/digital-citizenship-onboarding"
 }

infrastructure/local-provisioners/azurerm_cosmosdb_collection.ts

@@ -1,7 +1,7 @@
 // tslint:disable:no-console
 
 import * as winston from "winston";
-import { login, missingLoginEnvironment } from "../../lib/login";
+import { login } from "../../lib/login";
 
 import CosmosDBManagementClient = require("azure-arm-cosmosdb");
 import * as documentdb from "documentdb";
@@ -154,13 +154,6 @@ export const run = async (config: IRunParams) => {
   );
 };
 
-// check whether all required environment variables are set
-const missingEnvs = missingLoginEnvironment();
-if (missingEnvs.length > 0) {
-  console.error(`Missing required env vars: ${missingEnvs.join(", ")}`);
-  process.exit(-1);
-}
-
 const argv = yargs
   .alias("g", "resource-group-name")
   .demandOption("g")

infrastructure/tasks/34-devapp_git.ts → infrastructure/local-provisioners/azurerm_website_git.ts

@@ -15,16 +15,22 @@
 // tslint:disable:no-console
 // tslint:disable:no-any
 
+import yargs = require("yargs");
+
 import * as winston from "winston";
 import { login } from "../../lib/login";
 
-import { IResourcesConfiguration, readConfig } from "../../lib/config";
-import { checkEnvironment } from "../../lib/environment";
-
 import webSiteManagementClient = require("azure-arm-website");
 
-export const run = async (config: IResourcesConfiguration) => {
-  if (!config.app_service_portal_git_repo) {
+interface IRunParams {
+  readonly resourceGroupName: string;
+  readonly appServicePortalName: string;
+  readonly appServicePortalGitBranch: string;
+  readonly appServicePortalGitRepo: string;
+}
+
+export const run = async (config: IRunParams) => {
+  if (!config.appServicePortalGitRepo) {
     return Promise.reject(
       "Deployment from source control repository not configured, skipping."
     );
@@ -37,34 +43,57 @@ export const run = async (config: IResourcesConfiguration) => {
   );
 
   const siteSourceControl = {
-    branch: config.app_service_portal_git_branch,
+    branch: config.appServicePortalGitBranch,
     deploymentRollbackEnabled: true,
     // [#152115927] TODO: setting `isManualIntegration: false` will fail trying to send an email
     // to the service principal user. I guess this is a bug in the Azure APIs
     isManualIntegration: true,
     isMercurial: false,
-    repoUrl: config.app_service_portal_git_repo,
-    type: config.app_service_portal_scm_type
+    repoUrl: config.appServicePortalGitRepo,
+    type: "GitHub"
   };
 
-  winston.info("Setup Git integration for the Developer Portal application");
+  winston.info(
+    `Configuring Git integration for the Developer Portal application: ${
+      config.appServicePortalGitRepo
+    }#${config.appServicePortalGitBranch}`
+  );
 
   // Create git integration
   return webSiteClient.webApps.createOrUpdateSourceControl(
-    config.azurerm_resource_group,
-    config.azurerm_app_service_portal,
+    config.resourceGroupName,
+    config.appServicePortalName,
     siteSourceControl
   );
 };
 
-checkEnvironment()
-  .then(() => readConfig(process.env.ENVIRONMENT))
-  .then(run)
+const argv = yargs
+  .alias("g", "resource-group-name")
+  .demandOption("g")
+  .string("g")
+  .alias("n", "appservice-portal-name")
+  .demandOption("n")
+  .string("n")
+  .alias("r", "git-repo")
+  .demandOption("r")
+  .string("r")
+  .alias("b", "git-branch")
+  .demandOption("b")
+  .string("b").argv;
+
+run({
+  appServicePortalGitBranch: argv.b as string,
+  appServicePortalGitRepo: argv.r as string,
+  appServicePortalName: argv.n as string,
+  resourceGroupName: argv.g as string
+})
   .then(r => {
     if (r) {
       winston.info(
         "Successfully synced developer portal webapp with source control"
       );
+    } else {
+      winston.warn("Nothing happened");
     }
   })
   .catch((e: Error) => console.error(process.env.VERBOSE ? e : e.message));

lib/config.ts

@@ -66,7 +66,6 @@ const ResourcesConfiguration = t.interface({
   apim_sku: t.string,
   app_service_portal_git_branch: t.string,
   app_service_portal_git_repo: t.string,
-  app_service_portal_scm_type: t.string,
   azure_portal_ips: t.array(t.string),
   azurerm_adb2c_policy: t.string,
   azurerm_apim: t.string,
@@ -76,9 +75,6 @@ const ResourcesConfiguration = t.interface({
   azurerm_app_service_plan_portal: t.string,
   azurerm_app_service_portal: t.string,
   azurerm_application_insights: t.string,
-  azurerm_cosmosdb: t.string,
-  azurerm_cosmosdb_collections: t.array(CosmosCollection),
-  azurerm_cosmosdb_documentdb: t.string,
   azurerm_eventhub_ns: t.string,
   azurerm_functionapp: t.string,
   azurerm_functionapp_slot: t.string,

lib/login.ts

@@ -12,28 +12,31 @@ export interface ICreds {
  * Returns required env vars for logging in to Azure that are either undefined
  * or empty.
  */
-export const missingLoginEnvironment = (): ReadonlyArray<string> =>
+const missingLoginEnvironment = (): ReadonlyArray<string> =>
   [
     "ARM_SUBSCRIPTION_ID",
     "ARM_CLIENT_ID",
     "ARM_CLIENT_SECRET",
     "ARM_TENANT_ID"
-  ]
-  .filter(e => process.env[e] == undefined || process.env[e] == "")
+  ].filter(e => process.env[e] === undefined || process.env[e] === "");
 
-export const login = (
-  opts: msRestAzure.AzureTokenCredentialsOptions = {},
-  clientId = process.env.ARM_CLIENT_ID,
-  secret = process.env.ARM_CLIENT_SECRET,
-  domain = process.env.ARM_TENANT_ID,
-  subscriptionId = process.env.ARM_SUBSCRIPTION_ID
-): Promise<ICreds> =>
+export const login = (): Promise<ICreds> =>
   new Promise((resolve, reject) => {
+    const missingEnvs = missingLoginEnvironment();
+    if (missingEnvs.length > 0) {
+      return reject(`Missing required env vars: ${missingEnvs.join(", ")}`);
+    }
+
+    const clientId = process.env.ARM_CLIENT_ID;
+    const secret = process.env.ARM_CLIENT_SECRET;
+    const domain = process.env.ARM_TENANT_ID;
+    const subscriptionId = process.env.ARM_SUBSCRIPTION_ID;
+
     msRestAzure.loginWithServicePrincipalSecret(
       clientId,
       secret,
       domain,
-      opts,
+      {},
       (err, creds) => {
         if (err) {
           return reject(err);

package.json

@@ -27,8 +27,6 @@
     "resources:apim:api": "ts-node infrastructure/tasks/25-apim_api.ts",
     "resources:devapp:apikey": "ts-node --no-ignore infrastructure/tasks/30-devapp_apikey.ts",
     "resources:devapp:setup": "ts-node infrastructure/tasks/31-devapp_setup.ts",
-    "resources:devapp:git": "ts-node infrastructure/tasks/34-devapp_git.ts",
-    "deploy:devapp:sync": "ts-node infrastructure/tasks/35-devapp_sync.ts",
     "resources:security:ip": "ts-node infrastructure/tasks/70-security_ip.ts",
     "infrastructure:deploy": "cross-env NPMDEPLOY=1 npm-run-all -s resources:**"
   },