Automated version Updates

Automated deployments is a feature that automates the process where a customer environment receives updates from our upstream repositories into their Github repository and have the changes applied to their terraform managed infrastructure.

This document provides guidance on how to set up a new customer and conduct an environment update for an existing customer that has been onboarded to automated deployments.

Setup for a New Customer

The following steps are required to set up a new customer for automated deployments:

1. Create two new repositories in the customer’s Github organization, infrastructure-live and infrastructure-modules.

2. Clone both repos to your local and add our repositories as the upstream and pull the code to the main branch.

   cd ./infrastructure-live
   git remote add upstream git@github.com:quantum-sec/infrastructure-live-customer.git
   # Pull from the Armor repository
   git pull upstream master
   # Push to the customer repository
   git push origin main

You’ll repeat this process for infrastructure-modules with an additional step of pulling and pushing tags.

cd ./infrastructure-modules
git remote add upstream git@github.com:quantum-sec/infrastructure-modules-customer.git

# Pull from the Armor repository
git pull upstream master

# Push to YOUR repository
git push origin main

# Pull tags from the Armor repository
git pull upstream master --tags

# Push tags to the customer repository
git push --tags

1. Generate a deploy key in the infrastructure-modules repository. You may follow this guide on creating deploy keys. Add this deploy key as a repository secret named DEPLOY_KEY in infrastructure-live. You may follow this guide on adding repository secrets.

2. Generate an Azure service principle that has the following permissions. This can be done in either the customer tenant or via delegated permissions to a customer subscription scoped service principle in the Armor tenant. Add the service principle into the infrastructure-live repository as secrets with both values AZURE_{ENVIRONMENT}_CLIENTID and AZURE_{ENVIRONMENT}_CLIENTSECRET

3. Set up the GitHub workflow file using the linked steps.

In summary, you would need 3 secrets DEPLOY_KEY, AZURE_DEMO_CLIENTID and AZURE_DEMO_CLIENTSECRET.

Perform an Environment Update

The following steps are required to conduct an environment update for an existing customer that has been onboarded to automated deployments:

1. Clone both infrastructure-live and infrastructure-modules repositories to your local machine.

2. Add the upstream repositories, pull changes and push code and tags for infrastructure-modules.

   cd ./infrastructure-modules
   git remote add upstream git@github.com:quantum-sec/infrastructure-modules-customer.git
   # Pull from the Armor repository
   git pull upstream master
   # Push to YOUR repository
   git push origin main
   # Pull tags from the Armor repository
   git pull upstream master --tags
   # Push tags to the customer repository
   git push --tags

3. For infrastructure-live, checkout to a new branch and pull changes.

   cd ./infrastructure-live
   git remote add upstream git@github.com:quantum-sec/infrastructure-live-customer.git
   # Checkout to new branch
   git checkout -b feature/update-infrastructure
   # Pull from the Armor repository
   git pull upstream master
   # Push to the customer repository
   git push origin feature/update-environment

4. Push the new branch and make a pull request (PR) on GitHub. A terragrunt run-all plan will be performed, and you should check the output in the PR comments for any unexpected outcomes.

5. Merge the PR, and a terragrunt run-all apply will be performed. Monitor for any failures.

Note that the automated deployments feature is currently being worked on in phases, and we will continue to update this document as new features are released.

If you encounter any issues during the setup or update process, please contact our support team for assistance.