microsoft / AzureTRE

An accelerator to help organizations build Trusted Research Environments on Azure.
https://microsoft.github.io/AzureTRE
MIT License
184 stars 141 forks source link

Support "plan" mode deployment #4029

Open jonnyry opened 3 months ago

jonnyry commented 3 months ago

Support "plan" mode deployments so that you can evaluate the terraform plan before deciding to apply it.

Upgrading a TRE between versions may change a large number of Azure resources which introduces risk to a running TRE. Being able to evaluate the terraform plan before applying would reduce the risk of issues occuring during an upgrade, and the downtime required for an upgrade.

Ideally this would be a new build variable, e.g.

image

Also: a similar mode when upgrading components within the TRE.

tim-allen-ck commented 3 months ago

this would be great.

marrobi commented 3 months ago

@jonnyry been playing with GitHub Workspaces to fix issues. Created a PR, but haven't tested it. Let me know thoughts and if can find time to test, would be great.

jonnyry commented 3 months ago

@marrobi ah fantastic - thank you very much :-) just returned from holiday but will test it out soon.

jonnyry commented 11 hours ago

Sorry for taking so long to look at this...

Tested for a local make deploy-core and seems to work nicely. There was one small thing I needed to fix - this file has lost its execute permission bit: [devops/scripts/terraform_wrapper.sh] 100755 > 100644.

For a make deploy-core its pretty useful to evaluate the deployment of the TRE core before proceeding to apply.

However in the full make all / CICD build context I think its likely to cause issues - since it would only be terraform that would be prevented from running, and other build items such as container builds and the UI build would be applied, your TRE would be left at an inconsistent version.