diff --git a/.github/workflows/deploy-orchestrator.yml b/.github/workflows/deploy-orchestrator.yml index c2918f5..24751fc 100644 --- a/.github/workflows/deploy-orchestrator.yml +++ b/.github/workflows/deploy-orchestrator.yml @@ -87,21 +87,6 @@ jobs: cleanup_resources: ${{ inputs.cleanup_resources }} secrets: inherit - send-notification: - if: "!cancelled()" - needs: [docker-build, deploy] - uses: ./.github/workflows/job-send-notification.yml - with: - trigger_type: ${{ inputs.trigger_type }} - waf_enabled: ${{ inputs.waf_enabled }} - EXP: ${{ inputs.EXP }} - existing_webapp_url: ${{ inputs.existing_webapp_url }} - deploy_result: ${{ needs.deploy.result }} - WEB_APPURL: ${{ needs.deploy.outputs.WEB_APPURL || inputs.existing_webapp_url }} - RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }} - QUOTA_FAILED: ${{ needs.deploy.outputs.QUOTA_FAILED }} - secrets: inherit - cleanup-deployment: if: "!cancelled() && needs.deploy.result == 'success' && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && inputs.existing_webapp_url == '' && (inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources)" needs: [docker-build, deploy] @@ -117,3 +102,19 @@ jobs: ENV_NAME: ${{ needs.deploy.outputs.ENV_NAME }} IMAGE_TAG: ${{ needs.deploy.outputs.IMAGE_TAG }} secrets: inherit + + send-notification: + if: "!cancelled()" + needs: [docker-build, deploy, cleanup-deployment] + uses: ./.github/workflows/job-send-notification.yml + with: + trigger_type: ${{ inputs.trigger_type }} + waf_enabled: ${{ inputs.waf_enabled }} + EXP: ${{ inputs.EXP }} + existing_webapp_url: ${{ inputs.existing_webapp_url }} + deploy_result: ${{ needs.deploy.result }} + cleanup_result: ${{ needs.cleanup-deployment.result }} + WEB_APPURL: ${{ needs.deploy.outputs.WEB_APPURL || inputs.existing_webapp_url }} + RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }} + QUOTA_FAILED: ${{ needs.deploy.outputs.QUOTA_FAILED }} + secrets: inherit diff --git a/.github/workflows/job-send-notification.yml b/.github/workflows/job-send-notification.yml index f32485e..d4315c9 100644 --- a/.github/workflows/job-send-notification.yml +++ b/.github/workflows/job-send-notification.yml @@ -41,6 +41,11 @@ on: required: false default: 'false' type: string + cleanup_result: + description: 'Cleanup job result (success, failure, skipped)' + required: false + default: 'skipped' + type: string env: GPT_MIN_CAPACITY: 100 @@ -55,130 +60,50 @@ jobs: env: accelerator_name: "Container Migration" steps: - - name: Validate Workflow Input Parameters + - name: Determine Cleanup Status + id: cleanup shell: bash env: - INPUT_TRIGGER_TYPE: ${{ inputs.trigger_type }} - INPUT_WAF_ENABLED: ${{ inputs.waf_enabled }} - INPUT_EXP: ${{ inputs.EXP }} - INPUT_EXISTING_WEBAPP_URL: ${{ inputs.existing_webapp_url }} - INPUT_DEPLOY_RESULT: ${{ inputs.deploy_result }} - INPUT_WEB_APPURL: ${{ inputs.WEB_APPURL }} - INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }} - INPUT_QUOTA_FAILED: ${{ inputs.QUOTA_FAILED }} + CLEANUP_RESULT: ${{ inputs.cleanup_result }} run: | - echo "🔍 Validating workflow input parameters..." - VALIDATION_FAILED=false - - # Validate trigger_type (required - alphanumeric with underscores) - if [[ -z "$INPUT_TRIGGER_TYPE" ]]; then - echo "❌ ERROR: trigger_type is required but was not provided" - VALIDATION_FAILED=true - elif [[ ! "$INPUT_TRIGGER_TYPE" =~ ^[a-zA-Z0-9_]+$ ]]; then - echo "❌ ERROR: trigger_type '$INPUT_TRIGGER_TYPE' is invalid. Must contain only alphanumeric characters and underscores" - VALIDATION_FAILED=true - else - echo "✅ trigger_type: '$INPUT_TRIGGER_TYPE' is valid" - fi - - # Validate waf_enabled (boolean) - if [[ "$INPUT_WAF_ENABLED" != "true" && "$INPUT_WAF_ENABLED" != "false" ]]; then - echo "❌ ERROR: waf_enabled must be 'true' or 'false', got: '$INPUT_WAF_ENABLED'" - VALIDATION_FAILED=true - else - echo "✅ waf_enabled: '$INPUT_WAF_ENABLED' is valid" - fi - - # Validate EXP (boolean) - if [[ "$INPUT_EXP" != "true" && "$INPUT_EXP" != "false" ]]; then - echo "❌ ERROR: EXP must be 'true' or 'false', got: '$INPUT_EXP'" - VALIDATION_FAILED=true - else - echo "✅ EXP: '$INPUT_EXP' is valid" - fi - - # Validate existing_webapp_url (must start with https if provided) - if [[ -n "$INPUT_EXISTING_WEBAPP_URL" ]]; then - if [[ ! "$INPUT_EXISTING_WEBAPP_URL" =~ ^https:// ]]; then - echo "❌ ERROR: existing_webapp_url must start with 'https://', got: '$INPUT_EXISTING_WEBAPP_URL'" - VALIDATION_FAILED=true - else - echo "✅ existing_webapp_url: '$INPUT_EXISTING_WEBAPP_URL' is valid" - fi - fi - - # Validate deploy_result (required, must be specific values) - if [[ -z "$INPUT_DEPLOY_RESULT" ]]; then - echo "❌ ERROR: deploy_result is required but not provided" - VALIDATION_FAILED=true - else - ALLOWED_DEPLOY_RESULTS=("success" "failure" "skipped") - if [[ ! " ${ALLOWED_DEPLOY_RESULTS[@]} " =~ " ${INPUT_DEPLOY_RESULT} " ]]; then - echo "❌ ERROR: deploy_result '$INPUT_DEPLOY_RESULT' is invalid. Allowed values: ${ALLOWED_DEPLOY_RESULTS[*]}" - VALIDATION_FAILED=true - else - echo "✅ deploy_result: '$INPUT_DEPLOY_RESULT' is valid" - fi - fi - - # Validate WEB_APPURL (must start with https if provided) - if [[ -n "$INPUT_WEB_APPURL" ]]; then - if [[ ! "$INPUT_WEB_APPURL" =~ ^https:// ]]; then - echo "❌ ERROR: WEB_APPURL must start with 'https://', got: '$INPUT_WEB_APPURL'" - VALIDATION_FAILED=true - else - echo "✅ WEB_APPURL: '$INPUT_WEB_APPURL' is valid" - fi - fi - - # Validate RESOURCE_GROUP_NAME (Azure resource group naming convention if provided) - if [[ -n "$INPUT_RESOURCE_GROUP_NAME" ]]; then - if [[ ! "$INPUT_RESOURCE_GROUP_NAME" =~ ^[a-zA-Z0-9._\(\)-]+$ ]] || [[ "$INPUT_RESOURCE_GROUP_NAME" =~ \.$ ]]; then - echo "❌ ERROR: RESOURCE_GROUP_NAME '$INPUT_RESOURCE_GROUP_NAME' is invalid. Must contain only alphanumerics, periods, underscores, hyphens, and parentheses. Cannot end with period." - VALIDATION_FAILED=true - elif [[ ${#INPUT_RESOURCE_GROUP_NAME} -gt 90 ]]; then - echo "❌ ERROR: RESOURCE_GROUP_NAME '$INPUT_RESOURCE_GROUP_NAME' exceeds 90 characters" - VALIDATION_FAILED=true - else - echo "✅ RESOURCE_GROUP_NAME: '$INPUT_RESOURCE_GROUP_NAME' is valid" - fi - fi - - # Validate QUOTA_FAILED (must be 'true', 'false', or empty string) - if [[ "$INPUT_QUOTA_FAILED" != "true" && "$INPUT_QUOTA_FAILED" != "false" && "$INPUT_QUOTA_FAILED" != "" ]]; then - echo "❌ ERROR: QUOTA_FAILED must be 'true', 'false', or empty string, got: '$INPUT_QUOTA_FAILED'" - VALIDATION_FAILED=true - else - echo "✅ QUOTA_FAILED: '$INPUT_QUOTA_FAILED' is valid" - fi - - # Fail workflow if any validation failed - if [[ "$VALIDATION_FAILED" == "true" ]]; then - echo "" - echo "❌ Parameter validation failed. Please correct the errors above and try again." - exit 1 - fi - - echo "" - echo "✅ All input parameters validated successfully!" + case "$CLEANUP_RESULT" in + success) echo "CLEANUP_STATUS=✅ SUCCESS" >> $GITHUB_OUTPUT ;; + failure) echo "CLEANUP_STATUS=❌ FAILED (Needs Manual Cleanup)" >> $GITHUB_OUTPUT ;; + *) echo "CLEANUP_STATUS=⏭️ SKIPPED (Needs Manual Cleanup)" >> $GITHUB_OUTPUT ;; + esac + + - name: Determine Configuration Label + id: config + shell: bash + env: + WAF_ENABLED: ${{ env.WAF_ENABLED }} + EXP: ${{ env.EXP }} + run: | + WAF_LABEL=$( [ "$WAF_ENABLED" = "true" ] && echo "WAF" || echo "Non-WAF" ) + EXP_LABEL=$( [ "$EXP" = "true" ] && echo "EXP" || echo "Non-EXP" ) + echo "CONFIG_LABEL=${WAF_LABEL} + ${EXP_LABEL}" >> $GITHUB_OUTPUT - name: Send Quota Failure Notification if: inputs.deploy_result == 'failure' && inputs.QUOTA_FAILED == 'true' shell: bash env: - DEPLOY_RESULT: ${{ inputs.deploy_result }} - QUOTA_FAILED: ${{ inputs.QUOTA_FAILED }} + GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_RUN_ID: ${{ github.run_id }} + ACCELERATOR_NAME: ${{ env.accelerator_name }} + LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }} + CLEANUP_STATUS: ${{ steps.cleanup.outputs.CLEANUP_STATUS }} + CONFIG_LABEL: ${{ steps.config.outputs.CONFIG_LABEL }} run: | - RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" EMAIL_BODY=$(cat <Dear Team,

We would like to inform you that the ${{ env.accelerator_name }} deployment has failed due to insufficient quota in the requested regions.

Issue Details:
• Quota check failed for GPT model
• Required GPT Capacity: ${{ env.GPT_MIN_CAPACITY }}
• Checked Regions: ${{ vars.AZURE_REGIONS }}

Run URL: ${RUN_URL}

Please resolve the quota issue and retry the deployment.

Best regards,
Your Automation Team

", - "subject": "${{ env.accelerator_name }} Pipeline - Failed (Insufficient Quota)" + "body": "

Dear Team,

We would like to inform you that the ${ACCELERATOR_NAME} deployment has failed due to insufficient quota.

Status Summary:
StageStatus
Deployment❌ FAILED (Insufficient Quota)
Cleanup${CLEANUP_STATUS}

Configuration: ${CONFIG_LABEL}

Run URL: ${RUN_URL}

Please resolve the quota issue and retry the deployment.

Best regards,
Your Automation Team

", + "subject": "❌[CI/CD-Automation] [${ACCELERATOR_NAME}] Insufficient Quota" } EOF ) - curl -X POST "${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}" \ + curl -X POST "${LOGICAPP_URL}" \ -H "Content-Type: application/json" \ -d "$EMAIL_BODY" || echo "Failed to send quota failure notification" @@ -186,22 +111,24 @@ jobs: if: inputs.deploy_result == 'failure' && inputs.QUOTA_FAILED != 'true' shell: bash env: - DEPLOY_RESULT: ${{ inputs.deploy_result }} - QUOTA_FAILED: ${{ inputs.QUOTA_FAILED }} - RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }} + INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }} + ACCELERATOR_NAME: ${{ env.accelerator_name }} + LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }} + CONFIG_LABEL: ${{ steps.config.outputs.CONFIG_LABEL }} + CLEANUP_STATUS: ${{ steps.cleanup.outputs.CLEANUP_STATUS }} run: | RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - RESOURCE_GROUP="${RESOURCE_GROUP_NAME}" + RESOURCE_GROUP="$INPUT_RESOURCE_GROUP_NAME" EMAIL_BODY=$(cat <Dear Team,

We would like to inform you that the ${{ env.accelerator_name }} deployment process has encountered an issue and has failed to complete successfully.

Deployment Details:
• Resource Group: ${RESOURCE_GROUP}
• WAF Enabled: ${{ env.WAF_ENABLED }}
• EXP Enabled: ${{ env.EXP }}

Run URL: ${RUN_URL}

Please investigate the deployment failure at your earliest convenience.

Best regards,
Your Automation Team

", - "subject": "${{ env.accelerator_name }} Pipeline - Failed" + "body": "

Dear Team,

We would like to inform you that the ${ACCELERATOR_NAME} deployment has failed.

Status Summary:
StageStatus
Deployment❌ FAILED (Deployment Issue)
Cleanup${CLEANUP_STATUS}

Deployment Details:
• Resource Group: ${RESOURCE_GROUP}

Configuration: ${CONFIG_LABEL}

Run URL: ${RUN_URL}

Please investigate the deployment failure at your earliest convenience.

Best regards,
Your Automation Team

", + "subject": "❌[CI/CD-Automation] [${ACCELERATOR_NAME}] Deployment-Failed" } EOF ) - curl -X POST "${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}" \ + curl -X POST "${LOGICAPP_URL}" \ -H "Content-Type: application/json" \ -d "$EMAIL_BODY" || echo "Failed to send deployment failure notification" @@ -209,45 +136,28 @@ jobs: if: inputs.deploy_result == 'success' shell: bash env: - DEPLOY_RESULT: ${{ inputs.deploy_result }} - WEB_APPURL: ${{ inputs.WEB_APPURL }} - EXISTING_WEBAPP_URL: ${{ inputs.existing_webapp_url }} - RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }} + INPUT_WEB_APPURL: ${{ inputs.WEB_APPURL }} + INPUT_EXISTING_WEBAPP_URL: ${{ inputs.existing_webapp_url }} + INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }} + ACCELERATOR_NAME: ${{ env.accelerator_name }} + LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }} + GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_RUN_ID: ${{ github.run_id }} + CONFIG_LABEL: ${{ steps.config.outputs.CONFIG_LABEL }} + CLEANUP_STATUS: ${{ steps.cleanup.outputs.CLEANUP_STATUS }} run: | - RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - WEBAPP_URL="${WEB_APPURL:-$EXISTING_WEBAPP_URL}" - RESOURCE_GROUP="${RESOURCE_GROUP_NAME}" + RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" + WEBAPP_URL="${INPUT_WEB_APPURL:-$INPUT_EXISTING_WEBAPP_URL}" + RESOURCE_GROUP="$INPUT_RESOURCE_GROUP_NAME" EMAIL_BODY=$(cat <Dear Team,

We would like to inform you that the ${{ env.accelerator_name }} deployment has completed successfully.

Deployment Details:
• Resource Group: ${RESOURCE_GROUP}
• Web App URL: ${WEBAPP_URL}

Configuration:
• WAF Enabled: ${{ env.WAF_ENABLED }}
• EXP Enabled: ${{ env.EXP }}

Run URL: ${RUN_URL}

Best regards,
Your Automation Team

", - "subject": "${{ env.accelerator_name }} Pipeline - Deployment Success" + "body": "

Dear Team,

We would like to inform you that the ${ACCELERATOR_NAME} deployment has completed successfully.

Status Summary:
StageStatus
Deployment✅ SUCCESS
Cleanup${CLEANUP_STATUS}

Deployment Details:
• Resource Group: ${RESOURCE_GROUP}
• Web App URL: ${WEBAPP_URL}

Configuration: ${CONFIG_LABEL}

Run URL: ${RUN_URL}

Best regards,
Your Automation Team

", + "subject": "✅[CI/CD-Automation] [${ACCELERATOR_NAME}] Success" } EOF ) - curl -X POST "${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}" \ + curl -X POST "${LOGICAPP_URL}" \ -H "Content-Type: application/json" \ -d "$EMAIL_BODY" || echo "Failed to send success notification" - - - name: Send Existing URL Test Failure Notification - if: inputs.deploy_result == 'skipped' && inputs.existing_webapp_url != '' - shell: bash - env: - DEPLOY_RESULT: ${{ inputs.deploy_result }} - EXISTING_WEBAPP_URL: ${{ inputs.existing_webapp_url }} - run: | - RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - EXISTING_URL="${EXISTING_WEBAPP_URL}" - - EMAIL_BODY=$(cat <Dear Team,

The ${{ env.accelerator_name }} pipeline executed against the existing WebApp URL.

Details:
• Target URL: ${EXISTING_URL}
• Deployment: Skipped

Run URL: ${RUN_URL}

Best regards,
Your Automation Team

", - "subject": "${{ env.accelerator_name }} Pipeline - Existing URL Notification" - } - EOF - ) - - curl -X POST "${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}" \ - -H "Content-Type: application/json" \ - -d "$EMAIL_BODY" || echo "Failed to send existing URL test failure notification" diff --git a/docs/DeploymentGuide.md b/docs/DeploymentGuide.md index 6914624..dffd642 100644 --- a/docs/DeploymentGuide.md +++ b/docs/DeploymentGuide.md @@ -16,7 +16,7 @@ Ensure you have access to an [Azure subscription](https://azure.microsoft.com/fr |------------------------------|-----------|-------------| | **Contributor** | Subscription level | Create and manage Azure resources | | **User Access Administrator** | Subscription level | Manage user access and role assignments | -| **Role Based Access Control** | Subscription/Resource Group level | Configure RBAC permissions | +| **Role Based Access Control Admin** | Subscription/Resource Group level | Configure RBAC permissions | | **App Registration Creation** | Azure Active Directory | Create and configure authentication | **🔍 How to Check Your Permissions:** @@ -271,6 +271,11 @@ azd auth login --tenant-id > ⚠️ **Critical: Redeployment Warning** > If you have previously run `azd up` in this folder (i.e., a `.azure` folder exists), you must [create a fresh environment](#creating-a-new-environment) to avoid conflicts and deployment failures. +**NOTE:** If you are running the latest azd version (version 1.23.9), please run the following command. +```bash +azd config set provision.preflight off +``` + ```shell azd up ```