Template Spec

.ado/workflows/dataProductRelease.yml

@@ -0,0 +1,65 @@
+name: Data Product Release
+
+trigger:
+  tags:
+    include:
+      - v*
+
+variables:
+  DATA_PRODUCT_NAME: "DataProductStreaming"                                        # Update to '{dataProductName}'
+  AZURE_RESOURCE_MANAGER_CONNECTION_NAME: "integration-product-service-connection" # Update to '{resourceManagerConnectionName}'
+  AZURE_SUBSCRIPTION_ID: "17588eb2-2943-461a-ab3f-00a3ceac3112"                    # Update to '{dataLandingZoneSubscriptionId}'
+  AZURE_RESOURCE_GROUP_NAME: "dmz-dev-automation"                                  # Update to '{dataLandingZoneName}-rg'
+  AZURE_LOCATION: "North Europe"                                                   # Update to '{regionName}'
+
+stages:
+  - stage: Release
+    displayName: "Data Product Release"
+    jobs:
+      - job: Release
+        displayName: "Data Product Release"
+        continueOnError: false
+        pool:
+          vmImage: "ubuntu-latest"
+
+        steps:
+          # Checkout code
+          - checkout: self
+            name: checkout_repository
+            displayName: "Checkout repository"
+            submodules: true
+            lfs: false
+            clean: true
+            continueOnError: false
+            enabled: true
+
+          # Deploy Template Spec
+          - task: AzureCLI@2
+            name: template_spec_deployment
+            displayName: Deploy Template Spec
+            enabled: true
+            continueOnError: false
+            inputs:
+              azureSubscription: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
+              scriptType: bash
+              scriptLocation: inlineScript
+              powerShellErrorActionPreference: stop
+              addSpnToEnvironment: false
+              failOnStandardError: false
+              powerShellIgnoreLASTEXITCODE: false
+              inlineScript: |
+                # Strip git ref prefix from version
+                VERSION=$(echo "$(Build.SourceBranch)" | sed -e 's,.*/\(.*\),\1,')
+
+                # Strip "v" prefix from tag name
+                [[ "$(Build.SourceBranch)" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+                echo VERSION=$VERSION
+
+                # Create Template Spec
+                az ts create \
+                  --name ${{ variables.DATA_PRODUCT_NAME }} \
+                  --version $VERSION \
+                  --subscription ${{ variables.AZURE_SUBSCRIPTION_ID }} \
+                  --resource-group ${{ variables.AZURE_RESOURCE_GROUP_NAME }} \
+                  --location ${{ variables.AZURE_LOCATION }} \
+                  --template-file "$(System.DefaultWorkingDirectory)/infra/main.json"

.github/workflows/dataProductRelease.yml

@@ -0,0 +1,63 @@
+name: Data Product Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+env:
+  DATA_PRODUCT_NAME: "DataProductStreaming"                     # Update to '{dataProductName}'
+  AZURE_SUBSCRIPTION_ID: "17588eb2-2943-461a-ab3f-00a3ceac3112" # Update to '{dataLandingZoneSubscriptionId}'
+  AZURE_RESOURCE_GROUP_NAME: "dmz-dev-automation"               # Update to '{dataLandingZoneName}-rg'
+  AZURE_LOCATION: "northeurope"                                 # Update to '{regionName}'
+
+jobs:
+  release:
+    name: "Data Product Release"
+    runs-on: ubuntu-latest
+    continue-on-error: false
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Check Out Repository
+        id: checkout_repository
+        uses: actions/checkout@v2
+
+      # Login to Azure
+      - name: Azure Login
+        id: azure_login
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      # Deploy Template Spec
+      - name: Deploy Template Spec
+        id: template_spec_deployment
+        uses: azure/CLI@v1
+        with:
+          azcliversion: "latest"
+          inlineScript: |
+            # Strip git ref prefix from version
+            VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+
+            # Strip "v" prefix from tag name
+            [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+            echo VERSION=$VERSION
+
+            # Create Template Spec
+            az ts create \
+              --name ${{ env.DATA_PRODUCT_NAME }} \
+              --version $VERSION \
+              --subscription ${{ env.AZURE_SUBSCRIPTION_ID }} \
+              --resource-group ${{ env.AZURE_RESOURCE_GROUP_NAME }} \
+              --location ${{ env.AZURE_LOCATION }} \
+              --template-file "${{ github.workspace }}/infra/main.json"
+
+      # Log out from Azure
+      - name: Log out from Azure
+        id: azure_logout
+        uses: azure/cli@v1
+        with:
+          azcliversion: latest
+          inlineScript: |
+            az logout

docs/templatespec/main.bicep

@@ -0,0 +1,137 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+targetScope = 'resourceGroup'
+
+// General parameters
+@description('Specifies the location for all resources.')
+param location string
+@allowed([
+  'dev'
+  'tst'
+  'prd'
+])
+@description('Specifies the environment of the deployment.')
+param environment string
+@minLength(2)
+@maxLength(10)
+@description('Specifies the prefix for all resources created in this deployment.')
+param prefix string
+@description('Specifies the tags that you want to apply to all resources.')
+param tags object = {}
+
+// Resource parameters
+@secure()
+@description('Specifies the administrator password of the sql servers.')
+param administratorPassword string
+@description('Specifies the resource ID of the default storage account file system for synapse.')
+param synapseDefaultStorageAccountFileSystemId string
+@description('Specifies the resource ID of the default storage account  file system for stream analytics.')
+param streamanalyticsDefaultStorageAccountFileSystemId string
+@description('Specifies the resource ID of the central purview instance.')
+param purviewId string = ''
+@description('Specifies whether role assignments should be enabled.')
+param enableRoleAssignments bool = false
+
+// Network parameters
+@description('Specifies the resource ID of the subnet to which all services will connect.')
+param subnetId string
+
+// Private DNS Zone parameters
+@description('Specifies the resource ID of the private DNS zone for KeyVault.')
+param privateDnsZoneIdKeyVault string = ''
+@description('Specifies the resource ID of the private DNS zone for Synapse Dev.')
+param privateDnsZoneIdSynapseDev string = ''
+@description('Specifies the resource ID of the private DNS zone for Synapse Sql.')
+param privateDnsZoneIdSynapseSql string = ''
+@description('Specifies the resource ID of the private DNS zone for EventHub Namespaces.')
+param privateDnsZoneIdEventhubNamespace string = ''
+@description('Specifies the resource ID of the private DNS zone for Cosmos Sql.')
+param privateDnsZoneIdCosmosdbSql string = ''
+@description('Specifies the resource ID of the private DNS zone for Sql Server.')
+param privateDnsZoneIdSqlServer string = ''
+@description('Specifies the resource ID of the private DNS zone for IoT Hub.')
+param privateDnsZoneIdIothub string = ''
+
+// Template Spec parameters
+@description('Specifies the resource ID of the template spec that should be deployed as baseline.')
+param templateSpecId string
+
+// Variables
+var name = toLower('${prefix}-${environment}')
+var tagsDefault = {
+  Owner: 'Enterprise Scale Analytics'
+  Project: 'Enterprise Scale Analytics'
+  Environment: environment
+  Toolkit: 'bicep'
+  Name: name
+}
+var tagsJoined = union(tagsDefault, tags)
+
+// Resources
+resource templatespec 'Microsoft.Resources/deployments@2021-04-01' = {
+  name: 'templatespec-${name}'
+  location: location
+  tags: tagsJoined
+  properties: {
+    mode: 'Incremental'
+    templateLink: {
+      id: templateSpecId
+    }
+    parameters: {
+      location: {
+        value: location
+      }
+      environment: {
+        value: environment
+      }
+      prefix: {
+        value: prefix
+      }
+      tags: {
+        value: tagsJoined
+      }
+      administratorPassword: {
+        value: administratorPassword
+      }
+      synapseDefaultStorageAccountFileSystemId: {
+        value: synapseDefaultStorageAccountFileSystemId
+      }
+      streamanalyticsDefaultStorageAccountFileSystemId: {
+        value: streamanalyticsDefaultStorageAccountFileSystemId
+      }
+      subnetId: {
+        value: subnetId
+      }
+      purviewId: {
+        value: purviewId
+      }
+      enableRoleAssignments: {
+        value: enableRoleAssignments
+      }
+      privateDnsZoneIdKeyVault: {
+        value: privateDnsZoneIdKeyVault
+      }
+      privateDnsZoneIdSynapseDev: {
+        value: privateDnsZoneIdSynapseDev
+      }
+      privateDnsZoneIdSynapseSql: {
+        value: privateDnsZoneIdSynapseSql
+      }
+      privateDnsZoneIdEventhubNamespace: {
+        value: privateDnsZoneIdEventhubNamespace
+      }
+      privateDnsZoneIdCosmosdbSql: {
+        value: privateDnsZoneIdCosmosdbSql
+      }
+      privateDnsZoneIdSqlServer: {
+        value: privateDnsZoneIdSqlServer
+      }
+      privateDnsZoneIdIothub: {
+        value: privateDnsZoneIdIothub
+      }
+    }
+  }
+}
+
+// Outputs