diff --git a/.github/actions/devcontainer_run_command/action.yml b/.github/actions/devcontainer_run_command/action.yml
index b124e4e405..2d309fe8a3 100644
--- a/.github/actions/devcontainer_run_command/action.yml
+++ b/.github/actions/devcontainer_run_command/action.yml
@@ -47,55 +47,55 @@ inputs:
required: true
API_CLIENT_ID:
description: "The API Client Id."
- required: true
+ required: false
AAD_TENANT_ID:
description: "The Tenant Id where the App is registered and the Test User is registered for the E2E Tests."
- required: true
+ required: false
TEST_APP_ID:
description: "The Test Application Id used to interact with the API."
- required: true
+ required: false
TEST_ACCOUNT_CLIENT_ID:
description: "The Test Automation Account Client Id used to interact with the API."
- required: true
+ required: false
TEST_ACCOUNT_CLIENT_SECRET:
description: "The Test Automation Account Client Secret used to interact with the API."
- required: true
+ required: false
TEST_WORKSPACE_APP_ID:
description: "The Test Workspace Id used to interact with the API."
- required: true
+ required: false
TRE_ID:
description: "The TRE Id."
- required: true
+ required: false
TF_VAR_terraform_state_container_name:
description: "The name of the container to store the Terraform state."
- required: true
+ required: false
TF_VAR_mgmt_resource_group_name:
description: "The resource group used to store the Terraform state."
- required: true
+ required: false
TF_VAR_mgmt_storage_account_name:
description: "The storage account used to store the Terraform state."
- required: true
+ required: false
TF_VAR_core_address_space:
description: "Core address space."
- required: true
+ required: false
TF_VAR_tre_address_space:
description: "TRE address apace."
- required: true
+ required: false
TF_VAR_swagger_ui_client_id:
description: "The Swagger UI Client ID."
- required: true
+ required: false
TF_VAR_api_client_id:
description: "The API Client Id. (Same as Resource)"
- required: true
+ required: false
TF_VAR_api_client_secret:
description: "The API Client Secret."
- required: true
+ required: false
ACR_NAME:
description: "The Container Registry that holds our Research images."
- required: true
+ required: false
LOCATION:
description: "The Azure Region (e.g. WestEurope)."
- required: true
+ required: false
BUNDLE_TYPE:
description: "The Bundle type (workspace / Workspace-service / User Resource)."
required: false
diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml
index 9b7d14aba3..ea25598c00 100644
--- a/.github/workflows/build_docker_images.yml
+++ b/.github/workflows/build_docker_images.yml
@@ -1,7 +1,7 @@
---
name: Docker build
-on:
+on: # yamllint disable-line rule:truthy
pull_request:
branches: [main]
workflow_dispatch:
diff --git a/.github/workflows/build_docs.yml b/.github/workflows/build_docs.yml
index 816b1f8882..e594db5e7f 100644
--- a/.github/workflows/build_docs.yml
+++ b/.github/workflows/build_docs.yml
@@ -1,7 +1,7 @@
---
name: Publish docs via Github Pages
-on:
+on: # yamllint disable-line rule:truthy
workflow_dispatch:
push:
branches: [main]
diff --git a/.github/workflows/clean_validation_envs.yml b/.github/workflows/clean_validation_envs.yml
index 306429295e..91e9a576fa 100644
--- a/.github/workflows/clean_validation_envs.yml
+++ b/.github/workflows/clean_validation_envs.yml
@@ -1,7 +1,7 @@
---
name: Clean Validation Environments
-on:
+on: # yamllint disable-line rule:truthy
schedule:
# Every 2 hours
- cron: "0 */2 * * *"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index df6ae864dd..ee7027ba29 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -12,7 +12,7 @@
#
name: "CodeQL"
-on:
+on: # yamllint disable-line rule:truthy
push:
branches: [main]
pull_request:
diff --git a/.github/workflows/deploy_tre.yml b/.github/workflows/deploy_tre.yml
index 4e882c8096..2658a1c54a 100644
--- a/.github/workflows/deploy_tre.yml
+++ b/.github/workflows/deploy_tre.yml
@@ -3,7 +3,7 @@ name: Deploy Azure TRE
# This workflow is the integration build run for pushes to the main branch
# It also runs on a schedule, serving as the nightly build
-on:
+on: # yamllint disable-line rule:truthy
schedule:
# 1am each night https://crontab.guru/#0_1_*_*_*
- cron: "0 1 * * *"
diff --git a/.github/workflows/deploy_tre_branch.yml b/.github/workflows/deploy_tre_branch.yml
index 8ba7ce5459..f98decaf40 100644
--- a/.github/workflows/deploy_tre_branch.yml
+++ b/.github/workflows/deploy_tre_branch.yml
@@ -6,7 +6,7 @@ name: Deploy Azure TRE (branch)
# Note that the branch must be in the main repo as secrets are not passed
# to workflows run from forks
-on:
+on: # yamllint disable-line rule:truthy
workflow_dispatch:
inputs:
runExtendedTests:
@@ -38,7 +38,7 @@ jobs:
echo "git SHA: $(git rev-parse --abbrev-ref HEAD)"
echo "git ref: $(git rev-parse HEAD)"
echo "github ref: ${GITHUB_REF}"
- REFID=$(echo ${GITHUB_REF} | shasum | cut -c1-8)
+ REFID=$(echo "${GITHUB_REF}" | shasum | cut -c1-8)
echo "using id of: ${REFID} for GitHub Ref: ${GITHUB_REF}"
echo "::set-output name=refid::${REFID}"
diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml
index 0288563478..0f8a8940ce 100644
--- a/.github/workflows/deploy_tre_reusable.yml
+++ b/.github/workflows/deploy_tre_reusable.yml
@@ -1,7 +1,7 @@
---
name: Deploy Azure TRE Resuable
-on:
+on: # yamllint disable-line rule:truthy
workflow_call:
inputs:
prRef:
@@ -23,58 +23,85 @@ on:
required: false
secrets:
AAD_TENANT_ID:
+ description: ""
required: true
ACR_NAME:
+ description: ""
required: true
ACTIONS_ACR_NAME:
+ description: ""
required: true
ACTIONS_ACR_URI:
+ description: ""
required: true
ACTIONS_ACR_PASSWORD:
+ description: ""
required: true
ACTIONS_DEVCONTAINER_TAG:
+ description: ""
required: true
API_CLIENT_ID:
+ description: ""
required: true
API_CLIENT_SECRET:
+ description: ""
required: true
ARM_CLIENT_ID:
+ description: ""
required: true
ARM_CLIENT_SECRET:
+ description: ""
required: true
ARM_SUBSCRIPTION_ID:
+ description: ""
required: true
ARM_TENANT_ID:
+ description: ""
required: true
CORE_ADDRESS_SPACE:
+ description: ""
required: true
LOCATION:
+ description: ""
required: true
MGMT_RESOURCE_GROUP:
+ description: ""
required: true
MS_TEAMS_WEBHOOK_URI:
+ description: ""
required: true
STATE_STORAGE_ACCOUNT_NAME:
+ description: ""
required: true
SWAGGER_UI_CLIENT_ID:
+ description: ""
required: true
TEST_APP_ID:
+ description: ""
required: true
TEST_WORKSPACE_APP_ID:
+ description: ""
required: true
TEST_ACCOUNT_CLIENT_ID:
+ description: ""
required: true
TEST_ACCOUNT_CLIENT_SECRET:
+ description: ""
required: true
TF_STATE_CONTAINER:
+ description: ""
required: true
TRE_ADDRESS_SPACE:
+ description: ""
required: true
TRE_ID:
+ description: ""
required: true
CI_CACHE_ACR_NAME:
+ description: ""
required: false
TF_LOG:
+ description: ""
required: false
# This will prevent multiple runs of this entire workflow.
@@ -116,7 +143,7 @@ jobs:
- name: Build new devcontainer
shell: bash
env:
- DOCKER_BUILDKIT: 1
+ DOCKER_BUILDKIT: 1
run: |
set -e
USER_UID=$(id -u)
@@ -397,8 +424,7 @@ jobs:
strategy:
matrix:
include:
- # bundles type can be inferred from the bundle
- # dir (but this is more explicit)
+ # bundles type can be inferred from the bundle dir (but this is more explicit)
- {BUNDLE_TYPE: "workspace",
BUNDLE_DIR: "./templates/workspaces/base"}
- {BUNDLE_TYPE: "workspace",
@@ -481,8 +507,7 @@ jobs:
strategy:
matrix:
include:
- # bundles type can be inferred from the bundle
- # dir (but this is more explicit)
+ # bundles type can be inferred from the bundle dir (but this is more explicit)
- {BUNDLE_TYPE: "workspace",
BUNDLE_DIR: "./templates/workspaces/base"}
- {BUNDLE_TYPE: "workspace",
@@ -655,7 +680,7 @@ jobs:
- uses: technote-space/workflow-conclusion-action@v2
- name: Notify teams channel
- if: env.WORKFLOW_CONCLUSION == 'failure' # notify only if failure
+ if: env.WORKFLOW_CONCLUSION == 'failure' # notify only if failure
uses: sachinkundu/ms-teams-notification@1.4
with:
github-token: ${{ github.token }}
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index c46ac2351e..6f480b0709 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -1,8 +1,8 @@
---
name: End to End Tests
-on:
- workflow_call:
+on: # yamllint disable-line rule:truthy
+ # workflow_call:
workflow_dispatch:
jobs:
@@ -19,9 +19,9 @@ jobs:
- name: Run E2E Tests
uses: ./.github/actions/devcontainer_run_command
with:
- DISPLAY_NAME: "Run E2E Tests (Smoke)"
COMMAND: "make test-e2e-smoke"
ACTIONS_ACR_NAME: ${{ secrets.ACTIONS_ACR_NAME }}
+ ACTIONS_ACR_URI: ${{ secrets.ACTIONS_ACR_NAME }}.azurecr.io/
ACTIONS_ACR_PASSWORD: ${{ secrets.ACTIONS_ACR_PASSWORD }}
ACTIONS_DEVCONTAINER_TAG: ${{ secrets.ACTIONS_DEVCONTAINER_TAG }}
ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}"
@@ -52,9 +52,9 @@ jobs:
- name: Run E2E Tests (Extended)
uses: ./.github/actions/devcontainer_run_command
with:
- DISPLAY_NAME: "Run E2E Tests (Extended)"
COMMAND: "make test-e2e-extended"
ACTIONS_ACR_NAME: ${{ secrets.ACTIONS_ACR_NAME }}
+ ACTIONS_ACR_URI: ${{ secrets.ACTIONS_ACR_NAME }}.azurecr.io/
ACTIONS_ACR_PASSWORD: ${{ secrets.ACTIONS_ACR_PASSWORD }}
ACTIONS_DEVCONTAINER_TAG: ${{ secrets.ACTIONS_DEVCONTAINER_TAG }}
ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}"
diff --git a/.github/workflows/flag_external_pr.yml b/.github/workflows/flag_external_pr.yml
index c25b9e1dfb..d64a564ffa 100644
--- a/.github/workflows/flag_external_pr.yml
+++ b/.github/workflows/flag_external_pr.yml
@@ -1,6 +1,6 @@
name: flag_external_pr
-on:
+on: # yamllint disable-line rule:truthy
pull_request_target:
types: [opened] # only run on new PRs
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment
diff --git a/.github/workflows/lets_encrypt.yml b/.github/workflows/lets_encrypt.yml
index ab7c0b4e69..9b7342092c 100644
--- a/.github/workflows/lets_encrypt.yml
+++ b/.github/workflows/lets_encrypt.yml
@@ -1,7 +1,7 @@
---
name: Renew Lets Encrypt Certificates
-on:
+on: # yamllint disable-line rule:truthy
schedule:
# 3am each month https://crontab.guru/#0_3_1_*_*
- cron: "0 3 1 * *"
@@ -13,8 +13,8 @@ concurrency: letsencrypt
env:
USE_ENV_VARS_NOT_FILES: true
- TF_INPUT: 0 # interactive is off
- TF_IN_AUTOMATION: 1 # Run in headless mode
+ TF_INPUT: 0 # interactive is off
+ TF_IN_AUTOMATION: 1 # Run in headless mode
jobs:
renew_letsencrypt_certs:
diff --git a/.github/workflows/pr_comment_bot.yml b/.github/workflows/pr_comment_bot.yml
index 44b33b5ba5..b6c37daed1 100644
--- a/.github/workflows/pr_comment_bot.yml
+++ b/.github/workflows/pr_comment_bot.yml
@@ -1,8 +1,9 @@
+---
name: pr_comment_bot
-on:
+on: # yamllint disable-line rule:truthy
issue_comment:
- types: [created] # only run on new comments
+ types: [created] # only run on new comments
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment
# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment
@@ -53,7 +54,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Showing help on PR ${PR_NUMBER}"
- gh pr comment ${PR_NUMBER} --repo $REPO --body "Hello
You can use the following commands:
/test - build, deploy and run smoke tests on a PR
/test-extended - build, deploy and run somke & extended tests on a PR
/test-force-approve - force approval of the PR tests (i.e. skip the deployment checks)
/test-destroy-env - delete the validation environment for a PR (e.g. to enable testing a deployment from a clean start after previous tests) /help - show this help"
+ gh pr comment "${PR_NUMBER}" --repo "$REPO" --body "Hello
You can use the following commands:
/test - build, deploy and run smoke tests on a PR
/test-extended - build, deploy and run somke & extended tests on a PR
/test-force-approve - force approval of the PR tests (i.e. skip the deployment checks)
/test-destroy-env - delete the validation environment for a PR (e.g. to enable testing a deployment from a clean start after previous tests) /help - show this help"
# Get PR commit details for running tests
- id: get_pr_details
@@ -67,10 +68,10 @@ jobs:
# Leaving this as bash script as GitHub Script doesn't seem to support multiple output values
echo "Getting PR ref..."
- ref=$(gh pr view $PR_NUMBER --repo $REPO --json commits | jq -r ".[] | last | .oid")
+ ref=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json commits | jq -r ".[] | last | .oid")
echo -e "\tLatest commit ref: $ref"
# Get the prMergeCommit as this is what the pull_request trigger would build
- prMergeRef=$(gh pr view $PR_NUMBER --repo $REPO --json potentialMergeCommit | jq -r .potentialMergeCommit.oid)
+ prMergeRef=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json potentialMergeCommit | jq -r .potentialMergeCommit.oid)
echo -e "\tprMergeRef: $prMergeRef"
echo
@@ -80,13 +81,13 @@ jobs:
github_pr_ref="refs/pull/${PR_NUMBER}/merge"
echo "::set-output name=ciGitRef::${github_pr_ref}"
- REFID=$(echo ${github_pr_ref} | shasum | cut -c1-8)
+ REFID=$(echo "${github_pr_ref}" | shasum | cut -c1-8)
echo "using id of: ${REFID} for GitHub Ref: ${github_pr_ref} (RG base name)"
echo "::set-output name=refid::${REFID}"
# Get PR HEAD SHA for checks status
echo "Getting PR head SHA"
- PR_HEAD_SHA=$(gh api /repos/$REPO/pulls/$PR_NUMBER --jq .head.sha)
+ PR_HEAD_SHA=$(gh api "/repos/$REPO/pulls/$PR_NUMBER" --jq .head.sha)
echo "PR_HEAD_SHA: ${PR_HEAD_SHA}"
echo "::set-output name=prHeadSha::${PR_HEAD_SHA}"
@@ -140,7 +141,7 @@ jobs:
RUN_ID: ${{ github.run_id }}
run: |
echo "Adding comment with link to run on PR ${PR_NUMBER}"
- gh pr comment ${PR_NUMBER} --repo $REPO --body "Running tests: https://github.com/${REPO}/actions/runs/${RUN_ID}"
+ gh pr comment "${PR_NUMBER}" --repo "$REPO" --body "Running tests: https://github.com/${REPO}/actions/runs/${RUN_ID}"
# Perform az login for destroy env script to be able to run
- name: Azure Login
@@ -161,9 +162,9 @@ jobs:
SHOW_KEYVAULT_DEBUG_ON_DESTROY: ${{ secrets.SHOW_KEYVAULT_DEBUG_ON_DESTROY }}
run: |
set -e
- gh pr comment ${PR_NUMBER} --repo $REPO --body "Destroying test environment... (run: https://github.com/${REPO}/actions/runs/${RUN_ID})"
- devops/scripts/destroy_env_no_terraform.sh --core-tre-rg ${RG_NAME}
- gh pr comment ${PR_NUMBER} --repo $REPO --body "Test environment destroy complete"
+ gh pr comment "${PR_NUMBER}" --repo "$REPO" --body "Destroying test environment... (run: https://github.com/${REPO}/actions/runs/${RUN_ID})"
+ devops/scripts/destroy_env_no_terraform.sh --core-tre-rg "${RG_NAME}"
+ gh pr comment "${PR_NUMBER}" --repo "$REPO" --body "Test environment destroy complete"
run_test:
# Run the tests with the re-usable workflow