-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (124 loc) · 5.34 KB
/
create-azure-resources.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Create Azure Resources
on:
push:
branches:
- main
paths:
- .github/workflows/create-azure-resources.yaml
- package*.json
- resources**
env:
FUNCTIONS_NAME: qatranslator-je-func
LOCATION: japaneast
RESOURCE_GROUP: qatranslator-je
VAULT_NAME: qatranslator-je-vault
jobs:
create-resources:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@main
- name: Login Azure as Contributor
uses: azure/login@v1
with:
creds: '{"clientId":"${{ vars.AZURE_AD_SP_CONTRIBUTOR_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_AD_SP_CONTRIBUTOR_CLIENT_SECRET }}","subscriptionId":"${{ vars.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ vars.AZURE_TENANT_ID }}"}'
- name: Create Resource Group if Needed
run: |
az group create \
-n ${{ env.RESOURCE_GROUP }} \
-l ${{ env.LOCATION }}
- name: Create Resources
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.RESOURCE_GROUP }}
template: ./resources/base.json
parameters: azureAdEAContributorObjectId=${{ vars.AZURE_AD_EA_CONTRIBUTOR_OBJECT_ID }} azureApimPublisherEmail=${{ secrets.AZURE_APIM_PUBLISHER_EMAIL }} deeplAuthKey=${{ secrets.DEEPL_AUTH_KEY }}
# 短期間でAzure Functionsのアプリケーション設定を複数回更新すると、正常終了したのにも関わらず更新しない場合があるため
# 1回のみ更新するようにJob/Stepを構成する
set-functions-appsettings:
runs-on: ubuntu-latest
needs: create-resources
steps:
- name: Checkout
uses: actions/checkout@main
- name: Login Azure as Contributor
uses: azure/login@v1
with:
creds: '{"clientId":"${{ vars.AZURE_AD_SP_CONTRIBUTOR_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_AD_SP_CONTRIBUTOR_CLIENT_SECRET }}","subscriptionId":"${{ vars.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ vars.AZURE_TENANT_ID }}"}'
- name: Update functions-appsettings.json
run: |
cognitiveKey=$( \
az keyvault secret show \
--vault-name ${{ env.VAULT_NAME }} \
-n cognitive-key \
--query id \
-o tsv \
)
cosmosdbKey=$( \
az keyvault secret show \
--vault-name ${{ env.VAULT_NAME }} \
-n cosmos-db-primary-key \
--query id \
-o tsv \
)
cosmosdbReadonlyKey=$( \
az keyvault secret show \
--vault-name ${{ env.VAULT_NAME }} \
-n cosmos-db-primary-readonly-key \
--query id \
-o tsv \
)
sed -i.bak \
-e "s|{cognitiveKey}|${cognitiveKey}|g" \
-e "s|{cosmosdbKey}|${cosmosdbKey}|g" \
-e "s|{cosmosdbReadonlyKey}|${cosmosdbReadonlyKey}|g" \
resources/functions-appsettings.json
- name: Update Functions Application Settings
run: |
az functionapp config appsettings set \
-g ${{ env.RESOURCE_GROUP }} \
-n ${{ env.FUNCTIONS_NAME }} \
--settings @resources/functions-appsettings.json
# FunctionsにAzureWebJobsStorageのアプリケーション設定をせずにデプロイすると
# InternalServerErrorとなってしまうデプロイ処理は、以下のJobに定義すること
connect-apim-2-functions:
runs-on: ubuntu-latest
needs: set-functions-appsettings
steps:
- name: Checkout
uses: actions/checkout@main
- name: Login Azure as Contributor
uses: azure/login@v1
with:
creds: '{"clientId":"${{ vars.AZURE_AD_SP_CONTRIBUTOR_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_AD_SP_CONTRIBUTOR_CLIENT_SECRET }}","subscriptionId":"${{ vars.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ vars.AZURE_TENANT_ID }}"}'
- name: Create Resources
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.RESOURCE_GROUP }}
template: ./resources/connect-apim-2-functions.json
use-build-functions-app-workflow:
needs: set-functions-appsettings
uses: ./.github/workflows/reusable-build-functions-app.yaml
use-deploy-functions-app-workflow:
needs: use-build-functions-app-workflow
uses: ./.github/workflows/reusable-deploy-functions-app.yaml
with:
AZURE_AD_SP_CONTRIBUTOR_CLIENT_ID: ${{ vars.AZURE_AD_SP_CONTRIBUTOR_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
secrets:
AZURE_AD_SP_CONTRIBUTOR_CLIENT_SECRET: ${{ secrets.AZURE_AD_SP_CONTRIBUTOR_CLIENT_SECRET }}
use-deploy-apim-workflow:
needs: connect-apim-2-functions
uses: ./.github/workflows/reusable-deploy-apim.yaml
with:
AZURE_AD_SP_CONTRIBUTOR_CLIENT_ID: ${{ vars.AZURE_AD_SP_CONTRIBUTOR_CLIENT_ID }}
AZURE_AD_SP_MSAL_CLIENT_ID: ${{ vars.AZURE_AD_SP_MSAL_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
secrets:
AZURE_AD_SP_CONTRIBUTOR_CLIENT_SECRET: ${{ secrets.AZURE_AD_SP_CONTRIBUTOR_CLIENT_SECRET }}