CI-Validate Deployment-Research Assistant #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-Validate Deployment-Research Assistant | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'ResearchAssistant/**' | |
| schedule: | |
| - cron: '0 6,18 * * *' # Runs at 6:00 AM and 6:00 PM GMT | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Setup Azure CLI | |
| run: | | |
| curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash | |
| az --version # Verify installation | |
| - name: Login to Azure | |
| run: | | |
| az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} | |
| - name: Install Bicep CLI | |
| run: az bicep install | |
| - name: Generate Resource Group Name | |
| id: generate_rg_name | |
| run: | | |
| echo "Generating a unique resource group name..." | |
| TIMESTAMP=$(date +%Y%m%d%H%M%S) | |
| COMMON_PART="pslautomationRes" | |
| UNIQUE_RG_NAME="${COMMON_PART}${TIMESTAMP}" | |
| echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV | |
| echo "Generated Resource_GROUP_PREFIX: ${UNIQUE_RG_NAME}" | |
| - name: Check and Create Resource Group | |
| id: check_create_rg | |
| run: | | |
| set -e | |
| echo "Checking if resource group exists..." | |
| rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) | |
| if [ "$rg_exists" = "false" ]; then | |
| echo "Resource group does not exist. Creating..." | |
| az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location eastus2 || { echo "Error creating resource group"; exit 1; } | |
| else | |
| echo "Resource group already exists." | |
| fi | |
| - name: Generate Unique Solution Prefix | |
| id: generate_solution_prefix | |
| run: | | |
| set -e | |
| COMMON_PART="pslr" | |
| TIMESTAMP=$(date +%s) | |
| UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 3) | |
| UNIQUE_SOLUTION_PREFIX="${COMMON_PART}${UPDATED_TIMESTAMP}" | |
| echo "SOLUTION_PREFIX=${UNIQUE_SOLUTION_PREFIX}" >> $GITHUB_ENV | |
| echo "Generated SOLUTION_PREFIX: ${UNIQUE_SOLUTION_PREFIX}" | |
| - name: Deploy Bicep Template | |
| id: deploy | |
| run: | | |
| set -e | |
| az deployment group create \ | |
| --resource-group ${{ env.RESOURCE_GROUP_NAME }} \ | |
| --template-file ResearchAssistant/Deployment/bicep/main.bicep \ | |
| --parameters solutionPrefix=${{ env.SOLUTION_PREFIX }} | |
| - name: List KeyVaults and Store in Array | |
| id: list_keyvaults | |
| run: | | |
| set -e | |
| echo "Listing all KeyVaults in the resource group ${RESOURCE_GROUP_NAME}..." | |
| # Get the list of KeyVaults in the specified resource group | |
| keyvaults=$(az resource list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --query "[?type=='Microsoft.KeyVault/vaults'].name" -o tsv) | |
| if [ -z "$keyvaults" ]; then | |
| echo "No KeyVaults found in resource group ${RESOURCE_GROUP_NAME}." | |
| echo "KEYVAULTS=[]" >> $GITHUB_ENV # If no KeyVaults found, set an empty array | |
| else | |
| echo "KeyVaults found: $keyvaults" | |
| # Format the list into an array with proper formatting (no trailing comma) | |
| keyvault_array="[" | |
| first=true | |
| for kv in $keyvaults; do | |
| if [ "$first" = true ]; then | |
| keyvault_array="$keyvault_array\"$kv\"" | |
| first=false | |
| else | |
| keyvault_array="$keyvault_array,\"$kv\"" | |
| fi | |
| done | |
| keyvault_array="$keyvault_array]" | |
| # Output the formatted array and save it to the environment variable | |
| echo "KEYVAULTS=$keyvault_array" >> $GITHUB_ENV | |
| fi | |
| - name: Delete Bicep Deployment | |
| if: success() | |
| run: | | |
| set -e | |
| echo "Checking if resource group exists..." | |
| rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) | |
| if [ "$rg_exists" = "true" ]; then | |
| echo "Resource group exist. Cleaning..." | |
| az group delete \ | |
| --name ${{ env.RESOURCE_GROUP_NAME }} \ | |
| --yes \ | |
| --no-wait | |
| echo "Resource group deleted... ${{ env.RESOURCE_GROUP_NAME }}" | |
| else | |
| echo "Resource group does not exists." | |
| fi | |
| - name: Wait for resource deletion to complete | |
| run: | | |
| # List of keyvaults | |
| KEYVAULTS="${{ env.KEYVAULTS }}" | |
| # Remove the surrounding square brackets, if they exist | |
| stripped_keyvaults=$(echo "$KEYVAULTS" | sed 's/\[\|\]//g') | |
| # Convert the comma-separated string into an array | |
| IFS=',' read -r -a resources_to_check <<< "$stripped_keyvaults" | |
| # Append new resources to the array | |
| resources_to_check+=("${{ env.SOLUTION_PREFIX }}-openai" "${{ env.SOLUTION_PREFIX }}-cogser") | |
| echo "List of resources to check: ${resources_to_check[@]}" | |
| # Get the list of resources in YAML format | |
| resource_list=$(az resource list --resource-group ${{ env.RESOURCE_GROUP_NAME }} --output yaml) | |
| # Maximum number of retries | |
| max_retries=3 | |
| # Retry intervals in seconds (30, 60, 120) | |
| retry_intervals=(30 60 120) | |
| # Retry mechanism to check resources | |
| retries=0 | |
| while true; do | |
| resource_found=false | |
| # Iterate through the resources to check | |
| for resource in "${resources_to_check[@]}"; do | |
| echo "Checking resource: $resource" | |
| if echo "$resource_list" | grep -q "name: $resource"; then | |
| echo "Resource '$resource' exists in the resource group." | |
| resource_found=true | |
| else | |
| echo "Resource '$resource' does not exist in the resource group." | |
| fi | |
| done | |
| # If any resource exists, retry | |
| if [ "$resource_found" = true ]; then | |
| retries=$((retries + 1)) | |
| if [ "$retries" -ge "$max_retries" ]; then | |
| echo "Maximum retry attempts reached. Exiting." | |
| break | |
| else | |
| # Wait for the appropriate interval for the current retry | |
| echo "Waiting for ${retry_intervals[$retries-1]} seconds before retrying..." | |
| sleep ${retry_intervals[$retries-1]} | |
| fi | |
| else | |
| echo "No resources found. Exiting." | |
| break | |
| fi | |
| done | |
| - name: Purging the Resources | |
| if: success() | |
| run: | | |
| set -e | |
| # Define variables | |
| OPENAI_COMMON_PART="-openai" | |
| openai_name="${{ env.SOLUTION_PREFIX }}${OPENAI_COMMON_PART}" | |
| echo "Azure OpenAI: $openai_name" | |
| MULTISERVICE_COMMON_PART="-cogser" | |
| multiservice_account_name="${{ env.SOLUTION_PREFIX }}${MULTISERVICE_COMMON_PART}" | |
| echo "Azure MultiService Account: $multiservice_account_name" | |
| # Purge OpenAI Resource | |
| echo "Purging the OpenAI Resource..." | |
| if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/eastus2/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/$openai_name --verbose; then | |
| echo "Failed to purge openai resource: $openai_name" | |
| else | |
| echo "Purged the openai resource: $openai_name" | |
| fi | |
| # Purge MultiService Account Resource | |
| echo "Purging the MultiService Account Resource..." | |
| if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/eastus2/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/$multiservice_account_name --verbose; then | |
| echo "Failed to purge multiService account resource: $multiservice_account_name" | |
| else | |
| echo "Purged the multiService account resource: $multiservice_account_name" | |
| fi | |
| # Ensure KEYVAULTS is properly formatted as a comma-separated string | |
| KEYVAULTS="${{ env.KEYVAULTS }}" | |
| # Remove the surrounding square brackets, if they exist | |
| stripped_keyvaults=$(echo "$KEYVAULTS" | sed 's/\[\|\]//g') | |
| # Convert the comma-separated string into an array | |
| IFS=',' read -r -a keyvault_array <<< "$stripped_keyvaults" | |
| echo "Using KeyVaults Array..." | |
| for keyvault_name in "${keyvault_array[@]}"; do | |
| echo "Processing KeyVault: $keyvault_name" | |
| # Check if the KeyVault is soft-deleted | |
| deleted_vaults=$(az keyvault list-deleted --query "[?name=='$keyvault_name']" -o json --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}) | |
| # If the KeyVault is found in the soft-deleted state, purge it | |
| if [ "$(echo "$deleted_vaults" | jq length)" -gt 0 ]; then | |
| echo "KeyVault '$keyvault_name' is soft-deleted. Proceeding to purge..." | |
| az keyvault purge --name "$keyvault_name" --no-wait | |
| else | |
| echo "KeyVault '$keyvault_name' is not soft-deleted. No action taken." | |
| fi | |
| done | |
| echo "Resource purging completed successfully" | |
| - name: Send Notification on Failure | |
| if: failure() | |
| run: | | |
| RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| # Construct the email body | |
| EMAIL_BODY=$(cat <<EOF | |
| { | |
| "body": "<p>Dear Team,</p><p>We would like to inform you that the Research Assistant Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> ${RUN_URL}<br> ${OUTPUT}</p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>" | |
| } | |
| EOF | |
| ) | |
| # Send the notification | |
| curl -X POST "${{ secrets.LOGIC_APP_URL }}" \ | |
| -H "Content-Type: application/json" \ | |
| -d "$EMAIL_BODY" || echo "Failed to send notification" |