Closed jonnyry closed 3 months ago
In summary the following fixes are required to lets_encrypt.yaml:
Make the following changes under the env
section of the Renew Certificates job step:
AZURE_ENVIRONMENT= ${{ vars.AZURE_ENVIRONMENT }}
ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }}
ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }}
To:
ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }}
ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }}
TERRAFORM_STATE_CONTAINER_NAME: ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME && secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}
To:
TF_VAR_terraform_state_container_name: ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }}
TF_VAR_mgmt_resource_group_name: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }}
TF_VAR_mgmt_storage_account_name: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }}
The Renew Lets Encrypt Certificates GitHub Action is broken...
1. Fails with AZURE_ENVIRONMENT: unbound variable
Fixing this by adding the following line to env vars on line 38 of the lets_encrypt.yml:
AZURE_ENVIRONMENT= ${{ vars.AZURE_ENVIRONMENT }}
Fixing the above then produces the next issue...
2. Fails on Azure login with tenant not found error
Looking more closely at the yaml, it looks like SUBCRIPTION_ID and TENANT_ID have their values mixed up:
https://github.com/microsoft/AzureTRE/blob/1ffb09baf37f4599adfd65b4259fdda7564da408/.github/workflows/lets_encrypt.yml#L41-L42
Fixing the above then produces the next issue...
3. Fails to initialise terraform backend
The error above is produced by the following lines:
https://github.com/microsoft/AzureTRE/blob/1ffb09baf37f4599adfd65b4259fdda7564da408/core/terraform/outputs.sh#L8-L15
Appears that the env vars and not making into the terraform initialize command...
Changing the following lines in letsencrypt.yaml from:
https://github.com/microsoft/AzureTRE/blob/1ffb09baf37f4599adfd65b4259fdda7564da408/.github/workflows/lets_encrypt.yml#L44-L47
to:
fixes issue 3, and allows a certificate to be generated.