diff --git a/docs/caching/azure.md b/docs/caching/azure.md new file mode 100644 index 0000000..0863104 --- /dev/null +++ b/docs/caching/azure.md @@ -0,0 +1,60 @@ +# Azure + +The cache service stores the cache files in an blob storage container. The container will be created automatically when the first job that uses caching is run. + +## Setup + +Make sure you have finished installing the Cirun app on your subscription by following the instructions [here](../cloud/azure). + +The following steps require the use of Azure CLI, because the Azure portal does not support creating custom roles with conditions. + +1. Create a resource group with the name `cirun-cache-rg`. This can be done via the Azure portal or the Azure CLI: + +```bash +az group create --name cirun-cache-rg --location eastus +``` + +2. Create a new custom role, which is scoped to this resource group. Make sure you replace `` with your actual subscription ID. Save the following JSON to a file named `cirun-cache-rule.json`: + +```json +{ + "Name": "CirunCacheStorageRBACWriter", + "IsCustom": true, + "Description": "Assigns Storage Blob Data Owner to managed identities on storage accounts", + "Actions": [ + "Microsoft.Authorization/roleAssignments/read", + "Microsoft.Authorization/roleAssignments/write", + "Microsoft.Storage/storageAccounts/read" + ], + "NotActions": [], + "AssignableScopes": [ + "/subscriptions//resourceGroups/cirun-cache-rg" + ] +} +``` + +3. Create the custom role using the Azure CLI: + +```bash +az role definition create --role-definition cirun-cache-rule.json +``` + +4. Assign the custom role to the cirun application's service principal. Replace `` and `` with the Application ID of the Cirun app in your Azure AD tenant and your subscription ID, respectively: + +```bash +az role assignment create \ + --role "CirunStorageRBACWriter" \ + --assignee \ + --scope "/subscriptions//resourceGroups/cirun-cache-rg" \ + --condition "@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {b7e6dc6d-f1e8-4753-8033-0f276bb0955b}" \ + --condition-version "2.0" +``` + +5. You're all set! The Cirun app will now be able to create and manage the blob storage container for caching! + +:::caution + +The cache container will be created automatically when the first job that uses caching is run, but due to Azure API limitations, the first job may miss the cache on its first run, especially if the caching action is called before **90 seconds**. + +This happens only for the very first job that uses caching after enabling it. Subsequent jobs in the same region will work as expected. +::: diff --git a/docs/caching/index.md b/docs/caching/index.md index b98112e..f8a55e4 100644 --- a/docs/caching/index.md +++ b/docs/caching/index.md @@ -3,7 +3,7 @@ Cirun supports caching of dependencies and build outputs to speed up subsequent runs of workflows. It is compatible with `actions/cache`, `docker/build-push-action`, `actions/setup-*` and other actions that support github actions caching. :::caution -This feature is currently only supported on linux runners on AWS. +This feature is currently only supported on linux runners on AWS & Azure. ::: ## How it works @@ -44,6 +44,7 @@ If you are having issues with throughput, you should increase the volume through Update IAM permission for the cirun user to include the correct permission: - [AWS Permissions](/caching/aws#permissions) +- [Azure Permissions](/caching/azure#setup) ### 3. Update your workflow to use caching diff --git a/docusaurus.config.js b/docusaurus.config.js index ff2c21b..432cf70 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -166,7 +166,7 @@ const config = { prism: { theme: lightCodeTheme, darkTheme: darkCodeTheme, - additionalLanguages: ['yaml', 'bash', 'json', 'javascript', 'typescript'], + additionalLanguages: ['yaml', 'bash', 'json', 'javascript', 'typescript', 'powershell'], }, }), }; diff --git a/sidebars.js b/sidebars.js index 50de69a..4f9bfa0 100644 --- a/sidebars.js +++ b/sidebars.js @@ -59,7 +59,7 @@ module.exports = { type: "category", label: "Caching", link: { type: "doc", id: "caching/index" }, - items: ["caching/aws"] + items: ["caching/aws", "caching/azure"], }, { type: "doc",