GitHub streamlines the deployment process by providing workflows that you can run to perform the infrastructure deployment and the configuration and SAP installation activities.
You can use GitHub Repos to store your configuration files and use GitHub Actions to deploy and configure the infrastructure and the SAP application.
To use SAP Deployment Automation Framework from GitHub, you need to have a GitHub organization and the right permissions to create a repository.
Use the https://github.com/XpiritBV/azure-sap-automation-deployer
repository template as a starting point for your own repository. Click the Use this template button to create a new repository based on the template.
Note
The GitHub Actions is using Environments to store secrets and variables. Make sure your repository can use the environments feature and the Issues feature is enabled.
After you created the repository, there will be an Issue created with the title "Create GitHub App". This issue contains the steps to configure a GitHub App for the repository.
Before you start creating a deployer, you need to set-up credentials. Let's start with creating a GitHub app, so you can get and set variables and credentials, create and update issues, and register a GitHub runner to deploy the SAP environment.
This app needs the following repository permissions only for this repository:
- Administration: Read & Write (Setting up the GitHub Runner on the deployer VM)
- contents: Read & Write (Creating configuration files, and update workflow with deployer and library)
- Environments: Read & Write (Creating environments)
- Secrets: Read & Write (Used to store secrets in the first step, as there's no App configuration yet)
- Variables: Read & Write (Used to store variables in the first step, as there's no App configuration yet)
- Workflows: Read & Write (Creating configuration files, and update workflow with deployer and library)
-
You can use the following link to create the app requirements automagically: https://github.com/settings/apps/new?description=Used%20to%20create%20environments,%20update%20and%20create%20secrets%20and%20variables%20for%20your%20SAP%20on%20Azure%20Setup.&callback=false&request_oauth_on_install=false&public=true&actions=read&administration=write&contents=write&environments=write&issues=write&secrets=write&actions_variables=write&workflows=write&webhook_active=false&events[]=check_run&events[]=check_suite
-
Generate a private key
- Click on
Generate a private key
- Save the private key in the repository secrets as
APPLICATION_PRIVATE_KEY
- Save the App ID in the repository secrets as
APPLICATION_ID
- Install the app on the organization
- Click on
Install App
and select the organization where you want to deploy the SAP deployment. - Select the repository to grant privileges to the app.
Note: If you don't have permissions in your organization, your organization administrator will receive a request to install the app.
When this is done, you can close this issue and new issues using the issue template create a new environment.
If you want to start to create a new environment to start deploying a deployer, you can do this by creating a new issue on your cloned mirror repository and select the Create Environment
on tap.
When you open this form, you can enter the name of your environment (e.g. acc, dev, prd, etc. Max 5 characters.),the Azure region you want to deploy to and the VNET your deployer needs to be added to/needs to be created. note more info on the naming convention.
After you clicked Submit new issue
a GitHub worklow will be triggered which will create an environment on GitHub to store configuration values and create the configuration file with default settings in your repository. You can look in the WORKSPACES/DEPLOYER
and WORKSPACES/LIBRARY
. Depending on your Azure set-up you need to configure this file to make sure the Deployer is using the correct subnet, vnet, private endpoints, etc. note more information about customizing the control plane.
The next thing we need to do do be able to setup our deployer on Azure, is to connect GitHub and Azure together using OpenID connect. Please follow this link, and create the following secrets:
- Application (client) ID: as
AZURE_CLIENT_ID
inenvironment secrets
- Client secret: as
AZURE_CLIENT_SECRET
inenvironment secrets
- Directory (tenant) ID: as
AZURE_TENANT_ID
inenvironment secrets
- Subscription ID: as
AZURE_SUBSCRIPTION_ID
inenvironment secrets
If you need to deploy the Control Plane Web Application credentials create an app registration as described here.
- App registration ID: as
APP_REGISTRATION_APP_ID
inenvironment secrets
- App registration password: as
WEB_APP_CLIENT_SECRET
inenvironment secrets
When you saved these secrets, please close this issue. A workflow will be triggered to validate the configuration. If the configuration is correct, the issue will be closed automatically. If the configuration is incorrect, the issue will be reopened.
The deployment uses the configuration defined in the Terraform variable files located in the /WORKSPACES/DEPLOYER
and /WORKSPACES/LIBRARY
folders.
- In the GitHub repository, navigate to the
Actions
tab. - Select the
Deploy Control Plane
workflow. - Click the
Run workflow
button and select the configuration name for the deployer and the SAP library.
You can track the progress in the Actions
tab. After the deployment is finished, you can see the control plane details on the summary output.
If the web app is deployed, you need to configure the web app authentication. The issue Configure Web Application authentication is created and contains the steps to configure the web app authentication.
The GitHub runner is a self-hosted runner that runs the GitHub Actions. If you encounter issues with the runner, you can troubleshoot the runner by following these steps.
- Validate the runner is registered in your repository and is Online or Active in the
Settings
-Actions
-Runners
in the GitHub repository. - Validate the runner is installed on the VM by validating the output of the VM extension Custom Script named
configure_deployer
in the Azure Portal.
The GitHub runner is installed on the Deployer VM in the first step of the deployment. If the runner installation fails, you can retry the installation by following these steps.
- Remove the Custom Script extension
configure_deployer
in the Azure Portal. - Remove the runner from the GitHub repository.
- Run the
Deploy Control Plane
workflow again, with theForce a re-install
setting enabled.