-
Notifications
You must be signed in to change notification settings - Fork 36
170 lines (147 loc) · 5.92 KB
/
scheduled-azure-build-and-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# This is a GitHub Actions workflow file for building and deploying a Reliable Web App (RWA) pattern to an Azure environment.
#
# Usage:
# - To trigger the workflow manually, click the "Run workflow" button in the Actions tab of your GitHub repository.
# - To schedule the workflow, uncomment the "schedule" section and specify a cron expression.
#
# Inputs:
# - environment: The target environment for the deployment (dev or prod).
# - run_tear_down: Whether to delete resources after a run (true or false).
#
# Permissions:
# - id-token: write
# - contents: read
#
# Environment variables:
# - APP_ENVIRONMENT: The target environment for the deployment (dev or prod).
# - AZURE_APP_NAME: The name used to seed resource names generated by this deployment.
# - AZURE_CLIENT_ID: The client ID of the Azure AD App Registration.
# - AZURE_CLIENT_SECRET: The client secret of the Azure AD App Registration.
# - AZURE_CREDENTIALS: The json used to authenticate with the Azure CLI.
# - AZURE_LOCATION: The Azure region string where resources are provisioned.
# - AZURE_SUBSCRIPTION_ID: The subscription where Azure resource will be provisioned.
# - AZURE_TENANT_ID: The Azure AD tenant hosting the App Registration used for authentication by the web app.
# - POSTGRES_DATABASE_PASSWORD: A password used by the Postgres Database. # should be a secret for production workloads
#
# For more information, see https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
name: 'RWA: Scheduled Build & Deploy'
on:
workflow_dispatch:
inputs:
environment:
description: 'App environment'
required: true
default: 'dev'
type: choice
options:
- dev
- prod
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
schedule:
- cron: '0 14 1 * *' # Run at 14:00 on the 1st day of the month
# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
permissions:
id-token: write
contents: read
jobs:
terraform:
env:
APP_NAME: ${{ vars.AZURE_APP_NAME }}${{ github.run_number }}v${{ github.run_attempt }}
APP_ENVIRONMENT: ${{ inputs.environment || 'dev' }}
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_ENV_NAME: ${{ vars.AZURE_APP_NAME }}${{ github.run_number }}v${{ github.run_attempt }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
ENABLE_TELEMETRY: true
PRINCIPAL_TYPE: ServicePrincipal
TRAININGS_DIR: $PROJECT_ROOT/videos
name: 'Build & deploy infra'
runs-on: ubuntu-latest
environment: production
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'microsoft'
cache: 'maven'
- name: Set env
# the script that uploads training videos requires an environment variable
# named PROJECT_ROOT to be set to the path of the project root
run: echo "PROJECT_ROOT=$(pwd)" >> $GITHUB_ENV
- name: Describe Java version
run: mvn -v
- name: Add AZD
run: curl -fsSL https://aka.ms/install-azd.sh | bash
- name: print input env variables
run: |
echo $APP_NAME
echo $APP_ENVIRONMENT
echo $PROJECT_ROOT
az --version
# Install the az cli with login using service principal created on az subscription
- name: Azure CLI Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: AZD Login
run: |
$info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
Write-Host "::add-mask::$($info.clientSecret)"
azd auth login `
--client-id "$($info.clientId)" `
--client-secret "$($info.clientSecret)" `
--tenant-id "$($info.tenantId)"
shell: pwsh
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
- name: Enable terraform alpha feature
run: |
azd config set alpha.terraform on
- name: AZD set vars
run: |
azd env new $APP_NAME
azd env set DATABASE_PASSWORD ${{ secrets.POSTGRES_DATABASE_PASSWORD }}
azd env set AZURE_LOCATION ${{ vars.AZURE_LOCATION }}
azd env set AZURE_SUBSCRIPTION_ID ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: AZD Provision Infrastructure
id: azd_provision
continue-on-error: true
run: |
export ARM_CLIENT_ID=${{ vars.TERRAFORM_CLIENT_ID }}
export ARM_CLIENT_SECRET=${{ secrets.TERRAFORM_CLIENT_SECRET }}
export ARM_TENANT_ID=$AZURE_TENANT_ID
azd provision --no-prompt
- name: AZD Deploy Application
id: azd_deploy
if: steps.azd_provision.outcome == 'success'
continue-on-error: true
run: azd deploy --no-prompt
- name: Delete Resources
run: |
export ARM_CLIENT_ID=${{ vars.TERRAFORM_CLIENT_ID }}
export ARM_CLIENT_SECRET=${{ secrets.TERRAFORM_CLIENT_SECRET }}
export ARM_TENANT_ID=$AZURE_TENANT_ID
azd down --force --purge --no-prompt
- name: Check for success
run: |
green='\033[0;32m'
red='\e[1;31m'
clear='\033[0m'
if [[ "${{ steps.azd_provision.outcome }}" == 'success' ]]; then
printf "AZD provision ${green}success${clear}\n"
else
printf "AZD provision ${red}failed${clear}\n"
exit 1
fi
if [[ "${{ steps.azd_deploy.outcome }}" == 'success' ]]; then
printf "AZD deploy ${green}success${clear}\n"
else
printf "AZD deploy ${red}failed${clear}\n"
exit 1
fi