CI-Validate Deployment-Research Assistant #133
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-Validate Deployment-Research Assistant | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'ResearchAssistant/**' | |
| schedule: | |
| - cron: '0 6,18 * * *' # Runs at 6:00 AM and 6:00 PM GMT | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Setup Azure CLI | |
| run: | | |
| curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash | |
| az --version # Verify installation | |
| - name: Login to Azure | |
| run: | | |
| az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} | |
| - name: Install Bicep CLI | |
| run: az bicep install | |
| - name: Generate Resource Group Name | |
| id: generate_rg_name | |
| run: | | |
| echo "Generating a unique resource group name..." | |
| TIMESTAMP=$(date +%Y%m%d%H%M%S) | |
| COMMON_PART="pslautomationResPurge3" | |
| UNIQUE_RG_NAME="${COMMON_PART}${TIMESTAMP}" | |
| echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV | |
| echo "Generated Resource_GROUP_PREFIX: ${UNIQUE_RG_NAME}" | |
| - name: Check and Create Resource Group | |
| id: check_create_rg | |
| run: | | |
| set -e | |
| echo "Checking if resource group exists..." | |
| rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) | |
| if [ "$rg_exists" = "false" ]; then | |
| echo "Resource group does not exist. Creating..." | |
| az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location eastus2 || { echo "Error creating resource group"; exit 1; } | |
| else | |
| echo "Resource group already exists." | |
| fi | |
| - name: Generate Unique Solution Prefix | |
| id: generate_solution_prefix | |
| run: | | |
| set -e | |
| COMMON_PART="prg" | |
| TIMESTAMP=$(date +%s) | |
| UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 3) | |
| UNIQUE_SOLUTION_PREFIX="${COMMON_PART}${UPDATED_TIMESTAMP}" | |
| echo "SOLUTION_PREFIX=${UNIQUE_SOLUTION_PREFIX}" >> $GITHUB_ENV | |
| echo "Generated SOLUTION_PREFIX: ${UNIQUE_SOLUTION_PREFIX}" | |
| - name: Deploy Bicep Template | |
| id: deploy | |
| run: | | |
| set -e | |
| az deployment group create \ | |
| --resource-group ${{ env.RESOURCE_GROUP_NAME }} \ | |
| --template-file ResearchAssistant/Deployment/bicep/main.bicep \ | |
| --parameters solutionPrefix=${{ env.SOLUTION_PREFIX }} | |
| - name: List Key Vaults and Store in Array | |
| id: list_keyvaults | |
| run: | | |
| echo "Listing all Key Vaults in the resource group ${RESOURCE_GROUP_NAME}..." | |
| # Get the list of Key Vaults in the specified resource group | |
| keyvaults=$(az resource list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --query "[?type=='Microsoft.KeyVault/vaults'].name" -o tsv) | |
| if [ -z "$keyvaults" ]; then | |
| echo "No Key Vaults found in resource group ${RESOURCE_GROUP_NAME}." | |
| echo "KEYVAULTS=[]" >> $GITHUB_ENV # If no Key Vaults found, set an empty array | |
| else | |
| echo "Key Vaults found: $keyvaults" | |
| # Format the list into an array with proper formatting (no trailing comma) | |
| keyvault_array="[" | |
| first=true | |
| for kv in $keyvaults; do | |
| if [ "$first" = true ]; then | |
| keyvault_array="$keyvault_array\"$kv\"" | |
| first=false | |
| else | |
| keyvault_array="$keyvault_array,\"$kv\"" | |
| fi | |
| done | |
| keyvault_array="$keyvault_array]" | |
| # Output the formatted array and save it to the environment variable | |
| echo "KEYVAULTS=$keyvault_array" >> $GITHUB_ENV | |
| fi | |
| - name: Delete Bicep Deployment | |
| if: success() | |
| run: | | |
| set -e | |
| echo "Checking if resource group exists..." | |
| rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) | |
| if [ "$rg_exists" = "true" ]; then | |
| echo "Resource group exist. Cleaning..." | |
| az group delete \ | |
| --name ${{ env.RESOURCE_GROUP_NAME }} \ | |
| --yes \ | |
| --no-wait | |
| echo "Resource group deleted... ${{ env.RESOURCE_GROUP_NAME }}" | |
| else | |
| echo "Resource group does not exists." | |
| fi | |
| - name: Wait for resource deletion to complete | |
| run: | | |
| echo "Waiting for resource group deletion to complete..." | |
| sleep 120 # Wait for 2 minutes (200 seconds) to allow deletion to complete | |
| - name: Purging the Resources | |
| if: success() | |
| run: | | |
| set -e | |
| # Define variables | |
| OPENAI_COMMON_PART="-openai" | |
| openai_name="${{ env.SOLUTION_PREFIX }}${OPENAI_COMMON_PART}" | |
| echo "Azure OpenAI: $openai_name" | |
| MULTISERVICE_COMMON_PART="-cogser" | |
| multiservice_account_name="${{ env.SOLUTION_PREFIX }}${MULTISERVICE_COMMON_PART}" | |
| echo "Azure Multi Service Account: $multiservice_account_name" | |
| # Purge OpenAI resource | |
| echo "Purging the OpenAI Resource..." | |
| if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/eastus2/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/$openai_name --verbose; then | |
| echo "Failed to purge OpenAI resource: $openai_name" | |
| else | |
| echo "Purged the OpenAI Resource: $openai_name" | |
| fi | |
| # Purge MultiService account resource | |
| echo "Purging the MultiService account Resource..." | |
| if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/eastus2/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/$multiservice_account_name --verbose; then | |
| echo "Failed to purge MultiService account resource: $multiservice_account_name" | |
| else | |
| echo "Purged the MultiService account Resource: $multiservice_account_name" | |
| fi | |
| # Ensure KEYVAULTS is properly formatted as a comma-separated string | |
| KEYVAULTS="${{ env.KEYVAULTS }}" | |
| # Remove the surrounding square brackets, if they exist | |
| stripped_keyvaults=$(echo "$KEYVAULTS" | sed 's/\[\|\]//g') | |
| # Convert the comma-separated string into an array | |
| IFS=',' read -r -a keyvault_array <<< "$stripped_keyvaults" | |
| echo "Using Key Vaults Array..." | |
| for keyvault_name in "${keyvault_array[@]}"; do | |
| echo "Processing Key Vault: $keyvault_name" | |
| # Check if the Key Vault is soft-deleted | |
| deleted_vaults=$(az keyvault list-deleted --query "[?name=='$keyvault_name']" -o json --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}) | |
| # If the Key Vault is found in the soft-deleted state, purge it | |
| if [ "$(echo "$deleted_vaults" | jq length)" -gt 0 ]; then | |
| echo "Key Vault '$keyvault_name' is soft-deleted. Proceeding to purge..." | |
| az keyvault purge --name "$keyvault_name" --no-wait | |
| else | |
| echo "Key Vault '$keyvault_name' is not soft-deleted. No action taken." | |
| fi | |
| done | |
| echo "Resource purging completed successfully" | |
| - name: Send Notification on Failure | |
| if: failure() | |
| run: | | |
| RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| # Construct the email body | |
| EMAIL_BODY=$(cat <<EOF | |
| { | |
| "body": "<p>Dear Team,</p><p>We would like to inform you that the Research Assistant Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> ${RUN_URL}<br> ${OUTPUT}</p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>" | |
| }myKeyVaulttest5 | |
| EOF | |
| ) | |
| # Send the notification | |
| curl -X POST "${{ secrets.LOGIC_APP_URL }}" \ | |
| -H "Content-Type: application/json" \ | |
| -d "$EMAIL_BODY" || echo "Failed to send notification" |