APIM deployment for UK-Export-Finance/mdm-api #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This GHA is responsible for APIM deployment. | |
| # Deployment is initiated using `az cli` bash script. | |
| # | |
| # Standard Azure naming convention has been followed: | |
| # https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming | |
| # | |
| # Following Azure services are consumed: | |
| # 1. Azure resource group - https://learn.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest#az-group-create | |
| # 2. Azure container registry - https://learn.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-create | |
| # 3. Azure container app environment - https://learn.microsoft.com/en-us/azure/container-apps/environment | |
| # 4. Azure container app - https://learn.microsoft.com/en-us/azure/container-apps/containers | |
| # | |
| # | |
| # Execution | |
| # ********* | |
| # GHA is only invoked when following conditions are satisfied: | |
| # 1. Push to the `dev`, `staging` and `production` branches only. | |
| # 2. Any modifications to atleast one of the `paths` targets. | |
| name: Deployment π | |
| run-name: APIM deployment for ${{ github.repository }} | |
| on: | |
| push: | |
| branches: | |
| - dev | |
| - staging | |
| - production | |
| paths: | |
| - "src/**" | |
| - "package.json" | |
| - "package-lock.json" | |
| - "Dockerfile" | |
| - "tsconfig.json" | |
| - "tsconfig.build.json" | |
| - ".github/workflows/deployment.yml" | |
| env: | |
| PRODUCT: apim | |
| ENVIRONMENT: ${{ github.ref_name }} | |
| TIMEZONE: ${{ vars.TIMEZONE }} | |
| # Base artifact | |
| FROM: latest | |
| jobs: | |
| # 1. Setup deployment variables | |
| setup: | |
| name: Setup π§ | |
| runs-on: [self-hosted, APIM, deployment] | |
| outputs: | |
| product: ${{ env.PRODUCT }} | |
| environment: ${{ env.ENVIRONMENT }} | |
| timezone: ${{ env.TIMEZONE }} | |
| steps: | |
| - name: Environment π§ͺ | |
| run: echo "Environment set to ${{ env.ENVIRONMENT }}" | |
| - name: Timezone π | |
| run: echo "Timezone set to ${{ env.TIMEZONE }}" | |
| # 2. MDM micro-service deployment | |
| mdm: | |
| name: MDM π¦οΈ | |
| needs: setup | |
| environment: ${{ needs.setup.outputs.environment }} | |
| env: | |
| NAME: mdm | |
| NAME_UPPERCASE: MDM | |
| ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
| runs-on: [self-hosted, APIM, deployment] | |
| steps: | |
| - name: Repository ποΈ | |
| uses: actions/checkout@v4 | |
| - name: Azure π | |
| uses: azure/login@v2 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Defaults β¨ | |
| uses: Azure/[email protected] | |
| with: | |
| inlineScript: | | |
| # Basic | |
| az configure --defaults location=${{ vars.REGION }} | |
| az configure --defaults group=rg-${{ env.PRODUCT }}-${{ github.ref_name }}-${{ vars.VERSION }} | |
| - name: CLI π | |
| run: | | |
| echo ACR=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query loginServer -o tsv) >> $GITHUB_ENV | |
| echo ACR_USER=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query name -o tsv) >> $GITHUB_ENV | |
| echo CA_NAME=$(az resource list --resource-type 'Microsoft.App/containerApps' --query '[?contains(name, `${{ env.NAME }}`)].name' -o tsv) >> $GITHUB_ENV | |
| echo APIM=$(az resource list --resource-type 'Microsoft.ApiManagement/service' --query '[0].name' -o tsv) >> $GITHUB_ENV | |
| echo API_ID=$(az apim api list --service-name $(az resource list --resource-type 'Microsoft.ApiManagement/service' --query '[0].name' -o tsv) --query '[?contains(displayName, `${{ env.NAME_UPPERCASE }}`)].name' -o tsv) >> $GITHUB_ENV | |
| - name: ACR π | |
| uses: azure/docker-login@v2 | |
| with: | |
| login-server: ${{ env.ACR }} | |
| username: ${{ env.ACR_USER }} | |
| password: ${{ secrets.ACR_PASSWORD }} | |
| - name: Artifacts ποΈ | |
| run: | | |
| docker build . \ | |
| -t ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }} \ | |
| -t ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }} | |
| docker push ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }} | |
| docker push ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }} | |
| - name: Revisions π | |
| uses: Azure/[email protected] | |
| with: | |
| inlineScript: | | |
| az containerapp update \ | |
| --name ${{ env.CA_NAME }} \ | |
| --container-name ${{ env.CA_NAME }} \ | |
| --image ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }} \ | |
| --revision-suffix v${{ github.run_id }} \ | |
| --set-env-vars \ | |
| "PORT=${{ secrets.PORT }}" \ | |
| "TZ=${{ secrets.TZ }}" \ | |
| "NODE_ENV=${{ secrets.NODE_ENV }}" \ | |
| "LOG_LEVEL=${{ vars.LOG_LEVEL }}" \ | |
| "REDACT_LOGS=${{ vars.REDACT_LOGS }}" \ | |
| "SINGLE_LINE_LOG_FORMAT=${{ vars.SINGLE_LINE_LOG_FORMAT }}" \ | |
| "SWAGGER_USER=${{ secrets.SWAGGER_USER }}" \ | |
| "SWAGGER_PASSWORD=${{ secrets.SWAGGER_PASSWORD }}" \ | |
| "DATABASE_PORT=${{ secrets.DATABASE_PORT }}" \ | |
| "DATABASE_USERNAME=${{ secrets.DATABASE_USERNAME }}" \ | |
| "DATABASE_PASSWORD=${{ secrets.DATABASE_PASSWORD }}" \ | |
| "DATABASE_HOST=${{ secrets.DATABASE_HOST }}" \ | |
| "DATABASE_MDM_NAME=${{ secrets.DATABASE_MDM_NAME }}" \ | |
| "DATABASE_NUMBER_GENERATOR_NAME=${{ secrets.DATABASE_NUMBER_GENERATOR_NAME }}" \ | |
| "DATABASE_CEDAR_NAME=${{ secrets.DATABASE_CEDAR_NAME }}" \ | |
| "DATABASE_CIS_NAME=${{ secrets.DATABASE_CIS_NAME }}" \ | |
| "APIM_INFORMATICA_URL=${{ secrets.APIM_INFORMATICA_URL }}" \ | |
| "APIM_INFORMATICA_USERNAME=${{ secrets.APIM_INFORMATICA_USERNAME }}" \ | |
| "APIM_INFORMATICA_PASSWORD=${{ secrets.APIM_INFORMATICA_PASSWORD }}" \ | |
| "APIM_INFORMATICA_MAX_REDIRECTS=${{ secrets.APIM_INFORMATICA_MAX_REDIRECTS }}" \ | |
| "APIM_INFORMATICA_TIMEOUT=${{ secrets.APIM_INFORMATICA_TIMEOUT }}" \ | |
| "API_KEY=${{ secrets.API_KEY }}" \ | |
| "ORDNANCE_SURVEY_URL=${{ secrets.ORDNANCE_SURVEY_URL }}" \ | |
| "ORDNANCE_SURVEY_KEY=${{ secrets.ORDNANCE_SURVEY_KEY }}" \ | |
| "ORDNANCE_SURVEY_MAX_REDIRECTS=${{ secrets.ORDNANCE_SURVEY_MAX_REDIRECTS }}" \ | |
| "ORDNANCE_SURVEY_TIMEOUT=${{ secrets.ORDNANCE_SURVEY_TIMEOUT }}" \ | |
| "COMPANIES_HOUSE_URL=${{ secrets.COMPANIES_HOUSE_URL }}" \ | |
| "COMPANIES_HOUSE_KEY=${{ secrets.COMPANIES_HOUSE_KEY }}" \ | |
| "COMPANIES_HOUSE_MAX_REDIRECTS=${{ secrets.COMPANIES_HOUSE_MAX_REDIRECTS }}" \ | |
| "COMPANIES_HOUSE_TIMEOUT=${{ secrets.COMPANIES_HOUSE_TIMEOUT }}" | |
| - name: Import β¬οΈ | |
| if: ${{ '' != env.API_ID }} | |
| uses: Azure/[email protected] | |
| with: | |
| inlineScript: | | |
| # API specification import | |
| az apim api import \ | |
| --path '${{ env.NAME }}' \ | |
| --service-name ${{ env.APIM }} \ | |
| --specification-format OpenApi \ | |
| --api-id ${{ env.API_ID }} \ | |
| --api-type http \ | |
| --service-url https://$(az containerapp show --name ${{ env.CA_NAME }} --query properties.latestRevisionFqdn -o tsv) \ | |
| --protocols https \ | |
| --specification-url https://$(az containerapp show --name ${{ env.CA_NAME }} --query properties.latestRevisionFqdn -o tsv)/openapi/json \ | |
| --subscription-required true |