Skip to main content

Radix Action Setup

  1. Created App Registration / Service Principal
  • ClientID : ea425507-0de4-4f5f-bac8-48cea54f7a0c
  • name: project-portal-radix-github-integration

  1. Added this service principal as a member of AD group: AZAPPL S364 - Contributor as described here

  2. Added teh following to the radix configuration file on all components:

      identity:
        azure:
          clientId: ea425507-0de4-4f5f-bac8-48cea54f7a0c

  1. Created new environment i git repo: equinor/fusion-project-portal named production

  2. Added project-portal-github Federal credentials used by GitHub Actions

project-portal-github

  1. Added Kubernetes accessing Azure recurses to all environments and frontend and backend

  2. Trying to use the following Action.

name: promote

on:
  push:
    branches:
      - promote-test

concurrency: ${{ github.workflow }}-${{ github.ref }}
permissions:
  id-token: write

jobs:
  test:
    name: Realease
    runs-on: ubuntu-latest
    environment: production
    env:
      TENANT_ID: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
      CLIENT_ID: ea425507-0de4-4f5f-bac8-48cea54f7a0c
    steps:
      - name: Install jq
        uses: dcarbone/install-jq-action@v1.0.1
        with:
          version: "1.6"

      - name: "Az CLI login" # uses federated auth
        uses: azure/login@v1
        with:
          tenant-id: ${{env.TENANT_ID}}
          client-id: ${{env.CLIENT_ID}}
          allow-no-subscriptions: true

      - name: "Get Azure principal token for Radix"
        run: |
          token=$(az account get-access-token --resource 6dae42f8-4368-4678-94ff-3960e28e3630 --query=accessToken -otsv)
          echo "::add-mask::$token"
          echo "$token"
          echo "APP_SERVICE_ACCOUNT_TOKEN=$token" >> $GITHUB_ENV

      - name: "Get application information for fusion-project-portal"
        id: get_application_info
        uses: equinor/radix-github-actions@master
        with:
          args: >
            get application
            --application fusion-project-portal

      - name: "Get active deployments"
        id: get_active_deployment
        run: |
          activeDeploymentApi=$(echo '${{steps.get_application_info.outputs.result}}' | jq -r '.environments | .[] | select(.name=="test") | .activeDeployment.name')
          echo "activeDeploymentApi=$activeDeploymentApi" >> "$GITHUB_OUTPUT"

      - name: "Promote fusion-project-portal in Radix from test to feature"
        uses: equinor/radix-github-actions@master
        with:
          args: >
            create job
            promote
            -a fusion-project-portal
            -d Promote Project Portal
            -f
            --from-environment test
            --to-environment feature
            --deployment ${{ steps.get_active_deployment.outputs.activeDeploymentApi }}