5.internal-document-search-deployment #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: '5.internal-document-search-deployment' | |
on: | |
schedule: | |
- cron: '0 23 * * *' | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Login azure | |
uses: azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
enable-AzPSSession: true | |
- name: what-if using Azure CLI | |
run: | | |
set +e | |
results=$(az deployment sub what-if --template-file "./5.internal-document-search/infra/main.bicep" --location JapanEast -p vmLoginPassword=dummy -p resourceGroupName=rg-${{ github.run_id }} -p isPrivateNetworkEnabled=false -p environmentName=${{ github.run_id }} -p location=japaneast 2>&1) | |
echo "$results" | |
# Check if "Error" is present in $results | |
if echo "$results" | grep -i "Error"; then | |
echo "Error found in what-if results. Exiting..." | |
exit 1 | |
fi | |
- name: Deploy Azure Resources | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
$ENV:SUB = "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
$ENV:USER_ID = "${{ secrets.AZURE_USER_ID }}" | |
$ENV:AZURE_PRINCIPAL_ID = "${{ secrets.AZURE_OBJECT_ID }}" | |
$ENV:LOC = "${{ secrets.AZURE_LOCATION }}" | |
$ENV:DEP_NAME = "github-actions-deploy-${{ github.run_id }}" | |
$ENV:AZURE_ENV_NAME = "github-actions-test-${{ github.run_id }}" | |
$ENV:BACKEND_SERVICE_NAME = "app-backend-${{ github.run_id }}" | |
$ENV:APP_SERVICE_PLAN_NAME = "plan-${{ github.run_id }}" | |
$ENV:AZURE_COSMOSDB_ACCOUNT = "cosmos-${{ github.run_id }}" | |
$ENV:STORAGE_ACCOUNT_NAME = "st${{ github.run_id }}" | |
$ENV:SEARCH_SERVICE_NAME = "gptkb-${{ github.run_id }}" | |
$ENV:FORMRECOGNIZER_SERVICE_NAME = "cog-fr-${{ github.run_id }}" | |
$ENV:COGNITIVE_SERVICES_NAME = "cog-${{ github.run_id }}" | |
cd 5.internal-document-search/infra | |
$results = az deployment sub create --name $ENV:DEP_NAME --location $ENV:LOC --template-file main.bicep --parameters principalId=$ENV:AZURE_PRINCIPAL_ID environmentName=$ENV:AZURE_ENV_NAME location=$ENV:LOC backendServiceName=$ENV:BACKEND_SERVICE_NAME appServicePlanName=$ENV:APP_SERVICE_PLAN_NAME storageAccountName=$ENV:STORAGE_ACCOUNT_NAME searchServiceName=$ENV:SEARCH_SERVICE_NAME formRecognizerServiceName=$ENV:FORMRECOGNIZER_SERVICE_NAME openAiServiceName=$ENV:COGNITIVE_SERVICES_NAME vmLoginPassword=dummy isPrivateNetworkEnabled=false cosmosDBAccountName=$ENV:AZURE_COSMOSDB_ACCOUNT 2>&1 | Out-String | |
echo "$results" | |
if ($results.Contains("ERROR")) { | |
echo "Deployment failed" | |
exit 1 | |
} | |
if ($results.Contains("InsufficientQuota")) { | |
echo "Fix AOAI quota!" | |
exit 1 | |
} | |
azPSVersion: "latest" | |
- name: Build frontend | |
run: | | |
cd 5.internal-document-search/src/frontend | |
npm install | |
npm run build | |
- name: Build Backend | |
run: | | |
cd 5.internal-document-search/src/backend | |
zip -r app.zip . | |
- name: Deploy to App Service | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
$ENV:AZURE_WEBAPP_RESOURCE_GROUP = "rg-github-actions-test-${{ github.run_id }}" | |
$ENV:WEBAPP_NAME = "app-backend-${{ github.run_id }}" | |
cd 5.internal-document-search/src/backend | |
$results = az webapp deployment source config-zip --resource-group $ENV:AZURE_WEBAPP_RESOURCE_GROUP --name $ENV:WEBAPP_NAME --src ./app.zip | |
echo "$results" | |
if ($results.Contains("ERROR")) { | |
echo "Deployment failed" | |
exit 1 | |
} | |
azPSVersion: "latest" | |
- name: Assgin RBAC to CosmosDB | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
$ENV:RESOURCE_GROUP_NAME = "rg-github-actions-test-${{ github.run_id }}" | |
$ENV:BACKEND_SERVICE_NAME = "app-backend-${{ github.run_id }}" | |
$ENV:AZURE_COSMOSDB_ACCOUNT = "cosmos-${{ github.run_id }}" | |
$ENV:BACKEND_IDENTITY_PRINCIPAL_ID = az webapp identity show --name $ENV:BACKEND_SERVICE_NAME --resource-group $ENV:RESOURCE_GROUP_NAME --query principalId | |
cd 5.internal-document-search | |
$roleId = az cosmosdb sql role definition create --account-name $ENV:AZURE_COSMOSDB_ACCOUNT --resource-group $ENV:RESOURCE_GROUP_NAME --body ./scripts/cosmosreadwriterole.json --output tsv --query id | |
echo "roleId=$roleId" >> $GITHUB_ENV | |
az cosmosdb sql role assignment create --account-name $ENV:AZURE_COSMOSDB_ACCOUNT --resource-group $ENV:RESOURCE_GROUP_NAME --scope / --principal-id $ENV:BACKEND_IDENTITY_PRINCIPAL_ID --role-definition-id $roleId | |
azPSVersion: "latest" | |
- name: setup python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Create Search Index | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
$env:RESOURCE_GROUP_NAME = "rg-github-actions-test-${{ github.run_id }}" | |
$env:AZURE_STORAGE_ACCOUNT = "st${{ github.run_id }}" | |
$env:AZURE_STORAGE_CONTAINER = "content" | |
$env:AZURE_SEARCH_SERVICE = "gptkb-${{ github.run_id }}" | |
$env:AZURE_SEARCH_INDEX = "gptkbindex" | |
$env:AZURE_FORMRECOGNIZER_SERVICE = "cog-fr-${{ github.run_id }}" | |
$env:AZURE_PRINCIPAL_ID = "${{ secrets.AZURE_OBJECT_ID }}" | |
$env:AZURE_COSMOSDB_ACCOUNT = "cosmos-${{ github.run_id }}" | |
$roleId = "${{env.roleId}}" | |
$key = az search admin-key show -g $env:RESOURCE_GROUP_NAME --service-name $env:AZURE_SEARCH_SERVICE | ConvertFrom-Json | |
$env:AZURE_SEARCH_KEY = $key.primaryKey | |
$key = az cognitiveservices account keys list -n $env:AZURE_FORMRECOGNIZER_SERVICE -g $env:RESOURCE_GROUP_NAME | ConvertFrom-Json | |
$env:AZURE_FORMRECOGNIZER_KEY = $key.key1 | |
$key = az storage account keys list -n $env:AZURE_STORAGE_ACCOUNT -g $env:RESOURCE_GROUP_NAME | ConvertFrom-Json | |
$env:AZURE_STORAGE_KEY = $key[0].value | |
cd 5.internal-document-search | |
az cosmosdb sql role assignment create --account-name $env:AZURE_COSMOSDB_ACCOUNT --resource-group $env:RESOURCE_GROUP_NAME --scope / --principal-id $env:AZURE_PRINCIPAL_ID --role-definition-id $roleId | |
$pythonCmd = Get-Command python -ErrorAction SilentlyContinue | |
if (-not $pythonCmd) { | |
$pythonCmd = Get-Command python3 -ErrorAction SilentlyContinue | |
} | |
Start-Process -FilePath ($pythonCmd).Source -ArgumentList "-m venv ./scripts/.venv" -Wait -NoNewWindow | |
$venvPythonPath = "./scripts/.venv/scripts/python.exe" | |
if (Test-Path -Path "/usr") { | |
$venvPythonPath = "./scripts/.venv/bin/python" | |
} | |
Start-Process -FilePath $venvPythonPath -ArgumentList "-m pip install -r ./scripts/requirements.txt" -Wait -NoNewWindow | |
$cwd = (Get-Location) | |
Start-Process -FilePath $venvPythonPath -ArgumentList "./scripts/prepdocs.py $cwd/data/* --storageaccount $env:AZURE_STORAGE_ACCOUNT --container $env:AZURE_STORAGE_CONTAINER --storagekey $env:AZURE_STORAGE_KEY --searchservice $env:AZURE_SEARCH_SERVICE --searchkey $env:AZURE_SEARCH_KEY --index $env:AZURE_SEARCH_INDEX --formrecognizerservice $env:AZURE_FORMRECOGNIZER_SERVICE --formrecognizerkey $env:AZURE_FORMRECOGNIZER_KEY -v --managedidentitycredential" -Wait -NoNewWindow | |
azPSVersion: "latest" | |
- name: Delete Azure Resources | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
$ENV:RESOURCE_GROUP_NAME = "rg-github-actions-test-${{ github.run_id }}" | |
$ENV:SUB = "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
$ENV:LOC = "${{ secrets.AZURE_LOCATION }}" | |
$ENV:COGNITIVE_SERVICES_NAME = "cog-${{ github.run_id }}" | |
az group delete -n $ENV:RESOURCE_GROUP_NAME --yes | |
az resource delete --ids /subscriptions/$ENV:SUB/providers/Microsoft.CognitiveServices/locations/$ENV:LOC/resourceGroups/$ENV:RESOURCE_GROUP_NAME/deletedAccounts/$ENV:COGNITIVE_SERVICES_NAME | |
azPSVersion: "latest" |