Management resource group var name is inconsistent. In some places it is MGMT_RESOURCE_GROUP and some MGMT_RESOURCE_GROUP_NAME. Should be MGMT_RESOURCE_GROUP_NAME in all places.

These workflows need to provide option to deploy the UI.

As per:

https://github.com/microsoft/AzureTRE/blob/6d4eb2939af69d52001a8c844dffcb496ee6a8d7/.github/workflows/deploy_tre_reusable.yml#L682-L728

Can we sync these workflows somehow?

Reference Link: https://microsoft.github.io/AzureTRE/using-tre/pipelines/

Performed the following
Setup Azure Container Registry (ACR) to hold the devcontainer images: 1. Create ACR to hold the devcontainer images following this guide. 1. Enable Admin Account 1. Having setup the previous steps, add the created ACR info to your Github Actions environment:

Run the Deploy-TRE workflow, received the following error

azurerm_container_registry.shared_acr: Creating...
azurerm_storage_account.state_storage: Modifying... [id=/subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/]
azurerm_storage_account.state_storage: Modifications complete after 4s [id=/subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/]
azurerm_storage_container.porter_container: Creating...
azurerm_storage_container.porter_container: Creation complete after 0s [id=https://.blob.core.windows.net/porter]
╷
│ Error: A resource with the ID "/subscriptions//resourceGroups//providers/Microsoft.ContainerRegistry/registries/" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_container_registry" for more information.
│
│ with azurerm_container_registry.shared_acr,
│ on main.tf line 42, in resource "azurerm_container_registry" "shared_acr":
│ 42: resource "azurerm_container_registry" "shared_acr" {
│
╵
make: *** [/home/vscode/AzureTRE/Makefile:32: mgmt-deploy] Error 1
Error: Process completed with exit code 2.

Github action is expecting :

• TEST_APP_ID, does not exist in the doc, and I think this is test_account_client_id in config.yaml ?
• TEST_WORKSPACE_APP_ID, the doc says it is WORKSPACE_API_CLIENT_ID in the yaml, but that is not there, must be api_client_id ?
• TEST_WORKSPACE_APP_SECRET, the docs says it is WORKSPACE_API_CLIENT_SECRET in the yaml, but it does not exist, must be api_client_secret ?

We have deployed TRE, but not able to authenticate API from .Net core application while, authenitcation the Api
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: 'AADSTS500131: Assertion audience does not match the Client app presenting the assertion. The audience in the assertion was Client id and the expected audience is 'api:// apid or one of the Application Uris of this application with App ID. The downstream client must request a token for the expected audience (the application that made the OBO request) and this application should use that token as the assertion

Please suggest solution for above error.

Update for release 0.14.0

As a developer

When I clone the parent repository (as per guide https://microsoft.github.io/AzureTRE/0.8.0/) to my local machine, AzureTRE repository is not copied in as a subfolder (subrepository)
As a result, MakeFile cannot run

1. Clone AzureTre repository in Visual Studo Code (https://github.com/microsoft/AzureTRE-Deployment)
2. Re-open in a Docker container
3. run "Make auth"

Running Clean Validation Environment workflow from templated AzureTRE-Deployment, experiencing the following error:

Clean
Az CLI Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows

I am receiving the following error below when running the Deploy TRE workflow.

I've set the following Env variable in the workflow Env settings to P1v2, with no change in the error
API_APP_SERVICE_PLAN_SKU_SIZE
APP_SERVICE_PLAN_SKU_SIZE

Error: creating Service Plan: (Serverfarm Name "plan-airlock-" / Resource Group "rg-"): web.AppServicePlansClient#CreateOrUpdate: Failure sending request: StatusCode=401 -- Original Error: Code="Unauthorized" Message="This region has quota of 0 PremiumV3 instances for your subscription. Try selecting different region or SKU." Details=[{"Message":"This region has quota of 0 PremiumV3 instances for your subscription. Try selecting different region or SKU."},{"Code":"Unauthorized"},{"ErrorEntity":{"Code":"Unauthorized","ExtendedCode":"52039","Message":"This region has quota of 0 PremiumV3 instances for your subscription. Try selecting different region or SKU.","MessageTemplate":"{0}. Try selecting different region or SKU.","Parameters":["This region has quota of 0 PremiumV3 instances for your subscription"]}}]

Issue / Need

1. In Dev environments we need to un-select App Service Plans or be able to run them on something essentially free rather than the Premium versions of App Service Plans that are constrained.

2. We need a reliable method of setting SKU sizes in the Env variables.

3. We need this documented as today we can only find variable settings by reading the code.

For scenarios where configuration changes (i.e. updating a network address space) and custom template additions are made and PR'd into a user's deployment repo, it would be useful to have an out-of-the-box PR comment bot to run an ephemeral build (deployment of the TRE) before PRs are merged to a main branch and update the user's persistent environment, much like we do in the AzureTRE repo itself.

This would help users to validate any changes to configuration, custom templates etc. and test a deployment before deploying to a persistent env.

Would welcome some thoughts and discussion on this and happy to implement if there's agreement.

Error: error running command /cnab/app/terraform /usr/bin/terraform destroy -auto-approve -input=false -var image=Server 2019 Data Science VM -var image_gallery_id= -var parent_service_id=xxxxxxxxxxxxx -var shared_storage_access=true -var shared_storage_name=vm-shared-storage -var

Description

As a TRE Azure Administrator
I want to have the sample env files synced with the required env files by AzureTRE
So that I have all env vars in place

Acceptance criteria

• Sample env files are synced with AzureTRE sample env files when opened in devcontainer

Encountered during Deploy TRE - Deploy Main / Deploy Management

Initializing provider plugins...

• Finding hashicorp/azurerm versions matching "3.12.0"...
• Using previously-installed hashicorp/azurerm v3.12.0

Terraform has been successfully initialized!
data.azurerm_client_config.current: Reading...
azurerm_resource_group.mgmt: Refreshing state... [id=/subscriptions//resourceGroups/]
data.azurerm_client_config.current: Read complete after 0s [id=2022-09-23 21:59:23.609348564 +0000 UTC]
azurerm_storage_account.state_storage: Refreshing state... [id=/subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/***]
╷
│ Error: alpha numeric characters only are allowed in "name": ""
│
│ with azurerm_container_registry.shared_acr,
│ on main.tf line 43, in resource "azurerm_container_registry" "shared_acr":
│ 43: name = var.acr_name
│
╵
╷
│ Error: "name" cannot be less than 5 characters: ""
│
│ with azurerm_container_registry.shared_acr,
│ on main.tf line 43, in resource "azurerm_container_registry" "shared_acr":
│ 43: name = var.acr_name
│
╵
make: *** [/home/vscode/AzureTRE/Makefile:32: mgmt-deploy] Error 1
Error: Process completed with exit code 2.

On the main AzureTRE repo there is a lets_encrypt workflow to create an SSL certificate, that doesn't exist in this repository. Just copying that workflow in fails, as it doesn't execute in the devcontainer.

Hi,

(I appreciate this is a known issue, but I didn't find an Issue on GH for it.)

When deploying a new AzureTRE, the CICD pipeline fails reliably on ACR Login with the error below. A workaround is available by re-running the workflow, but it would be better if the root cause could be fixed.

Describe the bug

TODO add link to main repo can be updated now

Steps to reproduce

1. Got to main README
2. Update the TODO add link to main repo

Using GitHub Actions post Deploy main / Deploy TRE
All Register Shared Bundles start, and all fail at the same place
As noted previously I have removed ACR_NAME from the Env Secrets as GitHub Actions uses the ACTIONS_ACR_NAME

Example 1
Deploy main / Register Shared Bundles (shared_service, ${AZURETRE_HOME}/templates/shared_services/firewall)
»»» 🔨 Azure details from logged on user
»»» • Subscription: Microsoft Azure Sponsorship
»»» • Tenant: ***

ERROR: argument --name/-n: expected one argument

Examples from AI knowledge base:
az acr login -n MyRegistry
Log in to an Azure Container Registry

az acr login -n MyRegistry --expose-token
Get an Azure Container Registry access token

https://aka.ms/cli_ref
Read more about the command in reference docs
make: *** [/home/vscode/AzureTRE/Makefile:245: bundle-register] Error 2
Error: Process completed with exit code 2.

Example 2
Deploy main / Register Shared Bundles (shared_service, ${AZURETRE_HOME}/templates/shared_services/gitea)
»»» 🔨 Azure details from logged on user
»»» • Subscription: Microsoft Azure Sponsorship
»»» • Tenant: ***

ERROR: argument --name/-n: expected one argument

Examples from AI knowledge base:
az acr login -n MyRegistry
Log in to an Azure Container Registry

az acr login -n MyRegistry --expose-token
Get an Azure Container Registry access token

https://aka.ms/cli_ref
Read more about the command in reference docs
make: *** [/home/vscode/AzureTRE/Makefile:245: bundle-register] Error 2
Error: Process completed with exit code 2.

Description

As a TRE Administrator
I want to have all the guidance docs in one place
So that I have everything centralized for me in one place

The instructions found here https://microsoft.github.io/AzureTRE/v0.9.0/tre-admins/setup-instructions/deployment-repo/ say to use this option in step 1 of getting started, however this option has disappeared from the repository : https://microsoft.github.io/AzureTRE/v0.9.0/tre-admins/setup-instructions/deployment-repo/

Please advise.

We have had reports of the "Clean Validation Environment" workflow can cause issues with existing deployments.

Is it needed in this repository?

@LizaShak @tamirkamara thoughts?

We are deploying TRE using via a pipeline and using this deployment template as our base.

The Upgrade instructions for our scenario suggests we update the OSS_VERSION variable in the .devcontainer only ?
https://microsoft.github.io/AzureTRE/v0.12.0/tre-admins/upgrading-tre/#how-to-upgrade-azuretre-version
But I notice that this template has been updated this morning to reflect version 12 changes / additions.

My question now then is, what is the upgrade process for this template ?
We have used the previous versions and added custom templates.
A simple pull from origin is needed?

Description

As a AzureTRE-Deployment developer,
I would like to use the latest AzureTRE version and to be aligned with the new configuration

I've tried to build the devcontainer locally and I get the following error

[276489 ms] Start: Run in container: /bin/sh -c .devcontainer/scripts/post-create-command.sh
find: ‘AzureTRE/devops/’: No such file or directory
[277020 ms] postCreateCommand failed with exit code 1. Skipping any further user-provided commands.

Just downloading the AzureTRE release seems to fix it.

Hardware: M1 Pro Mac
OS: MacOS 12.5.1
build_log.txt

Many thanks for your help in advance.

As the title – it seems that install-node.sh isn't used and thus could/should(?) be removed

It looks like the dev container was not updated as part of the v0.8.0 release. given the upgrade to porter v1 the build of any Porter bundles will fail - for example the Firewall.

Workaround is to add the following lines into the dev container:

# can't be in a non default path
# ARG PORTER_HOME_V1=/home/$USERNAME/.porter-v1/
ARG PORTER_HOME_V1=/home/$USERNAME/.porter/
ARG PORTER_VERSION=v1.0.4
ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.0
ARG PORTER_AZ_MIXIN_VERSION=v1.0.0
ARG PORTER_AZURE_PLUGIN_VERSION=v1.0.1
COPY .devcontainer/scripts/porter-v1.sh /tmp/
RUN export PORTER_VERSION=${PORTER_VERSION} \
    PORTER_TERRAFORM_MIXIN_VERSION=${PORTER_TERRAFORM_MIXIN_VERSION} \
    PORTER_AZ_MIXIN_VERSION=${PORTER_AZ_MIXIN_VERSION} \
    PORTER_AZURE_PLUGIN_VERSION=${PORTER_AZURE_PLUGIN_VERSION} \
    PORTER_HOME=${PORTER_HOME_V1} \
    && /tmp/porter-v1.sh

ENV PATH ${PORTER_HOME_V1}:$PATH

and copy https://github.com/microsoft/AzureTRE/blob/main/.devcontainer/scripts/porter-v1.sh in the .devcontainer/scripts/ directory.

cc @LizaShak @tamirkamara

The following pages and links are broken

Page - https://github.com/microsoft/AzureTRE-Deployment
Broken Link - https://github.com/microsoft/AzureTRE-Deployment/blob/main
Description - 404

Page - https://github.com/microsoft/AzureTRE-Deployment
Issue - incomplete ToDo
Project structure and overview
//TODO: Add link here once the pr on the main repo is merged

Page - https://github.com/microsoft/AzureTRE-Deployment
Recommendation - changed the following text
In this repository there are 3 configuration files:

• /devops/auth.env - created during bash make auth

• /devops/.env - contains deployment related configuration such as management infrastructure and azure credentials.

• /templates/core/.env - containes TRE setup config.

  Copy the sample env files, renaming them without the sample suffix (For example: .env.sample -> .env).Then fill in the required environment configurations.
  Page - https://microsoft.github.io/AzureTRE/tre-admins/setup-instructions/pre-deployment-steps/
  Broken Link - https://microsoft.github.io/AzureTRE/tre-admins/auth/#enabling-users
  Description - Missing doc ref for Enabling Users

Following last PR update, issues have been introduced with the main.tf file in AzureTRE repository.

Log Output

Initializing the backend...

Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...

• Finding hashicorp/azurerm versions matching "3.12.0"...
• Using previously-installed hashicorp/azurerm v3.12.0

Terraform has been successfully initialized!
data.azurerm_client_config.current: Reading...
azurerm_resource_group.mgmt: Refreshing state... [id=/subscriptions//resourceGroups/]
data.azurerm_client_config.current: Read complete after 0s [id=2022-09-23 15:40:41.813769401 +0000 UTC]
azurerm_storage_account.state_storage: Refreshing state... [id=/subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/]
azurerm_container_registry.shared_acr: Refreshing state... [id=/subscriptions//resourceGroups//providers/Microsoft.ContainerRegistry/registries/]
azurerm_storage_container.porter_container: Refreshing state... [id=https://***.blob.core.windows.net/porter]
╷
│ Error: alpha numeric characters only are allowed in "name": ""
│
│ with azurerm_container_registry.shared_acr,
│ on main.tf line 43, in resource "azurerm_container_registry" "shared_acr":
│ 43: name = var.acr_name
│
╵
╷
│ Error: "name" cannot be less than 5 characters: ""
│
│ with azurerm_container_registry.shared_acr,
│ on main.tf line 43, in resource "azurerm_container_registry" "shared_acr":
│ 43: name = var.acr_name
│
╵
make: *** [/home/vscode/AzureTRE/Makefile:32: mgmt-deploy] Error 1
Error: Process completed with exit code 2.

I've encountered this error while running Actions -> DeployTRE -> Deploy TRE Core

module.appgateway.azurerm_monitor_diagnostic_setting.agw: Creating...
module.appgateway.azurerm_monitor_diagnostic_setting.agw: Creation complete after 4s [id=/subscriptions//resourceGroups/rg-/providers/Microsoft.Network/applicationGateways/agw-|diagnostics-agw-]
╷
│ Error: waiting for creation of Windows Virtual Machine: (Name "vm-" / Resource Group "rg-"): Code="RetryableError" Message="A retryable error occurred."
│
│ with azurerm_windows_virtual_machine.jumpbox,
│ on admin-jumpbox.tf line 27, in resource "azurerm_windows_virtual_machine" "jumpbox":
│ 27: resource "azurerm_windows_virtual_machine" "jumpbox" {
│
╵
╷
│ Error: waiting for creation of Private Endpoint "pe-ampls-" (Resource Group "rg-"): Code="InternalServerError" Message="An error occurred." Details=[]
│
│ with module.azure_monitor.azurerm_private_endpoint.azure_monitor_private_endpoint,
│ on azure-monitor/azure-monitor.tf line 82, in resource "azurerm_private_endpoint" "azure_monitor_private_endpoint":
│ 82: resource "azurerm_private_endpoint" "azure_monitor_private_endpoint" {
│
╵
Script done, file is 1663699677-tre-core.log
Terraform Error
make: *** [/home/vscode/AzureTRE/Makefile:103: deploy-core] Error 1
Error: Process completed with exit code 2.

It would be nice to add a script to avoid manually create the GH secrets.

here is what I am using :

gh auth login
repo="name/AzureTRE-Deployment"
env="CICD"
ghvar=$(cat ./config.yaml | grep ":" | grep -v -e '#' | grep -v -e ':$' | sed 's/ //g')
for fn in $ghvar; 
do 
	parameter=$(echo $fn |cut -d ":" -f 1)
	value=$(echo $fn |cut -d ":" -f 2)
	gh secret set $parameter -b $value --repo $repo  --env $env
done

Documentation on git updates and Releases would improve the customer functionality of this repo. For instance there are 2 open pull requests against this repo today, as a customer I have to read in them what changed and then determine to the best of my ability if I need to sync and re-deploy to take advantage of those updates. The following documentation would help

Release notes
With each code update / PR a set of release notes should accompany the PR informing customers of the change and if those changes will affect deployment, operations, etc and if they should be deployed to the customer repo. If the customers should deploy the changes to their environment then please share code / or a script that should be run to deploy from their template repo to their environment (ensuring that deployment to the environment happens after the changes have been merged from the TRE-Deployment repository - see git Commands below).

git Commands
If the PR's being released to the TRE-Deployment updates should be replicated to the customers repo, then providing the git commands to add a git remote (the TRE-Deployment repo), create a branch from the TRE-Deployment remote repo and merge changes.

started a Fresh CI/CD deployment but did not add new variables environment WORKSPACE_APP_SERVICE_PLAN_SKU.
Deployment proceeded until it failed because the SKU did not exist:

Error: creating Service Plan: (Serverfarm Name "plan-" / Resource Group "rg-"): web.AppServicePlansClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Requested features are not supported in region. Please try another region." Details=["Message":"Requested features are not supported in region. Please try another region.","Code":"BadRequest","ErrorEntity":"Code":"BadRequest","ExtendedCode":"59911","Message":"Requested features are not supported in region. Please try another region.","MessageTemplate":"Requested features are not supported in region. Please try another region.","Parameters":[]***]

It would be nice to check that mandatory env variables have at least a non-null value.

We have deployed TRE, but not able to authenticate API from swagger, getting below error

Auth ErrorError: response status is 401, error: invalid_client, description: AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented. Trace ID: 493d8809-f97d-404a-8b85-4e64fac8ba00 Correlation ID: 93c27642-619f-44b4-8ea9-1a711aa1bc24 Timestamp: 2023-02-27 09:13:07Z

Please suggest solution for above error.

As an AzureTRE administrator,
I want to upgrade to the latest version of AzureTRE e.g 0.10.0
so that I can take advantage of new features

I installed TRE today with ENABLE_SWAGGER to true
but i still got the error "Swagger is disabled. Set 'ENABLE_SWAGGER' to true in order to access Swagger." on /api/docs

The workflow files have a predefined set of secrets.

If I want to configure, API_APP_SERVICE_PLAN_SKU_SIZE, how should I do this?

I can edit the actions.yml file, but I don't want to diverge from this repo and ideally this should be read in from configuration so it can be changed.

As an AzureTRE administrator,
I want to upgrade to the latest version of AzureTRE e.g 0.9.0
so that I can take advantage of new features

Testing Deployment Repo

Certain make commands are necessary to initialize azure before the github actions will work

make bootstrap produces the following Terraform error

note: Tenant and Subscription ID's removed for privacy

@daemel ➜ /workspaces/AzureTRE-P3 (main) $ make bootstrap

»»» 🧩 Bootstrap Terraform...

╔══════════════════════════════════════╗
║ Azure TRE Makefile ║
╚══════════════════════════════════════╝

»»» ✅ Checking pre-reqs...

Checking for Azure CLI...

Loading local environment variables...
»»» 🔨 Azure details from logged on user
»»» • Subscription: Microsoft Azure Sponsorship
»»» • Tenant: ***

»»» 🤖 Creating resource group and storage account...
Location Name

northcentralus oss-mgmt36-rg
AccessTier AllowBlobPublicAccess CreationTime EnableHttpsTrafficOnly Kind Location MinimumTlsVersion Name PrimaryLocation ProvisioningState ResourceGroup StatusOfPrimary

Hot True 2022-09-28T15:47:03.514915+00:00 True StorageV2 northcentralus TLS1_0 tremgmt36 northcentralus Succeeded oss-mgmt36-rg available
Created

True
Created

True

»»» ✨ Terraform init...

Initializing the backend...

Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...

• Finding hashicorp/azurerm versions matching "3.12.0"...
• Installing hashicorp/azurerm v3.12.0...
• Installed hashicorp/azurerm v3.12.0 (signed by HashiCorp)

Terraform has been successfully initialized!

»»» 📤 Importing resources to state...
No instance found for the given address!

This command requires that the address references one specific instance.
To view the available instances, use "terraform state list". Please modify
the address to reference a specific instance.

~~
/subscriptions//resourceGroups/oss-mgmt36-rg
azurerm_resource_group.mgmt: Importing from ID "/subscriptions//resourceGroups/oss-mgmt36-rg"...
azurerm_resource_group.mgmt: Import prepared!
Prepared azurerm_resource_group for import
azurerm_resource_group.mgmt: Refreshing state... [id=/subscriptions/***/resourceGroups/oss-mgmt36-rg]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

No instance found for the given address!

This command requires that the address references one specific instance.
To view the available instances, use "terraform state list". Please modify
the address to reference a specific instance.
azurerm_storage_account.state_storage: Importing from ID "/subscriptions//resourceGroups/oss-mgmt36-rg/providers/Microsoft.Storage/storageAccounts/tremgmt36"...
azurerm_storage_account.state_storage: Import prepared!
Prepared azurerm_storage_account for import
azurerm_storage_account.state_storage: Refreshing state... [id=/subscriptions//resourceGroups/oss-mgmt36-rg/providers/Microsoft.Storage/storageAccounts/tremgmt36]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

State imported
@daemel ➜ /workspaces/AzureTRE-P3 (main) $

Would it be possible to have an Azure Deployment section in the Readme.md file. Today for instance the readme.md contains the following

Congiguration Setup
The configuration files are required for the AzureTRE local deployment. Before setting up the configuration files make sure to follow the AzureTRE predeployment steps to setup and understand the required configuration.

It would help to have a section dedicated to Azure deployment rather than local deployment, ie something that points to https://microsoft.github.io/AzureTRE/using-tre/pipelines/pipelines/ along with a dedicated section for an Azure focused installation

Two issues occur when running thought GitHub actions.

1st Issue - can be resolved by adding ARM_TENANT_ID to the GitHub Env variables.
2nd Issue - can be resolve by adding the following to Env Secrets

MGMT_RESOURCE_GROUP = Management Reource Group Name
STATE_STORAGE_ACCOUNT_NAME = Storage Account Name
TF_STATE_CONTAINER = tfstate (container name)
TRE_ADDRESS_SPACE: ${{ secrets.TRE_ADDRESS_SPACE }}

Testing:

• Running bootstrap locally does work
• Running bootstrap from the DevContainer (AzureTRE) will also work.
• Running bootstrap via GitHub Actions will fail

Process

Start with the TRE Pipelines page
https://microsoft.github.io/AzureTRE/using-tre/pipelines/pipelines/

Create Environment (github settings)
https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#creating-an-environment

The following environment variables should be defined in your github environment:

Auth env vars - https://microsoft.github.io/AzureTRE/tre-admins/auth/##create_authentication_assets

Added to both GitHub Secrets and to templates/core/.env

TRE_ID =
AAD_TENANT_ID =
LOCATION =
AUTO_WORKSPACE_APP_REGISTRATION = true
AUTO_WORKSPACE_GROUP_CREATION = false

Core and Devops env vars - https://microsoft.github.io/AzureTRE/tre-admins/environment-variables/

Added to both GitHub Secrets and to devops/.env

LOCATION =
MGMT_RESOURCE_GROUP_NAME =
MGMT_STORAGE_ACCOUNT_NAME =
TERRAFORM_STATE_CONTAINER_NAME =
ACR_NAME =

Start Codespaces from Repo / main

Login to Azure
az login --tenant <TENANT_ID> --use-device-code (uses MFA)

Run make bootstrap - everything is ok.

Run make bootstrap via GitHub Actions and script fails multiple ways.

1st Problem: docs are missing a reference to ARM_TENANT_ID that needs to be set in GitHub Secrets
Error:
Run docker run --rm --mount \

»»» 🧩 Bootstrap Terraform...

╔══════════════════════════════════════╗
║ Azure TRE Makefile ║
╚══════════════════════════════════════╝

»»» ✅ Checking pre-reqs...

Checking for Azure CLI...
ERROR: usage error: --service-principal --username NAME -*** --tenant TENANT
ERROR: The subscription of '***' doesn't exist in cloud 'AzureCloud'.
ERROR: Please run 'az login' to setup account.
ERROR: Please run 'az login' to setup account.
ERROR: Please run 'az login' to setup account.

»»» ⚠️ You are not logged in to Azure!
make: *** [/home/vscode/AzureTRE/Makefile:27: bootstrap] Error 1
Error: Process completed with exit code 2.

2nd Problem:

»»» 🧩 Bootstrap Terraform...

╔══════════════════════════════════════╗
║ Azure TRE Makefile ║
╚══════════════════════════════════════╝

»»» ✅ Checking pre-reqs...

Checking for Azure CLI...

»»» 🔨 Azure details from logged on user
»»» • Subscription: Microsoft Azure Sponsorship
»»» • Tenant: ***

»»» 🤖 Creating resource group and storage account...
ERROR: (None) No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/***/resourcegroups/?api-version=2021-04-01'.
Code: None
Message: No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/***/resourcegroups/?api-version=2021-04-01'.
make: *** [/home/vscode/AzureTRE/Makefile:27: bootstrap] Error 3
Error: Process completed with exit code 2.

~~

Hi,

Can anyone help. I have ran the 'make bundle-build\publish\register' on a workspace_service bundle. It registered with API. When I clicked on it to create a new Workspace Service I get the below error

Resource Id
: 583446c7-5081-44ba-8b20-22bd0b32fabd
Resource Path
: /workspaces/a3384f46-c377-44d8-95f8-de5d5d01a7c7/workspace-services/583446c7-5081-44ba-8b20-22bd0b32fabd
Resource Version
: 0
Status
: deployment_failed
Action
: install
Message
: 583446c7-5081-44ba-8b20-22bd0b32fabd: Error context message = Error: unable to pull bundle before installation: unable to pull bundle trect07acr.azurecr.io/tre-workspace-service-psstorage:v0.1.1: error reading porter.yaml for trect07acr.azurecr.io/tre-workspace-service-psstorage:v0.1.1: error unmarshaling custom action schemaVersion: yaml: unmarshal errors: line 1: cannot unmarshal !!str 1.0.0 into manifest.Steps az login --identity -u 7500626c-b78a-49c5-bd19-2e9a47807d08 && az acr login --name trect07acr && porter install "583446c7-5081-44ba-8b20-22bd0b32fabd" --reference trect07acr.azurecr.io/tre-workspace-service-psstorage:v0.1.1 --allow-docker-host-access --force --cred ./vmss_porter/arm_auth_local_debugging.json --cred ./vmss_porter/aad_auth.json

my Porter.yaml looks like this

schemaVersion: 1.0.0
name: tre-workspace-service-psstorage
version: 0.1.1
description: "A storage account workspace service"
dockerfile: Dockerfile.tmpl
registry: azuretre

We need to update this repo to the 0.5.0 release of AzureTRE

It looks like this is started here: #27

Receiving the following error during GitHub Action based deployments.

»»» 🤖 Creating resource group and storage account...
ERROR: (None) No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/***/resourcegroups/?api-version=2021-04-01'.
Code: None
Message: No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/***/resourcegroups/?api-version=2021-04-01'.
make: *** [/home/vscode/AzureTRE/Makefile:27: bootstrap] Error 3
Error: Process completed with exit code 2.

Steps to reproduce

1. Use AzureTRE-Deployment as a template
2. Store Env variables
3. Manually trigger Deploy TRE workflow

Running Deploy Azure TRE workflow fails when creating sonatype-nexus-vm bundle.
All remaining bundles and workspace shared services were sucessful.

/bin/bash: line 4: cd: ה/templates/shared_services/sonatype-nexus-vm/: No such file or directory make: *** [/home/vscode/AzureTRE/Makefile:223: bundle-check-params-remote] Error 1 Error: Process completed with exit code 2.

The following modification were made to the deploy_tre_reusable.yml file for our deployment:

Description

As a TRE Administrator
I want the clean validation envs workflow to use my repo from the workflow context
So that I don't need to set it up manually.

When deploying TRE, if an ACR is being created for the first time, the sleep time is not sufficient to wait until the ACR is fully created and ready for login.

for i in ***1..3***; do az acr login --name "***" && ec=0 && break || ec=\$? && sleep 10 done Error: Process completed with exit code 2.