CleanArchitectureBlazor/setup.ps1 at main · fcoyoca/CleanArchitectureBlazor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Param(
    [Parameter(Mandatory)]
    [String]$GitHubOrganisationName,

    [Parameter(Mandatory)]
    [String]$GitHubRepositoryName,

    [Parameter(Mandatory)]
    [String]$AzureLocation,

    [ValidateNotNullOrEmpty()]
    [ValidateLength(4, 17)]
    [String]$ProjectName = $GitHubRepositoryName
)

$testEnvironmentName = "Test"
$productionEnvironmentName = "Production"

function CreateWorkloadIdentity {
  param (
    $environmentName
  )

  Write-Host "🧱 Creating Azure Workload Identity for $ProjectName$environmentName"

  # Create Azure AD Application Registration
  $applicationRegistrationDetails=$(az ad app create --display-name "$ProjectName$environmentName") | ConvertFrom-Json

  # Create Federated Credential for ...
  $credential = @{
    name="$ProjectName$environmentName";
    issuer="https://token.actions.githubusercontent.com";
    subject="repo:${GitHubOrganisationName}/${GitHubRepositoryName}:environment:$environmentName";
    audiences=@("api://AzureADTokenExchange")
  } | ConvertTo-Json

  $credential | az ad app federated-credential create --id $applicationRegistrationDetails.id --parameters "@-" | Out-Null

  # Create Federated Credential for ...
  $credential = @{
    name="$ProjectName";
    issuer="https://token.actions.githubusercontent.com";
    subject="repo:${GitHubOrganisationName}/${GitHubRepositoryName}:ref:refs/heads/main";
    audiences=@("api://AzureADTokenExchange")
  } | ConvertTo-Json

  $credential | az ad app federated-credential create --id $applicationRegistrationDetails.id --parameters "@-" | Out-Null

  return $applicationRegistrationDetails.appId
}

function CreateResourceGroup {
  param (
    $environmentName,
    $appId
  )

  Write-Host "🧱 Creating Azure Resource Group for $ProjectName$environmentName"

  $resourceGroupId=$(az group create --name "$ProjectName$environmentName" --location $AzureLocation --query id --output tsv)
  az ad sp create --id $appId
  az role assignment create --assignee $appId --role Contributor --scope $resourceGroupId
}

function CreateRepository {
  Write-Host "🧱 Creating GitHub Repository $GitHubRepositoryName"

  gh repo create $GitHubRepositoryName
}

function CreateEnvironments {
  Write-Host "🧱 Creating GitHub Environments"

  $token = gh auth token
  $header = @{"Authorization" = "token $token"}
  $contentType = "application/json"

  # Test
  $uri = "https://api.github.com/repos/$GitHubOrganisationName/$GitHubRepositoryName/environments/$testEnvironmentName"
  Invoke-WebRequest -Method PUT -Header $header -ContentType $contentType -Uri $uri

  #Production
  $uri = "https://api.github.com/repos/$GitHubOrganisationName/$GitHubRepositoryName/environments/$productionEnvironmentName"
  Invoke-WebRequest -Method PUT -Header $header -ContentType $contentType -Uri $uri
}

function SetSecrets {
  param(
    $testAppId,
    $prodAppId
  )

  Write-Host "🧱 Setting GitHub Secrets"

  $repo = "https://github.com/$GitHubOrganisationName/$GitHubRepositoryName"

  gh secret set "AZURE_CLIENT_ID_TEST" --repo $repo --body $testAppId
  gh secret set "AZURE_CLIENT_ID_PRODUCTION" --repo $repo --body $prodAppId
  gh secret set "AZURE_TENANT_ID" --repo $repo --body $(az account show --query tenantId --output tsv)
  gh secret set "AZURE_SUBSCRIPTION_ID" --repo $repo --body $(az account show --query id --output tsv)

  Write-Host "Specify the Test SQL Server Administrator Login Password:"
  gh secret set "SQL_SERVER_ADMINISTRATOR_LOGIN_PASSWORD_TEST" --repo $repo

  Write-Host "Specify the Production SQL Server Administrator Login Password:"
  gh secret set "SQL_SERVER_ADMINISTRATOR_LOGIN_PASSWORD_PRODUCTION" --repo $repo
}

function PushNewProject {
  git init

  git add .
  git commit -m "🎉 New project"

  git remote add origin https://github.com/$GitHubOrganisationName/$GitHubRepositoryName.git
  git branch -M main
  git push -u origin main
}

# Azure Initialisation
$testAppId = CreateWorkloadIdentity $testEnvironmentName
CreateResourceGroup $testEnvironmentName $testAppId
$productionAppId = CreateWorkloadIdentity $productionEnvironmentName
CreateResourceGroup $productionEnvironmentName $productionAppId

# GitHub Initialisation
CreateRepository
CreateEnvironments
SetSecrets $testAppId $productionAppId
PushNewProject