-
Notifications
You must be signed in to change notification settings - Fork 0
84 lines (71 loc) · 2.73 KB
/
build-iac.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: Build and Test Infrastructure
on: workflow_dispatch
#push:
# branches: [ "main" ]
# paths:
# - "infra/*.bicep"
#pull_request:
# branches: [ "main" ]
# paths:
# - "infra/*.bicep"
permissions:
id-token: write
contents: read
env:
RESOURCE_GROUP: dip-iactest-${{ github.run_id }}
COGNITIVE_SERVICES_ACCOUNT_NAME: aisa-hjni-discord-image-poster
COGNITIVE_SERVICES_RESOURCEGROUP: hjni-discord-image-poster
jobs:
build:
runs-on: ubuntu-latest
environment: ci-test
steps:
- uses: actions/checkout@v4
- name: Login via Az module
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
enable-AzPSSession: true
- name: Create settings file
uses: azure/powershell@v2
env:
ARTIFACT_LOCATION: ${{ steps.package-zip.outputs.ARTIFACT_LOCATION }}
with:
azPSVersion: "latest"
inlineScript: |
$settingsPath = Join-Path -Path (Resolve-Path ".\").Path -ChildPath 'test-infra-settings.json'
$settings = @{
ResourceGroup = $env:RESOURCE_GROUP
ApplicationName = $env:RESOURCE_GROUP
Location = "North Europe"
DiscordToken = 'mock token'
DiscordGuildId = 0
DiscordChannelId = 0
ExistingCognitiveServicesAccountName = $env:COGNITIVE_SERVICES_ACCOUNT_NAME
ExistingCognitiveServicesResourceGroup = $env:COGNITIVE_SERVICES_RESOURCEGROUP
}
$settings | ConvertTo-Json | Set-Content -Path $settingsPath
./Create-Environment.ps1 -SettingsFile $settingsPath -NoDiscord
- name: Cleanup
uses: azure/powershell@v2
with:
azPSVersion: "latest"
inlineScript: |
# Remove role assingments
$idResourceGroupName = "$($env:RESOURCE_GROUP)"
$idName = "id-$($env:RESOURCE_GROUP)"
Write-Host $idName
$accountName = $env:COGNITIVE_SERVICES_ACCOUNT_NAME
Write-Host $accountName
$cognitiveServicesResourceGroupName = $env:COGNITIVE_SERVICES_RESOURCEGROUP
Write-Host $cognitiveServicesResourceGroupName
$cognitiveServices = Get-AzCognitiveServicesAccount -ResourceGroupName $cognitiveServicesResourceGroupName -AccountName $accountName
$identity = Get-AzUserAssignedIdentity -Name $idName -ResourceGroupName $idResourceGroupName
Get-AzRoleAssignment `
-Scope $cognitiveServices.Id `
-ObjectId $identity.PrincipalId `
| Remove-AzRoleAssignment
# Delete resource group
Remove-AzResourceGroup -Name $idResourceGroupName -Force