dsanchor · davihern · Mar 8, 2023 · Mar 8, 2023 · Mar 8, 2023 · Mar 8, 2023
diff --git a/.github/workflows/apis-deployment.yaml b/.github/workflows/apis-deployment.yaml
@@ -0,0 +1,145 @@
+name: APIs deployment
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+    paths:
+      - 'apis/**'
+      - '.github/workflows/apis-deployment.yaml'
+  workflow_dispatch:
+
+env:
+  RG: contoso-${{ github.ref_name }}-rg
+  APIM_SERVICE: contoso-${{ github.ref_name }}-apim
+  SA: contoso${{ github.ref_name }}apimsa
+
+jobs:
+
+  upload-api-descriptors:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Create container for API resources
+        uses: azure/CLI@v1
+        with:
+          inlineScript: |
+            for api in `ls apis`
+            do
+              az storage container create --name $api --account-name $SA  --public-access blob -g $RG
+            done
+
+      - name: Upload files for each API
+        uses: azure/CLI@v1
+        with:
+          inlineScript: |
+            for api in `ls apis`
+            do
+              for file in `ls apis/$api | egrep "openapi|policies"`
+              do
+                az storage blob upload --overwrite --container-name $api --account-name $SA --file apis/$api/$file
+              done
+            done
+
+  generate-arm-templates:
+    runs-on: ubuntu-latest
+    needs: upload-api-descriptors
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Generate apiconfig with variables
+        shell: bash
+        run: |
+              for api in `ls apis`
+              do
+                cat apis/$api/apiconfig.yaml | \
+                  API_NAME=$api \
+                  APIM_SERVICE=$APIM_SERVICE \
+                  SA=$SA \
+                  envsubst > apis/$api/apiconfig_resolved.yaml
+              done
+
+      - name: Generate templates for API
+        uses: addnab/docker-run-action@v3
+        with:
+            image: sancheski/arm-api-creator:0.0.1
+            options: -v ${{ github.workspace }}/apis:/app/apis
+            run: |
+                  for api in `ls /app/apis`
+                  do
+                    dotnet ArmTemplates.dll create --configFile /app/apis/$api/apiconfig_resolved.yaml
+                  done
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: apis
+          path: ${{ github.workspace }}/apis
+
+  provision-apis:
+    runs-on: ubuntu-latest
+    needs: generate-arm-templates
+
+    steps:
+
+      - uses: actions/download-artifact@v3
+        with:
+          name: apis
+          path: apis
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Provision API
+        uses: azure/CLI@v1
+        with:
+          inlineScript: |
+            for api in `ls apis`
+            do
+              az deployment group create --resource-group $RG --template-file  apis/$api/generatedtemplates/$api.api.template.json --parameters @apis/$api/generatedtemplates/$api-parameters.json
+            done
+
+  delete-apis:
+    runs-on: ubuntu-latest
+    needs: provision-apis
+
+    steps:
+
+      - uses: actions/checkout@v2
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Delete API
+        uses: azure/CLI@v1
+        with:
+          inlineScript: |
+            ls apis > mustremain.list
+            echo "Must remain in APIM"
+            cat mustremain.list
+            echo ""
+            az apim api list --service-name $APIM_SERVICE --resource-group $RG \
+               -o tsv --query "[].{name:name}" > currentinapim.list
+            echo "Currently in APIM"
+            cat currentinapim.list
+
+            for apiToRemove in `diff mustremain.list currentinapim.list \
+                                  | grep -v "+++" | grep -v "\-\-\-" | grep -v "@@" \
+                                  | grep + | awk -F+ '{print $2}'`
+            do
+              echo "Deleting API $apiToRemove... not present in git anymore"
+              az apim api delete -n $APIM_SERVICE -g $RG --api-id $apiToRemove -y
+              az storage container delete --name $apiToRemove --account-name $SA
+            done
diff --git a/README.md b/README.md
@@ -1,2 +1,137 @@
-# apim-demo-apis
-Full APIs with policies and all the content required for a APIM demo
+# Azure API demos for APIM
+
+## Overview
+
+This repository contains full APIs with policies and all the content required for an APIM demo.
+
+
+## Prerequisites
+
+This demo requires the following prerequisites:
+- Have an APIM previously deployed and configured. You can follow the steps described in this repository: [apim-demo-infra](https://github.com/dsanchor/apim-demo-infra)
+- Fork this repository and clone it locally. 
+- An Azure subscription
+- The Azure CLI
+- A Service Principal with Contributor rights on the subscription
+- Setup credentials in Github Secrets
+- Create an storage account and a container for the temporary files used in deployment
+
+See next sections for instructions on how to set up these prerequisites.
+
+### Fork and clone the repository
+
+Fork this repository first. 
+Then, clone it locally by running the following command in the directory where you want to have the repository:
+
+```bash
+git clone <your_repository>.git
+```
+
+Move to the *dev* branch:
+
+```bash
+git checkout dev
+```
+
+We will use the *dev* branch to make changes to the infrastructure which will be deployed as the Develpoment environment. The *main* branch will be used to deploy the Production environment after the changes have been tested in the Development environment, create a PR from the *dev* branch to the *main* branch and merge it.
+
+
+### Azure subscription
+
+You must have an Azure subscription to deploy this demo. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free).
+
+### Azure CLI
+
+We will create some prerequired resources with the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli). 
+
+### Service Principal
+
+This demo needs a Service Principal to deploy the infrastructure. You can create a Service Principal with the following instructions:
+
+- Log in to Azure:
+
+```bash
+az login
+```
+
+- List the available subscriptions:
+
+```bash
+az account list -o table
+```
+
+- Init the SUBSCRIPTION_ID variable with the subscription ID you want to use:
+
+```bash
+export SUBSCRIPTION_ID=<subscriptionID>
+```
+
+- Create the Service Principal with contributor rights on the subscription:
+
+```bash
+az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID" --sdk-auth
+```
+
+Copy the json output of the command and keep it safe for next step (JSON_SP_FOR_GITHUB).
+
+For details, see the instructions in the [Azure CLI documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) to create a Service Principal.
+
+### Github Secrets
+
+We will create the following secrets in Github Secrets, where all values are the ones you got from the previous step:
+
+- AZURE_CREDENTIALS = <JSON_SP_FOR_GITHUB>
+
+### Storage account and container
+
+We will use a storage account and a container to store temporary data. You can create a storage account and a container with the following instructions:
+
+- Init the RESOURCE_GROUP variable with the name of the resource group you want to use:
+
+```bash
+export RESOURCE_GROUP=<resourcegroupname>
+```
+
+- Create the resource group:
+
+```bash
+az group create --name $RESOURCE_GROUP --location westeurope --subscription $SUBSCRIPTION_ID
+```
+
+- Init the STORAGE_ACCOUNT_NAME variable with the name of the storage account you want to use:
+
+```bash
+export STORAGE_ACCOUNT_NAME=<storageaccountname>
+```
+
+- Create the storage account:
+
+```bash
+az storage account create --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCE_GROUP --location westeurope --sku Standard_LRS --subscription $SUBSCRIPTION_ID
+```
+
+- Under *.github/workflows/* directory, find the *apis-deployment.yaml* file and modify the name of the variables:
+
+
+RG: Name of the resource group where storage account and apim service is located.
+
+APIM_SERVICE: Name of the APIM service instance
+
+SA: Name of the storage account created in previous step
+
+Open *policies.xml* file from *apis/conferenceapi2* folder and replace the string INSERT-AZURE-AAD-TENANT-GUID with the Azure Active Directory TenantId used when creating the App Registration 
+
+# Run the automation
+
+We have included a [GitHub Action](.github/workflows/apis-deployment.yaml) to run the apis deployment.
+
+This automation will register APIs inside APIM and its related policies.
+
+To run the automation, push the changes to the *dev* branch. The automation will run automatically.
+
+```bash	
+git add .
+git commit -m "Initial commit"
+git push origin dev
+```
+