我正在使用 terraform 在 Azure 云中设置资源。这些资源包括一个 Azure 应用程序功能,我将其源代码托管在私有 GitHub 存储库上。
使用
azurerm_app_service_source_control以下是我认为与我的问题相关的 terraform 代码片段。
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.0"
}
}
required_version = ">= 1.1.0"
}
#https://stackoverflow.com/questions/74735576/managing-many-azure-subscriptions-with-terraform
provider "azurerm" {
subscription_id = terraform.workspace == "prod" ? var.prod_subscription_id : var.dev_subscription_id
tenant_id = terraform.workspace == "prod" ? var.tenant_id : var.tenant_id
client_id = terraform.workspace == "prod" ? var.prod_client_id : var.dev_client_id
client_secret = terraform.workspace == "prod" ? var.prod_client_secret : var.dev_client_secret
features {}
}
resource "azurerm_source_control_token" "source_control_token" {
type = "GitHub"
token = var.github_token
token_secret = var.github_token
}
resource "azurerm_linux_function_app" "func_app" {
name = "func-${terraform.workspace}"
location = var.locations.long
resource_group_name = var.rg.name
service_plan_id = azurerm_service_plan.func_plan.id
storage_account_name = var.storage_account.name
storage_account_access_key = var.storage_account.primary_access_key
site_config {
application_stack {
python_version = "3.10"
}
}
app_settings = {
"COSMOSDB_CONNECTIONSTRING" = var.cosmosdb_connection_string
cors = "*"
}
identity {
type = "SystemAssigned"
}
#### TODO: REMOVE BEFOR GOING TO PROD
lifecycle {
prevent_destroy = false
}
}
# Adding GitHub source control integration
resource "azurerm_app_service_source_control" "source_control" {
app_id = azurerm_linux_function_app.func_app.id
repo_url = local.github_repo
branch = terraform.workspace == "prod" ? "main" : "dev"
depends_on = [azurerm_linux_function_app.func_app]
github_action_configuration {
code_configuration {
runtime_stack = "python"
runtime_version = "3.10"
}
}
}
生成的 GitHub Action 文件如下所示:
name: Azure App Service - Build and Deploy Python App
on:
push:
branches:
- dev
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout Github Action'
uses: actions/checkout@master
- name: Set up Python version
uses: actions/setup-python@v1
with:
python-version: '3.10'
- name: Build using AppService-Build
uses: azure/appservice-build@v2
with:
platform: python
platform-version: '3.10'
- name: Run Azure webapp deploy action using publish profile credentials
uses: azure/webapps-deploy@v2
with:
app-name: func-dev
slot-name: Production
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_<REDACTED> }}
为了使构建和部署工作流程没有错误,我需要手动检查工作流程并将使用的所有工具更新到最新版本。
记录的输出中没有错误。该流程运行到最后,我收到工作流程失败的通知。部署步骤未执行(但没有输出说明原因),这就是我开始研究构建步骤的原因。
name: Azure App Service - Build and Deploy Python App
on:
push:
branches:
- dev
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python version
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Build using AppService-Build
uses: azure/appservice-build@v3
with:
platform: python
platform-version: '3.10'
source-directory: '.'
- name: Deploy to Azure Web App
uses: azure/webapps-deploy@v2
with:
app-name: func-dev
slot-name: Production
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_<REDACTED> }}
由于 GH 操作流程的更新版本有效,我确信该错误与身份验证或类似问题无关。
我会频繁地部署和关闭服务器,并且不希望手动进行此更新。
是否有解决方法可以使过时的文件正常工作?我没有使用码头工人。我正在使用 VS Code 的扩展来使用 Python 版本 1 设置我的应用程序功能。
或者可以在 terraform 中提供具有更新的 GitHub 操作工作流程的模板吗?
你好TheIceBear,似乎你已经找到了解决你的问题的方法,我建议一些替代方法,请随意添加你的输入或你的解决方案,因为它可能会帮助其他有类似问题的人。
我从问题中了解到的是,您的代码自动生成具有过时依赖项的 GitHub Action 工作流程,并且您希望避免在每次部署后手动更新这些工作流程,因此您编写了一个部署后脚本作为解决方法。
我个人觉得最简单的方法是我们可以手动将 GitHub Action 工作流程直接集成到存储库中并禁用工作流程的自动生成。
例如,您可以删除github_action_configuration
块类似这样的-
name: Azure App Service - Build and Deploy Python App
on:
push:
branches:
- dev
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python version
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Build using AppService-Build
uses: azure/appservice-build@v3
with:
platform: python
platform-version: '3.10'
source-directory: '.'
- name: Deploy to Azure Web App
uses: azure/webapps-deploy@v2
with:
app-name: func-dev
slot-name: Production
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_<REDACTED> }}
但是既然您说您不想手动执行此操作,那么我认为您尝试过的其他方法是使用 local-exec 配置程序 来运行自动更新工作流程文件的部署后脚本。
#!/bin/bash
git clone [email protected]:abc-corp/arko.git
cd arko
# Update the workflow file with the correct action versions
sed -i 's/actions\/checkout@master/actions\/checkout@v4/' .github/workflows/azure.yml
sed -i 's/actions\/setup-python@v1/actions\/setup-python@v5/' .github/workflows/azure.yml
sed -i 's/azure\/appservice-build@v2/azure\/appservice-build@v3/' .github/workflows/azure.yml
git commit -am "Update GitHub Action workflow to latest versions"
git push origin main