Demo showing how to use GitHub Actions to configure a CI / CD pipeline deploying a Dockerized Scala app to Azure using Terraform.
You can test the application using:
- The Swagger web page: https://todo-service.delightfulrock-a4ca9c1b.westus3.azurecontainerapps.io/docs/index.html.
- In the console using curl:
curl -X GET https://todo-service.delightfulrock-a4ca9c1b.westus3.azurecontainerapps.io/list; or any other similar web client. - Using the Scala CLI app:
sbt client/run. - Writing a client in any language that supports smithy.
Follow these instructions to get your own version of the application up and running in Azure.
First we are going to create and configure an Azure account to allow automatic deployments through Terraform:
-
Create an Azure account, ideally using your EAFIT student credentials: https://azure.microsoft.com/en-us/free/students
-
Inside your Azure account, go to the
Subscriptionsservice page. Pick thesubscriptionyou will be using; e.g.Azure for Students. Then, inside thesubscription, search forResource Providers. In theResource Providerslist search for the one calledMicrosoft.Appandregisterit.
-
Inside your Azure account, go to the
Azure Database for PostgreSQL flexible serversservice page. Try to create a new server, and then in the create page, search for aRegion(Location) that is not restricted for yourAzure for Studentssubscription. Take note of the one you want to use, will be using the sameRegion(Location) for everything else. You can now exit without creating anything. -
Go to the Azure
Resource Groupsservice page. We are going to create aresource-group, for grouping all the meta-resources that will be used by Terraform:
- Make sure you pick the correct
subscription. - For the
Name, it can be anything; but I recommend the following:ci-cd-demo-azure-iac-rg. - For the
Region(location), it MUST BE the one you took note in the3step.
- Go to the Azure
Managed Identitiesservice page. We are going to create auser-assigned-managed-identity, that will be used by Terraform for creating the resources:
- Make sure you pick the correct
subscription. - Make sure you pick the correct
resource-group. - For the
Region(location), it MUST BE the one you took note in the3step. - For the
Name, it can anything; but I recommend the following:<EAFIT_ID>-iac-user.
Note:
EAFIT_IDis your EAFIT username; for example mine islmejias3.
- Then, inside the
user-assigned-managed-identity, go toAzure Role Assignments. We are going to make it anOwnerof thesubscription, in order to allow Terraform to create resources:
- For the
ScopeselectSubscription. - Make sure you pick the correct
subscription. - For the
RoleselectOwner.
- Finally, inside the
user-assigned-managed-identity, go toFederated Credentials. We are going to allow GitHub to get tokens associated with this identity:
- For the
Federated Credential ScenarioselectGitHub Actions deploying Azure resources. - Fill the
OrganizationandRepositoryfields with the right values for your ownforkof this repository. - For the
EntityselectEnvironmentand it MUST BE calleddev. - For the
Name, it can anything; but I recommend the following:gha.
- Go to the Azure
Storage Accountsservice page. We are going to create astorage-account, that will be used by Terraform:
- Make sure you pick the correct
subscription. - Make sure you pick the correct
resource-group. - For the
Name, it MUST BE your<EAFIT_ID>. - For the
Region(location), it MUST BE the one you took note in the3step. - For the
Primary Service, selectAzure Blob Storage. - For the
Performance, selectStandard. - For the
Redundancy, selectLRS.
- Then, inside the
storage-account, go toContainers. We are going to create adata-storage-containernamedci-cd-demo-azure-iac, that will be used by Terraform for storing the state file.
- Finally, inside the
storage-account, go toAccess Control (IAM). We are going to make the previously createduser-assigned-managed-identityanOwnerof thestorage-account, in order to allow Terraform to store the state file:
- For the
Role, selectStorage Blob Data Owner. - For the
Members, select IaCuser-assigned-managed-identity.
Note: If you plan to also install Terraform locally and run commands by yourself, you need to also add your own
user.
Now, we are going to create and configure a GitHub repository to deploy the app.
- Make a
forkof this repository. - Go to the
Actionstab of the repository and enable them. - Go to
Settingsand then toSecrets and Variables / Actions. There we will configure the following values:
AZURE_CLIENT_ID: Use theClient IDof the Azureuser-assigned-managed-identitycreated before.AZURE_SUBSCRIPTION_ID: The id of the Azuresubscriptionyou have been using.AZURE_TENANT_ID: Retrieve its value from the AzureTenant Propertiesservice page.DB_PASSWORD: As the name implies, this value will be used as the password of the database, pick a secure value that you can remember later in case you want to manually connect to the PostgreSQL database that will be deployed.
AZURE_LOCATION: The name of the AzureRegion(Location) you have been using.EAFIT_ID: Your EAFIT username.
Now we have everything ready in order to deploy the app through the CI / CD pipelines.
- Creta a PR using the
add-editbranch as the base; like this one: #18. - Notice how it triggered a GitHub Actions workflow which will build and validate the changes. Also, check the automatic comment with the Terraform summary.
- Merge the PR. Notice how a new GitHub Actions workflow started, this one will build and deploy the application.
- After it finishes, you can find the URL of your application in the Azure
Container Appsservice page. - Test the application.
Note that for the sake of example, this project uses a Dockerfile and an assembly JAR.
That was done mostly for simplicity and since it could be more easily extrapolated to other languages.
For real Scala apps, it is usually recommended to use sbt-native-packager instead.