Trigger container apps deployment #50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trigger container apps deployment | |
| # When this action will be executed | |
| on: | |
| # Automatically trigger it when detected changes in repo | |
| push: | |
| branches: | |
| [ main ] | |
| paths-ignore: | |
| - 'README.md' | |
| - '.github/workflows/**' | |
| # Allow mannually trigger | |
| workflow_dispatch: | |
| env: | |
| version: 'v1.0' | |
| location: 'eastus2' | |
| resource-group-name: 'red-eus2-aca-rg' | |
| log-analytics-workspace-name: 'red-logworkspace-aca-01' | |
| aca-env-name: 'dev-env' | |
| registry-name: 'redeus2containerreg01' | |
| registry-sku: 'Standard' | |
| image-name: 'todo-webapi' | |
| container-name: 'todo-webapi-aca' | |
| client-container-name: 'todo-blazorclient-aca' | |
| client-container-rg-name: 'red-eus2-aca-rg' | |
| app-config-name: 'red-eus2-academo-appconfig' | |
| jobs: | |
| buildInfra: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout to the branch | |
| uses: actions/checkout@v2 | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Create Resource Group, Deploy Bicep | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az group create -l ${{ env.location }} -n ${{ env.resource-group-name}} | |
| az deployment group create --resource-group ${{ env.resource-group-name }} \ | |
| --name todo-webapi-aca \ | |
| --parameters ./iac/main-deploy-aca.bicepparam keyValueNames=${{ secrets.KEY_VALUE_KEYS }} keyValueValues=${{ secrets.KEY_VALUE_VALUES }} | |
| - name: Azure CLI script | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az logout | |
| az cache purge | |
| az account clear | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: buildInfra | |
| steps: | |
| - name: Checkout to the branch | |
| uses: actions/checkout@v2 | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Get Container Registry Credentials | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| ACR_USERNAME=$(az acr credential show -n ${{ env.registry-name }} --query username --out tsv) | |
| ACR_PASSWORD=$(az acr credential show -n ${{ env.registry-name }} --query passwords[0].value --out tsv) | |
| echo "::add-mask::$ACR_PASSWORD" | |
| echo ACR_USERNAME=$ACR_USERNAME >> $GITHUB_ENV | |
| echo ACR_PASSWORD=$ACR_PASSWORD >> $GITHUB_ENV | |
| - name: Log in to container registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.registry-name }}.azurecr.io | |
| username: ${{ env.ACR_USERNAME }} | |
| password: ${{ env.ACR_PASSWORD }} | |
| - name: Build and push container image to registry | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| tags: ${{ env.registry-name }}.azurecr.io/${{ env.image-name }}:${{ env.version }}.${{ github.run_number }} | |
| file: ./Dockerfile | |
| context: ./ | |
| - name: Azure CLI script | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az logout | |
| az cache purge | |
| az account clear | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Get Container Registry Credentials | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| ACR_USERNAME=$(az acr credential show -n ${{ env.registry-name }} --query username --out tsv) | |
| ACR_PASSWORD=$(az acr credential show -n ${{ env.registry-name }} --query passwords[0].value --out tsv) | |
| echo "::add-mask::$ACR_PASSWORD" | |
| echo ACR_USERNAME=$ACR_USERNAME >> $GITHUB_ENV | |
| echo ACR_PASSWORD=$ACR_PASSWORD >> $GITHUB_ENV | |
| - name: Get Client Container url | |
| id: get-container-url | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az config set extension.use_dynamic_install=yes_without_prompt | |
| CLIENT_CONTAINER_URL=$(az containerapp show -n ${{ env.client-container-name }} -g ${{ env.client-container-rg-name }} --query properties.configuration.ingress.fqdn --out tsv || echo "Error") | |
| echo CLIENT_CONTAINER_URL=$CLIENT_CONTAINER_URL >> $GITHUB_ENV | |
| - name: Handle Continaer url failure | |
| if: ${{ steps.get-container-url.outputs.CLIENT_CONTAINER_URL == 'Error' }} | |
| run: | | |
| echo "CLIENT_CONTAINER_URL not obtained. Setting default value." | |
| echo "CLIENT_CONTAINER_URL=default-value" >> $GITHUB_ENV | |
| - name: Deploy to Container Apps | |
| uses: azure/container-apps-deploy-action@v1 | |
| with: | |
| imageToDeploy: ${{ env.registry-name }}.azurecr.io/${{ env.image-name }}:${{ env.version }}.${{ github.run_number }} | |
| resourceGroup: ${{ env.resource-group-name }} | |
| containerAppName: ${{ env.container-name }} | |
| ingress: external | |
| targetPort: 5209 | |
| environmentVariables: | | |
| CorsAllowedHosts=$(if [ ${{ env.CLIENT_CONTAINER_URL }} == '' ]; then echo "*"; else echo "https://${{ env.CLIENT_CONTAINER_URL }}"; fi) \ | |
| AppConfig__Endpoint=${{ secrets.APP_CONFIG_URL }} \ | |
| ASPNETCORE_ENVIRONMENT=Staging | |
| - name: Assign AcrPull to Container App | |
| run: | | |
| CONTAINER_APP_ID=$(az containerapp show --name ${{ env.container-name }} --resource-group ${{ env.resource-group-name }} --query "identity.principalId" -o tsv) | |
| APPCONFIG_ID=$(az appconfig show --name ${{ env.app-config-name }} --resource-group ${{ env.resource-group-name }} --query "id" -o tsv) | |
| az role assignment create \ | |
| --assignee $CONTAINER_APP_ID \ | |
| --role "App Configuration Data Reader" \ | |
| --scope $APPCONFIG_ID | |
| - name: Azure CLI script | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az logout | |
| az cache purge | |
| az account clear |