From 563c52178a06b12766ba2af14f97759ffd1ab213 Mon Sep 17 00:00:00 2001 From: Bart van der Braak Date: Fri, 1 Dec 2023 14:18:47 +0100 Subject: [PATCH 1/4] feat: add pre-check before bicep jobs --- .github/workflows/tests.yml | 90 ++++++++++++++++++++----------------- 1 file changed, 49 insertions(+), 41 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a29085f..7e30aa8 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,8 +11,38 @@ on: branches: [ main ] jobs: + bicep-pre-check: + name: Bicep Pre-check + environment: bicep + runs-on: ubuntu-latest + outputs: + deployed_tag_exists: ${{ steps.check_tag.outputs.DEPLOYED_TAG_EXISTS }} + no_changes: ${{ steps.check_tag.outputs.NO_CHANGES }} + steps: + - uses: actions/checkout@v3 + - name: Fetch complete history + run: git fetch --prune --unshallow + - name: Check for deployed tag + id: check_tag + run: | + if git rev-parse --verify deployed >/dev/null 2>&1; then + echo "DEPLOYED_TAG_EXISTS=true" >> $GITHUB_ENV + echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_ENV + else + echo "DEPLOYED_TAG_EXISTS=false" >> $GITHUB_ENV + fi + - name: Check for changes in bicep folder + if: env.DEPLOYED_TAG_EXISTS == 'true' + run: | + if git diff --quiet $LAST_DEPLOYED_COMMIT HEAD -- bicep/ ; then + echo "NO_CHANGES=true" >> $GITHUB_ENV + else + echo "NO_CHANGES=false" >> $GITHUB_ENV + fi bicep: name: Deploy Azure resources + needs: bicep-pre-check + if: ${{ needs.bicep-pre-check.outputs.deployed_tag_exists }} == 'false' || ${{ needs.bicep-pre-check.outputs.no_changes }} == 'false' environment: bicep runs-on: ubuntu-latest concurrency: @@ -21,47 +51,25 @@ jobs: LOCATION: eastus DEPLOYMENT_NAME: keyweave-${{ github.run_id }} steps: - - uses: actions/checkout@v3 - - name: Fetch complete history - run: git fetch --prune --unshallow - - name: Check for deployed tag - id: check_tag - run: | - if git rev-parse --verify deployed >/dev/null 2>&1; then - echo "DEPLOYED_TAG_EXISTS=true" >> $GITHUB_ENV - echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_ENV - else - echo "DEPLOYED_TAG_EXISTS=false" >> $GITHUB_ENV - fi - - name: Check for changes in bicep folder - if: env.DEPLOYED_TAG_EXISTS == 'true' - run: | - if git diff --quiet $LAST_DEPLOYED_COMMIT HEAD -- bicep/ ; then - echo "NO_CHANGES=true" >> $GITHUB_ENV - else - echo "NO_CHANGES=false" >> $GITHUB_ENV - fi - - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false' - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false' - name: Deploy Bicep template - uses: azure/arm-deploy@v1 - with: - scope: subscription - region: ${{ env.LOCATION }} - template: bicep/main.bicep - deploymentName: ${{ env.DEPLOYMENT_NAME }} - - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false' - name: Tag Deployment - run: | - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" - git tag -fa deployed -m "Deployed to Azure" - git push origin --tags --force + - uses: actions/checkout@v3 + - uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Deploy Bicep template + uses: azure/arm-deploy@v1 + with: + scope: subscription + region: ${{ env.LOCATION }} + template: bicep/main.bicep + deploymentName: ${{ env.DEPLOYMENT_NAME }} + - name: Tag Deployment + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git tag -fa deployed -m "Deployed to Azure" + git push origin --tags --force tests-no-access: name: Tests with No Access From faf32aeea918e208d53d7ca391c6d3ce3b905daf Mon Sep 17 00:00:00 2001 From: Bart van der Braak Date: Fri, 1 Dec 2023 14:26:12 +0100 Subject: [PATCH 2/4] fix: use id as reference for output var --- .github/workflows/tests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 7e30aa8..ddb51c3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest outputs: deployed_tag_exists: ${{ steps.check_tag.outputs.DEPLOYED_TAG_EXISTS }} - no_changes: ${{ steps.check_tag.outputs.NO_CHANGES }} + no_changes: ${{ steps.check_changes.outputs.NO_CHANGES }} steps: - uses: actions/checkout@v3 - name: Fetch complete history @@ -32,6 +32,7 @@ jobs: echo "DEPLOYED_TAG_EXISTS=false" >> $GITHUB_ENV fi - name: Check for changes in bicep folder + id: check_changes if: env.DEPLOYED_TAG_EXISTS == 'true' run: | if git diff --quiet $LAST_DEPLOYED_COMMIT HEAD -- bicep/ ; then From ae51c45e5538f7044c9c297d1462f104f2ce335c Mon Sep 17 00:00:00 2001 From: Bart van der Braak Date: Fri, 1 Dec 2023 14:42:27 +0100 Subject: [PATCH 3/4] refactor: use github output variables --- .github/workflows/tests.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ddb51c3..1da5d56 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -26,19 +26,19 @@ jobs: id: check_tag run: | if git rev-parse --verify deployed >/dev/null 2>&1; then - echo "DEPLOYED_TAG_EXISTS=true" >> $GITHUB_ENV - echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_ENV + echo "DEPLOYED_TAG_EXISTS=true" >> $GITHUB_OUTPUT + echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_OUTPUT else - echo "DEPLOYED_TAG_EXISTS=false" >> $GITHUB_ENV + echo "DEPLOYED_TAG_EXISTS=false" >> $GITHUB_OUTPUT fi - name: Check for changes in bicep folder id: check_changes - if: env.DEPLOYED_TAG_EXISTS == 'true' + if: steps.check_tag.outputs.DEPLOYED_TAG_EXISTS == 'true' run: | - if git diff --quiet $LAST_DEPLOYED_COMMIT HEAD -- bicep/ ; then - echo "NO_CHANGES=true" >> $GITHUB_ENV + if git diff --quiet ${{ steps.check_tag.outputs.LAST_DEPLOYED_COMMIT }} HEAD -- bicep/ ; then + echo "NO_CHANGES=true" >> $GITHUB_OUTPUT else - echo "NO_CHANGES=false" >> $GITHUB_ENV + echo "NO_CHANGES=false" >> $GITHUB_OUTPUT fi bicep: name: Deploy Azure resources From 3916f3dbb94ecafeebbadda9bd955db6035e2989 Mon Sep 17 00:00:00 2001 From: Bart van der Braak Date: Fri, 1 Dec 2023 14:45:12 +0100 Subject: [PATCH 4/4] feat: add conditionals to tests --- .github/workflows/tests.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1da5d56..57e1427 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -21,7 +21,8 @@ jobs: steps: - uses: actions/checkout@v3 - name: Fetch complete history - run: git fetch --prune --unshallow + run: | + git fetch --prune --unshallow --tags - name: Check for deployed tag id: check_tag run: | @@ -43,7 +44,7 @@ jobs: bicep: name: Deploy Azure resources needs: bicep-pre-check - if: ${{ needs.bicep-pre-check.outputs.deployed_tag_exists }} == 'false' || ${{ needs.bicep-pre-check.outputs.no_changes }} == 'false' + if: needs.bicep-pre-check.outputs.deployed_tag_exists == 'false' || needs.bicep-pre-check.outputs.no_changes == 'false' environment: bicep runs-on: ubuntu-latest concurrency: @@ -75,13 +76,13 @@ jobs: tests-no-access: name: Tests with No Access needs: bicep + if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') runs-on: ubuntu-latest environment: test steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable - - name: 'Az CLI login' - uses: azure/login@v1 + - uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID_NO_ACCESS }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -91,13 +92,13 @@ jobs: tests-get: name: Tests with Get needs: bicep + if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') runs-on: ubuntu-latest environment: test steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable - - name: 'Az CLI login' - uses: azure/login@v1 + - uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID_GET }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -107,13 +108,13 @@ jobs: tests-list: name: Tests with List needs: bicep + if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') runs-on: ubuntu-latest environment: test steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable - - name: 'Az CLI login' - uses: azure/login@v1 + - uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID_LIST }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -123,13 +124,13 @@ jobs: tests-get-list: name: Tests with Get and List needs: bicep + if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') runs-on: ubuntu-latest environment: test steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable - - name: 'Az CLI login' - uses: azure/login@v1 + - uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID_GET_LIST }} tenant-id: ${{ secrets.AZURE_TENANT_ID }}