RWA: Scheduled Build & Deploy #218
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a GitHub Actions workflow file for building and deploying a Reliable Web App (RWA) pattern to an Azure environment. | |
| # | |
| # Usage: | |
| # - To trigger the workflow manually, click the "Run workflow" button in the Actions tab of your GitHub repository. | |
| # - To schedule the workflow, uncomment the "schedule" section and specify a cron expression. | |
| # | |
| # Inputs: | |
| # - environment: The target environment for the deployment (dev or prod). | |
| # - run_tear_down: Whether to delete resources after a run (true or false). | |
| # | |
| # Permissions: | |
| # - id-token: write | |
| # - contents: read | |
| # | |
| # Environment variables: | |
| # - APP_ENVIRONMENT: The target environment for the deployment (dev or prod). | |
| # - AZURE_APP_NAME: The name used to seed resource names generated by this deployment. | |
| # - AZURE_CLIENT_ID: The client ID of the Azure AD App Registration. | |
| # - AZURE_CLIENT_SECRET: The client secret of the Azure AD App Registration. | |
| # - AZURE_CREDENTIALS: The json used to authenticate with the Azure CLI. | |
| # - AZURE_LOCATION: The Azure region string where resources are provisioned. | |
| # - AZURE_SUBSCRIPTION_ID: The subscription where Azure resource will be provisioned. | |
| # - AZURE_TENANT_ID: The Azure AD tenant hosting the App Registration used for authentication by the web app. | |
| # - POSTGRES_DATABASE_PASSWORD: A password used by the Postgres Database. # should be a secret for production workloads | |
| # | |
| # For more information, see https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication | |
| name: 'RWA: Scheduled Build & Deploy' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'App environment' | |
| required: true | |
| default: 'dev' | |
| type: choice | |
| options: | |
| - dev | |
| - prod | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| schedule: | |
| - cron: '0 14 1 * *' # Run at 14:00 on the 1st day of the month | |
| # https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| terraform: | |
| env: | |
| APP_NAME: ${{ vars.AZURE_APP_NAME }}${{ github.run_number }}v${{ github.run_attempt }} | |
| APP_ENVIRONMENT: ${{ inputs.environment || 'dev' }} | |
| AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_ENV_NAME: ${{ vars.AZURE_APP_NAME }}${{ github.run_number }}v${{ github.run_attempt }} | |
| AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
| ENABLE_TELEMETRY: true | |
| PRINCIPAL_TYPE: ServicePrincipal | |
| TRAININGS_DIR: $PROJECT_ROOT/videos | |
| name: 'Build & deploy infra' | |
| runs-on: ubuntu-latest | |
| environment: production | |
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'microsoft' | |
| cache: 'maven' | |
| - name: Set env | |
| # the script that uploads training videos requires an environment variable | |
| # named PROJECT_ROOT to be set to the path of the project root | |
| run: echo "PROJECT_ROOT=$(pwd)" >> $GITHUB_ENV | |
| - name: Describe Java version | |
| run: mvn -v | |
| - name: Add AZD | |
| run: curl -fsSL https://aka.ms/install-azd.sh | bash | |
| - name: print input env variables | |
| run: | | |
| echo $APP_NAME | |
| echo $APP_ENVIRONMENT | |
| echo $PROJECT_ROOT | |
| az --version | |
| # Install the az cli with login using service principal created on az subscription | |
| - name: Azure CLI Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: AZD Login | |
| run: | | |
| $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable; | |
| Write-Host "::add-mask::$($info.clientSecret)" | |
| azd auth login ` | |
| --client-id "$($info.clientId)" ` | |
| --client-secret "$($info.clientSecret)" ` | |
| --tenant-id "$($info.tenantId)" | |
| shell: pwsh | |
| env: | |
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Enable terraform alpha feature | |
| run: | | |
| azd config set alpha.terraform on | |
| - name: AZD set vars | |
| run: | | |
| azd env new $APP_NAME | |
| azd env set DATABASE_PASSWORD ${{ secrets.POSTGRES_DATABASE_PASSWORD }} | |
| azd env set AZURE_LOCATION ${{ vars.AZURE_LOCATION }} | |
| azd env set AZURE_SUBSCRIPTION_ID ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: AZD Provision Infrastructure | |
| id: azd_provision | |
| continue-on-error: true | |
| run: | | |
| export ARM_CLIENT_ID=${{ vars.TERRAFORM_CLIENT_ID }} | |
| export ARM_CLIENT_SECRET=${{ secrets.TERRAFORM_CLIENT_SECRET }} | |
| export ARM_TENANT_ID=$AZURE_TENANT_ID | |
| azd provision --no-prompt | |
| - name: AZD Deploy Application | |
| id: azd_deploy | |
| if: steps.azd_provision.outcome == 'success' | |
| continue-on-error: true | |
| run: azd deploy --no-prompt | |
| - name: Delete Resources | |
| run: | | |
| export ARM_CLIENT_ID=${{ vars.TERRAFORM_CLIENT_ID }} | |
| export ARM_CLIENT_SECRET=${{ secrets.TERRAFORM_CLIENT_SECRET }} | |
| export ARM_TENANT_ID=$AZURE_TENANT_ID | |
| azd down --force --purge --no-prompt | |
| - name: Check for success | |
| run: | | |
| green='\033[0;32m' | |
| red='\e[1;31m' | |
| clear='\033[0m' | |
| if [[ "${{ steps.azd_provision.outcome }}" == 'success' ]]; then | |
| printf "AZD provision ${green}success${clear}\n" | |
| else | |
| printf "AZD provision ${red}failed${clear}\n" | |
| exit 1 | |
| fi | |
| if [[ "${{ steps.azd_deploy.outcome }}" == 'success' ]]; then | |
| printf "AZD deploy ${green}success${clear}\n" | |
| else | |
| printf "AZD deploy ${red}failed${clear}\n" | |
| exit 1 | |
| fi | |