Skip to content

Upgrade azurerm to v4 and update configs #261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Oct 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 100 additions & 0 deletions .github/workflows/_terraformDestroyTemplate.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
name: Terraform Destroy Template

on:
workflow_call:
inputs:
environment:
required: true
type: string
default: "dev"
description: "Specifies the environment of the deployment."
config:
required: true
type: string
description: "Specifies the configuration folder for the deployment."
terraform_version:
required: true
type: string
description: "Specifies the terraform version."
node_version:
required: true
type: number
description: "Specifies the node version."
working_directory:
required: true
type: string
description: "Specifies the working directory."
tenant_id:
required: true
type: string
description: "Specifies the tenant id of the deployment."
subscription_id:
required: true
type: string
description: "Specifies the subscription id of the deployment."
secrets:
CLIENT_ID:
required: true
description: "Specifies the client id."
MY_SAMPLE_SECRET:
required: true
description: "Specifies a sample secret."

permissions:
id-token: write
contents: read

jobs:
deployment:
name: Terraform Destroy
runs-on: [self-hosted]
continue-on-error: false
environment: ${{ inputs.environment }}
if: github.event_name == 'push' || github.event_name == 'release'
concurrency:
group: terraform-${{ inputs.config }}-${{ inputs.environment }}
cancel-in-progress: false

env:
ARM_TENANT_ID: ${{ inputs.tenant_id }}
ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
ARM_USE_OIDC: true

steps:
# Setup Node
- name: Setup Node
id: node_setup
uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node_version }}

# Setup Terraform
- name: Setup Terraform
id: terraform_setup
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.terraform_version }}
terraform_wrapper: true

# Check Out Repository
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v4

# Terraform Init
- name: Terraform Init
working-directory: ${{ inputs.working_directory }}
run: |
terraform init -backend-config=../../config/${CONFIG}/azurerm.tfbackend
env:
CONFIG: ${{ inputs.config }}

# Terraform Destroy
- name: Terraform Destroy
working-directory: ${{ inputs.working_directory }}
run: |
terraform apply -var-file="../../config/${CONFIG}/vars.tfvars" -auto-approve -input=false -destroy
env:
CONFIG: ${{ inputs.config }}
TF_VAR_my_secret: ${{ secrets.MY_SAMPLE_SECRET }}
15 changes: 5 additions & 10 deletions .github/workflows/_terraformEnvironmentTemplate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,6 @@ on:
CLIENT_ID:
required: true
description: "Specifies the client id."
CLIENT_SECRET:
required: true
description: "Specifies the client secret."
MY_SAMPLE_SECRET:
required: true
description: "Specifies a sample secret."
Expand Down Expand Up @@ -101,15 +98,14 @@ jobs:
environment: ${{ inputs.environment }}
needs: [lint]
concurrency:
group: terraform-apply-${{ inputs.config }}-${{ inputs.environment }}
group: terraform-${{ inputs.config }}-${{ inputs.environment }}
cancel-in-progress: false

env:
ARM_TENANT_ID: ${{ inputs.tenant_id }}
ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
ARM_USE_OIDC: false
ARM_USE_OIDC: true

steps:
# Setup Node
Expand Down Expand Up @@ -196,18 +192,17 @@ jobs:
runs-on: [self-hosted]
continue-on-error: false
environment: ${{ inputs.environment }}
if: github.event_name == 'push' || github.event_name == 'release'
# if: github.event_name == 'push' || github.event_name == 'release'
needs: [plan]
concurrency:
group: terraform-apply-${{ inputs.config }}-${{ inputs.environment }}
group: terraform-${{ inputs.config }}-${{ inputs.environment }}
cancel-in-progress: false

env:
ARM_TENANT_ID: ${{ inputs.tenant_id }}
ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
ARM_USE_OIDC: false
ARM_USE_OIDC: true

steps:
# Setup Node
Expand Down
25 changes: 20 additions & 5 deletions .github/workflows/terraform.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,27 @@ jobs:
with:
environment: "dev"
config: "PerfectThymeTech"
terraform_version: "1.6.6"
node_version: 18
terraform_version: "1.9.6"
node_version: 20
working_directory: "./code/infra"
tenant_id: "3556be79-2979-4b19-a1af-4dd4e6d9ed7e"
subscription_id: "8f171ff9-2b5b-4f0f-aed5-7fa360a1d094"
tenant_id: "37963dd4-f4e6-40f8-a7d6-24b97919e452"
subscription_id: "1fdab118-1638-419a-8b12-06c9543714a0"
secrets:
CLIENT_ID: ${{ secrets.CLIENT_ID }}
MY_SAMPLE_SECRET: ${{ secrets.MY_SAMPLE_SECRET }}

terraform_dev_destroy:
uses: ./.github/workflows/_terraformDestroyTemplate.yml
name: "Dev - Destroy"
needs: [terraform_dev]
with:
environment: "dev"
config: "PerfectThymeTech"
terraform_version: "1.9.6"
node_version: 20
working_directory: "./code/infra"
tenant_id: "37963dd4-f4e6-40f8-a7d6-24b97919e452"
subscription_id: "1fdab118-1638-419a-8b12-06c9543714a0"
secrets:
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
MY_SAMPLE_SECRET: ${{ secrets.MY_SAMPLE_SECRET }}
1 change: 1 addition & 0 deletions code/infra/alerts.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
resource "azurerm_monitor_activity_log_alert" "monitor_activity_log_alert_service_health" {
name = "${local.prefix}-alert-servicehealth"
location = "global"
resource_group_name = azurerm_resource_group.logging_rg.name
tags = var.tags

Expand Down
14 changes: 14 additions & 0 deletions code/infra/applicationinsights.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
module "application_insights" {
source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/applicationinsights?ref=main"
providers = {
azurerm = azurerm
}

location = var.location
resource_group_name = azurerm_resource_group.logging_rg.name
tags = var.tags
application_insights_name = "${local.prefix}-appi001"
application_insights_application_type = "other"
application_insights_log_analytics_workspace_id = var.log_analytics_workspace_id
diagnostics_configurations = [] # local.diagnostics_configurations # Disabled to avoid duplicate logs in LAW and App Insights
}
18 changes: 18 additions & 0 deletions code/infra/appserviceplan.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
module "app_service_plan" {
source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/appserviceplan?ref=main"
providers = {
azurerm = azurerm
}

location = var.location
resource_group_name = azurerm_resource_group.app_rg.name
tags = var.tags
service_plan_name = "${local.prefix}-asp001"
service_plan_maximum_elastic_worker_count = null
service_plan_os_type = "Linux"
service_plan_per_site_scaling_enabled = false
service_plan_sku_name = var.function_sku
service_plan_worker_count = 1 # Update to '3' for production
service_plan_zone_balancing_enabled = false # Update to 'true' for production
diagnostics_configurations = local.diagnostics_configurations
}
79 changes: 22 additions & 57 deletions code/infra/function.tf
Original file line number Diff line number Diff line change
@@ -1,44 +1,3 @@
resource "azurerm_service_plan" "service_plan" {
name = "${local.prefix}-asp001"
location = var.location
resource_group_name = azurerm_resource_group.app_rg.name
tags = var.tags

# maximum_elastic_worker_count = 20
os_type = "Linux"
per_site_scaling_enabled = false
sku_name = var.function_sku
worker_count = 1 # Update to '3' for production
zone_balancing_enabled = false # Update to 'true' for production
}

data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_service_plan" {
resource_id = azurerm_service_plan.service_plan.id
}

resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_service_plan" {
name = "logAnalytics"
target_resource_id = azurerm_service_plan.service_plan.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id

dynamic "enabled_log" {
iterator = entry
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_service_plan.log_category_groups
content {
category_group = entry.value
}
}

dynamic "metric" {
iterator = entry
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_service_plan.metrics
content {
category = entry.value
enabled = true
}
}
}

resource "azapi_resource" "function" {
type = "Microsoft.Web/sites@2022-09-01"
parent_id = azurerm_resource_group.app_rg.id
Expand All @@ -65,7 +24,7 @@ resource "azapi_resource" "function" {
redundancyMode = "None"
reserved = true
scmSiteAlsoStopped = true
serverFarmId = azurerm_service_plan.service_plan.id
serverFarmId = module.app_service_plan.service_plan_id
storageAccountRequired = false
vnetContentShareEnabled = true
vnetImagePullEnabled = false # Set to 'true' when pulling image from private Azure Container Registry
Expand All @@ -91,7 +50,7 @@ resource "azapi_resource" "function" {
appSettings = [
{
name = "APPLICATIONINSIGHTS_CONNECTION_STRING"
value = azurerm_application_insights.application_insights.connection_string
value = module.application_insights.application_insights_connection_string
},
{
name = "AZURE_SDK_TRACING_IMPLEMENTATION"
Expand Down Expand Up @@ -123,23 +82,23 @@ resource "azapi_resource" "function" {
},
{
name = "WEBSITE_OS_TYPE"
value = azurerm_service_plan.service_plan.os_type
value = module.app_service_plan.service_plan_os_type
},
{
name = "WEBSITE_RUN_FROM_PACKAGE"
value = "0"
},
{
name = "AzureWebJobsStorage__accountName"
value = azurerm_storage_account.storage.name
value = module.storage_account.storage_account_name
},
{
name = "AzureWebJobsSecretStorageType"
value = "keyvault"
},
{
name = "AzureWebJobsSecretStorageKeyVaultUri"
value = azurerm_key_vault.key_vault.vault_uri
value = module.key_vault.key_vault_uri
},
{
name = "WEBSITES_ENABLE_APP_SERVICE_STORAGE" # Disable when not running a container
Expand Down Expand Up @@ -219,11 +178,8 @@ resource "azapi_resource" "function" {
# "properties.siteConfig.appSettings"
# ]
depends_on = [
azurerm_private_endpoint.key_vault_private_endpoint,
azurerm_private_endpoint.storage_private_endpoint_blob,
azurerm_private_endpoint.storage_private_endpoint_file,
azurerm_private_endpoint.storage_private_endpoint_queue,
azurerm_private_endpoint.storage_private_endpoint_table,
module.key_vault.key_vault_setup_completed,
module.storage_account.storage_setup_completed,
]
}

Expand All @@ -234,7 +190,7 @@ data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_function" {
resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_function" {
name = "logAnalytics"
target_resource_id = azapi_resource.function.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
log_analytics_workspace_id = var.log_analytics_workspace_id

dynamic "enabled_log" {
iterator = entry
Expand Down Expand Up @@ -267,11 +223,20 @@ resource "azurerm_private_endpoint" "function_private_endpoint" {
private_connection_resource_id = azapi_resource.function.id
subresource_names = ["sites"]
}
subnet_id = azapi_resource.subnet_services.id
private_dns_zone_group {
name = "${azapi_resource.function.name}-arecord"
private_dns_zone_ids = [
var.private_dns_zone_id_sites
subnet_id = azapi_resource.subnet_private_endpoints.id
dynamic "private_dns_zone_group" {
for_each = var.private_dns_zone_id_sites == "" ? [] : [1]
content {
name = "${azapi_resource.function.name}-arecord"
private_dns_zone_ids = [
var.private_dns_zone_id_sites
]
}
}

lifecycle {
ignore_changes = [
private_dns_zone_group
]
}
}
Loading