Deploy Azure TRE (branch) #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Deploy Azure TRE (branch) | |
# This workflow is intended to be used to test workflow changes that wouldn't be | |
# tested when running a PR via the comment bot | |
# Note that the branch must be in the main repo as secrets are not passed | |
# to workflows run from forks | |
on: # yamllint disable-line rule:truthy | |
workflow_dispatch: | |
inputs: | |
e2eTestsCustomSelector: | |
description: A pytest marker selector for the e2e tests to be run | |
type: string | |
default: "" | |
required: false | |
environment: | |
description: The environment to run this workflow in | |
type: environment | |
default: Dev | |
required: true | |
e2eProcesses: | |
description: The number of E2E processes/tests running in parallel | |
type: string | |
default: "1" | |
required: false | |
# This will prevent multiple runs of this entire workflow. | |
# We should NOT cancel in progress runs as that can destabilize the environment. | |
concurrency: "${{ github.workflow }}-${{ github.ref }}" | |
jobs: | |
prepare-not-main: | |
name: Preparation | |
runs-on: ubuntu-latest | |
if: | | |
github.ref != 'refs/heads/main' | |
outputs: | |
refid: ${{ steps.run-id.outputs.refid }} | |
steps: | |
- id: run-id | |
name: Get run id | |
run: | | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
# Debug output for checking SHA used in checks-action | |
echo "git SHA: $(git rev-parse --abbrev-ref HEAD)" | |
echo "git ref: $(git rev-parse HEAD)" | |
echo "github sha: ${GITHUB_SHA}" | |
echo "github ref: ${GITHUB_REF}" | |
REFID=$(echo "${GITHUB_REF}" | shasum | cut -c1-8) | |
echo "using id of: ${REFID} for GitHub Ref: ${GITHUB_REF}" | |
echo "refid=${REFID}" >> "$GITHUB_OUTPUT" | |
run-deploy-tre-not-main: | |
name: "Deploy PR" | |
if: ${{ github.ref != 'refs/heads/main' }} | |
needs: [prepare-not-main] | |
uses: ./.github/workflows/deploy_tre_reusable.yml | |
permissions: | |
checks: write | |
contents: read | |
pull-requests: write | |
with: | |
ciGitRef: ${{ github.ref }} | |
prHeadSha: ${{ github.sha }} | |
e2eTestsCustomSelector: ${{ github.event.inputs.e2eTestsCustomSelector }} | |
environmentName: ${{ github.event.inputs.environment }} | |
E2E_TESTS_NUMBER_PROCESSES: ${{ fromJSON(github.event.inputs.e2eProcesses) }} | |
DEVCONTAINER_TAG: ${{ needs.prepare-not-main.outputs.refid }} | |
secrets: | |
AAD_TENANT_ID: ${{ secrets.AAD_TENANT_ID }} | |
ACR_NAME: ${{ format('tre{0}', needs.prepare-not-main.outputs.refid) }} | |
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | |
API_CLIENT_ID: ${{ secrets.API_CLIENT_ID }} | |
API_CLIENT_SECRET: ${{ secrets.API_CLIENT_SECRET }} | |
APPLICATION_ADMIN_CLIENT_ID: ${{ secrets.APPLICATION_ADMIN_CLIENT_ID }} | |
APPLICATION_ADMIN_CLIENT_SECRET: ${{ secrets.APPLICATION_ADMIN_CLIENT_SECRET }} | |
MGMT_RESOURCE_GROUP_NAME: ${{ format('rg-tre{0}-mgmt', needs.prepare-not-main.outputs.refid) }} | |
MS_TEAMS_WEBHOOK_URI: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} | |
MGMT_STORAGE_ACCOUNT_NAME: ${{ format('tre{0}mgmt', needs.prepare-not-main.outputs.refid) }} | |
SWAGGER_UI_CLIENT_ID: ${{ secrets.SWAGGER_UI_CLIENT_ID }} | |
TEST_APP_ID: ${{ secrets.TEST_APP_ID }} | |
TEST_WORKSPACE_APP_ID: ${{ secrets.TEST_WORKSPACE_APP_ID }} | |
TEST_WORKSPACE_APP_SECRET: ${{ secrets.TEST_WORKSPACE_APP_SECRET }} | |
TEST_ACCOUNT_CLIENT_ID: "${{ secrets.TEST_ACCOUNT_CLIENT_ID }}" | |
TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}" | |
TRE_ID: ${{ format('tre{0}', needs.prepare-not-main.outputs.refid) }} | |
CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }} |