Merge pull request #16853 from CDCgov/deployment/2024-12-19

Deployment of 2024-12-19
CDCgov · Dec 19, 2024 · 3e61bc6 · 3e61bc6
2 parents e4c79a0 + d56ee64
commit 3e61bc6
Show file tree

Hide file tree

Showing 81 changed files with 7,671 additions and 576 deletions.
diff --git a/.github/actions/azviz/README.md b/.github/actions/azviz/README.md
@@ -0,0 +1,90 @@
+# AzViz (Azure Visualizer) action
+Note: This GitHub Action is imported from: https://github.com/josiahsiegel/azviz-action
+
+## ☕ Please donate to [AzViz Developer](https://github.com/PrateekKumarSingh/AzViz#readme)
+
+![](https://github.com/PrateekKumarSingh/AzViz/blob/master/img/themeneon.jpg)
+
+## Synopsis
+
+[AzViz](https://github.com/PrateekKumarSingh/AzViz) for [GitHub actions](https://github.com/marketplace?type=actions)!
+
+## Inputs
+
+### Required
+
+```yml
+inputs:
+  resource-group:
+    description: Comma-seperated resource group list
+    required: true
+  out-file:
+    description: Graph export path
+    required: true
+    default: output/viz.svg
+  sub-name:
+    description: Azure subscription name
+    required: true
+    default: Pay-As-You-Go
+```
+
+### Optional
+
+```yml
+  theme:
+    description: Graph theme (dark, light, neon)
+    required: false
+    default: neon
+  depth:
+    description: Level of Azure Resource Sub-category to be included in vizualization (1 or 2)
+    required: false
+    default: '1'
+  verbosity:
+    description: Level of information to included in vizualization (1 or 2)
+    required: false
+    default: '1'
+  format:
+    description: Graph format (png or svg)
+    required: false
+    default: svg
+  direction:
+    description: Direction in which resource groups are plotted on the visualization (left-to-right or top-to-bottom)
+    required: false
+    default: top-to-bottom
+  exclude-types:
+    description: Exclude resources via string search
+    required: false
+    default: '*excludethisthing1,excludethisthing2*'
+  splines:
+    description: Controls how edges appear in visualization. ('spline', 'polyline', 'curved', 'ortho', 'line')
+    required: false
+    default: spline
+```
+
+## Quick start
+
+`sample_min_workflow.yml`
+```yml
+jobs:
+  generate-viz:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Login to Azure
+          uses: azure/login@v1
+          with:
+            creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
+            enable-AzPSSession: true
+        - uses: CDCgov/prime-reportstream/.github/actions/azviz@663e24299a6336f1ff8dbddadfac1ba5d462f731aaa
+          with:
+            resource-group: ${{ github.event.inputs.resource-group }}
+            out-file: ${{ github.event.inputs.out-file }}
+            sub-name: ${{ github.event.inputs.sub-name }}
+        - uses: actions/upload-artifact@v2
+          with:
+            name: viz
+            path: output/*
+```
+
+## Dependencies
+
+ * [azure/login](https://github.com/marketplace/actions/azure-login) with `enable-AzPSSession: true`
diff --git a/.github/actions/azviz/action.yml b/.github/actions/azviz/action.yml
@@ -0,0 +1,83 @@
+# action.yml
+name: 'Generate Azure resource topology diagrams with AzViz (Azure Visualizer)'
+description: 'Run AzViz against one or more Azure Resource Groups'
+branding:
+  icon: 'download-cloud'  
+  color: 'blue'
+inputs:
+  resource-group:
+    description: Comma-seperated resource group list
+    required: true
+  out-file:
+    description: Graph export path
+    required: true
+    default: viz.svg
+  sub-name:
+    description: Azure subscription name
+    required: true
+    default: Pay-As-You-Go
+  theme:
+    description: Graph theme (dark, light, neon)
+    required: false
+    default: neon
+  depth:
+    description: Level of Azure Resource Sub-category to be included in vizualization (1 or 2)
+    required: false
+    default: '1'
+  verbosity:
+    description: Level of information to included in vizualization (1 or 2)
+    required: false
+    default: '1'
+  format:
+    description: Graph format (png or svg)
+    required: true
+    default: svg
+  direction:
+    description: Direction in which resource groups are plotted on the visualization (left-to-right or top-to-bottom)
+    required: false
+    default: top-to-bottom
+  exclude-types:
+    description: Exclude resources via string search
+    required: false
+    default: '*excludethisthing1,excludethisthing2*'
+  splines:
+    description: Controls how edges appear in visualization. ('spline', 'polyline', 'curved', 'ortho', 'line')
+    required: false
+    default: spline
+
+runs:
+  using: "composite"
+  steps:
+    - name: Choco install graphviz
+      if: runner.os == 'Windows'
+      uses: crazy-max/ghaction-chocolatey@v1
+      with:
+        args: install graphviz
+    - name: Apt-get install graphviz
+      if: runner.os != 'Windows'
+      run: |
+        sudo apt-get update;
+        sudo apt-get install graphviz -y;
+      shell: bash
+    - name: 'Install AzViz module'
+      shell: pwsh
+      run: |
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
+        Install-Module -Name AzViz -AllowClobber -Confirm:$False -Force;
+        Import-Module AzViz;
+    - name: Run AzViz
+      uses: azure/powershell@v1
+      with:
+        azPSVersion: 'latest'
+        inlineScript: |
+          ${{ github.action_path }}/viz_run.ps1 `
+            -RESOURCE_GROUP '${{ inputs.resource-group }}' `
+            -OUT_FILE '${{ inputs.out-file }}' `
+            -SUB_NAME '${{ inputs.sub-name }}' `
+            -THEME '${{ inputs.theme }}' `
+            -DEPTH ${{ inputs.depth }} `
+            -VERBOSITY ${{ inputs.verbosity }} `
+            -FORMAT '${{ inputs.format }}' `
+            -DIRECTION '${{ inputs.direction }}' `
+            -EXCLUDE_TYPES '${{ inputs.exclude-types }}' `
+            -SPLINES '${{ inputs.splines }}'
diff --git a/.github/actions/azviz/viz_run.ps1 b/.github/actions/azviz/viz_run.ps1
@@ -0,0 +1,57 @@
+Param(
+    [Parameter(Mandatory)]
+    [String]$RESOURCE_GROUP,
+    [Parameter(Mandatory)]
+    [String]$OUT_FILE = 'viz.svg',
+    [Parameter(Mandatory)]
+    [String]$SUB_NAME = 'Pay-As-You-Go',
+    [Parameter(Mandatory)]
+    [String]$THEME = 'neon',
+    [Parameter(Mandatory)]
+    [String]$DEPTH = '1',
+    [Parameter(Mandatory)]
+    [String]$VERBOSITY = '1',
+    [Parameter(Mandatory)]
+    [String]$FORMAT = 'svg',
+    [Parameter(Mandatory)]
+    [String]$DIRECTION = 'top-to-bottom',
+    [String]$EXCLUDE_TYPES = '*excludethisthing1,excludethisthing2*',
+    [Parameter(Mandatory)]
+    [String]$SPLINES = 'spline'
+)
+
+# Create missing directory paths for output
+New-Item -ItemType File -Force -Path ${OUT_FILE}
+
+# Get current Azure context
+$currentAzureContext = Get-AzContext;
+
+# Check If Azure context exists
+if ($currentAzureContext.Tenant.TenantId) {
+
+    # Set Azure subscription to match SUB_NAME
+    Set-AzContext -SubscriptionName ${SUB_NAME};
+};
+
+# Run AzViz and export Azure diagram to location OUT_FILE
+Export-AzViz `
+    -ResourceGroup ${RESOURCE_GROUP}.Split(",") `
+    -Theme ${THEME} `
+    -OutputFormat ${FORMAT} `
+    -CategoryDepth ${DEPTH} `
+    -LabelVerbosity ${VERBOSITY} `
+    -ExcludeTypes ${EXCLUDE_TYPES}.Split(",") `
+    -Splines ${SPLINES} `
+    -Direction ${DIRECTION} `
+    -OutputFilePath ${OUT_FILE};
+
+if (${FORMAT} -eq 'svg') {
+
+    # Move svg embedded png to output directory
+    ((Get-Content -path ${OUT_FILE} -Raw) -replace '(?<=xlink:href\=").+?(?=icons)','') | Set-Content -Path ${OUT_FILE}
+    $ICON_PATH=$(Split-Path -Path ${OUT_FILE})+'/icons/'
+    Write-Host "Moving ${HOME}/*/AzViz/* icons to ${ICON_PATH}"
+    New-Item -ItemType Directory -Force -Path ${ICON_PATH}
+    Get-Childitem -Path ${HOME} -Force -recurse -include *.png -ErrorAction SilentlyContinue | Move-Item -dest ${ICON_PATH} -Force
+
+};
diff --git a/.github/actions/reliable-pull-request/LICENSE b/.github/actions/reliable-pull-request/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Josiah Siegel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/.github/actions/reliable-pull-request/README.md b/.github/actions/reliable-pull-request/README.md
@@ -0,0 +1,83 @@
+# Reliable* Pull Request Action
+
+> *Only uses built-in GitHub runner commands
+
+[![Test Action](https://github.com/CDCgov/prime-reportstream/.github/workflows/reliable-pull-request--test-action.yml/badge.svg)](https://github.com/CDCgov/prime-reportstream/.github/workflows/reliable-pull-request--test-action.yml)
+
+## Synopsis
+
+1. Create a pull request on a GitHub repository using existing branches.
+2. [actions/checkout](https://github.com/actions/checkout) determins the active repo.
+
+## Usage
+
+```yml
+jobs:
+  create-pr:
+    name: Test create PR on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    steps:
+      - name: Checkout the repo
+        uses: actions/[email protected]
+
+      - name: Create Pull Request
+        id: create_pr
+        uses: CDCgov/prime-reportstream/.github/actions/reliable-pull-request@ae8d0c88126329ee363a35392793d0bc94cb82e7
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          title: 'Automated Pull Request'
+          sourceBranch: ${{ github.ref_name }}
+          targetBranch: 'main'
+          body: 'This is an automated pull request.'
+          labels: 'automated,pr'
+          assignees: 'octocat'
+
+      - name: Output PR URL
+        run: echo "The PR URL is ${{ steps.create_pr.outputs.PRURL }}"
+```
+
+## Inputs
+
+```yml
+inputs:
+  title:
+    description: 'Pull Request Title'
+    required: true
+  sourceBranch:
+    description: 'Source Branch Name'
+    required: true
+  targetBranch:
+    description: 'Target Branch Name'
+    required: true
+  body:
+    description: 'Pull Request Body'
+    required: false
+  labels:
+    description: 'Labels (comma-separated)'
+    required: false
+  assignees:
+    description: 'Assignees (comma-separated)'
+    required: false
+```
+
+## Outputs
+```yml
+outputs:
+  PRURL:
+    description: 'The URL of the created pull request'
+```
+
+## Requirements
+
+The following permissions must be set for the repository:
+  * `Settings > Actions > General`
+     * Workflow permissions
+       1. Read and write permissions
+       2. Allow GitHub Actions to create and approve pull requests
+       3. Save
+
+>*Alternative is to set [jobs.<job_id>.permissions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions)*
diff --git a/.github/actions/reliable-pull-request/action.yml b/.github/actions/reliable-pull-request/action.yml
@@ -0,0 +1,42 @@
+name: Reliable Pull Request Action
+description: Creates a pull request on a GitHub repository using existing branches
+branding:
+  icon: 'git-pull-request'
+  color: 'blue'
+inputs:
+  title:
+    description: 'Pull Request Title'
+    required: true
+  sourceBranch:
+    description: 'Source Branch Name'
+    required: true
+  targetBranch:
+    description: 'Target Branch Name'
+    required: true
+  body:
+    description: 'Pull Request Body'
+    required: false
+  labels:
+    description: 'Labels (comma-separated)'
+    required: false
+  assignees:
+    description: 'Assignees (comma-separated)'
+    required: false
+outputs:
+  PRURL:
+    description: 'The URL of the created pull request'
+    value: ${{ steps.create_pr.outputs.PR_URL }}
+runs:
+  using: 'composite'
+  steps:
+    - name: Create Pull Request
+      id: create_pr
+      shell: bash
+      run: bash ${{github.action_path}}/create-pr.sh        
+      env:
+        INPUT_TITLE: ${{ inputs.title }}
+        INPUT_SOURCEBRANCH: ${{ inputs.sourceBranch }}
+        INPUT_TARGETBRANCH: ${{ inputs.targetBranch }}
+        INPUT_BODY: ${{ inputs.body }}
+        INPUT_LABELS: ${{ inputs.labels }}
+        INPUT_ASSIGNEES: ${{ inputs.assignees }}
diff --git a/.github/actions/reliable-pull-request/create-pr.sh b/.github/actions/reliable-pull-request/create-pr.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Create Pull Request and capture the output
+PR_OUTPUT=$(gh pr create \
+  --title "$INPUT_TITLE" \
+  --body "$INPUT_BODY" \
+  --base "$INPUT_TARGETBRANCH" \
+  --head "$INPUT_SOURCEBRANCH" \
+  --label "$INPUT_LABELS" \
+  --assignee "$INPUT_ASSIGNEES" 2>&1)
+
+# Extract PR URL from the output
+PR_URL=$(echo "$PR_OUTPUT" | grep -o 'https://github.com/[^ ]*')
+
+# Set the PR URL as the output
+echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT