From bc9285744de385a382aad42647c8fae20901a5f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20J=C3=B8rgen=20Skogstad?= Date: Sat, 27 Jan 2024 00:45:38 +0100 Subject: [PATCH 1/4] Revision verification draft --- .azure/containerApp/createExternal.bicep | 1 + .azure/main.bicep | 1 + .github/tools/revisionVerifier.sh | 39 ++++++++++++++++++++++++ .github/workflows/action-deploy.yml | 17 +++++++++-- 4 files changed, 56 insertions(+), 2 deletions(-) create mode 100755 .github/tools/revisionVerifier.sh diff --git a/.azure/containerApp/createExternal.bicep b/.azure/containerApp/createExternal.bicep index a43bee3b3..6f63072c3 100644 --- a/.azure/containerApp/createExternal.bicep +++ b/.azure/containerApp/createExternal.bicep @@ -210,5 +210,6 @@ output identityPrincipalIds array = [ output containerAppEnvName string = containerAppEnv.name output webApiSoName string = webapiSo.name +output webApiSoRevisionName string = webapiSo.properties.latestRevisionName output webApiEuName string = webapiEu.name output migrationJobName string = migrationJob.name diff --git a/.azure/main.bicep b/.azure/main.bicep index d83056de5..423cae462 100644 --- a/.azure/main.bicep +++ b/.azure/main.bicep @@ -333,3 +333,4 @@ module keyVaultReaderAccessPolicy 'keyvault/addReaderRoles.bicep' = { output migrationJobName string = containerAppsExternal.outputs.migrationJobName output resourceGroupName string = resourceGroup.name +output webapiSoRevisionName string = containerAppsExternal.outputs.webApiSoRevisionName diff --git a/.github/tools/revisionVerifier.sh b/.github/tools/revisionVerifier.sh new file mode 100755 index 000000000..f0b8e78d1 --- /dev/null +++ b/.github/tools/revisionVerifier.sh @@ -0,0 +1,39 @@ +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +if [ -z "$2" ]; then + echo "Usage: $0 " + exit 1 +fi + +revision_name="$1" +resource_group="$2" +query_filter="{name:name, runningState:properties.runningState, healthState:properties.healthState}" + +verify_revision() { + local json_output + + # Fetch app revision + json_output=$(az containerapp revision show -g "$resource_group" --revision "$revision_name" --query "$query_filter" 2>/dev/null) + + echo $json_output + # Check health and running status + if [[ $json_output == *'"healthState": "Healthy",'*'"runningState": "Running"'* || $json_output == *'"healthState": "Healthy",'*'"runningState": "RunningAtMaxScale"'* ]]; then + return 0 # OK! + else + return 1 # Not OK! + fi +} + +# Loop until verified (GitHub action will do a timeout) +while true; do + if verify_revision; then + echo "Revision $revision_name is healthy and running" + break + else + echo "Waiting for revision $revision_name ..." + sleep 10 # Sleep for 10 seconds + fi +done diff --git a/.github/workflows/action-deploy.yml b/.github/workflows/action-deploy.yml index bea79de40..9add9c499 100644 --- a/.github/workflows/action-deploy.yml +++ b/.github/workflows/action-deploy.yml @@ -2,6 +2,9 @@ on: workflow_call: + env: + AZ_CLI_VERSION: 2.56.0 + secrets: AZURE_CLIENT_ID: required: true @@ -56,7 +59,7 @@ jobs: uses: azure/CLI@v1 id: keyvault-keys with: - azcliversion: 2.56.0 + azcliversion: ${{ env.AZ_CLI_VERSION }} inlineScript: | KEY_VAULT_KEYS=$(az keyvault secret list --vault-name ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} --subscription ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} --query "[].name" -o json | tr -d '\n') echo "::set-output name=key-vault-keys::$KEY_VAULT_KEYS" @@ -98,10 +101,20 @@ jobs: uses: azure/CLI@v1 if: ${{!inputs.dryRun}} with: - azcliversion: 2.56.0 + azcliversion: ${{ env.AZ_CLI_VERSION }} inlineScript: | az containerapp job start -n ${{ steps.deploy.outputs.migrationJobName }} -g ${{ steps.deploy.outputs.resourceGroupName }} + - name: Verify deployment running + timeout-minutes: 3 + uses: azure/CLI@v1 + id: keyvault-keys + with: + azcliversion: ${{ env.AZ_CLI_VERSION }} + scriptLocation: 'scriptPath' + scriptPath: "./.github/tools/revisionVerifier.sh" + arguments: "${{ steps.deploy.outputs.webApiSoRevisionName }} ${{ steps.deploy.outputs.resourceGroupName }}" + - name: Logout from azure if: ${{failure() || success()}} continue-on-error: true From 9cd2da9973ad128ad7c97ce56c2d9c678e0233f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20J=C3=B8rgen=20Skogstad?= Date: Mon, 29 Jan 2024 10:26:34 +0100 Subject: [PATCH 2/4] Rename step --- .github/workflows/action-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/action-deploy.yml b/.github/workflows/action-deploy.yml index 9add9c499..12f09ab7d 100644 --- a/.github/workflows/action-deploy.yml +++ b/.github/workflows/action-deploy.yml @@ -108,7 +108,7 @@ jobs: - name: Verify deployment running timeout-minutes: 3 uses: azure/CLI@v1 - id: keyvault-keys + id: verify-deployment with: azcliversion: ${{ env.AZ_CLI_VERSION }} scriptLocation: 'scriptPath' From ec475e03d38a9c45ab42c5806d5a8de23fafe3e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20J=C3=B8rgen=20Skogstad?= Date: Mon, 29 Jan 2024 10:44:51 +0100 Subject: [PATCH 3/4] Minor refactor, added logging --- .github/tools/revisionVerifier.sh | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/tools/revisionVerifier.sh b/.github/tools/revisionVerifier.sh index f0b8e78d1..632296d9d 100755 --- a/.github/tools/revisionVerifier.sh +++ b/.github/tools/revisionVerifier.sh @@ -18,22 +18,33 @@ verify_revision() { # Fetch app revision json_output=$(az containerapp revision show -g "$resource_group" --revision "$revision_name" --query "$query_filter" 2>/dev/null) - echo $json_output + health_state=$(echo $json_output | jq -r '.healthState') + running_state=$(echo $json_output | jq -r '.runningState') + + echo "Revision $revision_name status:" + echo "-----------------------------" + echo "Health state: $health_state" + echo "Running state: $running_state" + echo " " + # Check health and running status - if [[ $json_output == *'"healthState": "Healthy",'*'"runningState": "Running"'* || $json_output == *'"healthState": "Healthy",'*'"runningState": "RunningAtMaxScale"'* ]]; then + if [[ $health_state == "Healthy" && ($running_state == "Running" || $running_state == "RunningAtMaxScale") ]]; then return 0 # OK! else return 1 # Not OK! fi } +attempt=1 + # Loop until verified (GitHub action will do a timeout) while true; do if verify_revision; then echo "Revision $revision_name is healthy and running" break else - echo "Waiting for revision $revision_name ..." + echo "Attempt $attempt: Waiting for revision $revision_name ..." sleep 10 # Sleep for 10 seconds + attempt=$((attempt+1)) fi -done +done \ No newline at end of file From e9ad5cee2ef2ca2d71a35f513d75e6c3ba201775 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20J=C3=B8rgen=20Skogstad?= Date: Mon, 29 Jan 2024 10:52:16 +0100 Subject: [PATCH 4/4] Use inlineScript --- .github/workflows/action-deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/action-deploy.yml b/.github/workflows/action-deploy.yml index 12f09ab7d..7ffb35a55 100644 --- a/.github/workflows/action-deploy.yml +++ b/.github/workflows/action-deploy.yml @@ -111,9 +111,9 @@ jobs: id: verify-deployment with: azcliversion: ${{ env.AZ_CLI_VERSION }} - scriptLocation: 'scriptPath' - scriptPath: "./.github/tools/revisionVerifier.sh" - arguments: "${{ steps.deploy.outputs.webApiSoRevisionName }} ${{ steps.deploy.outputs.resourceGroupName }}" + inlineScript: | + ./.github/tools/revisionVerifier.sh "${{ steps.deploy.outputs.webApiSoRevisionName }} ${{ steps.deploy.outputs.resourceGroupName }}" + - name: Logout from azure if: ${{failure() || success()}}