Migrate API docs from Azure Static Web Apps to Azure Container Apps (nginx)

Co-authored-by: aurelianware <194855645+aurelianware@users.noreply.github.com>

Author: Copilot

.github/workflows/deploy-api-docs.yml

@@ -6,31 +6,77 @@ on:
     paths:
       - 'src/api-docs/**'
       - 'api/openapi/**'
+      - 'containers/api-docs/**'
       - '.github/workflows/deploy-api-docs.yml'
   workflow_dispatch:
 
 permissions:
+  id-token: write
   contents: read
 
+env:
+  IMAGE_NAME: api-docs
+  ACA_NAME: api-docs
+  ACA_ENV: cho-aca-env
+  RESOURCE_GROUP: rg-cloudhealthoffice-prod
+
 jobs:
   deploy:
-    name: Deploy Swagger UI to Azure Static Web Apps
+    name: Build & Deploy API Docs to Azure Container Apps
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Copy OpenAPI specs into site
+      - name: Azure login via OIDC
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Log in to Azure Container Registry
+        run: az acr login --name ${{ vars.ACR_NAME }}
+
+      - name: Build and push Docker image
         run: |
-          cp api/openapi/*.yaml src/api-docs/specs/
+          IMAGE_TAG="${{ vars.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          IMAGE_LATEST="${{ vars.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:latest"
+          docker build -f containers/api-docs/Dockerfile . -t "${IMAGE_TAG}" -t "${IMAGE_LATEST}"
+          docker push "${IMAGE_TAG}"
+          docker push "${IMAGE_LATEST}"
+
+      - name: Deploy to Azure Container Apps
+        run: |
+          IMAGE_TAG="${{ vars.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          az containerapp create \
+            --name "${{ env.ACA_NAME }}" \
+            --resource-group "${{ env.RESOURCE_GROUP }}" \
+            --environment "${{ env.ACA_ENV }}" \
+            --image "${IMAGE_TAG}" \
+            --ingress external \
+            --target-port 80 \
+            --min-replicas 1 \
+            --max-replicas 3 \
+            --cpu 0.25 \
+            --memory 0.5Gi \
+            --registry-server "${{ vars.ACR_LOGIN_SERVER }}" 2>/dev/null || \
+          az containerapp update \
+            --name "${{ env.ACA_NAME }}" \
+            --resource-group "${{ env.RESOURCE_GROUP }}" \
+            --image "${IMAGE_TAG}"
+
+      - name: Verify health endpoint
+        run: |
+          echo "Waiting for container app to start..."
+          sleep 30
+          FQDN=$(az containerapp show \
+            --name "${{ env.ACA_NAME }}" \
+            --resource-group "${{ env.RESOURCE_GROUP }}" \
+            --query "properties.configuration.ingress.fqdn" -o tsv)
+          echo "Container App FQDN: ${FQDN}"
+          curl -sf "https://${FQDN}/" -o /dev/null && \
+            echo "✅ API Docs is healthy" || \
+            echo "⚠️  Health check failed — container may still be warming up"
 
-      - name: Deploy to Azure Static Web Apps
-        uses: Azure/static-web-apps-deploy@v1
-        with:
-          azure_static_web_apps_api_token: ${{ secrets.API_DOCS_SWA_TOKEN }}
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          action: "upload"
-          app_location: "src/api-docs"
-          output_location: ""
-          skip_app_build: true

containers/api-docs/Dockerfile

@@ -0,0 +1,15 @@
+FROM nginx:1.27-alpine
+
+# Add YAML MIME type (not included in nginx defaults)
+RUN sed -i 's|text/plain\s*txt;|text/plain  txt;\n    text/yaml   yaml yml;|' /etc/nginx/mime.types
+
+# Custom nginx configuration
+COPY containers/api-docs/nginx.conf /etc/nginx/conf.d/default.conf
+
+# Swagger UI HTML
+COPY src/api-docs/index.html /usr/share/nginx/html/index.html
+
+# OpenAPI YAML specs
+COPY api/openapi/ /usr/share/nginx/html/specs/
+
+EXPOSE 80

containers/api-docs/nginx.conf

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    server_name _;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Security headers
+    add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Access-Control-Allow-Origin "https://portal.cloudhealthoffice.com" always;
+
+    # Redirect /fhir/r4 paths to the Swagger UI patient-access spec
+    location = /fhir/r4 {
+        return 302 /?spec=patient-access;
+    }
+
+    location /fhir/r4/ {
+        return 302 /?spec=patient-access;
+    }
+
+    # Serve static files; fall back to index.html for client-side routing
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}