-
Notifications
You must be signed in to change notification settings - Fork 41
138 lines (126 loc) · 5.43 KB
/
build-and-deploy-dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# This workflow will build a docker image, push it to ghcr.io, and deploy it to an Azure WebApp.
name: Build and Deploy to dev service app
# Update the triggers based on the environment that is being deployed to.
# Triggers for dev deployments: 1) manually triggered, 2) push to branch `master`
# Triggers for prod deployments: 1) manually triggered, 2) release created
on:
workflow_dispatch:
inputs:
user:
description: 'User to check deployable status'
required: true
default: 'jeffmcaffer'
push:
branches: [master]
# There are secrets and environment variables that need to be set that control what is pushed to
# ghcr and Azure.
#
# Org Secrets:
# AZURE_CREDENTIALS: service principal that has access to the Azure apps
#
# Secrets:
# AZURE_WEBAPP_PUBLISH_PROFILE_DEV: publish profile for the Azure WebApp NOTE: The name of the secret changes. For dev, it ends in `_DEV`. Production does not have an extension.
#
# Environment Variables:
# APPLICATION_TYPE: type of application that is being deployed; used to add a label to the Docker image (values: api | web | worker)
# AZURE_WEBAPP_NAME: name of the Azure WebApp being deployed
# DEPLOY_ENVIRONMENT: environment that the code is being deployed to; used to add a label to the Docker image (values: dev | prod)
# DEPLOY_DOCKER_TAG: the tag used for deploying a specific Docker image to Azure. For dev, use the `github.sha`. For production, use the SEMVER
# version of the release. Make sure to add this tag to the `DOCKER_TAGS` in the `Build and push Docker image` step.
# DOCKER_IMAGE_NAME: name of the Docker image that is being built and pushed to ghcr.io.
env:
APPLICATION_TYPE: api
AZURE_WEBAPP_NAME: clearlydefined-api-dev
DEPLOY_ENVIRONMENT: dev
DEPLOY_DOCKER_TAG: ${{ github.sha }}
DOCKER_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ github.repository }}-dev
jobs:
# TODO: REMOVE: This is a temporary step to ensure the deployable check works
check-deployable:
uses: clearlydefined/operations/.github/workflows/deployable.yml@elr/deploy-limits
secrets: inherit
with:
user: ${{ github.event.inputs.user }}
verify-secrets:
# need to verify required secrets are set
name: Verify Secrets
runs-on: ubuntu-latest
steps:
- name: Check secrets
run: |
AZURE_CREDENTIALS="${{ secrets.AZURE_CREDENTIALS }}"
AZURE_CREDENTIALS_SINGLE_LINE=$(echo -n "$AZURE_CREDENTIALS" | tr -d '\n')
len=${#AZURE_CREDENTIALS_SINGLE_LINE}
echo "length of creds: ${len}"
if [[ ${len} -le 0 ]]; then
echo "AZURE_CREDENTIALS is not set"
exit 1
fi
AZURE_WEBAPP_PUBLISH_PROFILE_DEV="${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_DEV }}"
len_AZURE_WEBAPP_PUBLISH_PROFILE_DEV=${#AZURE_WEBAPP_PUBLISH_PROFILE_DEV}
echo "length of pub profile: ${len_AZURE_WEBAPP_PUBLISH_PROFILE_DEV}"
# if [[ ${len_AZURE_WEBAPP_PUBLISH_PROFILE_DEV} -le 0 ]]; then
# echo "AZURE_WEBAPP_PUBLISH_PROFILE_DEV is not set"
# exit 1
# fi
exit 1
build-and-deploy:
name: Build and Deploy
needs: [check-deployable, verify-secrets] # TODO: REMOVE: This is a temporary step to ensure the deployable check works
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Log into ghcr registry
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }} # user that kicked off the action
password: ${{ secrets.GITHUB_TOKEN }} # token created when the action launched (short lived)
- name: Build and push Docker image
env:
DOCKER_TAGS: |
${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}
uses: docker/[email protected]
with:
context: .
push: true
file: Dockerfile
tags: ${{ env.DOCKER_TAGS }}
labels: |
env=${{ env.DEPLOY_ENVIRONMENT }}
type=${{ env.APPLICATION_TYPE }}
- name: Login for Azure cli commands
uses: azure/[email protected]
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# v3.0.1 passes when AZURE_WEBAPP_PUBLISH_PROFILE_DEV isn't set, but should fail.
# Added secret check above to ensure it is set.
- name: Deploy to Azure WebApp
uses: azure/[email protected]
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_DEV }}
images: '${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}'
# set configs after deploy in case the deploy fails
- name: Set DOCKER configs in Azure web app
uses: azure/[email protected]
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
app-settings-json: |
[
{
"name": "DOCKER_CUSTOM_IMAGE_NAME",
"value": "${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}",
"slotSetting": false
},
{
"name": "DOCKER_REGISTRY_SERVER_URL",
"value": "https://ghcr.io",
"slotSetting": false
},
{
"name": "BUILD_SHA",
"value": "${{ github.sha }}",
"slotSetting": false
}
]