Azure container app deployment

Tsingis · Tsingis · commit 1b7948557ce7 · 2025-05-04T00:41:59.000+03:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -19,11 +19,32 @@ jobs:
     with:
       severities: critical
       package-types: ""
-  deploy:
+  render-deploy:
     runs-on: ubuntu-latest
     needs: scan
     steps:
       - name: Deploy
         run: curl "$DEPLOY_URL"
         env:
           DEPLOY_URL: ${{ secrets.DEPLOY_URL }}
+  azure-deploy:
+    runs-on: ubuntu-latest
+    needs: scan
+    permissions:
+      id-token: write
+    steps:
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - name: Build and deploy
+        uses: azure/container-apps-deploy-action@v2
+        with:
+          resourceGroup: ${{ vars.RESOURCE_GROUP_NAME}}
+          containerAppEnvironment: ${{ vars.CONTAINER_APP_ENVIRONMENT }}
+          containerAppName: ${{ vars.CONTAINER_APP_NAME}}
+          imageToDeploy: ${{ vars.IMAGE }}
+          registryUsername: ${{ secrets.DOCKERHUB_USERNAME }}
+          registryPassword: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -65,8 +65,6 @@ jobs:
     if: always()
     permissions:
       pull-requests: write
-    env:
-      IMAGE_TAG: bitcoin-web-api:latest
     steps:
       - uses: actions/checkout@v4
       - name: Set up QEMU
@@ -83,19 +81,19 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: false
+          push: ${{ github.event_name == 'workflow_call' || github.event_name == 'push' }}
           load: true
           pull: false
           no-cache: false
-          tags: ${{ env.IMAGE_TAG }}
+          tags: ${{ vars.IMAGE }}
         env:
           DOCKER_BUILD_SUMMARY: false
           DOCKER_BUILD_RECORD_UPLOAD: false
       - name: Scan
         uses: docker/scout-action@v1
         with:
           command: cves,recommendations
-          image: local://${{ env.IMAGE_TAG }}
+          image: local://${{ vars.IMAGE }}
           only-severities: ${{ inputs.severities || 'critical,high' }}
           only-package-types: ${{ needs.determine-package-type.outputs.package-types || inputs.package-types }}
           only-fixed: true
