Merge pull request #86 from azure-javaee/edburns-msft-ibm-382-apply-l…

…essons On branch edburns-msft-ibm-382-apply-lessons
WASdev · Jul 19, 2023 · da20871 · da20871
2 parents 052998b + 5fe9370
commit da20871
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 2 deletions.
diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
@@ -82,7 +82,6 @@ jobs:
           path: ${{steps.artifact_file.outputs.artifactPath}}
       - name: Update offer artifact
         uses: microsoft/microsoft-partner-center-github-action@v3
-        if: ${{ github.repository_owner  == 'WASdev' }}
         with:
           offerId: ${{ env.offerId }}
           planId: ${{ env.planId }}

diff --git a/.github/workflows/setup-credentials.sh b/.github/workflows/setup-credentials.sh
@@ -29,6 +29,12 @@ DISAMBIG_PREFIX=
 USER_NAME=
 # Owner/reponame, e.g., <USER_NAME>/azure.liberty.aks
 OWNER_REPONAME=
+# Client ID for an Azure AD application registered in the Partner Center
+CLIENT_ID=
+# Secret value of the Azure AD application registered in the Partner Center
+SECRET_VALUE=
+# Tenant ID of the Azure AD application registered in the Partner Center
+TENANT_ID=
 # Optional: Web hook for Microsoft Teams channel
 MSTEAMS_WEBHOOK=
 
@@ -83,6 +89,21 @@ else
     GH_FLAGS="--repo ${OWNER_REPONAME}"
 fi
 
+# get CLIENT_ID if not set at the beginning of this file
+if [ "$CLIENT_ID" == '' ] ; then
+    read -r -p "Enter client ID for an Azure AD application registered in the Partner Center: " CLIENT_ID
+fi
+
+# get SECRET_VALUE if not set at the beginning of this file
+if [ "$SECRET_VALUE" == '' ] ; then
+    read -r -p "Enter secret value for the Azure AD application registered in the Partner Center: " SECRET_VALUE
+fi
+
+# get TENANT_ID if not set at the beginning of this file
+if [ "$TENANT_ID" == '' ] ; then
+    read -r -p "Enter tenant ID for the Azure AD application registered in the Partner Center: " TENANT_ID
+fi
+
 # Optional: get MSTEAMS_WEBHOOK if not set at the beginning of this file
 if [ "$MSTEAMS_WEBHOOK" == '' ] ; then
     read -r -p "[Optional] Enter Web hook for Microsoft Teams channel, or press 'Enter' to ignore: " MSTEAMS_WEBHOOK
@@ -148,6 +169,9 @@ if $USE_GITHUB_CLI; then
     msg "${YELLOW}\"AZURE_CREDENTIALS\""
     msg "${GREEN}${AZURE_CREDENTIALS}"
     gh ${GH_FLAGS} secret set USER_NAME -b"${USER_NAME}"
+    gh ${GH_FLAGS} secret set CLIENT_ID -b"${CLIENT_ID}"
+    gh ${GH_FLAGS} secret set SECRET_VALUE -b"${SECRET_VALUE}"
+    gh ${GH_FLAGS} secret set TENANT_ID -b"${TENANT_ID}"
     gh ${GH_FLAGS} secret set MSTEAMS_WEBHOOK -b"${MSTEAMS_WEBHOOK}"
     msg "${GREEN}Secrets configured"
   } || {
@@ -164,6 +188,12 @@ if [ $USE_GITHUB_CLI == false ]; then
   msg "${GREEN}${AZURE_CREDENTIALS}"
   msg "${YELLOW}\"USER_NAME\""
   msg "${GREEN}${USER_NAME}"
+  msg "${YELLOW}\"CLIENT_ID\""
+  msg "${GREEN}${CLIENT_ID}"
+  msg "${YELLOW}\"SECRET_VALUE\""
+  msg "${GREEN}${SECRET_VALUE}"
+  msg "${YELLOW}\"TENANT_ID\""
+  msg "${GREEN}${TENANT_ID}"
   msg "${YELLOW}\"MSTEAMS_WEBHOOK\""
   msg "${GREEN}${MSTEAMS_WEBHOOK}"
   msg "${NOFORMAT}========================================================================"

diff --git a/docs/howto-update-offer-in-partner-center.md b/docs/howto-update-offer-in-partner-center.md
@@ -5,6 +5,26 @@
 
 Please follow sections below in order to update the solution template offer in partner center.
 
+
+## Preconditions
+
+### 1. Set the GitHub Actions secrets for the repository running the workflows
+
+The recommended way to set the secrets is to run the scripts.  Setting the secrets manually is beyond the scope of this guide.
+
+#### Preconditions for running the scripts to set the secrets
+
+1. Ensure the Azure ID that is currently logged in when running the scripts has the `Global Administrator` Azure AD role.
+1. Ensure the Azure CLI is installed on a supported UNIX-like environment. See [How to install the Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli). **Sign in to Azure using the Azure CLI**. After installation, sign in to the correct tenant. The actions will create Azure resources in this signed-in tenant.
+1. Ensure the GitHub CLI is installed on the same environment as the preceding step. See [Installation](https://cli.github.com/manual/installation). Note: If working on macOS, we highly recommend Homebrew. Visit https://brew.sh/ for instructions on installing Homebrew. **Authenticate to GitHub**. After installation, use `gh auth login` to sign in to GitHub. You'll need a sufficiently empowered `PERSONAL ACCESS TOKEN` for this repository.
+1. Clone this repository into the environment from the preceding steps.
+
+#### Setting the secrets
+
+1. cd `.github/workflows`
+1. Run the `setup-credentials.sh` script. This will ask you a series of questions and create the necessary GitHub Actions secrets using the `gh` cli. If this script exits successfully, you should be able to run the workflows successfully. If the script does not exit successfully, troubleshoot and resolve the problem before proceeding.
+   Note, the script `tear-down-credentials.sh` is the inverse of `setup-credentials.sh`. It deletes any Azure service principals and roles and any GitHub Actions secrets.
+
 ## When should I update the offer in partner center?
 
 If you make any changes for files located in the following path:
@@ -15,7 +35,7 @@ If you make any changes for files located in the following path:
 
 ## Update the version of the solution template
 
-If you haven't bumped the version, pls do so before publishing the solution template to partner center. 
+If you haven't incremented the version, pls do so before publishing the solution template to partner center. 
 
 1. Increase the [version number](https://github.com/WASdev/azure.liberty.aks/blob/main/pom.xml#L23) which is specified in the `pom.xml`.
 1. Get the PR merged.