Update templates for Porter v1

.devcontainer/Dockerfile

@@ -43,7 +43,7 @@ RUN apt-get update && apt-get install -y ca-certificates curl gnupg lsb-release
 
 # Install Certbot
 RUN if [ "${INTERACTIVE}" = "true" ]; then \
-    apt-get update && apt-get install -y python3 python3-venv libaugeas0 --no-install-recommends \
+    apt-get update && apt-get install -y libaugeas0 --no-install-recommends \
     && python3 -m venv /opt/certbot/ \
     && /opt/certbot/bin/pip install --no-cache-dir --upgrade pip \
     && /opt/certbot/bin/pip install --no-cache-dir certbot \

.github/workflows/deploy_tre_reusable.yml

@@ -206,8 +206,12 @@ jobs:
         # failure in the first attempt indicates a new ACR, so we need to try again after it's been created
         if: steps.ci_cache_cr_login.outcome != 'success'
         run: |
-          # shellcheck disable=SC2034,SC2015
-          for i in {1..3}; do az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && break || sleep 10; done
+          # shellcheck disable=SC2034,SC2015,SC2125
+          for i in {1..3}; do
+            az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && ec=0 && break || ec=\$? && sleep 10
+          done
+          # shellcheck disable=SC2242
+          (exit \$ec)
 
       - name: Push cached devcontainer
         run: docker image push ${{ env.CI_CACHE_ACR_URI }}/tredev:${{ secrets.DEVCONTAINER_TAG }}
@@ -359,7 +363,7 @@ jobs:
           # Although porter publish will build automatically, our makefile build target includes logic that should run
           COMMAND: >-
             for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }}
-            && break || sleep 30; done
+            && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec)
           DEVCONTAINER_TAG: ${{ secrets.DEVCONTAINER_TAG }}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
           CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}}
@@ -392,7 +396,7 @@ jobs:
           # Although porter publish will build automatically, our makefile build target includes logic that should run
           COMMAND: >-
             for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }}
-            && break || sleep 30; done
+            && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec)
           DEVCONTAINER_TAG: ${{ secrets.DEVCONTAINER_TAG }}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
           CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}}

Makefile

@@ -210,10 +210,11 @@ bundle-check-params:
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,porter \
 	&& cd ${DIR} \
 	&& if [ ! -f "parameters.json" ]; then echo "Error - please create a parameters.json file."; exit 1; fi \
-	&& if ! porter explain -ojson > /dev/null; then echo "Error - porter explain issue!"; exit 1; fi \
+	&& if [ "$$(jq -r '.name' parameters.json)" != "$$(yq eval '.name' porter.yaml)" ]; then echo "Error - ParameterSet name isn't equal to bundle's name."; exit 1; fi \
+	&& if ! porter explain; then echo "Error - porter explain issue!"; exit 1; fi \
 	&& comm_output=$$(set -o pipefail && comm -3 --output-delimiter=: <(porter explain -ojson | jq -r '.parameters[].name | select (. != "arm_use_msi")' | sort) <(jq -r '.parameters[].name | select(. != "arm_use_msi")' parameters.json | sort)) \
 	&& if [ ! -z "$${comm_output}" ]; \
-		then echo -e "*** Add to params ***:*** Remove from params ***\n$$comm_output" | column -t -s ":" -n; exit 1; \
+		then echo -e "*** Add to params ***:*** Remove from params ***\n$$comm_output" | column -t -s ":"; exit 1; \
 		else echo "parameters.json file up-to-date."; fi
 
 bundle-uninstall:

resource_processor/_version.py

@@ -1 +1 @@
-__version__ = "0.5.0"
+__version__ = "0.5.1"

resource_processor/vmss_porter/config.yaml

@@ -1,3 +1,4 @@
+---
 default-storage: mydb
 default-secrets: mysecrets
 

templates/shared_services/admin-vm/Dockerfile.tmpl

@@ -1,19 +1,9 @@
+# syntax=docker/dockerfile-upstream:1.4.0
 FROM debian:bullseye-slim
 
-ARG BUNDLE_DIR
+# PORTER_INIT
 
-# This is a template Dockerfile for the bundle's invocation image
-# You can customize it to use different base images, install tools and copy configuration files.
-#
-# Porter will use it as a template and append lines to it for the mixins
-# and to set the CMD appropriately for the CNAB specification.
-#
-# Add the following line to porter.yaml to instruct Porter to use this template
-# dockerfile: Dockerfile.tmpl
-
-# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line
-# another location in this file. If you remove that line, the mixins generated content is appended to this file.
 # PORTER_MIXINS
 
 # Use the BUNDLE_DIR build argument to copy files into the bundle
-COPY . $BUNDLE_DIR
+COPY --link . ${BUNDLE_DIR}//

templates/shared_services/admin-vm/parameters.json

@@ -1,8 +1,8 @@
 {
-  "schemaVersion": "1.0.0-DRAFT+TODO",
-  "name": "base",
-  "created": "2021-06-04T13:37:29.5071039+03:00",
-  "modified": "2021-06-04T13:37:29.5071039+03:00",
+  "schemaType": "ParameterSet",
+  "schemaVersion": "1.0.1",
+  "namespace": "",
+  "name": "tre-shared-service-admin-vm",
   "parameters": [
     {
       "name": "tre_id",

templates/shared_services/admin-vm/porter.yaml

@@ -1,6 +1,7 @@
 ---
+schemaVersion: 1.0.0
 name: tre-shared-service-admin-vm
-version: 0.2.0
+version: 0.3.0
 description: "An admin vm shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
@@ -42,46 +43,43 @@ parameters:
 
 mixins:
   - terraform:
-      clientVersion: 1.2.9
+      clientVersion: 1.3.6
 
 install:
   - terraform:
       description: "Deploy shared service"
-      input: false
       vars:
-        tre_id: "{{ bundle.parameters.tre_id }}"
-        tre_resource_id: "{{ bundle.parameters.id }}"
-        admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}"
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku }
       backendConfig:
-        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
-        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
-        container_name: "{{ bundle.parameters.tfstate_container_name }}"
-        key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm"
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: ${ bundle.parameters.tre_id }-shared-service-admin-vm
 
 upgrade:
   - terraform:
       description: "Upgrade shared service"
-      input: false
       vars:
-        tre_id: "{{ bundle.parameters.tre_id }}"
-        tre_resource_id: "{{ bundle.parameters.id }}"
-        admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}"
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku }
       backendConfig:
-        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
-        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
-        container_name: "{{ bundle.parameters.tfstate_container_name }}"
-        key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm"
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: ${ bundle.parameters.tre_id }-shared-service-admin-vm
 
 uninstall:
   - terraform:
       description: "Tear down shared service"
-      input: false
       vars:
-        tre_id: "{{ bundle.parameters.tre_id }}"
-        tre_resource_id: "{{ bundle.parameters.id }}"
-        admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}"
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku }
       backendConfig:
-        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
-        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
-        container_name: "{{ bundle.parameters.tfstate_container_name }}"
-        key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm"
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: ${ bundle.parameters.tre_id }-shared-service-admin-vm

templates/shared_services/airlock_notifier/Dockerfile.tmpl

@@ -1,28 +1,21 @@
+# syntax=docker/dockerfile-upstream:1.4.0
 FROM debian:bullseye-slim
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# PORTER_INIT
 
-ARG BUNDLE_DIR
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN apt-get update \
-    && apt-get install --no-install-recommends -y zip \
-    && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
 
-# This is a template Dockerfile for the bundle's invocation image
-# You can customize it to use different base images, install tools and copy configuration files.
-#
-# Porter will use it as a template and append lines to it for the mixins
-# and to set the CMD appropriately for the CNAB specification.
-#
-# Add the following line to porter.yaml to instruct Porter to use this template
-# dockerfile: Dockerfile.tmpl
+# Install jq
+RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
+    apt-get update && \
+    apt-get install -y zip --no-install-recommends
 
-# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line
-# another location in this file. If you remove that line, the mixins generated content is appended to this file.
 # PORTER_MIXINS
 
 # Use the BUNDLE_DIR build argument to copy files into the bundle
-COPY . $BUNDLE_DIR
+COPY --link . ${BUNDLE_DIR}/
 
-WORKDIR $BUNDLE_DIR/app
+WORKDIR "${BUNDLE_DIR}/app"
 RUN zip -r /cnab/app/LogicApp.zip .

templates/shared_services/airlock_notifier/parameters.json

@@ -1,8 +1,8 @@
 {
-  "schemaVersion": "1.0.0-DRAFT+TODO",
-  "name": "base",
-  "created": "2021-06-04T13:37:29.5071039+03:00",
-  "modified": "2021-06-04T13:37:29.5071039+03:00",
+  "schemaType": "ParameterSet",
+  "schemaVersion": "1.0.1",
+  "namespace": "",
+  "name": "tre-shared-service-airlock-notifier",
   "parameters": [
     {
       "name": "tre_id",

templates/shared_services/airlock_notifier/porter.yaml

@@ -1,6 +1,7 @@
 ---
+schemaVersion: 1.0.0
 name: tre-shared-service-airlock-notifier
-version: 0.2.3
+version: 0.3.0
 description: "A shared service notifying on Airlock Operations"
 registry: azuretre
 dockerfile: Dockerfile.tmpl
@@ -56,27 +57,27 @@ parameters:
 
 mixins:
   - exec
-  - az
+  - az:
+      clientVersion: 2.37.0
   - terraform:
-      clientVersion: 1.2.6
+      clientVersion: 1.3.6
 
 install:
   - terraform:
       description: "Deploy shared service"
-      input: false
       vars:
-        tre_id: "{{ bundle.parameters.tre_id }}"
-        tre_resource_id: "{{ bundle.parameters.id }}"
-        tre_url: "{{ bundle.parameters.tre_url }}"
-        smtp_server_address: "{{ bundle.parameters.smtp_server_address }}"
-        smtp_username: "{{ bundle.parameters.smtp_username }}"
-        smtp_password: "{{ bundle.parameters.smtp_password }}"
-        smtp_from_email: "{{ bundle.parameters.smtp_from_email }}"
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        tre_url: ${ bundle.parameters.tre_url }
+        smtp_server_address: ${ bundle.parameters.smtp_server_address }
+        smtp_username: ${ bundle.parameters.smtp_username }
+        smtp_password: ${ bundle.parameters.smtp_password }
+        smtp_from_email: ${ bundle.parameters.smtp_from_email }
       backendConfig:
-        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
-        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
-        container_name: "{{ bundle.parameters.tfstate_container_name }}"
-        key: "{{ bundle.parameters.tre_id }}-shared-airlock-notifier"
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: ${ bundle.parameters.tre_id }-shared-airlock-notifier
       outputs:
         - name: airlock_notifier_logic_app_name
         - name: airlock_notifier_logic_app_resource_group_name
@@ -87,7 +88,7 @@ install:
         - login
       flags:
         identity:
-        username: "{{ bundle.credentials.azure_client_id }}"
+        username: ${ bundle.credentials.azure_client_id }
 
   - az:
       description: "Deploy logic app"
@@ -97,9 +98,9 @@ install:
         - source
         - config-zip
       flags:
-        name: "{{ bundle.outputs.airlock_notifier_logic_app_name }}"
-        resource-group: "{{ bundle.outputs.airlock_notifier_logic_app_resource_group_name }}"
-        subscription: "{{ bundle.credentials.azure_subscription_id }}"
+        name: ${ bundle.outputs.airlock_notifier_logic_app_name }
+        resource-group: ${ bundle.outputs.airlock_notifier_logic_app_resource_group_name }
+        subscription: ${ bundle.credentials.azure_subscription_id }
         src: LogicApp.zip
 
 
@@ -114,17 +115,16 @@ upgrade:
 uninstall:
   - terraform:
       description: "Tear down shared service"
-      input: false
       vars:
-        tre_id: "{{ bundle.parameters.tre_id }}"
-        tre_resource_id: "{{ bundle.parameters.id }}"
-        tre_url: "{{ bundle.parameters.tre_url }}"
-        smtp_server_address: "{{ bundle.parameters.smtp_server_address }}"
-        smtp_username: "{{ bundle.parameters.smtp_username }}"
-        smtp_password: "{{ bundle.parameters.smtp_password }}"
-        smtp_from_email: "{{ bundle.parameters.smtp_from_email }}"
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+        tre_url: ${ bundle.parameters.tre_url }
+        smtp_server_address: ${ bundle.parameters.smtp_server_address }
+        smtp_username: ${ bundle.parameters.smtp_username }
+        smtp_password: ${ bundle.parameters.smtp_password }
+        smtp_from_email: ${ bundle.parameters.smtp_from_email }
       backendConfig:
-        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
-        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
-        container_name: "{{ bundle.parameters.tfstate_container_name }}"
-        key: "{{ bundle.parameters.tre_id }}-shared-airlock-notifier"
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: ${ bundle.parameters.tre_id }-shared-airlock-notifier

templates/shared_services/certs/Dockerfile.tmpl

@@ -1,40 +1,22 @@
+# syntax=docker/dockerfile-upstream:1.4.0
 FROM python:3.8-slim-bullseye
 
-ARG BUNDLE_DIR
+# PORTER_INIT
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# Install Azure CLI
-# It's useless to specify azcli version since the mixin installs the latest anyway
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends ca-certificates jq curl apt-transport-https lsb-release gnupg \
-    && curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \
-    && AZ_REPO=$(lsb_release -cs) \
-    && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list \
-    && apt-get update && apt-get -y --no-install-recommends install azure-cli \
-    && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
 
 # Install Certbot
 # Some of the tools' versions seem to depend on the base image so proboably best not to specify them.
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends python3 python3-venv libaugeas0 \
+RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
+    apt-get update \
+    && apt-get install -y --no-install-recommends libaugeas0 \
     && python3 -m venv /opt/certbot/ \
     && /opt/certbot/bin/pip install --no-cache-dir --upgrade pip \
-    && /opt/certbot/bin/pip install --no-cache-dir certbot \
-    && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+    && /opt/certbot/bin/pip install --no-cache-dir certbot
 
-# This is a template Dockerfile for the bundle's invocation image
-# You can customize it to use different base images, install tools and copy configuration files.
-#
-# Porter will use it as a template and append lines to it for the mixins
-# and to set the CMD appropriately for the CNAB specification.
-#
-# Add the following line to porter.yaml to instruct Porter to use this template
-# dockerfile: Dockerfile.tmpl
-
-# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line
-# another location in this file. If you remove that line, the mixins generated content is appended to this file.
 # PORTER_MIXINS
 
 # Use the BUNDLE_DIR build argument to copy files into the bundle
-COPY . $BUNDLE_DIR
+COPY --link . ${BUNDLE_DIR}/

templates/shared_services/certs/parameters.json

@@ -1,8 +1,8 @@
 {
-  "schemaVersion": "1.0.0-DRAFT",
-  "name": "base",
-  "created": "2021-06-04T13:37:29.5071039+03:00",
-  "modified": "2021-06-04T13:37:29.5071039+03:00",
+  "schemaType": "ParameterSet",
+  "schemaVersion": "1.0.1",
+  "namespace": "",
+  "name": "tre-shared-service-certs",
   "parameters": [
     {
       "name": "tre_id",