Workflow changes for controller deploy workflow (#12)

* fix: recover soft deleted key to true

* fix: recover soft deleted key to false

* chore: Add max queue polling to 2 mins

* chore: Change controller workflow

* chore: Change controller workflow

* chore: Change controller workflow

* chore: Change controller workflow

* chore: Change controller workflow

* fix: Change container group function

* fix: Correct docker image

* chore: Parse webhook json

* fix:correct sending proper label to queue

* fix:create missing function';

* fix:correct variale scope

* feat: Add kv role assignment to controller app

* fix: Enable RBAC for Azure KV

* fix: container_name

* debug: hard code container name

* debug: hard code image name

* fix: correct env variable for controller app

* fix: Correct KV role to contributor

* fix: Correct KV role to admin

* fix: Correct KV role to admin

* fix: Correct KV role to admin

* fix: Correct KV role to admin

* feat: Add RBAC for key vault

* feat: Add RBAC for key vault

* feat: Add RBAC for key vault

* feat: Add env variable

* feat: Add acr credentials

* feat: Add system managed role for acr

* feat: Add user assigned identity

* feat: Add user assigned identity

* feat: Add user assigned identity

* feat: Assign identity operator role to controller app

* fix: correct user identity name

* fix: correct image name

* fix: correct image name

* fix: correct image name

* fix: correct image name

* fix: Correct image name

* debug: Add identity separated from group

* debug: add nginx image

* debug: make acr admin enabled

* debug: revert to actual acr image

* feat: admin enable acr

* fix: Add acr cred to app env var

* fix: add admin image cred

* fix: Correct image name

* fix: Removed user assigned identity

* fix: Add version to azure container management lib

* fix: Correct image registry cred injection

* debug: log acr details for debugging

* fix:Correct image registry cred

* fix:Correct image registry cred

* fix:Correct image registry cred

* fix:Correct image registry cred

* fix: Broken runner image registration

* fix: Add gh orh variable

* fix: Add gh orh variable

* fix: Correct docker image name

* feat: Add log analytics ws for container group

* fix: Correct token generations and usage

* chore: remove commented code

* fix: remove log analytics

* fix: Correct setting runner token

* fix: Correct image name

* fix: Correct app param

* fix: Correct app param

* fix: Add workflow id to container group name

* fix: correctly parse input json

* feat: Added delete container group for terminated CG

* feat: Add app param for receiver

* feat: Add app param for receiver

* feat: Add app param for receiver

* fix: revert to non termination

* fix: req file

* debug: comment code

* change workflow name

* corrected workflow

* corrected workflow

* corrected workflow

* corrected workflow

* corrected workflow

* corrected workflow

* corrected workflow

* corrected workflow

* corrected workflow

* corrected workflow

* feat:Add cleanup infra anf function

* fix:controller app workflow

* fix: Update name of wf

* fix:Try oryx build

* fix: add pip command

* fix: add pip command

* fix: add pip command

* fix: add pip command

* Update build_deploy_controller_function.yml

* Add or update the Azure App Service build and deployment workflow config

* fix: workflow yml

* fix: workflow yml

* fix: workflow yml

* test commit

* fix: workflow yml

* fix: workflow yml

* fix: workflow yml

* fix: workflow yml

* fix: controller app deploy

* fix: stop prebuild package

* fix: add clean fn role assgnnt

* fix: add clean fn role assgnnt

* fix: add clean fn role assgnmnt

* fix: add clean fn role assgnmnt

* fix: add clean fn role assgnmnt

* fix: cleanup lambda

* feat:Update gitignore

* feat: Add readme

* chore: Update readme

* chore: Update readme

* feat: Add workflow id parameter to image name

* fix: controller workflow

* fix: controller fn

* fix : workflow

* fix: remove conflicting setting

* fix: cont workflow

* fix: cont workflow

* fix: controller

* fix: controller

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* fix

Author: subir0071

.github/workflows/build_deploy_controller_function.yml

@@ -1,71 +1,55 @@
-
 name: Build and deploy Controller Function
 run-name: Build and deploy Controller Function
+
 on:
   push:
     paths:
       - github-runner-controller-function/**
-
   workflow_dispatch:
 
 permissions:
-  id-token: write 
-  contents: read 
+  id-token: write
+  contents: read
 
 defaults:
   run:
     shell: bash
     working-directory: github-runner-controller-function
 
 env:
-  AZURE_FUNCTIONAPP_PACKAGE_PATH: './github-runner-controller-function' # set this to the path to your web app project, defaults to the repository root
-  PYTHON_VERSION: '3.11' # set this to the python version to use (supports 3.6, 3.7, 3.8)
-  # AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-  # AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-  # AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+  AZURE_FUNCTIONAPP_NAME: 'awesomeproj-dev-controller-function-app'
+  AZURE_FUNCTIONAPP_PACKAGE_PATH: './github-runner-controller-function' # working-directory already set to this
+  PYTHON_VERSION: '3.11'
 
 
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     environment: dev
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
 
-      - name: Setup Python version
-        uses: actions/setup-python@v5
+    steps:
+      - name: 'Checkout Controller Function'
+        uses: actions/checkout@v3
         with:
-          python-version: ${{ env.PYTHON_VERSION }}
+          sparse-checkout:
+            github-runner-controller-function
 
-      - name: Create and start virtual environment
+      - name: list
         run: |
-          python -m venv venv
-          source venv/bin/activate
-
-      - name: pwd
-        run: pwd
-
-      - name: ls -l
-        run: ls -l
-
-      - name: Install dependencies
-        run: pip install -r requirements.txt
-
-      # Optional: Add step to run tests here
+          echo "=== Repository structure ==="
+          ls -la
 
-      - name: Login to Azure
+      - name: 'Login via Azure CLI'
         uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - name: 'Deploy to Azure Functions'
+      - name: 'Run Azure Functions Action'
         uses: Azure/functions-action@v1
-        id: deploy-to-function
         with:
           app-name: 'awesomeproj-dev-controller-function-app'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
+          remote-build: true
 
-     

.github/workflows/test_deploy_controller.yml

@@ -0,0 +1,46 @@
+name: Test Deploy Controller Function
+run-name: Test Deploy Controller Function
+on:
+  workflow_dispatch:
+
+permissions:
+  id-token: write 
+  contents: read 
+
+jobs:
+  test-deploy:
+    runs-on: ubuntu-latest
+    environment: dev
+    
+    steps:
+    - name: 'Checkout Repository'
+      uses: actions/checkout@v4
+
+    - name: 'Login via Azure CLI'
+      uses: azure/login@v2
+      with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    - name: 'List files before deployment'
+      run: |
+        echo "=== Repository structure ==="
+        ls -la
+        echo "=== Controller function directory ==="
+        ls -la github-runner-controller-function/
+
+    - name: 'Deploy using zip'
+      run: |
+        cd github-runner-controller-function
+        # Remove development artifacts
+        rm -rf .venv .vscode __pycache__ .pytest_cache .git* *.pyc
+        # Create deployment package
+        zip -r ../controller-function.zip . -x "*.git*" "*/__pycache__/*" "*.pyc"
+        cd ..
+        
+        # Deploy using Azure CLI
+        az functionapp deployment source config-zip \
+          --resource-group "awesomeproj-dev-rg" \
+          --name "awesomeproj-dev-controller-function-app" \
+          --src controller-function.zip

.gitignore

@@ -1,14 +1,62 @@
 .sensitive.sh
 
+# Terraform state files
 terraform.tfstate
 terraform.tfstate.backup
 .terraform/
 *.pem
 .terraform.lock.hcl
+terraform.tfvars.backup
+*.auto.tfvars
+.terraform.d/
+
+# Secrets and sensitive files
 secrets.json
-.venv
-destroyplan
 secret.*
-test_http_function.http
-.vscode
+*.key
+*.p12
+*.pfx
+.env
+.env.*
+
+# Python virtual environments and packages
+.venv/
+venv/
+env/
+ENV/
+.python_packages/
+.conda/
+*.pyc
+*.pyo
+*.pyd
 __pycache__/
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Azure and development files
+destroyplan
+tfplan.out
+*.out
+test_http_function.http
+local.settings.json
+.funcignore
+
+# IDE and editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+Thumbs.db
+
+# Log files
+*.log
+logs/
+
+# Temporary files
+tmp/
+temp/
+.tmp/
+

create-azure-infra/main.tf

@@ -80,9 +80,10 @@ resource "azurerm_linux_function_app" "gha_runner_controller_function_app" {
     "QUEUE_NAME"                      = azurerm_storage_queue.gh_runner_asq.name
     "APPINSIGHTS_INSTRUMENTATIONKEY"  = azurerm_application_insights.gha_runner_aai.instrumentation_key
     "storageAccountConnectionString"  = azurerm_storage_account.gha_runner_sa.primary_connection_string
-#    "WEBSITE_RUN_FROM_PACKAGE"        = "1" 
-    "ENABLE_ORYX_BUILD"              = "true"
-    "SCM_DO_BUILD_DURING_DEPLOYMENT" = "true"
+   # "WEBSITE_RUN_FROM_PACKAGE"        = 1
+    "SCM_DO_BUILD_DURING_DEPLOYMENT"  = true
+    "ENABLE_ORYX_BUILD"               = true
+
   }
 
   #zip_deploy_file = "./gha-runner-controller.zip"

github-runner-controller-function/function_app.py

@@ -86,7 +86,7 @@ def create_container_instance(runner_label, workflow_job_id):
   # Retrieve GH APP secrets from key-vault
   container_environment_variable, image_registry_credentials = retrieve_kv_secret()
 
-  container_image_name="awesomeprojdevacr.azurecr.io/gha-runner:latest"
+  container_image_name=f"awesomeprojdevacr.azurecr.io/{runner_label}:latest"
 
   # Configure the container
   container_resource_requirements = ResourceRequirements(

github-runner-controller-function/requirements.txt

@@ -3,9 +3,12 @@
 # Manually managing azure-functions-worker may cause unexpected issues
 
 azure-functions
-azure-storage-queue
-azure-mgmt-containerinstance>=10.0.0
-azure-identity
-azure-keyvault-secrets
-azure-mgmt-containerregistry
-azure.containerregistry
+azure-identity>=1.20.0
+azure-core>=1.32.0
+azure-storage-queue>=12.12.0
+azure-keyvault-secrets>=4.9.0
+azure-containerregistry>=1.2.0
+azure-mgmt-containerinstance>=10.1.0
+azure-mgmt-containerregistry>=10.3.0
+azure-mgmt-core>=1.5.0
+