feat: improve provisioning

.gitignore

@@ -9,6 +9,8 @@ __pycache__
 
 /.env
 
+/azure-provision/default-github-config.env
+
 /azure-deployment/azure-resource-manager-deployment-manifest.yml
 /azure-deployment/manual-azure-deploy-secrets.env
 /azure-deployment/manual-azure-deploy-variables.env

azure-deployment/manual-azure-deploy-from-local.sh

@@ -13,44 +13,41 @@ if [ ! -d ".git" ]; then
     exit 1
 fi
 
-git remote -v | grep "IATI/bulk-data-service.git" > /dev/null
+(git remote -v 2> /dev/null | grep "IATI/bulk-data-service.git" > /dev/null) || (echo "$0: script must be run from the root of the bulk-data-service repository"; exit 1)
 
-if [ "$?" != 0 ]; then
-    echo "$0: script must be run from the root of the bulk-data-service repository"
-    exit 1
-fi
-
-. ./manual-azure-deploy-secrets.env
+. ./azure-deployment/manual-azure-deploy-secrets.env
 
 TARGET_ENVIRONMENT=$1
 
 APP_NAME=bulk-data-service
 
-RESOURCE_GROUP_NAME=rg-${APP_NAME}-${TARGET_ENVIRONMENT}
+RESOURCE_GROUP_NAME="rg-${APP_NAME}-${TARGET_ENVIRONMENT}"
+
+CONTAINER_GROUP_INSTANCE_NAME="aci-${APP_NAME}-${TARGET_ENVIRONMENT}"
 
-CONTAINER_GROUP_INSTANCE_NAME=aci-${APP_NAME}-${TARGET_ENVIRONMENT}
+DOCKER_IMAGE_TAG=$(git log -n1 --format=format:"%H")
 
 LOCAL_DEPLOY=true
 
 echo "Generating Azure ARM deployment manifest from template"
 . ./azure-deployment/generate-manifest-from-template.sh
 
 # build the docker image for the Bulk Data Service
-docker build . -t criati.azurecr.io/bulk-data-service-$TARGET_ENVIRONMENT
+docker build . -t "criati.azurecr.io/bulk-data-service-$TARGET_ENVIRONMENT:$DOCKER_IMAGE_TAG"
 
 # push Bulk Data Service image to Azure
-docker push criati.azurecr.io/bulk-data-service-$TARGET_ENVIRONMENT
+docker push "criati.azurecr.io/bulk-data-service-$TARGET_ENVIRONMENT:$DOCKER_IMAGE_TAG"
 
 # now configure, build and push the docker image for the nginx reverse proxy
 
 # create password file
-htpasswd -c -b ./azure-deployment/nginx-reverse-proxy/htpasswd prom $PROM_NGINX_REVERSE_PROXY_PASSWORD
+htpasswd -c -b ./azure-deployment/nginx-reverse-proxy/htpasswd prom "$PROM_NGINX_REVERSE_PROXY_PASSWORD"
 
 # make the image for the nginx reverse proxy (for putting HTTP basic auth on the
 # prom client)
-docker build ./azure-deployment/nginx-reverse-proxy -t criati.azurecr.io/bds-prom-nginx-reverse-proxy-$TARGET_ENVIRONMENT
+docker build ./azure-deployment/nginx-reverse-proxy -t "criati.azurecr.io/bds-prom-nginx-reverse-proxy-$TARGET_ENVIRONMENT:$DOCKER_IMAGE_TAG"
 
-docker push criati.azurecr.io/bds-prom-nginx-reverse-proxy-$TARGET_ENVIRONMENT
+docker push "criati.azurecr.io/bds-prom-nginx-reverse-proxy-$TARGET_ENVIRONMENT:$DOCKER_IMAGE_TAG"
 
 
 echo az container delete \

azure-provision/add-default-config-to-github-variables.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/bash
+
+set -o errexit   # abort on nonzero exitstatus
+set -o nounset   # abort on unbound variable
+set -o pipefail  # don't hide errors within pipes
+
+if [[ ! -v "1" ]]; then
+     echo "usage: $0 TARGET_ENVIRONMENT"
+     echo "       TARGET_ENVIRONMENT should likely be 'test', 'dev', or 'prod'"
+     exit 1
+fi
+
+if [[ ! -d ".git" ]]; then
+    echo "$0: script must be run from the root of the bulk-data-service repository"
+    exit 1
+fi
+
+(git remote -v 2> /dev/null | grep "IATI/bulk-data-service.git" > /dev/null) || (echo "$0: script must be run from the root of the bulk-data-service repository"; exit 1)
+
+if [[ "$1" == "" ]]; then
+     echo "TARGET_ENVIRONMENT cannot be empty"
+     exit 2
+fi
+
+if [[ $(which gh > /dev/null) ]]; then
+     echo "This script requires the Github command line client to be installed"
+     exit 3
+fi
+
+TARGET_ENVIRONMENT="$1"
+
+cp -f azure-provision/default-github-config-template.env azure-provision/default-github-config.env
+
+sed -i "s/^/${TARGET_ENVIRONMENT^^}/g" azure-provision/default-github-config.env
+
+gh variable set --env-file ./azure-provision/default-github-config.env