Set up deployment to dev server on pushes to main

Author: albbas

.github/workflows/deploy-dev.yml

@@ -0,0 +1,137 @@
+name: Deploy to Dev Environment
+
+on:
+    push:
+        branches:
+            - main
+        paths:
+            - "recorder-backend/**"
+            - ".github/workflows/deploy-dev.yml"
+
+    # Allow manual trigger
+    workflow_dispatch:
+
+permissions:
+    id-token: write # Required for OIDC authentication
+    contents: read
+
+env:
+    WORKING_DIRECTORY: recorder-backend
+
+jobs:
+    test:
+        name: Run Tests
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: ${{ env.WORKING_DIRECTORY }}
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Set up Python
+              uses: actions/setup-python@v5
+              with:
+                  python-version: "3.11"
+                  cache: "pip"
+
+            - name: Install uv
+              run: pip install uv
+
+            - name: Install dependencies
+              run: uv pip install --system -r pyproject.toml
+
+            - name: Run tests
+              run: pytest tests/ -v
+
+    deploy:
+        name: Deploy to Dev Container App
+        runs-on: ubuntu-latest
+        needs: test
+        environment:
+            name: development
+            url: ${{ steps.deploy.outputs.url }}
+
+        defaults:
+            run:
+                working-directory: ${{ env.WORKING_DIRECTORY }}
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Get short SHA
+              id: vars
+              run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+            - name: Azure Login via OIDC
+              uses: azure/login@v2
+              with:
+                  client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                  tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+                  subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+            - name: Login to Azure Container Registry
+              run: |
+                  az acr login --name ${{ secrets.DEV_ACR_NAME }}
+
+            - name: Build and push Docker image
+              env:
+                  ACR_NAME: ${{ secrets.DEV_ACR_NAME }}
+                  SHORT_SHA: ${{ steps.vars.outputs.short_sha }}
+              run: |
+                  IMAGE_NAME="${ACR_NAME}.azurecr.io/recorder-backend"
+
+                  docker build -t ${IMAGE_NAME}:dev-${SHORT_SHA} \
+                               -t ${IMAGE_NAME}:dev-latest \
+                               .
+
+                  docker push ${IMAGE_NAME}:dev-${SHORT_SHA}
+                  docker push ${IMAGE_NAME}:dev-latest
+
+                  echo "Pushed images:"
+                  echo "  - ${IMAGE_NAME}:dev-${SHORT_SHA}"
+                  echo "  - ${IMAGE_NAME}:dev-latest"
+
+            - name: Deploy to Container App
+              id: deploy
+              env:
+                  ACR_NAME: ${{ secrets.DEV_ACR_NAME }}
+                  SHORT_SHA: ${{ steps.vars.outputs.short_sha }}
+                  RESOURCE_GROUP: ${{ secrets.DEV_RESOURCE_GROUP }}
+                  CONTAINER_APP: ${{ secrets.DEV_CONTAINER_APP }}
+              run: |
+                  IMAGE_NAME="${ACR_NAME}.azurecr.io/recorder-backend:dev-${SHORT_SHA}"
+
+                  az containerapp update \
+                    --name ${CONTAINER_APP} \
+                    --resource-group ${RESOURCE_GROUP} \
+                    --image ${IMAGE_NAME} \
+                    --revision-suffix ${SHORT_SHA}
+
+                  # Get the app URL
+                  APP_URL=$(az containerapp show \
+                    --name ${CONTAINER_APP} \
+                    --resource-group ${RESOURCE_GROUP} \
+                    --query properties.configuration.ingress.fqdn \
+                    --output tsv)
+
+                  echo "url=https://${APP_URL}" >> $GITHUB_OUTPUT
+                  echo "Deployed to: https://${APP_URL}"
+
+            - name: Deployment Summary
+              env:
+                  APP_URL: ${{ steps.deploy.outputs.url }}
+                  SHORT_SHA: ${{ steps.vars.outputs.short_sha }}
+              run: |
+                  echo "## Deployment Successful! :rocket:" >> $GITHUB_STEP_SUMMARY
+                  echo "" >> $GITHUB_STEP_SUMMARY
+                  echo "**Environment:** Development" >> $GITHUB_STEP_SUMMARY
+                  echo "**Commit:** \`${SHORT_SHA}\`" >> $GITHUB_STEP_SUMMARY
+                  echo "**Image:** \`${{ secrets.DEV_ACR_NAME }}.azurecr.io/recorder-backend:dev-${SHORT_SHA}\`" >> $GITHUB_STEP_SUMMARY
+                  echo "" >> $GITHUB_STEP_SUMMARY
+                  echo "### :link: Links" >> $GITHUB_STEP_SUMMARY
+                  echo "- **App URL:** ${APP_URL}" >> $GITHUB_STEP_SUMMARY
+                  echo "- **API Docs:** ${APP_URL}/docs" >> $GITHUB_STEP_SUMMARY
+                  echo "- **Health Check:** ${APP_URL}/" >> $GITHUB_STEP_SUMMARY

.github/workflows/test.yml

@@ -0,0 +1,71 @@
+name: Run Tests
+
+on:
+    pull_request:
+        branches:
+            - main
+        paths:
+            - "recorder-backend/**"
+            - ".github/workflows/test.yml"
+
+    # Also run on main branch to catch issues early
+    push:
+        branches:
+            - main
+        paths:
+            - "recorder-backend/**"
+            - ".github/workflows/test.yml"
+
+    # Allow manual trigger
+    workflow_dispatch:
+
+env:
+    WORKING_DIRECTORY: recorder-backend
+
+jobs:
+    test:
+        name: Test Python ${{ matrix.python-version }}
+        runs-on: ubuntu-latest
+
+        strategy:
+            matrix:
+                python-version: ["3.11"]
+
+        defaults:
+            run:
+                working-directory: ${{ env.WORKING_DIRECTORY }}
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Set up Python ${{ matrix.python-version }}
+              uses: actions/setup-python@v5
+              with:
+                  python-version: ${{ matrix.python-version }}
+                  cache: "pip"
+
+            - name: Install uv
+              run: pip install uv
+
+            - name: Install dependencies
+              run: uv pip install --system -r pyproject.toml
+
+            - name: Run linter (ruff)
+              run: ruff check . --output-format=github
+              continue-on-error: true
+
+            - name: Run tests with pytest
+              run: |
+                  pytest tests/ \
+                    -v \
+                    --tb=short \
+                    --color=yes
+
+            - name: Test Summary
+              if: always()
+              run: |
+                  echo "## Test Results :test_tube:" >> $GITHUB_STEP_SUMMARY
+                  echo "" >> $GITHUB_STEP_SUMMARY
+                  echo "**Python Version:** ${{ matrix.python-version }}" >> $GITHUB_STEP_SUMMARY
+                  echo "**Status:** ${{ job.status }}" >> $GITHUB_STEP_SUMMARY

recorder-backend/README.md

@@ -2,13 +2,96 @@
 
 **Note:** This is the modernized FastAPI version running on Azure.
 
+![Deploy Dev](https://github.com/divvun/Kielipankki-donatespeech-backend/actions/workflows/deploy-dev.yml/badge.svg)
+![Tests](https://github.com/divvun/Kielipankki-donatespeech-backend/actions/workflows/test.yml/badge.svg)
+
 ## Architecture
 
 - **Framework**: FastAPI (Python 3.11)
 - **Storage**: Azure Blob Storage
 - **Local Development**: Azurite (Azure Storage Emulator)
 - **Deployment**: Azure Container Apps or Azure App Service
 
+## Deployment
+
+### Continuous Deployment
+
+The backend automatically deploys to environments based on branch activity:
+
+- **Development Environment**: Auto-deploys on every push to `main` branch
+- **Production Environment**: *(Planned)* Will deploy from tagged releases
+  (e.g., `v1.0.0`)
+
+### Current Setup (Dev Only)
+
+Push to `main` branch triggers automatic deployment:
+1. Tests run automatically
+2. Docker image builds from [Dockerfile](Dockerfile)
+3. Image pushes to Azure Container Registry with tags:
+   - `dev-<commit-sha>` (specific version)
+   - `dev-latest` (rolling latest)
+4. Azure Container App updates with new image
+5. Deployment completes with zero downtime
+
+**View Deployment Status:**
+- GitHub Actions: [Deployment Workflows](../../actions)
+- Development URL: Provided by Container App ingress
+
+### GitHub Secrets Required
+
+Configure these in repository Settings → Secrets and variables → Actions:
+
+| Secret | Description | Example |
+|--------|-------------|---------|
+| `AZURE_CLIENT_ID` | Service principal client ID | `12345678-1234-1234-1234-123456789abc` |
+| `AZURE_TENANT_ID` | Azure AD tenant ID | `87654321-4321-4321-4321-cba987654321` |
+| `AZURE_SUBSCRIPTION_ID` | Target subscription ID | `abcdef12-3456-7890-abcd-ef1234567890` |
+| `DEV_ACR_NAME` | Container registry name | `acrkielipankkirec` |
+| `DEV_RESOURCE_GROUP` | Resource group name | `rg-kielipankki-recorder-dev` |
+| `DEV_CONTAINER_APP` | Container app name | `ca-recorder-backend-dev` |
+
+### Azure Resources Required
+
+**Development Environment:**
+- Resource Group: `rg-kielipankki-recorder-dev`
+- Storage Account: With container `recorder-content`
+- Container Registry: For Docker images
+- Key Vault: For YLE API credentials
+- Container Apps Environment: Runtime environment
+- Container App: The application instance
+
+**Setup Steps:**
+1. Create Azure resources (see deployment guide)
+2. Configure service principal with federated credential for `main` branch
+3. Add GitHub secrets listed above
+4. Push to `main` to trigger first deployment
+
+### Manual Deployment
+
+To deploy manually:
+```bash
+# Build image
+docker build -t <acr-name>.azurecr.io/recorder-backend:dev-manual .
+
+# Login and push
+az acr login --name <acr-name>
+docker push <acr-name>.azurecr.io/recorder-backend:dev-manual
+
+# Update Container App
+az containerapp update \
+  --name ca-recorder-backend-dev \
+  --resource-group rg-kielipankki-recorder-dev \
+  --image <acr-name>.azurecr.io/recorder-backend:dev-manual
+```
+
+### Future: Production Deployment
+
+When production is ready:
+1. Create production Azure resources (mirroring dev setup)
+2. Add production federated credential for tag pattern `v*`
+3. Configure production GitHub secrets
+4. Create tag to deploy: `git tag v1.0.0 && git push origin v1.0.0`
+
 ## Quick Start - Local Development
 
 ### Prerequisites