Create files

.azure/backendTemplate.tf

@@ -0,0 +1,10 @@
+terraform {
+  backend "azurerm" {
+    resource_group_name  = "resourcegroup"
+    storage_account_name = "tfdatas"
+    container_name       = "tfstate"
+    key                  = "{{.GroupName}}.tfstate"
+    use_azuread_auth     = true
+    subscription_id      = "26ad903f-2330-429d-8389-864ac35c4350"
+  }
+}

.azure/hooks/export

@@ -0,0 +1,7 @@
+#!/bin/bash
+group_paths=$(python -c "import json; print('\n'.join([x['groupPath'] for x in json.load(open('./.azure/export.json'))]))")
+
+for path in $group_paths
+do
+    mkdir -p $path
+done

.azure/hooks/generate

@@ -0,0 +1,88 @@
+#!/bin/bash
+set -e
+
+echo "Generating deployment pipeline"
+
+sed -i $'s/\r$//' ./.stages
+readarray -t stages < ./.stages
+
+groupTemplate='
+    {{.GroupName}}:
+        uses: ./.github/workflows/site-cd-workflow.yml
+        with:
+            working-directory: {{.Stage}}/{{.GroupName}}
+        secrets: inherit
+        needs: [{{.Stage}}]
+'
+
+stageTemplate='
+    {{.Stage}}:
+        name: {{.Stage}}
+        needs: [{{.GroupList}}]
+        runs-on: ubuntu-latest
+        steps:
+         - run: echo "running {{.Stage}} stage"
+'
+
+workflow='name: Terraform apply infra change
+
+on:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:'
+backendTemplate=$(<.azure/backendTemplate.tf)
+
+for count in "${!stages[@]}"; do
+    stage=${stages[$count]}
+
+    if [ $count -eq 0 ]; then
+        stagejob=$(echo "$stageTemplate" | sed "s/{{.Stage}}/$stage/g" | grep -v 'needs: \[.*\]')
+        workflow+="$stagejob"
+    else
+        groupList=${stages[$count-1]}
+        pushd ./${stages[$count-1]} > /dev/null
+        for d in */ ; do
+            if [[ $d == "*/" ]]; then
+                break
+            fi
+            group=$(echo "$d" | sed 's/\///g' | sed 's/ /_/g')
+            groupList="$groupList,$group"
+        done
+        stagejob=$(echo "$stageTemplate" | sed "s/{{.Stage}}/$stage/g" | sed "s/{{.GroupList}}/$groupList/g")
+        workflow+="$stagejob"
+        popd > /dev/null
+    fi
+
+    pushd ./$stage > /dev/null
+    for d in */ ; do
+        if [[ $d == "*/" ]]; then
+            break
+        fi
+        group=$(echo "$d" | sed 's/\///g' | sed 's/ /_/g')
+        groupjob=$(echo "$groupTemplate" | sed "s/{{.GroupName}}/$group/g" | sed "s/{{.Stage}}/$stage/g")
+        workflow+="$groupjob"
+
+        #generate backend config file
+        backendConfigFile="./${group}/backend.tf"
+        echo $backendConfigFile
+        echo "$backendTemplate" | sed "s/{{.GroupName}}/$group/g" > "$backendConfigFile"
+        git add $backendConfigFile
+    done
+    popd > /dev/null
+done
+
+# create a workflow file
+workflowfile="./.github/workflows/deploy-infra.yml"
+if [ -f "$workflowfile" ]; then
+    rm "$workflowfile"
+fi  
+echo "$workflow" > "$workflowfile"
+git add $workflowfile
+
+echo "Generated deployment pipeline"

.azure/hooks/pre-commit

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+if [ -f ./.azure/scale.csv ]; then
+    ./.azure/hooks/scale
+fi
+
+if [ -f ./.azure/export.json ]; then
+    ./.azure/hooks/export
+fi
+
+./.azure/hooks/generate

.azure/hooks/scale

@@ -0,0 +1,23 @@
+#/bin/bash
+set -e
+
+gawk -v RS='"' 'NR % 2 == 0 { gsub(/\n/, "") } { printf("%s%s", $0, RT) }' ./.azure/scale.csv > ./.azure/scale.csv.tmp
+echo "" >> ./.azure/scale.csv.tmp
+
+skip_headers=2
+
+while IFS=, read -r stage siteId others 
+do
+    if ((skip_headers))
+    then
+        ((skip_headers--))
+    else
+        siteId=$(echo $siteId | tr -d '"')
+        echo "Stage:$stage, SiteId: $siteId"
+        # create folder if site id is not empty
+        if [ ! -z "$siteId" ]
+        then
+            mkdir -p ./$stage/$siteId
+        fi
+    fi
+done < ./.azure/scale.csv.tmp

.gitattributes

@@ -0,0 +1,7 @@
+* text=auto
+
+*.exe binary
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.pdf binary

.github/workflows/deploy-infra.yml

@@ -0,0 +1,35 @@
+name: Terraform apply infra change
+
+on:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  dev:
+    name: dev
+    needs: []
+    uses: ./.github/workflows/list-and-run.yml
+    secrets: inherit
+    with:
+      directory: dev
+
+  qa:
+    name: qa
+    needs: [dev]
+    uses: ./.github/workflows/list-and-run.yml
+    secrets: inherit
+    with:
+      directory: qa
+
+  prod:
+    name: prod
+    needs: [dev,qa]
+    uses: ./.github/workflows/list-and-run.yml
+    secrets: inherit
+    with:
+      directory: prod

.github/workflows/export.yml

@@ -0,0 +1,112 @@
+name: Export Azure resource into config
+
+on:
+  push:
+    branches:
+      - '**'
+      - '!main'
+    paths:
+      - '.azure/export.json'
+  workflow_call:
+    inputs:
+      branch:
+        required: true
+        type: string
+
+permissions:
+  contents: write
+  id-token: write
+
+env:
+  ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+  ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+  ARM_USE_OIDC: true
+  TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+  TF_VAR_hci_0_local_admin_user: ${{ secrets.localAdminUser }}
+  TF_VAR_hci_0_local_admin_password: ${{ secrets.localAdminPassword }}
+  TF_VAR_domain_admin_user: ${{ secrets.domainAdminUser }}
+  TF_VAR_domain_admin_password: ${{ secrets.domainAdminPassword }}
+  TF_VAR_hci_0_deployment_user_password: ${{ secrets.deploymentUserPassword }}
+  TF_VAR_hci_0_service_principal_id: ${{ secrets.servicePrincipalId }}
+  TF_VAR_hci_0_service_principal_secret: ${{ secrets.servicePrincipalSecret }}
+  TF_VAR_rp_service_principal_object_id: ${{ secrets.rpServicePrincipalObjectId }}
+  TF_VAR_vm_admin_password: ${{ secrets.vmAdminPassword }}
+  TF_VAR_domain_join_password: ${{ secrets.domainJoinPassword }}
+  HCI_RP_SP_ID: ${{ secrets.rpServicePrincipalObjectId }}
+
+jobs:
+  export:
+    environment: terraform
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    # checkout to input branch when input branch is not empty
+    - name: Checkout to input branch
+      if: ${{ inputs.branch != '' }}
+      run: |
+        git fetch origin ${{ inputs.branch }}
+        git checkout ${{ inputs.branch }}
+    # Install node
+    - uses: actions/setup-node@v4
+      with:
+        node-version: latest
+    - run: node --version
+    # Install the latest version of Terraform CLI
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_wrapper: false
+    # check terraform version
+    - name: Check terraform version
+      run: terraform version
+    # az login
+    - name: Log in to Azure using OIDC
+      uses: azure/login@v1
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    # check first 18 characters of az account user name
+    - name: Check az account
+      run: az account show --query user.name --output tsv | cut -c 1-18
+    # Download az-edge-module-export
+    - name: Download az-edge-module-export
+      run: |
+        wget "https://aka.ms/az-edge-module-export-linux-amd64" -O az-edge-module-export
+        chmod +x az-edge-module-export
+        ./az-edge-module-export -v
+    # Download az-edge-site-scale
+    - name: Download az-edge-site-scale
+      run: |
+        wget "https://aka.ms/az-edge-site-scale-linux-amd64" -O az-edge-site-scale
+        chmod +x az-edge-site-scale
+        ./az-edge-site-scale -v
+    # Run az-edge-module-export
+    - name: Run az-edge-module-export
+      run: |
+        ./az-edge-module-export -c ./.azure/export.json -b ./.azure/backendTemplate.tf
+        rm ./az-edge-module-export
+    # Generate sample csv file to scale
+    - name: Run az-edge-site-scale generate
+      run: |
+        mkdir -p ./.azure/scale
+        cat ./.azure/export.json | jq -r '.[]|[.baseModulePath, .groupPath] | @tsv' |
+          while IFS=$'\t' read -r baseModulePath groupPath; do
+              name=$(echo $baseModulePath | rev | cut -d '/' -f 1 | rev)
+              ./az-edge-site-scale generate -c ./.azure/scale/$name.csv -s $groupPath
+          done
+        rm ./az-edge-site-scale
+    - name: Clean up
+      run: |
+        rm ./.azure/export.json
+    # Commit and push the changes
+    - name: Commit and push the changes
+      if: always()
+      run: |
+        git config --global user.email "exporter@iac.microsoft.com"
+        git config --global user.name "IaC Exporter"
+        git add .
+        git commit -m "Export Azure resource into config"
+        git push

.github/workflows/list-and-run.yml

@@ -0,0 +1,51 @@
+name: List and Run
+
+on:
+  workflow_call:
+    inputs:
+      directory:
+        required: true
+        type: string
+
+jobs:
+  list:
+    runs-on: windows-latest
+    outputs:
+      matrix: ${{ steps.setTargets.outputs.matrix }}
+      apply: ${{ steps.setTargets.outputs.apply }}
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: List directory
+        id: setTargets
+        shell: pwsh
+        run: |
+          $inputDirectory = "${{ inputs.directory }}"
+          $fullPath = Join-Path $pwd ${{ inputs.directory }}
+          $sites = Get-ChildItem -Directory $fullPath
+          
+          $array = @()
+          foreach ($site in $sites) {
+            $array += @{
+              'siteId' = $site.Name
+              'workingDirectory' = ($inputDirectory + '/' + $site.Name).Replace('\', '/')
+            }
+          }
+          $json = ConvertTo-Json -InputObject $array -Compress
+          
+          echo "matrix=$json" >> $env:GITHUB_OUTPUT
+          
+          $apply = if ($sites.Length -gt 0) { 'true' } else { 'false' }
+          echo "apply=$apply" >> $env:GITHUB_OUTPUT
+  apply:
+    needs: [list]
+    if: ${{ needs.list.outputs.apply == 'true' }}
+    strategy:
+      matrix:
+        site: ${{ fromJson(needs.list.outputs.matrix) }}
+    uses: ./.github/workflows/site-cd-workflow.yml
+    with:
+      working-directory: ${{ matrix.site.workingDirectory }}
+    secrets: inherit