Skip to content
Validate Deployment

DocGen Deploy-Test-Cleanup Pipeline #11

Sign in to view logs

DocGen Deploy-Test-Cleanup Pipeline

DocGen Deploy-Test-Cleanup Pipeline #11

Workflow file for this run

.github/workflows/deploy.yml at d9944e0
name: Validate Deployment
on:
push:
branches:
- main
schedule:
- cron: '0 9,21 * * *' # Runs at 9:00 AM and 9:00 PM GMT
env:
GPT_MIN_CAPACITY: 10
TEXT_EMBEDDING_MIN_CAPACITY: 10
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Setup Azure CLI
run: |
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
az --version # Verify installation
- name: Login to Azure
run: |
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
- name: Run Quota Check
id: quota-check
run: |
export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}
export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
export GPT_MIN_CAPACITY=${{ env.GPT_MIN_CAPACITY }}
export TEXT_EMBEDDING_MIN_CAPACITY=${{ env.TEXT_EMBEDDING_MIN_CAPACITY }}
export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}"
chmod +x scripts/checkquota.sh
if ! scripts/checkquota.sh; then
# If quota check fails due to insufficient quota, set the flag
if grep -q "No region with sufficient quota found" scripts/checkquota.sh; then
echo "QUOTA_FAILED=true" >> $GITHUB_ENV
fi
exit 1 # Fail the pipeline if any other failure occurs
fi
- name: Send Notification on Quota Failure
if: env.QUOTA_FAILED == 'true'
run: |
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
EMAIL_BODY=$(cat <<EOF
{
"body": "<p>Dear Team,</p><p>The quota check has failed, and the pipeline cannot proceed.</p><p><strong>Build URL:</strong> ${RUN_URL}</p><p>Please take necessary action.</p><p>Best regards,<br>Your Automation Team</p>"
}
EOF
)
curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
-H "Content-Type: application/json" \
-d "$EMAIL_BODY" || echo "Failed to send notification"
- name: Fail Pipeline if Quota Check Fails
if: env.QUOTA_FAILED == 'true'
run: exit 1
- name: Install Bicep CLI
run: az bicep install
- name: Set Deployment Region
run: |
echo "Selected Region: $VALID_REGION"
echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV
- name: Generate Resource Group Name
id: generate_rg_name
run: |
echo "Generating a unique resource group name..."
ACCL_NAME="docgen" # Account name as specified
SHORT_UUID=$(uuidgen | cut -d'-' -f1)
UNIQUE_RG_NAME="arg-${ACCL_NAME}-${SHORT_UUID}"
echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV
echo "Generated RESOURCE_GROUP_NAME: ${UNIQUE_RG_NAME}"
- name: Check and Create Resource Group
id: check_create_rg
run: |
set -e
echo "Checking if resource group exists..."
rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }})
if [ "$rg_exists" = "false" ]; then
echo "Resource group does not exist. Creating..."
az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location ${{ env.AZURE_LOCATION }} || { echo "Error creating resource group"; exit 1; }
else
echo "Resource group already exists."
fi
- name: Generate Unique Solution Prefix
id: generate_solution_prefix
run: |
set -e
COMMON_PART="pslr"
TIMESTAMP=$(date +%s)
UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 3)
UNIQUE_SOLUTION_PREFIX="${COMMON_PART}${UPDATED_TIMESTAMP}"
echo "SOLUTION_PREFIX=${UNIQUE_SOLUTION_PREFIX}" >> $GITHUB_ENV
echo "Generated SOLUTION_PREFIX: ${UNIQUE_SOLUTION_PREFIX}"
- name: Deploy Bicep Template
id: deploy
run: |
set -e
az deployment group create \
--resource-group ${{ env.RESOURCE_GROUP_NAME }} \
--template-file infra/main.json \
--parameters \
environmentName="${{ env.SOLUTION_PREFIX }}" \
secondaryLocation="northcentralus" \
deploymentType="GlobalStandard" \
gptModelName="gpt-4o" \
azureOpenaiAPIVersion="2024-05-01-preview" \
gptDeploymentCapacity=${{ env.GPT_MIN_CAPACITY }} \
embeddingModel="text-embedding-ada-002" \
embeddingDeploymentCapacity=${{ env.TEXT_EMBEDDING_MIN_CAPACITY }} \
imageTag="latest"
- name: Extract AI Services and Key Vault Names
if: always() && steps.check_create_rg.outcome == 'success'
run: |
echo "Fetching AI Services and Key Vault names before deletion..."
# Get Key Vault name
KEYVAULT_NAME=$(az resource list --resource-group "${{ env.RESOURCE_GROUP_NAME }}" --resource-type "Microsoft.KeyVault/vaults" --query "[].name" -o tsv)
echo "Detected Key Vault: $KEYVAULT_NAME"
echo "KEYVAULT_NAME=$KEYVAULT_NAME" >> $GITHUB_ENV
# Extract AI Services names
echo "Fetching AI Services..."
AI_SERVICES=$(az resource list --resource-group '${{ env.RESOURCE_GROUP_NAME }}' --resource-type "Microsoft.CognitiveServices/accounts" --query "[].name" -o tsv)
# Flatten newline-separated values to space-separated
AI_SERVICES=$(echo "$AI_SERVICES" | paste -sd ' ' -)
echo "Detected AI Services: $AI_SERVICES"
echo "AI_SERVICES=$AI_SERVICES" >> $GITHUB_ENV
- name: Delete Bicep Deployment
if: always()
run: |
set -e
echo "Checking if resource group exists..."
rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }})
if [ "$rg_exists" = "true" ]; then
echo "Resource group exists. Cleaning..."
az group delete \
--name ${{ env.RESOURCE_GROUP_NAME }} \
--yes \
--no-wait
echo "Resource group deleted... ${{ env.RESOURCE_GROUP_NAME }}"
else
echo "Resource group does not exist."
fi
- name: Wait for Resource Deletion to Complete
if: always()
run: |
echo "Waiting for all deployed resources (including AI Services) to be deleted..."
# Convert AI_SERVICES space-separated string into an array
IFS=' ' read -r -a resources_to_check <<< "${{ env.AI_SERVICES }}"
echo "Resources to check for deletion:"
printf '%s\n' "${resources_to_check[@]}"
# Get the current resource list in YAML
resource_list=$(az resource list --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" --output yaml)
# Set up retry logic
max_retries=3
retry_intervals=(30 60 120)
retries=0
while true; do
resource_found=false
for resource in "${resources_to_check[@]}"; do
echo "Checking if resource '$resource' still exists..."
if echo "$resource_list" | grep -q "name: $resource"; then
echo "Resource '$resource' still exists."
resource_found=true
else
echo "Resource '$resource' has been deleted."
fi
done
if [ "$resource_found" = true ]; then
retries=$((retries + 1))
if [ "$retries" -ge "$max_retries" ]; then
echo "Reached max retry attempts. Exiting wait loop."
break
else
echo "Some resources still exist. Waiting for ${retry_intervals[$((retries-1))]} seconds..."
sleep "${retry_intervals[$((retries-1))]}"
resource_list=$(az resource list --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" --output yaml)
fi
else
echo "All resources have been deleted."
break
fi
done
- name: Wait for Soft Deletion of Key Vault and AI Services
if: always()
run: |
echo "Waiting for resources to be soft deleted..."
# Wait for Key Vault to be soft deleted
if [ -n "${{ env.KEYVAULT_NAME }}" ]; then
while true; do
DELETED_VAULT=$(az keyvault show-deleted --name ${{ env.KEYVAULT_NAME }} --query "id" -o tsv 2>/dev/null || echo "")
if [ -n "$DELETED_VAULT" ]; then
echo "Key Vault soft deleted!"
break
fi
echo "Key Vault not yet soft deleted. Retrying in 15s..."
sleep 15
done
fi
# Wait for AI Services to be soft deleted
for AI_SERVICE in ${{ env.AI_SERVICES }}; do
while true; do
DELETED_AI_SERVICE=$(az cognitiveservices account list-deleted --query "[?name=='$AI_SERVICE'].id" -o tsv 2>/dev/null || echo "")
if [ -n "$DELETED_AI_SERVICE" ]; then
echo "AI Service $AI_SERVICE is soft deleted!"
break
fi
echo "AI Service $AI_SERVICE not yet soft deleted. Retrying in 15s..."
sleep 15
done
done
- name: Purge Key Vault and AI Services
if: always()
run: |
echo "Purging soft deleted resources..."
# Ensure AI_SERVICES is properly split into individual services
IFS=' ' read -r -a SERVICES <<< "${{ env.AI_SERVICES }}"
for AI_SERVICE in "${SERVICES[@]}"; do
echo "Checking location for AI Service: $AI_SERVICE"
# Fetch AI Service location
SERVICE_LOCATION=$(az cognitiveservices account list-deleted --query "[?name=='$AI_SERVICE'].location" -o tsv 2>/dev/null || echo "")
if [ -n "$SERVICE_LOCATION" ]; then
echo "Purging AI Service $AI_SERVICE in $SERVICE_LOCATION"
az cognitiveservices account purge --location "$SERVICE_LOCATION" --resource-group "${{ env.RESOURCE_GROUP_NAME }}" --name "$AI_SERVICE"
else
echo "Could not determine location for AI Service: $AI_SERVICE. Skipping purge."
fi
done
# --- Purge Key Vaults ---
echo "Starting purge for Key Vaults..."
IFS=' ' read -r -a VAULTS <<< "${{ env.KEYVAULT_NAME }}"
for VAULT in "${VAULTS[@]}"; do
echo "Checking location for Key Vault: $VAULT"
# Fetch Key Vault location
VAULT_LOCATION=$(az keyvault list-deleted --query "[?name=='$VAULT'].properties.location" -o tsv 2>/dev/null || echo "")
if [ -n "$VAULT_LOCATION" ]; then
echo "Purging Key Vault $VAULT in $VAULT_LOCATION"
az keyvault purge --name "$VAULT" --location "$VAULT_LOCATION"
else
echo "Could not determine location for Key Vault: $VAULT. Skipping purge."
fi
done
- name: Send Notification on Failure
if: failure()
run: |
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
EMAIL_BODY=$(cat <<EOF
{
"body": "<p>Dear Team,</p><p>We would like to inform you that the DocGen Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> ${RUN_URL}<br> ${OUTPUT}</p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>"
}
EOF
)
curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
-H "Content-Type: application/json" \
-d "$EMAIL_BODY" || echo "Failed to send notification"